Add New Members to a Policy

In a firewall policy, you can add members to the From (source) and To (destination) lists.

You can add these objects as members of a policy

  • Alias — A shortcut that identifies a group of members. An alias can include any of the other member types. For more information, go to About Aliases
  • Host IP address
  • Network IP address
  • A range of host IP addresses
  • Wildcard IPv4 address
  • Host Name (DNS Lookup) — A one-time DNS lookup is performed on the host name and resolved IP address is added to the policy.
  • FQDN — Performs forward DNS resolution and analyzes DNS replies for the specified FQDN (includes wildcard domains). Resolved IP addresses from the primary domain and any subdomains are added to the alias.
    For more information on how to use FQDN in policies, go to About Policies by Domain Name (FQDN).
  • Tunnel address — Defined by a user or group, address, and name of the tunnel. This type lets you specify the address, and set two other conditions that traffic must meet in order to match the address. With a tunnel address, you can specify these conditions for traffic:
  • User or member of a group.
  • IP address. This can be a host IP address, a network IP address, or an IP address range.
  • Branch Office VPN tunnel that the traffic goes through.
  • Custom address — Defined by a user or group, address, and Firebox interface. This type lets you specify the address, and set two other conditions that traffic must meet in order to match the address. With a custom address, you can specify these conditions for traffic:
  • A user or a group
  • An IP address. This can be a host IP address, a network IP address, or an IP address range.
  • The interface where the traffic passes through the Firebox.
  • If the custom address is in the From list, this is the interface where the traffic enters the Firebox.
  • If the custom address is in the To list, this is the interface where the traffic exits the Firebox.
  • Device Group — A device group for Mobile Security. This includes Any-Mobile, Any-Android, and Any-iOS.
  • Firewall user or group
  • SSLVPN user or group
  • L2TP user or group
  • Static NAT or Server Load Balancing action (as a policy destination only)
    For more information, go to Configure Static NAT (SNAT).

Add Members to a Policy

  1. Edit the policy.
  2. In the policy From or To list, click Add.
  3. From the Member Type list select the type of member to add.
  4. Select or specify information about the member to add.
    The specific information required depends on the type of member.
  5. Click OK.
  1. Edit the policy.
  2. In the policy From or To list, click Add.
    The Add Address dialog box appears with a list of available members you can add.

Screen shot of the Add Address dialog box in Policy Manager

  1. From the Available Members list, select the member to add.

For more information about policy configuration, go to Add Policies to Your Configuration.

In Policy Manager, you must add members to the Available Members list before you can add them to a policy.

To add hosts, addresses, aliases, FQDN, or tunnels to the Available Members list:

  1. In the Add Address dialog box, click Add Other.
    The Add Member dialog box appears.

Screen shot of Add Member dialog box

  1. From the Choose Type drop-down list, select the type of member to add. This can be a host IP address, host range, network IP address, wildcard IP address, FQDN, device group, tunnel address, or custom address.
  2. In the Value text box, type the correct network address, range, FQDN, or IP address.
  3. Click OK.
    The member or address appears in the Selected Members and Addresses list.

To add a user or group to the Available Members list:

  1. In the Add Address dialog box, click Add User.
    The Add Users or Groups dialog box appears.
  2. Select the type of user or group, select the authentication server, and whether you want to add a user or group.

Screen shot of the Add Authorized Users or Groups dialog box

  1. Click Select.

If the user or group you want to add does not appear in the list, it is not yet defined as a user or group. To define a new user or group, go to Use Users and Groups in Policies.

You can also specify a static NAT action or load balancing action as a destination in a policy.

To add a static NAT action to the Available Members list:

  1. In the Add Address dialog box, click Add SNAT.
    The SNAT dialog box appears.
  2. Select the static NAT or load balancing action to add.
  3. Click OK.

If the SNAT action you want to add does not appear in the list, you can add it. For more information, go to Configure Static NAT (SNAT).

Related Topics

About Aliases

Types of Firebox Authentication

Set Access Rules for a Policy