Specifications

16 VM-Series Deployment Guide

Monitor Changes in the Virtual Environment About the VM-Series Firewall

Step 3 Use dynamic address groups in policy.

View the tutorial.

1. Select Policies > Security.

2. Click

Add and enter a Name and a Description for the policy.

3. Add the

Source Zone to specify the zone from which the traffic

originates.

4. Add the

Destination Zone at which the traffic is terminating.

5. For the

Destination Address, select the Dynamic address group

you created in Step 2 above.

6. Specify the action—

Allow or Deny—for the traffic, and

optionally attach the default security profiles to the rule.

7. Repeats Steps 1 through 6 above to create another policy rule.

8. Click

Commit.

This example shows how to create two policies: one for all access to FTP servers and the other for access to web servers.

Step 4 Validate that the members of the dynamic

address group are populated on the

firewall.

1. Select

Policies > Security, and select the rule.

2. Select the drop-down arrow next to the address group link, and

select

Inspect. You can also verify that the match criteria is

accurate.

3. Click the

more link and verify that the list of registered IP

addresses is displayed.

Policy will be enforced for all IP addresses that belong to

this address group, and are displayed here.

Use Dynamic Address Groups in Policy (Continued)