About Aliases
An alias is a shortcut that identifies a group of hosts, networks, or interfaces. Your configuration file includes many default aliases. You can also create new aliases. To manage traffic through your Firebox, you can then add any of the aliases to the policies defined in your configuration file.
Default aliases include:
- Firebox — An alias for all Firebox interfaces.
- Any-External — An alias for any network you can get access to through Firebox interfaces configured as External.
- Any-Trusted — An alias for any network you can get access to through Firebox interfaces configured as Trusted.
- Any-Optional — An alias for any network you can get access to through Firebox interfaces configured as Optional.
The Any-Trusted, Any-External, and Any-Optional aliases do not include Firebox interface IP addresses. Interface aliases do not include Firebox interface IP addresses. Only the Firebox alias includes Firebox interface IP addresses.
- Any-BOVPN — An alias for any BOVPN (IPSec) tunnel.
When you use the BOVPN Policy wizard to create a policy to allow traffic through a BOVPN tunnel, the wizard automatically creates .in and .out aliases for the incoming and outgoing tunnels. - Any-Multicast — An alias for any network you can get access to through Firebox interfaces configured as Multicast
- External — An alias for an external interface.
- Microsoft365 — An alias that includes all domain names and IP addresses for Microsoft 365 or Office 365 global endpoints in these categories (Fireware v12.10 and higher):
- Exchange Online
- SharePoint Online and OneDrive for Business
- Skype for Business Online and Microsoft Teams
- Microsoft 365 Common and Office Online
The alias updates automatically when Microsoft makes changes to the domain names and IP addresses.
For more information about the domain names and IP addresses in each category, go to Microsoft 365 URLs and IP address ranges in the Microsoft documentation.
- Trusted — An alias for a trusted interface.
- WG-Wireless-Access-Point1 — An alias for wireless Access point 1 on a wireless Firebox.
- WG-Wireless-Access-Point2 — An alias for wireless Access point 2 on a wireless Firebox.
- WG-Wireless-Access-Point3 — An alias for wireless Access point 3 on a wireless Firebox.
- WG-Wireless-Guest — An alias for wireless Access point 3 on a wireless Firebox that is used for a guest wireless network.
The Microsoft365 default alias updates automatically when any other service signatures update. However, you can also update the Microsoft365 alias manually from the Subscription Services dashboard.
Alias names are different from user or group names used in user authentication. With user authentication, you can monitor a connection with a name and not as an IP address. The person authenticates with a user name and a password to get access to Internet protocols.
For more information about user authentication, go to About User Authentication.
You can also create and apply aliases when you use Centralized Management for your Firebox and apply a Device Configuration Template to a device. If you apply a template to a Firebox and the template includes an alias name that is already used by an interface on the device, because you cannot have duplicate alias names in any configuration file, the alias name does not appear correctly in the Aliases list after the template is applied.
For more information about templates, go to Create Device Configuration Templates.
Alias Members
You can add these objects to an alias:
- Host IP address
- Network IP address
- A range of host IP addresses
- Wildcard IPv4 or IPv6 address
- Host Name (DNS Lookup) — A one-time DNS lookup is performed on the host name and resolved IP addresses are added to the alias.
- FQDN — Performs forward DNS resolution and analyzes DNS replies for the specified FQDN (includes wildcard domains). Resolved IP addresses from the primary domain and any subdomains are added to the alias.
For more information on how to use FQDN in policies, go to About Policies by Domain Name (FQDN). - Tunnel address — Defined by a user or group, address, and name of the tunnel. This type lets you specify the address, and set two other conditions that traffic must meet to match the address. With a tunnel address, you can specify these conditions for traffic:
- User or member of a group.
- IP address. This can be a host IP address, a network IP address, or an IP address range.
- Branch Office VPN tunnel that the traffic goes through.
- Custom address — Defined by a user or group, address, and Firebox interface. This type lets you specify the address, and set two other conditions that traffic must meet to match the address. With a custom address, you can specify these conditions for traffic:
- A user or a group member
- An IP address. This can be a host IP address, a network IP address, or an IP address range.
- The interface where the traffic passes through the Firebox.
- If the custom address is in the From list, this is the interface where the traffic enters the Firebox.
- If the custom address is in the To list, this is the interface where the traffic exits the Firebox.
- Device Group — A device group for Mobile Security. This includes Any-Mobile, Any-Android, and Any-iOS.
- Another alias
- An authorized user or group