Configure Firebox Aliases

Applies To: Cloud-managed Fireboxes

An alias is a shortcut that identifies a group of hosts, networks, interfaces, or other entities that could send or receive network traffic. You can add aliases and template aliases as a source or destination in a firewall policy.

You can now import aliases from a locally-managed Firebox configuration file to a cloud-managed Firebox. For more information, go to Import Configuration Settings From a Locally-Managed Firebox.

Alias Types

There are two types of aliases:

A cloud-managed Firebox has several built-in aliases:

  • Any — An alias for any address (you can add this in a policy, but not in another alias).
  • Firebox — An alias for all Firebox interfaces.
  • Any-Internal — An alias for all internal networks.
  • Any-External — An alias for all external networks.
  • Any-Guest — An alias for all guest networks.
  • Microsoft365 — An alias that includes all domain names and IP addresses for Microsoft 365 or Office 365 global endpoints in these categories (Fireware v12.10 and higher):
    • Exchange Online
    • SharePoint Online and OneDrive for Business
    • Skype for Business Online and Microsoft Teams
    • Microsoft 365 Common and Office Online

    The alias updates automatically when Microsoft makes changes to the domain names and IP addresses.

    For more information about the domain names and IP addresses in each category, go to Microsoft 365 URLs and IP address ranges in the Microsoft documentation.

You cannot edit or delete the built-in aliases.

You can add custom aliases to a cloud-managed Firebox configuration. An alias can include any combination of these address types: 

  • Aliases — A custom alias or a built-in alias, including template aliases.
  • Firebox Networks — The name of a Firebox network, such as Internal or External.
  • Firebox DB Group — A group in the Firebox database.
  • Firebox DB User — A user in the Firebox database.
  • Group — A group in an Authentication Domain.
  • User — A user in an Authentication Domain.
  • Host IPv4 — The IPv4 address of a host.
  • Network IPv4 — The IPv4 address of a network.
  • Host Range IPv4 — A range of IPv4 addresses.
  • Host IPv6 — The IPv6 address of a host.
  • Network IPv6 — The IPv6 address of a network.
  • Host Range IPv6 — A range of IPv6 addresses.
  • FQDN — A fully qualified domain name, such as *.example.com.

A custom alias can be inherited from a template. When an alias is inherited from a template, it shows a TEMPLATE label beside the alias name.

For more information about Firebox DB users and groups, go to Configure Firebox Database User Authentication.

Before you can add an authentication domain user or group, you must add the authentication domain to WatchGuard Cloud, and then add it to the Firebox configuration. For more information, go to:

Add an Alias

To add an alias, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select the cloud-managed Firebox.
  3. Click Device Configuration.
  4. Click the Aliases widget.
  5. Click Add Alias.
    The New Alias page opens.

Screenshot of the New Alias settings

  1. In the Name text box, type a name for the alias.
  2. In the Description text box, type a description for the alias.
  3. To add a member to the alias, click Add Member.
    The Add Member dialog box opens.

Screenshot of the Add Member dialog box

  1. From the Type drop-down list, select the type of address to add.
  2. Type or select the address.
  3. Click Add.
  4. To add another member, click Add Member.
  5. After you add all members, click Add to create the alias.

Edit an Alias

You can edit any custom alias. You cannot edit the built-in aliases.

To edit an alias, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select the cloud-managed Firebox.
  3. Click Device Configuration.
  4. Click the Aliases widget.
    A list of custom aliases opens. The built-in aliases do not appear in the list.
  5. Click the alias name.
    The Update Alias page opens.

Screenshot of the Update Alias page

  1. To add a member to the alias, click Add Member.
  2. To delete an alias member, click next to the member.
  3. To save the changes, click Update.

Delete an Alias

You can remove any custom alias you added. You cannot delete a template alias you did not create. You cannot delete an alias if it is used in a policy or another alias.

To delete an alias, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select the Firebox.
  3. Click Device Configuration.
  4. Click the Aliases widget.
  5. Find the alias to delete, and click .

Use Aliases in Firewall Policies

In firewall policies, you can use aliases as the policy source or destination address.

To add an alias as the Source or Destination of a firewall policy: 

  • To add a built-in alias, select the address type Built-In Alias.
  • To add a custom alias, select the address type My Aliases. Template aliases appear with a TEMPLATE label beside the alias name.

For more information about policy configuration, go to Configure the Source and Destination in a Firewall Policy.

Related Topics

About Firebox Firewall Settings