Description
Geography-based IPv6 addresses can be created and applied to IPv6 firewall policies.
This article describes how to create an IPv6 geography-based address.
Solution
To create an IPv6 geography-based address in the GUI.
- Go to Policy and Objects -> Addresses.
- Select 'Create New' -> Address.
- Set Category to IPv6 address.
- Enter a name for the address.
- Set Type to IPv6 Geography.
- Select the country/region from the list.
- Optionally, enter comments.
- Select 'OK'.
- Edit an existing policy, or create a new one, using the IPv6 geography address as the Source or Destination Address.
Geography-based IPv6 addresses can be created and applied to IPv6 firewall policies.
This article describes how to create an IPv6 geography-based address.
Solution
To create an IPv6 geography-based address in the GUI.
- Go to Policy and Objects -> Addresses.
- Select 'Create New' -> Address.
- Set Category to IPv6 address.
- Enter a name for the address.
- Set Type to IPv6 Geography.
- Select the country/region from the list.
- Optionally, enter comments.
- Select 'OK'.
To use the IPv6 geography address in a policy.
- Go to Policy & Objects -> Firewall Policy.
- Edit an existing policy, or create a new one, using the IPv6 geography address as the Source or Destination Address.
- In the policy list, hover over the address to view details.
To configure an IPv6 geography-based address in the CLI.
- Create an IPv6 geography-based address.
- Create an IPv6 geography-based address.
# config firewall address6- Use the IPv6 geography-based address in a policy.
edit "test-ipv6-geoip"
set type geography
set color 6
set comment "IPv6 Geography address"
set country "CA"
next
end
# config firewall policy
edit 1
set name "test-policy6-1"
set srcintf "wan2"
set dstintf "wan1"
set srcaddr6 "all"
set dstaddr6 "test-ipv6-geoip"
set action accept
set schedule "always"
set service "ALL"
set nat enable
next
end
