This video will talk about Firewall/NAT Groups. What are Firewall/NAT Groups? Well, the groups allow you to group networks, addresses, or ports into a single friendly name that you can use to configure the firewall or DNAT/SNAT rules. Even if you don’t have more than one address, network, or port in a group you can still use them to give friendly names to IPs, networks, or ports.

Go ahead and log into your EdgeRouter and click on the Firewall/NAT tab and then the Firewall/NAT Groups tab under that. You can see there are four buttons on that screen. You can view All groups that exist or filter by Address Groups, Network Groups, or Port Groups. We are going to configure a few different groups. We’ll start with an Address group.

The name itself can’t have a space, use the description as a description and keep the name short and sweet, but meaningful.

You can see that we have created the mypc address-group that has a description of “My PC” and it currently has 0 members in the group. We’ll go ahead and add a single PC.

You can click the Add New button if you want to have multiple IPs in this group.

I have an entire network behind the firewall that I want to identify so I can do SNAT and DNAT rules. I’ll use the wan network group to perform SNAT rules down the road.

You can add multiple networks to each group as well. The last group is a port group. We’ll setup a basic port group for UniFi Video.

I added both ports to this group that I want for UniFi Video. We now have our port group configured.

If you have any questions about Firewall/NAT Groups please post them or browse the forum over at

Come back for the next video where we apply these groups to the firewall and SNAT/DNAT rules!

Also, don’t forget to save your rules! I don’t click save on the port rules, but if you don’t, they won’t save!