global-ip { ipv4-address [ mask mask-address | ipv4-mask-length ] | range ipv4-start-address ipv4-end-address | address-set address-set-name }
| Parameter | Description | Value |
|---|---|---|
| ipv4-address | Specifies an IPv4 address. | The value is in dotted decimal notation. |
| mask mask-address | Specifies a mask for the IPv4 address. | The value is in dotted decimal notation. For example, 255.255.255.0 indicates that the subnet mask length is 24. |
| ipv4-mask-length | Specifies the mask length of the IPv4 address. | The value is an integer ranging from 1 to 32. |
| range | Indicates the address range. | - |
| ipv4-start-address | Specifies the start address of the IPv4 address range. | The value is in dotted decimal notation. |
| ipv4-end-address | Specifies the end address of the IPv4 address range. | The value is in dotted decimal notation. |
| address-set address-set-name | Specifies the name of an address or address group. | The specified address or address group must already exist. |
When the FW-based policy matching mechanism functions with Source NAT, the source address in a traffic policy must be a private IP address. When the FW policy matching mechanism functions with NAT Server, the destination address in a traffic policy must also be a private IP address. This mechanism applies to common application scenarios, but in some special scenarios, bandwidth must be limited for the public IP addresses after Source NAT or before NAT Server. Therefore, the FW provides such a matching mode in traffic policies, and the configured object is called a public IP address.
You are advised to set specific source/destination public IP addresses in traffic policy rules for accurate matching.