VIP groups
Virtual IP addresses (VIPs) can be organized into groups. This is useful in scenarios where there are multiple VIPs that are used together in firewall policies. If the VIP group members change, or a group member's settings change (such as the IP address, port, or port mapping type), then those changes are automatically updated in the corresponding firewall policies.
The following table summarizes which VIP types are allowed and not allowed to be members of a VIP group:
Group type |
VIP types allowed as members |
VIP types not allowed as members |
---|---|---|
IPv4 |
|
|
IPv6 |
|
|
Different VIP types can be added to the same group.
To configure a VIP group in the GUI:
- Go to Policy & Objects > Virtual IPs and click Create New > Virtual IP Group.
- Set the Type to IPv4 or IPv6.
- Enter a name.
- Optionally, enter additional information in the Comments field.
- For IPv4 groups, select the Interface. Select a specific interface if all of the VIPs are on the same interface; otherwise, select any.
- Click the + in the Members field and select the members to add to the group.
- Click OK.
To configure an IPv4 VIP group in the CLI:
config firewall vipgrp edit <name> set interface <name> set member <vip1> <vip2> ... next end
To configure an IPv6 VIP group in the CLI:
config firewall vipgrp6 edit <name> set member <vip1> <vip2> ... next end