Adding multiple hosts to a Firewall policy
You can add one host at a time from each firewall rule in a Firewall policy. To eliminate the retyping of each host address or host name for each firewall rule, you can create a single host group with multiple hosts. A host group is accessible from any firewall rule in any Firewall policy. Any changes you make to the host group update automatically in the Firewall policies that reference the group. See:
When you add a host group to a firewall rule, it adds all the hosts as a single entry. You can remove the hosts from each firewall rule when you don't need them anymore.
To delete the host group from all firewall policies, the group's host address or names get converted to multiple entries in the firewall rule. For example, if a host group has five items, the host group coverts from one entry to five entries in each firewall rule.
- To create host groups
- Go toEndpoint>Policies>Policy Components.
- On theHost Groupstab, selectAdd Host Group.
- In theCreate Host Groupdialog box, enter a group name, and then clickAdd Host.
- In theAdd Hostdialog box, selectSave & Add Anotherto add multiple hosts.
- When you are done, selectSaveand then selectYes.When you update a host group, each Firewall policy that references the host group gets updated automatically and a new policy version is created.
- SelectYesto make sure that the new policy version also gets applied to the device groups or policy groups the policy is assigned to.
- SelectNoto refrain from applying the new policy version to the device groups or policy groups the policy is assigned to..
To add host groups to a firewall rule
- In a Firewall policy, create a new rule or editing an existing rule. See:
- In theAdd/Edit Firewall Ruledialog box, selectHosts>Only hosts defined by the local/source or remote/destination address below.
- SelectAdd from Host Group, check a host group in theGroup Namecolumn, and selectSubmit>Submit.