firewall : addrgrp, addrgrp6
addrgrp, addrgrp6
Use this command to configure firewall address groups used in firewall policies.
You can organize related firewall addresses into firewall address groups to simplify firewall policy configuration. For example, rather than creating three separate firewall policies for three firewall addresses, you could create a firewall address group consisting of the three firewall addresses, then create one firewall policy using that firewall address group.
Addresses, address groups, and virtual IPs must all have unique names to avoid confusion in firewall policies. If an address group is selected in a policy, it cannot be deleted unless it is first deselected in the policy.
An address group can be a member of another address group.
Each address group has a Universally Unique IDentifier (UUID) that is automatically assigned. To view it, use the command get firewall addrgrp or get firewall addrgrp6 and look for the uuid field.
config firewall addrgrp, addrgrp6
edit <name_str>
set comment <comment_string>
set member <name_str>
set visibility {enable | disable}
set color <color_int>
Enter the name of the address group.
No default.
comment <comment_string>
Enter any comments for this address group.
No default.
member <name_str>
Enter one or more names of firewall addresses to add to the address group. Separate multiple names with a space. To remove an address name from the group, retype the entire new list, omitting the address name.
No default.
uuid <uuid_str>
The Universally Unique IDentifier (UUID) for this address group. This value cannot be set. It is assigned automatically and is used in logs.
visibility {enable | disable}
Select whether this address group is available in firewall policy address group fields in the web-based manager.
color <color_int>
Set the icon color to use in the web-based manager.
0 sets the default, color 1.