Matching groups
Groups of addresses, ports, and networks can be defined for similar filtering. For example, to create a rule that rejects traffic to a group of addresses and ports and from a group of networks, perform the following steps in configuration mode.
Step | Command |
---|---|
Add an address to an address group. |
|
Add a network to a address group. |
|
Add port 22 and ports 1000 through 2000 to the PORTS port group. |
|
Add a port name to the PORTS port group. |
|
Commit the configuration. |
|
Show the configuration. |
|
Specify a reject action within a firewall instance. |
|
Specify the protocol. |
|
Specify an address group to match as a destination. |
|
Specify a port group to match as a destination. |
|
Specify an address group to match as a source. |
|
Commit the configuration. |
|
Show the configuration. |
|