Network Security
Use an Address Object to Represent IP Addresses
Table of Contents
Expand All
|
Collapse All
Network Security Docs
Use an Address Object to Represent IP Addresses
An address object can group one or more IP addresses in one or more security rules,
filters, or other functions.
Address objects streamline the process of defining, organizing, and managing IP
addresses, enabling efficient configuration of policies. They serve as placeholders
for IP addresses or ranges of IP addresses, simplifying policy creation and
maintenance. Instead of manually entering individual IPs repeatedly across various
rules, an administrator can create an address object with a meaningful name and the
associated IP address or range. This consolidation enhances the clarity and
manageability of policies.
Create an address object to group IP addresses or to specify an FQDN, and then
reference the address object in a security rule, filter, or other function to avoid
having to individually specify multiple IP addresses in the rule, filter, or other
function.
Once you’ve established an address object, you can seamlessly integrate it into
policies. Within security rules, you can refer to the address object by its designated
name, eliminating the need to input specific IP addresses. You can also reference
the same address object in multiple security rules, filters, or other functions
without needing to specify the same individual addresses in each use. For example,
you can create an address object that specifies an IPv4 address range and then
reference the address object in a Security rule, a NAT security rule, and a
custom report log filter. This level of abstraction enhances policy readability and
simplifies updates since changes to the address object automatically propagate
across all security rules using it.
Swiftly adjust security rules to accommodate evolving network requirements by modifying
the address object, ensuring consistency and accuracy across the network's security
posture.
Create an Address Object
Address
Objects represent one or more IP addresses and then reference the
address objects in one or more security rules, filters, or other functions. If you
want to change the set of addresses, you change an address object once rather
than change multiple security rules or filters, which reduces your operational
overhead.
Create an address object to group IP addresses or to specify an FQDN, and then
reference the address object in a security rule, filter, or other function to
avoid having to individually specify multiple IP addresses in the rule, filter,
or other function. You can reference the same address object in multiple policy
rules, filters, or other functions without needing to specify the same
individual addresses in each use. For example, you can create an address object
that specifies an IPv4 address range and then reference the address object in a
Security rule, a NAT security rule, and a custom report log filter. You
create an address object using the web interface or CLI. Changes require a
commit operation to make the object a part of the configuration.
After you create an address object:
- You can reference an address object of type IP Netmask, IP Range, or FQDN in a security rule for Security, Authentication, NAT, NAT64, Decryption, DoS Protection, Policy-Based Forwarding (PBF), QoS, Application Override, or Tunnel Inspection; or in a NAT address pool, VPN tunnel, path monitoring, External Dynamic List, Reconnaissance Protection, ACC global filter, log filter, or custom report log filter.
- You can reference an address object of type IP Wildcard Mask only in a Security rule.
Follow these steps to get started.
Create an Address Object (Strata Cloud Manager)
Create an address object to group IP addresses or specify an FQDN, and then reference
it in a rule, filter, or other function to avoid specifying multiple IP addresses in
places.
- Create an address object.
- Select ManageNGFW and Prisma AccessObjectsAddressAddresses and Add Address object by Name. The name is case-sensitive, must be unique, and can be up to 63 characters (letters, numbers, spaces, hyphens, and underscores).(Optional) Give your address object a Description.Select the Type of address object:
- IP Netmask—Specify a single IPv4 or IPv6 address, an IPv4 network with slash notation, or an IPv6 address and prefix. For example, 192.168.80.0/24 or 2001:db8:123:1::/64. Optionally, click Resolve to see the associated FQDN (based on the DNS configuration). To change the address object type from IP Netmask to FQDN, select the FQDN and click Use this FQDN. The Type changes to FQDN and the FQDN you select appears in the text field.
- IP Range—Specify a range of IPv4 addresses or IPv6 addresses separated by a hyphen. For example, 192.168.40.1-192.168.40.255 or 2001:db8:123:1::1-2001:db8:123:1::22.
- IP Wildcard Mask—Specify an IP wildcard address (IPv4 address followed by a slash and a mask, which must begin with a 0). For example, 10.5.1.1/0.127.248.2. A zero (0) in the mask indicates the bit being compared must match the bit in the IP address that is covered by the zero. A one (1) in the mask (wildcard bit) indicates the bit being compared need not match the bit in the IP address covered by the one.
