Managing IP sets

The table of IP sets is displayed in the firewall template and on the CPE device:

• To display the table of IP sets in a firewall template, go to the SD-WAN → Firewall templates menu section, click the firewall template, and select the IP sets tab.
• To display the table of IP sets on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, and select the Firewall settings → IP sets tab.

Information about IP sets is displayed in the following columns of the table:

• Name is the name of the IP set.
• Match indicates whether the IP set is associated with the source or the destination of traffic packets, and whether the set contains IP addresses or subnets.
• Entries are IP addresses or subnets that have been added to the IP set.

Creating an IP set

You can create an IP set in a firewall template or on a CPE device. An IP set created in a firewall template is automatically created on all CPE devices that use this firewall template.

To create an IP set:

1. Create an IP set in one of the following ways:
   • If you want to create an IP set in a firewall template, go to the SD-WAN → Firewall templates menu section, click the firewall template, and select the IP sets tab.
   • If you want to create an IP set on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the Firewall settings → IP sets tab, and select the Override check box.

   A table of IP sets is displayed.

2. Click + IP set.
3. This opens a window; in that window, in the Name field, enter the name of the IP set. Maximum length: 255 characters.
4. In the Direction drop-down list, select whether the IP set is associated with the source or the destination of traffic packets:
   • Match source if the IP set contains source IP addresses or subnets.
   • Match destination if the IP set contains destination IP addresses or subnets.
5. In the Type drop-down list, select whether the set contains IP addresses or subnets.
   • Set of subnets if the IP set contains subnets.
   • Set of IPs if the IP set contains IP addresses.
6. If in the Type drop-down list, you selected Set of subnets, specify a subnet. To do so, under Entries list, click + Add and enter an IPv4 prefix. You can specify ranges of IPv4 prefix octets using square brackets, for example, 192.[165-168].2.0/24.

   The subnet is specified and displayed under Entries list. You can specify multiple subnets or delete a subnet. To delete a subnet, click the delete icon next to it.

7. If in the Type drop-down list, you selected Set of IPs, specify an IP address. To do so, under Entries list, click + Add and enter an IPv4 address. You can specify ranges of IPv4 address octets using square brackets, for example, 192.[165-168].2.0.

   The IP address is specified and displayed in the Entries list section. You can specify multiple IP addresses or delete an IP address. To delete an IP address, click the delete icon next to it.

8. Click Create.

   The IP set is created and displayed in the table.

9. In the upper part of the settings area, click Save to save the settings of the firewall template or CPE device.

Disabling or enabling an IP set

You can disable or enable an IP set in a firewall template or on a CPE device. An IP set enabled or disabled in a firewall template is automatically enabled or disabled on all CPE devices that use this firewall template.

To disable or enable an IP set:

1. Disable or enable an IP set in one of the following ways:
   • If you want to enable or disable an IP set in a firewall template, go to the SD-WAN → Firewall templates menu section, click the firewall template, and select the IP sets tab.
   • If you want to enable or disable an IP set on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the Firewall settings → IP sets tab, and select the Override check box.

   A table of IP sets is displayed.

2. Click Disable or Enable next to the IP set that you want to disable or enable.

   The IP set is disabled or enabled.

3. In the upper part of the settings area, click Save to save the settings of the firewall template or CPE device.

Editing an IP set

You can edit an IP set in a firewall template or on a CPE device. An IP set modified in a firewall template is automatically modified on all CPE devices that use this firewall template.

To edit an IP set:

1. Edit an IP set in one of the following ways:
   • If you want to edit an IP set in a firewall template, go to the SD-WAN → Firewall templates menu section, click the firewall template, and select the IP sets tab.
   • If you want to edit an IP set on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the Firewall settings → IP sets tab, and select the Override check box.

   A table of IP sets is displayed.

2. Click Edit next to the IP set that you want to edit.
3. This opens a window; in that window, if necessary, edit the IP set settings. For a description of the settings, see the instructions for creating an IP set.
4. Click Save.

   The IP set is modified and updated in the table.

5. In the upper part of the settings area, click Save to save the settings of the firewall template or CPE device.

Deleting an IP set

You can delete an IP set in a firewall template or on a CPE device. An IP set deleted in a firewall template is automatically deleted on all CPE devices that use this firewall template.

Deleted IP sets cannot be restored.

To delete an IP set:

1. Delete an IP set in one of the following ways:
   • If you want to delete an IP set in a firewall template, go to the SD-WAN → Firewall templates menu section, click the firewall template, and select the IP sets tab.
   • If you want to delete an IP set on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the Firewall settings → IP sets tab, and select the Override check box.

   A table of IP sets is displayed.

2. Click Delete next to the IP set that you want to delete.
3. In the confirmation window, click Delete.

   The IP set is deleted and is no longer displayed in the table.

4. In the upper part of the settings area, click Save to save the settings of the firewall template or CPE device.