Network Security: Security Policy
  • Network Security: Security Policy
  • Network Security Documentation
  • All Documentation
>
Create an Address Object (Strata Cloud Manager)
Focus
Download PDF
Focus
  1. Home
  2. Network Security
  3. Network Security: Security Policy
  4. Policy Objects
  5. Policy Object: Addresses
  6. Use an Address Object to Represent IP Addresses
  7. Create an Address Object (Strata Cloud Manager)
Download PDF
Network Security

Create an Address Object (Strata Cloud Manager)

Table of Contents
Create an address object to group IP addresses or specify an FQDN, and then reference it in a rule, filter, or other function to avoid specifying multiple IP addresses in places.
  1. Create an address object.
    1. Select ManageNGFW and Prisma AccessObjectsAddressAddresses and Add Address object by Name. The name is case-sensitive, must be unique, and can be up to 63 characters (letters, numbers, spaces, hyphens, and underscores).
    2. (Optional) Give your address object a Description.
    3. Select the Type of address object:
      • IP Netmask—Specify a single IPv4 or IPv6 address, an IPv4 network with slash notation, or an IPv6 address and prefix. For example, 192.168.80.0/24 or 2001:db8:123:1::/64. Optionally, click Resolve to see the associated FQDN (based on the DNS configuration). To change the address object type from IP Netmask to FQDN, select the FQDN and click Use this FQDN. The Type changes to FQDN and the FQDN you select appears in the text field.
      • IP Range—Specify a range of IPv4 addresses or IPv6 addresses separated by a hyphen. For example, 192.168.40.1-192.168.40.255 or 2001:db8:123:1::1-2001:db8:123:1::22.
      • IP Wildcard Mask—Specify an IP wildcard address (IPv4 address followed by a slash and a mask, which must begin with a 0). For example, 10.5.1.1/0.127.248.2. A zero (0) in the mask indicates the bit being compared must match the bit in the IP address that is covered by the zero. A one (1) in the mask (wildcard bit) indicates the bit being compared need not match the bit in the IP address covered by the one.
      • FQDN—Specify the domain name. The FQDN initially resolves at commit time. The FQDN is subsequently refreshed based on the time-to-live (TTL) of the FQDN in DNS, as long as the TTL is greater than or equal to the Minimum FQDN Refresh Time you configure (or the default of 30 seconds). The FQDN is resolved by the system DNS server or a DNS proxy object, if a proxy is configured. Click Resolve to see the associated IP address (based on the DNS configuration). To change the address object type from FQDN to IP Netmask, select an IP Netmask and click Use this address. The Type changes to IP Netmask and the IP address you select appears in the text field.
    4. (Optional) Enter one or more tags to apply to the address object.
    5. Select Save.
  2. Push Config to commit and push your changes.
  3. View logs filtered by address object, address group, or wildcard address.
    1. For example, select Incidents & AlertsLog Viewer Firewall Traffic to view traffic logs.
    2. Query the logs for the address object for which you want to view logs. Alternatively, enter an address group name or a wildcard address, such as 10.155.3.4/0.0.240.255.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.