- FQDN—Specify the domain name. The FQDN initially resolves at commit time. The FQDN is subsequently refreshed based on the time-to-live (TTL) of the FQDN in DNS, as long as the TTL is greater than or equal to the Minimum FQDN Refresh Time you configure (or the default of 30 seconds). The FQDN is resolved by the system DNS server or a DNS proxy object, if a proxy is configured. Click Resolve to see the associated IP address (based on the DNS configuration). To change the address object type from FQDN to IP Netmask, select an IP Netmask and click Use this address. The Type changes to IP Netmask and the IP address you select appears in the text field.
(Optional) Enter one or more tags to apply to the address object.Select Save.Push Config to commit and push your changes.View logs filtered by address object, address group, or wildcard address.- For example, select Incidents & AlertsLog Viewer Firewall Traffic to view traffic logs.Query the logs for the address object for which you want to view logs. Alternatively, enter an address group name or a wildcard address, such as 10.155.3.4/0.0.240.255.
Create an Address Object (PAN-OS & Panorama)
Create an address object to group IP addresses or specify an FQDN, and then reference it in a firewall security rule, filter, or other function to avoid specifying multiple IP addresses in places.- Create an address object.
- Select ObjectsAddresses and Add an address object by Name. The name is case-sensitive, must be unique, and can be up to 63 characters (letters, numbers, spaces, hyphens, and underscores).Select the Type of address object:
- IP Netmask—Specify a single IPv4 or IPv6 address, an IPv4 network with slash notation, or an IPv6 address and prefix. For example, 192.168.80.0/24 or 2001:db8:123:1::/64. Optionally, click Resolve to see the associated FQDN (based on the DNS configuration of the firewall or Panorama). To change the address object type from IP Netmask to FQDN, select the FQDN and click Use this FQDN. The Type changes to FQDN and the FQDN you select appears in the text field.
- IP Range—Specify a range of IPv4 addresses or IPv6 addresses separated by a hyphen. For example, 192.168.40.1-192.168.40.255 or 2001:db8:123:1::1-2001:db8:123:1::22.
- IP Wildcard Mask—Specify an IP wildcard address (IPv4 address followed by a slash and a mask, which must begin with a 0). For example, 10.5.1.1/0.127.248.2. A zero (0) in the mask indicates the bit being compared must match the bit in the IP address that is covered by the zero. A one (1) in the mask (wildcard bit) indicates the bit being compared need not match the bit in the IP address covered by the one.
- FQDN—Specify the domain name. The FQDN initially resolves at commit time. The firewall subsequently refreshes the FQDN based on the time-to-live (TTL) of the FQDN in DNS, as long as the TTL is greater than or equal to the Minimum FQDN Refresh Time you configure (or the default of 30 seconds). The FQDN is resolved by the system DNS server or a DNS proxy object, if a proxy is configured. Click Resolve to see the associated IP address (based on the DNS configuration of the firewall or Panorama). To change the address object type from FQDN to IP Netmask, select an IP Netmask and click Use this address. The Type changes to IP Netmask and the IP address you select appears in the text field.
(Optional) Enter one or more tags to apply to the address object.Click OK.Commit your changes.View logs filtered by address object, address group, or wildcard address.- For example, select MonitorLogsTraffic to view traffic logs.SelectSelect the Address attribute, the in Operator, and enter the name of the address object for which you want to view logs. Alternatively, enter an address group name or a wildcard address, such as 10.155.3.4/0.0.240.255.Click Apply.View a custom report based on an address object.
- Select MonitorManage Custom Reports and select a report that uses a Database such as Traffic Log.Select Filter Builder.Select an Attribute such as Address, Destination Address or Source Address, select an Operator, and enter the name of the address object for which you want to view the report.Use a filter in the ACC to view network activity based on a source IP address or destination IP address that uses an address object.
- Select ACCNetwork Activity.View the Source IP Activity—For Global Filters, clickView the Destination IP Activity—For Global Filters, click