Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.0
Download PDF
Copy Link

firewall {vipgrp | vipgrp6}

You can create virtual IP groups to facilitate firewall policy traffic control. For example, on the DMZ interface, if you have two email servers that use Virtual IP mapping, you can put these two VIPs into one VIP group and create one external-to-DMZ policy, instead of two policies, to control the traffic.

Firewall policies using VIP Groups are matched by comparing both the member VIP IP address(es) and port number(s).

Use vipgrp for creating groups of IPv4 VIPs.

Use vipgrp6 for creating groups of IPv6 VIPs.

config firewall vipgrp
    edit {name}
    # Configure IPv4 virtual IP groups.
        set name {string}   VIP group name. size[63]
        set uuid {uuid}   Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
        set interface {string}   interface size[35] - datasource(s): system.interface.name
        set color {integer}   Integer value to determine the color of the icon in the GUI (range 1 to 32, default = 0, which sets the value to 1). range[0-32]
        set comments {string}   Comment. size[255]
        config member
            edit {name}
            # Member VIP objects of the group (Separate multiple objects with a space).
                set name {string}   VIP name. size[64] - datasource(s): firewall.vip.name
            next
    next
end
config firewall vipgrp6
    edit {name}
    # Configure IPv6 virtual IP groups.
        set name {string}   IPv6 VIP group name. size[63]
        set uuid {uuid}   Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
        set color {integer}   Integer value to determine the color of the icon in the GUI (range 1 to 32, default = 0, which sets the value to 1). range[0-32]
        set comments {string}   Comment. size[255]
        config member
            edit {name}
            # Member VIP objects of the group (Separate multiple objects with a space).
                set name {string}   IPv6 VIP name. size[64] - datasource(s): firewall.vip6.name
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

firewall {vipgrp | vipgrp6}

You can create virtual IP groups to facilitate firewall policy traffic control. For example, on the DMZ interface, if you have two email servers that use Virtual IP mapping, you can put these two VIPs into one VIP group and create one external-to-DMZ policy, instead of two policies, to control the traffic.

Firewall policies using VIP Groups are matched by comparing both the member VIP IP address(es) and port number(s).

Use vipgrp for creating groups of IPv4 VIPs.

Use vipgrp6 for creating groups of IPv6 VIPs.

config firewall vipgrp
    edit {name}
    # Configure IPv4 virtual IP groups.
        set name {string}   VIP group name. size[63]
        set uuid {uuid}   Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
        set interface {string}   interface size[35] - datasource(s): system.interface.name
        set color {integer}   Integer value to determine the color of the icon in the GUI (range 1 to 32, default = 0, which sets the value to 1). range[0-32]
        set comments {string}   Comment. size[255]
        config member
            edit {name}
            # Member VIP objects of the group (Separate multiple objects with a space).
                set name {string}   VIP name. size[64] - datasource(s): firewall.vip.name
            next
    next
end
config firewall vipgrp6
    edit {name}
    # Configure IPv6 virtual IP groups.
        set name {string}   IPv6 VIP group name. size[63]
        set uuid {uuid}   Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
        set color {integer}   Integer value to determine the color of the icon in the GUI (range 1 to 32, default = 0, which sets the value to 1). range[0-32]
        set comments {string}   Comment. size[255]
        config member
            edit {name}
            # Member VIP objects of the group (Separate multiple objects with a space).
                set name {string}   IPv6 VIP name. size[64] - datasource(s): firewall.vip6.name
            next
    next
end

Additional information

The following section is for those options that require additional explanation.