Address folders
Some address objects logically belong to the same device, such as two IPs from the same computer. These address objects can be grouped into an address folder, which is an exclusive list of address objects that do not appear in other address groups or folders.
In the CLI, the folder type can be set after the member list is already populated. If the member list contains an incompatible entry, then the setting will be discarded when the next
/end
command is issued. If the folder type is set before the member list is populated, then the possible member entry list will be filtered according to the selected type.
To create an address folder in the GUI:
- Go to Policy & Objects > Addresses.
- Click Create New > Address Group and enter a name.
- For Type, select Folder.
- For Members, click the + to add the addresses. Address folders and groups are exclusive, so the Select Entries window filters out address objects that are a member of an existing group or folder.
- Click OK.
- In the address table, expand the Address Group section to view the folder (dev1-addr-comb). The expandable folder view shows the address folder's child objects:
To configure an address folder in the CLI:
config firewall addrgrp edit "safe-network1-devices" set type folder set member "dev1-addr-comb" "dev2-addr-comb" set comment '' set exclude disable set color 13 next end
config firewall addrgrp edit "dev1-addr-comb" set type folder set member "dev1-IP-nic1" "dev1-IP-nic2" "dev1-mac" set comment '' set exclude disable set color 18 next end
config firewall addrgrp edit "dev2-addr-comb" set type folder set member "dev2-IP-nic1" "dev2-IP-nic2" "dev2-IP-nic3" "dev2-mac" set comment '' set exclude disable set color 5 next end