Aliases are awesome. You do want to have them. Period.

Aliases in WatchGuard can stand for an IP address or a range of IP addresses. Those aliases can then be used in firewall rules.

In case you make a change at one of those aliases at a later point, all the rules using this alias will be changed. Especially if you work on a lot of machines with thousands of rules, you definitely do want this.

Go to Setup > Aliases… to manage the aliases on the WatchGuard.

I create a new alias named Gravityzone and use DNS lookup to fill that alias with a buch of IPs related to the BitDefender GravityZone Cloud.

Confirm the creation of the new alias by clicking on ok.

This new alias can now be used in firewall rules. This rule for example gets used to enable clients to talk to the GravityZone, that are not supposed to be able to surf the web.

Just place the following before the deny rule and it works.

Cheers, Ori