firewall : address, address6
 
address, address6
Use this command to configure firewall addresses used in firewall policies. An IPv4 firewall address is a set of one or more IP addresses, represented as a domain name, an IP address and a subnet mask, or an IP address range. An IPv6 firewall address is an IPv6 6-to-4 address prefix.
Addresses, address groups, and virtual IPs must have unique names to avoid confusion in firewall policies. If an address is selected in a policy, it cannot be deleted until it is deselected from the policy.
Each firewall address has a Universally Unique IDentifier (UUID) that is automatically assigned. To view it, use the command get firewall address or get firewall address6 and look for the uuid field.
Syntax
config firewall address
edit <name_str>
set associated-interface <interface_str>
set cache-ttl <ttl_int>
set color <color_int>
set comment <comment_string>
set country <country_code>
set end-ip <address_ipv4>
set fqdn <domainname_str>
set start-ip <address_ipv4>
set subnet <address_ipv4mask>
set tags <tags_str>
set type {ipmask | iprange | fqdn | geography | network‑service | url | wildcard}
set url <url_str>
set visibility {enable | disable}
set wildcard <address_ip4mask>
config service
edit <service_id>
set end-port <port_int>
set protocol {sctp | tcp | udp}
set start-port <port_int>
end
end
config firewall address6
edit <name_str>
set ip6 <address_ipv6prefix>
end
 
Variable
Description
Default
The following fields are for config firewall address.
<name_str>
Enter the name of the address.
No default.
associated-interface <interface_str>
Enter the name of the associated interface.
If not configured, the firewall address is bound to an interface during firewall policy configuration.
No default.
cache-ttl <ttl_int>
Enter minimum time-to-live (TTL) of individual IP addresses in FQDN cache. This is available when type is fqdn.
0
color <color_int>
Set the icon color to use in the web-based manager.
0 sets the default, color 1.
0
comment <comment_string>
Enter a descriptive comment for this address.
No default.
country <country_code>
Enter the two-letter country code. For a list of codes, enter set country ? This is available when type is geography.
null
end-ip <address_ipv4>
If type is iprange, enter the last IP address in the range.
0.0.0.0
fqdn <domainname_str>
If type is fqdn, enter the fully qualified domain name (FQDN).
No default.
start-ip <address_ipv4>
If type is iprange, enter the first IP address in the range.
0.0.0.0
subnet <address_ipv4mask>
If type is ipmask, enter an IP address then its subnet mask, in dotted decimal format and separated by a space, or in CIDR format with no separation. For example, you could enter either:
172.168.2.5/32
172.168.2.5 255.255.255.255
The subnet mask corresponds to the subnet class of the IP address being added.
A single computer’s subnet mask is 255.255.255.255 or /32.
A class A subnet mask is 255.0.0.0 or /8.
A class B subnet mask is 255.255.0.0 or /16.
A class C subnet mask is 255.255.255.0 or /24.
0.0.0.0 0.0.0.0
tags <tags_str>
Enter object tags applied to this address. Separate tag names with spaces.
null
type {ipmask | iprange | fqdn | geography | network‑service | url | wildcard}
Select whether this firewall address is a subnet address, an address range, fully qualified domain name, a geography-based address, a network service, a URL or an IP with a wildcard netmask.
The url type applies only to the explicit web proxy.
ipmask
url <url_str>
Enter the address URL. This applies when type is url.
No default.
uuid <uuid_str>
The Universally Unique IDentifier (UUID) for this address. This value cannot be set. It is assigned automatically and is used in logs.
auto-assigned
visibility {enable | disable}
Select whether this address is available in firewall policy address fields in the web-based manager.
enable
wildcard <address_ip4mask>
This is available if type is wildcard.
0.0.0.0 0.0.0.0
Fields for config service. type must be network-service
<service_id>
Enter an ID number, or 0 to auto-assign one.
 
end-port <port_int>
Enter the last port in the service range.
0
protocol {sctp | tcp | udp}
Select the service protocol.
tcp
start-port <port_int>
Enter the first port in the service range.
0
The following fields are for config firewall address6.
<name_str>
Enter the name of the IPv6 address prefix.
No default.
ip6 <address_ipv6prefix>
If the IP address is IPv6, enter an IPv6 IP address prefix.
::/0