firewall : address, address6
address, address6
Use this command to configure firewall addresses used in firewall policies. An IPv4 firewall address is a set of one or more IP addresses, represented as a domain name, an IP address and a subnet mask, or an IP address range. An IPv6 firewall address is an IPv6 6-to-4 address prefix.
Addresses, address groups, and virtual IPs must have unique names to avoid confusion in firewall policies. If an address is selected in a policy, it cannot be deleted until it is deselected from the policy.
Each firewall address has a Universally Unique IDentifier (UUID) that is automatically assigned. To view it, use the command get firewall address or get firewall address6 and look for the uuid field.
config firewall address
edit <name_str>
set associated-interface <interface_str>
set cache-ttl <ttl_int>
set color <color_int>
set comment <comment_string>
set country <country_code>
set end-ip <address_ipv4>
set fqdn <domainname_str>
set start-ip <address_ipv4>
set subnet <address_ipv4mask>
set tags <tags_str>
set type {ipmask | iprange | fqdn | geography | network‑service | url | wildcard}
set url <url_str>
set visibility {enable | disable}
set wildcard <address_ip4mask>
config service
edit <service_id>
set end-port <port_int>
set protocol {sctp | tcp | udp}
set start-port <port_int>
config firewall address6
edit <name_str>
set ip6 <address_ipv6prefix>
The following fields are for config firewall address.
Enter the name of the address.
No default.
associated-interface <interface_str>
Enter the name of the associated interface.
If not configured, the firewall address is bound to an interface during firewall policy configuration.
No default.
cache-ttl <ttl_int>
Enter minimum time-to-live (TTL) of individual IP addresses in FQDN cache. This is available when type is fqdn.
color <color_int>
Set the icon color to use in the web-based manager.
0 sets the default, color 1.
comment <comment_string>
Enter a descriptive comment for this address.
No default.
country <country_code>
Enter the two-letter country code. For a list of codes, enter set country ? This is available when type is geography.
end-ip <address_ipv4>
If type is iprange, enter the last IP address in the range.
fqdn <domainname_str>
If type is fqdn, enter the fully qualified domain name (FQDN).
No default.
start-ip <address_ipv4>
If type is iprange, enter the first IP address in the range.
subnet <address_ipv4mask>
If type is ipmask, enter an IP address then its subnet mask, in dotted decimal format and separated by a space, or in CIDR format with no separation. For example, you could enter either:
The subnet mask corresponds to the subnet class of the IP address being added.
A single computer’s subnet mask is or /32.
A class A subnet mask is or /8.
A class B subnet mask is or /16.
A class C subnet mask is or /24.
tags <tags_str>
Enter object tags applied to this address. Separate tag names with spaces.
type {ipmask | iprange | fqdn | geography | network‑service | url | wildcard}
Select whether this firewall address is a subnet address, an address range, fully qualified domain name, a geography-based address, a network service, a URL or an IP with a wildcard netmask.
The url type applies only to the explicit web proxy.
url <url_str>
Enter the address URL. This applies when type is url.
No default.
uuid <uuid_str>
The Universally Unique IDentifier (UUID) for this address. This value cannot be set. It is assigned automatically and is used in logs.
visibility {enable | disable}
Select whether this address is available in firewall policy address fields in the web-based manager.
wildcard <address_ip4mask>
This is available if type is wildcard.
Fields for config service. type must be network-service
Enter an ID number, or 0 to auto-assign one.
end-port <port_int>
Enter the last port in the service range.
protocol {sctp | tcp | udp}
Select the service protocol.
start-port <port_int>
Enter the first port in the service range.
The following fields are for config firewall address6.
Enter the name of the IPv6 address prefix.
No default.
ip6 <address_ipv6prefix>
If the IP address is IPv6, enter an IPv6 IP address prefix.