Create or edit a virtual IP group
Just like other addresses, virtual IP addresses (VIPs) can be organized into groups for ease of administration when multiple VIPs are used together in policies. If you have multiple virtual IPs that are likely to be associated to common policies, you can create a virtual IP group and add the group to the policies instead of adding individual VIPs to each of the policies .If the VIP group members change, or a group member's settings change (such as the IP address and port), then those changes are automatically updated in the corresponding policies.
Different VIP types can be added to the same group. The following table summarizes which VIP types are allowed and not allowed to be members of a VIP group.
|
VIP types allowed as members |
VIP types not allowed as members |
|---|---|
|
|
To configure a VIP group in the GUI:
-
Go to Policy & Objects > Virtual IPs.
-
Click Create New and select Virtual IP Group.
-
Configure the following settings:
Name
Enter a unique name to identify the virtual IP group.
Comments
Optionally, enter a description of the virtual IP group.
Interface
Use the drop-down menu to select the interface if all of the VIPs are on the same interface. If any of the VIPS are on different interfaces or if any of them are associated with the "any" option, choose the any option for the group.
Members
Select the virtual IPs to add to the virtual IP group.
- Click OK to save the VIP group.
To configure a VIP group in the CLI:
config firewall vipgrp
edit <name>
set interface <name>
set member <vip1> <vip2> ...
next
end
To use the API Preview:
- Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.
- Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.
- Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.
- Click Close to leave the preview.