firewall : vipgrp
You can create virtual IP groups to facilitate firewall policy traffic control. For example, on the DMZ interface, if you have two email servers that use Virtual IP mapping, you can put these two VIPs into one VIP group and create one external-to-DMZ policy, instead of two policies, to control the traffic.
Firewall policies using VIP Groups are matched by comparing both the member VIP IP address(es) and port number(s).
config firewall vipgrp
edit <name_str>
set interface <name_str>
set member <virtualip_str>
Enter the name of the virtual IP group.
No default.
interface <name_str>
Enter the name of the interface to which the virtual IP group will be bound.
No default.
member <virtualip_str>
Enter one or more virtual IPs that will comprise the virtual IP group.
No default.