Implement IP Address Groups to simplify rule creation

Comments: 36

• 14 Jan, '19
  ntguru Merged

  I would love to see aliases and groups implemented in Untangle. Every other firewall I've used has some form of this and it saves a lot of time and hassle, especially as a setup gets more complex.
  
  One Untangle client is doing serious network updating so server IPs are changing. This means manually searching through piles of port forwards and rules and manually changing each and every instance. If Untangle had aliases, we'd just have to go to one place and chance, eg, mailserver1 from 10.10.1

• 15 Jan, '19
  Jamie Ficken

  Even as a home user with lots of devices (including cameras, NAS, etc) I would love to have this feature rather than duplicating IP's constantly in rules.

• 04 Feb, '19
  Ben

  pfSense calls this a firewall Alias...very useful +1

• 21 Mar, '19
  Chad McDonald Merged

  I would also very much like to see this implemented. All the other firewalls I have worked with have some form of this where you can set up a group of ports, IP's, etc. and then use those in any rules that you are writing on the system. Complex configs in Untangle get tedious to maintain because all the IP's and ports must all be individually specified.

• 05 May, '19
  Jeremy Heyboer

  This is a must. Cisco, Juniper and most FW's have this option. This is great for a small or large network. It allow easy creation of FW rules for applications. SRC-IP-GROUP + DEST-IP-GROUP + IP-PROTO-GROUP = easy management!!!!!

• 15 Jun, '19
  Mark Merged

  Yes, grouping devices and then applying a rule makes the system usable in a larger setting. Not sure how this firewallOS is used in an enterprise where there is a high rate of change? Making a simple IP address change in a group is trivial versus updating many rules whenever something as trivial as an IP address changes.

• 17 Jun, '19
  Moderator Admin Merged

  @mark, we suggest using Policy Manager for this purpose. With Policy Manager, you create a complete set of app configuration and use rules to specify who and when to apply each policy. So when you need to add or remove an IP address for example, you do this in Policy Manager rules. https://wiki.untangle.com/index.php/Policy_Manager

• 20 Aug, '19
  Edwardo Rivera Merged

  Use objects on rules - IP address (name / alias) group of it. Application groups, where you can select several apps and use them as one object.

• 26 Aug, '19
  Moderator Admin Merged

  Policy Manager enables you to define objects and apply them to one or more apps in the form of policy rules.

• 26 Sep, '19
  tom Merged

  This would be a great feature and is available on other firewalls.

• 25 Oct, '19
  Matt Boyette Merged

  Adding this ability would greatly improve the configuration ease of the Firewall app, and it would make the product appealing to a wider based of firewall administrators who are accustomed to having them, which is most. Not having the ability to do groups results in many more firewall rules required to carry out basic tasks.

• 12 Dec, '19
  Anonymous Merged

  pfSense has an option to point an alias to a URL. They implement it in two forms - one that pulls the contents one time, and another that checks periodically for updates. I don't know how tenable the second option would be but I really think this would be a useful addition to aliases and groups implementation in NGFW.

• 22 Dec, '19
  Nate

  Absolutely critical feature to have in any enterprise NG firewall. Since there is currently no way to split up the current firewall rule view it gets to be a messy disaster in a hurry. Likely will be switching back to pfSense after my trial mainly due to lack of this functionality. The policy manager goes a short way to help this but is not the correct solution on it's own.

• 22 Jan, '20
  Oliver Kaven Merged

  Would like to also support this request. The ease of use improvements are huge, especially when implemented properly. I think Sophos currently has the best implementation as it is not only Groups and Aliases, but also drag and drop. When you click on a field the appropriate list of Aliases is displayed and you can drag and drop them into the field. It actually forces aliases; you can either use an existing alias or the system will create one for future use based on your input.

• 29 Feb, '20
  RS

  This is a basic feature and frankly a big turn off. All other firewalls I have worked with support this. Please implement.

• 30 Mar, '20
  Bogdan NEMTANU Merged

  In the Trust Prevention module it would be useful to have the possibility to use lists that you can then use in the rules. Now I have to manually add the IPs separated by ",". The same list feature would also be useful in the config module, for example you want to redirect the ftp port 21 only when the connections come from the X list IPs.

• 30 Mar, '20
  Admin

  "Add lists to Trust Prevention and configuration" (suggested by Bogdan NEMTANU on 2020-03-30), including upvotes (1) and comments (0), was merged into this suggestion.

• 19 May, '20
  Dustin Merged

  Untangle needs this. Policy Manager adds to much unnecessary complexity when alias/groups would simplify many setups.

• 21 May, '20
  James Alles

  Although not the entire functionality of competing products, 'Tags' does make this possible for Hosts (IP Addresses)
  That feature needs to be refined, expanded and documented.
  For example, when utilizing Tags in a rule, provide a drop-down that shows the defined tags to pick from, for accuracy. This would assist in recognizing spelling errors, and other inconsistencies.
  
