Skip to content

IP host

You can see the default and custom IP hosts. Default hosts include internet hosts and system hosts, such as dynamic hosts and interface hosts.

You can add, edit, or delete hosts. You can add IP addresses to an IP host group.

You can create IP hosts using an IP address, IP address range or list, and a network. You can specify these hosts in rules and policies.

The following conditions apply to the default hosts:

  • You can't update or delete system hosts.
  • Sophos Firewall updates the system hosts for cellular WAN and remote access VPN dynamically.
  • You can update the interface hosts on Network > Interfaces.
  • You can update and delete the internet hosts.

System hosts for cellular WAN and remote access VPN

These are dynamic hosts containing the cellular WAN IP address and addresses leased to users who establish remote access VPN connections. Sophos Firewall adds these addresses to the corresponding groups dynamically.

Dynamic hosts Description
##WWAN1 Default IP host created when cellular WAN is turned on. Uses the IP address of the WWAN interface.
##ALL_SSLVPN_RW The firewall dynamically adds the IP addresses it leases to remote access SSL VPN connections when they're established with the Sophos Connect client.
##ALL_IPSEC_RW The firewall dynamically addes the IP addresses it leases to remote access IPsec VPN connections when they're established with the Sophos Connect client.
##ALL_RW The firewall dynamically adds the IP addresses it leases to remote access SSL VPN and IPsec connections when they're established with the Sophos Connect client.

System hosts for interfaces

The IP host list shows the physical interfaces by default, including the ports added using FleXi port modules if any. You can also see the virtual interfaces you create.

The address and subnet mask you assign on Network > Interfaces are shown under Address details. You can only edit these interface hosts on Interfaces.

You can't select physical interfaces for some settings, for example translated source and destination in NAT rules. For these, you can create IP hosts with IP addresses corresponding to the physical interfaces.

Internet IP address ranges

Internet IPv4 hosts, such as Internet IPv4 (1-9), contain the IP address ranges reserved for public IP addresses. These IP hosts are part of the default IP host group, Internet IPv4 group.

If you want to create SD-WAN routes for outgoing internet traffic, we recommend that you select Internet IPv4 group or the corresponding default IP hosts instead of setting the destination networks to Any. See routing settings: internet and internal traffic.

Custom hosts

You create these hosts manually. You must create custom hosts to use in rules and policies.