firewall {vipgrp | vipgrp6}
You can create virtual IP groups to facilitate firewall policy traffic control. For example, on the DMZ interface, if you have two email servers that use Virtual IP mapping, you can put these two VIPs into one VIP group and create one external-to-DMZ policy, instead of two policies, to control the traffic.
Firewall policies using VIP Groups are matched by comparing both the member VIP IP address(es) and port number(s).
Use vipgrp
for creating groups of IPv4 VIPs.
Use vipgrp6
for creating groups of IPv6 VIPs.
config firewall vipgrp edit {name} # Configure IPv4 virtual IP groups. set name {string} VIP group name. size[63] set uuid {uuid} Universally Unique Identifier (UUID; automatically assigned but can be manually reset). set interface {string} interface size[35] - datasource(s): system.interface.name set color {integer} Integer value to determine the color of the icon in the GUI (range 1 to 32, default = 0, which sets the value to 1). range[0-32] set comments {string} Comment. size[255] config member edit {name} # Member VIP objects of the group (Separate multiple objects with a space). set name {string} VIP name. size[64] - datasource(s): firewall.vip.name next next end
config firewall vipgrp6 edit {name} # Configure IPv6 virtual IP groups. set name {string} IPv6 VIP group name. size[63] set uuid {uuid} Universally Unique Identifier (UUID; automatically assigned but can be manually reset). set color {integer} Integer value to determine the color of the icon in the GUI (range 1 to 32, default = 0, which sets the value to 1). range[0-32] set comments {string} Comment. size[255] config member edit {name} # Member VIP objects of the group (Separate multiple objects with a space). set name {string} IPv6 VIP name. size[64] - datasource(s): firewall.vip6.name next next end
Additional information
The following section is for those options that require additional explanation.