Description
Some address objects logically belong to the same unit, such as two IPs from the same computer.
These address objects can be grouped into an address folder, which is an exclusive list of address objects that do not appear in other address groups or folders.
From CLI, the folder type can be set after the member list is already populated.
If the member list contains an incompatible entry, then the setting will be discarded when the next/end command is issued.
If the folder type is set before the member list is populated, then the possible member entry list will be filtered according to the selected type.
This article describes how to create address folders by grouping address objects.
Solution
To create an address folder from GUI:
Go to Policy & Objects -> Addresses.
Select 'Create New' -> Address Group and enter a name.
For Type, select 'Folder'.
For Members, select the '+' to add the addresses.
Address folders and groups are exclusive, so the Select Entries window filters out address objects that are a member of an existing group or folder.
Select 'OK'.
In the address table, expand the 'Address Group' section to view the folder (dev1-addr-comb).
In the address table, expand the 'Address Group' section to view the folder (dev1-addr-comb).
The expandable folder view shows the address folder's child objects.
To configure an address folder in the CLI:
# config firewall addrgrp
edit "safe-network1-devices"
set type folder
set member "dev1-addr-comb" "dev2-addr-comb"
set comment ''
set exclude disable
set color 13
next
end
# config firewall addrgrp
edit "dev1-addr-comb"
set type folder
set member "dev1-IP-nic1" "dev1-IP-nic2" "dev1-mac"
set comment ''
set exclude disable
set color 18
next
end
# config firewall addrgrp
edit "dev2-addr-comb"
set type folder
set member "dev2-IP-nic1" "dev2-IP-nic2" "dev2-IP-nic3" "dev2-mac"
set comment ''
set exclude disable
set color 5
next
end
