You can see the default and custom IP hosts. Default hosts include internet hosts and system hosts, such as dynamic hosts and interface hosts.
You can add, edit, or delete hosts. You can add IP addresses to an IP host group.
You can create IP hosts using an IP address, IP address range or list, and a network. You can specify these hosts in rules and policies.
The following conditions apply to the default hosts:
- You can't update or delete system hosts.
- Sophos Firewall updates the system hosts for cellular WAN and remote access VPN dynamically.
- You can update the interface hosts on Network > Interfaces.
- You can update and delete the internet hosts.
System hosts for cellular WAN and remote access VPN
These are dynamic hosts containing the cellular WAN IP address and addresses leased to users who establish remote access VPN connections. Sophos Firewall adds these addresses to the corresponding groups dynamically.
|Default IP host created when cellular WAN is turned on. Uses the IP address of the WWAN interface.
|The firewall dynamically adds the IP addresses it leases to remote access SSL VPN connections when they're established with the Sophos Connect client.
|The firewall dynamically addes the IP addresses it leases to remote access IPsec VPN connections when they're established with the Sophos Connect client.
|The firewall dynamically adds the IP addresses it leases to remote access SSL VPN and IPsec connections when they're established with the Sophos Connect client.
System hosts for interfaces
The IP host list shows the physical interfaces by default, including the ports added using FleXi port modules if any. You can also see the virtual interfaces you create.
The address and subnet mask you assign on Network > Interfaces are shown under Address details. You can only edit these interface hosts on Interfaces.
You can't select physical interfaces for some settings, for example translated source and destination in NAT rules. For these, you can create IP hosts with IP addresses corresponding to the physical interfaces.
Internet IP address ranges
Internet IPv4 hosts, such as Internet IPv4 (1-9), contain the IP address ranges reserved for public IP addresses. These IP hosts are part of the default IP host group, Internet IPv4 group.
If you want to create SD-WAN routes for outgoing internet traffic, we recommend that you select Internet IPv4 group or the corresponding default IP hosts instead of setting the destination networks to Any. See routing settings: internet and internal traffic.
You create these hosts manually. You must create custom hosts to use in rules and policies.