Configure the Source and Destination in a Firewall Policy

Applies To: Cloud-managed Fireboxes

This feature is only available to participants in the WatchGuard Cloud Beta program.

In a firewall policy for a cloud-managed Firebox, you specify the source and destination of the connections the policy applies to. A connection must match both the source and destination for the policy to apply to that traffic. For a Custom policy, you also select the traffic direction the policy applies to.

Screen shot of the Source and Destination settings in a firewall policy

You can add these types of addresses as a policy source or destination: 

  • Aliases — A custom alias or a built-in alias
  • Firebox Networks — The name of a Firebox network, such as Internal or External
  • Firebox DB Group — A group in the Firebox database
  • Firebox DB User — A user in the Firebox database
  • Host IPv4 — The IPv4 address of a host
  • Network IPv4 — The IPv4 address of a network
  • Host Range IPv4 — A range of IPv4 addresses
  • FQDN — A fully qualified domain name, such as *.example.com

For more information about custom and built-in aliases, see Configure Firebox Aliases.

For more information about Firebox DB users and groups, see Configure Firebox Database User Authentication.

  1. Add or edit a policy. For more information, see Configure Firewall Policies in WatchGuard Cloud.
  2. In the Source and Destination settings of the policy, click Add Source.
    The Add Source Address dialog box opens.

Screen shot of the Add Source Address dialog box

  1. From the Type drop-down list, select the type of address to add.
  2. Type or select the address.
  3. Click Add.
  4. Repeat these steps to add any additional source addresses.
  1. Add or edit a policy. For more information, see Configure Firewall Policies in WatchGuard Cloud.
  2. In the Source and Destination settings of the policy, click Add Destination.
    The Add Destination Address dialog box opens.

Screen shot of the Add Destination Address dialog box

  1. From the Type drop-down list, select the type of address to add.
  2. Type or select the address.
  3. Click Add.
  4. Repeat these steps to add any additional destination addresses.

A Custom policy is appropriate for traffic between two private networks. For example, if your Firebox has two internal networks, you could add a Custom policy that applies to connections between hosts on the two networks.

All other firewall policy types apply only to connections from a source to a destination. A Custom policy can also apply to connections from the destination to the source.

In a Custom policy, select one of these options.

Bi-directional traffic (default)

Select this option if you want the policy to apply to connections between the source and destination regardless of which started the connection.

Source to destination only

Select this option if you want the policy to apply only to connections from a policy source to a policy destination.

See Also

Configure Firewall Policies in WatchGuard Cloud