  See this forum thread:
  https://forums.untangle.com/firewall/43115-aliases-2.html#post242118
  Thank You!

• 21 May, '20
  James Alles Merged

  This needs to be combined with the suggestion"Implement IP Address Groups to simplify rule creation"
  
  Policies don't take the place of this functionality.
  please see this forum thread:
  https://forums.untangle.com/firewall/43115-aliases-2.html#post242118

• 21 May, '20
  James Alles Merged

  This needs to be combined with the suggestion"Implement IP Address Groups to simplify rule creation"
  
  Policies don't take the place of this functionality. (Alias)
  please see this forum thread:
  https://forums.untangle.com/firewall/43115-aliases-2.html#post242118

• 22 May, '20
  Armshouse

  This is probably the only feature I've missed coming to Untangle from Sophos XG.

• 27 May, '20
  Admin

  "Objects creation" (suggested by Edwardo Rivera on 2019-08-20), including upvotes (6) and comments (3), was merged into this suggestion.

• 27 May, '20
  Admin

  "aliases and groups" (suggested by ntguru on 2019-01-14), including upvotes (86) and comments (8), was merged into this suggestion.

• 28 May, '20
  Jerry

  With such a powerful product as Untangle it is stupid at best they don't consider this a high priority.
  EVERY product any of us has used in the past 20+ years has it and it is needed more now then ever.
  
  Untangle, please list just TWO of your competing products that doesn't have this ability? Why do you continue to keep you head in the sand on this feature?

• 14 Jun, '20
  Andrew

  Also encountering the lack of aliases while testing Untangle to replace my pfSense implementation. I run a dozen aliases in pfSense, and not being able to easily replicate them in Untangle is a turn-off. Will likely hold off on purchasing a license until that is at least at feature parity with pfSense.

• 15 Jul, '20
  Diedrich

  Couldn't agree more! Aliases made things so easy in OPNsense, I couldn't believe this wasn't a feature when I began testing Untangle.

• 28 Jul, '20
  Alan

  I very much hope this is implemented one day. This makes rules, etc so much to work with on Cisco ASAs, Palos, Fortigates, pfsense, etc.

• 12 Aug, '20
  Islam Nadim

  This is a very helpful feature. In fact, I requested this years ago, since version 10, if I remember correctly.

• 19 Aug, '20
  Andrew

  Still can't believe this hasn't been added yet. I don't know a competing product that doesn't have this functionality.

• 08 Oct, '20
  David

  This feature would be great, that makes untangle a bit more easyer in administration

• 12 Nov, '20
  Rick

  I can't believe I am even asking for this feature, every other modern firewall has this.
  
  If i have 20 DNS Servers I will simply define an object group called [All_DNS_Servers] which contains all 20 IPs or better yet resolvable DNS hostnames and then I simply create a single firewall rules which Permits TCP/UDP 53 to the [All_DNS_Servers] object group in a single ACL/rule. Tomorrow if i replace or add a new DNS server I simply add it to the existing object group, a common task in any enterprise. This minimizes overall changes, mistakes, complexity, rule duplication, overlap, etc.
  
  Unfortunately, the lack of this feature is a major drawback of untangle in its use within any enterprise.

• 01 Feb
  Jerry

  This is a really helpful feature that Untangle should have released years ago.
  A large portion of existing firewalls has supported "ALIASES" for years and are placeholders for real hosts, networks or ports
  
  I'm going to add one more needed feature that I'm not sure other firewalls have but in this Covid world would be helpful for creating every changing IP's of remote worker while creating firewall rules.
  
  Have a Alias Dynamic lookup table that were we create a list of URL's that we know are Dynamic and have this table refresh IP's every X minutes (60 minutes as an example) This would allow us to add something like:
  Alias: Hnetwork URL:HomeNetwork.dyndns.org Current IP: Found by Untangle refreshing this URL to get the real IP every X minutes

• 07 Apr
  Andrew Stafford

  Given the recent fallout due to netgate's handling of the Free BSD wireguard implementation, this is really the only thing holding me back from purchasing an untangle subscription. Any word if this is going to be implemented?

• 22 Jun
  Rafal Stanilewicz

  I went to this portal just to create feature request about this, and fortunately I found this topic... For me, the objects (groups of ips, hosts or l4 ports) are crucial in the rules management.

• 02 Jul
  Bernard

  I've just set up whitelisted IP addresses for AWS. They come from the following JSON file: https://ip-ranges.amazonaws.com/ip-ranges.json
  
  If an 'IP Group' object could be created, this object could be configured ONCE (under Config for example) and used as objects in the Firewall app, Threat prevention, etc.
  
  So, when you select a Source Address or a Destination Address, some conditions could be added to the "is" and "is NOT", such as "is in group" and "is NOT is group", and a dropdown with a group name could allow you to select any number of groups.