Addresses Fields
Focus
Focus
Network Security

Addresses Fields

Table of Contents

Addresses Fields

Where Can I Use This?What Do I Need?
  • NGFW (Cloud Managed)
  • NGFW (PAN-OS & Panorama Managed)
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
Check for any license or role requirements for the products you're using.
When you create an Address object, you can configure any or all of the following fields:
Address Object Settings
Description
Name
A name (up to 63 characters) that describes the addresses to include as part of this object. This name appears in the address list when defining security rules. The name is case-sensitive, must be unique, and can contain only letters, numbers, spaces, hyphens, and underscores.
Shared (Panorama only)
Specifies whether this address object will be shared with:
  • Every virtual system (vsys) on a multi-vsys —If this option isn't selected, the address object will be available only to the virtual system that you select.
  • Every device group on Panorama—If you don't select this option, the address object will be available only to the Device Group selected in the Objects tab.
Disable override (Panorama only)
Prevents administrators from overriding the settings of this address object in device groups that inherit this object. By default, this selection is disabled, which means administrators can override the settings for any device group that inherits the object.
Description
Description for the object (up to 1,023 characters).
Type
Type of address object and the entry:
  • IP Netmask—The IPv4 or IPv6 address or IP address range using the following notation: ip_address/mask or ip_address where the mask is the number of significant binary digits used for the network portion of the address. Ideally, for IPv6 addresses, you specify only the network portion, not the host portion. For example:
    • 192.168.80.150/32—Indicates one address.
    • 192.168.80.0/24—Indicates all addresses from 192.168.80.0 through 192.168.80.255.
    • 2001:db8::/32
    • 2001:db8:123:1::/64
  • IP Range—A range of addresses using the following format: ip_address-ip_address where both ends of the range are IPv4 addresses or both are IPv6 addresses. For example: 2001:db8:123:1::1-2001:db8:123:1::22
  • IP Wildcard Mask—An IP wildcard address in the format of an IPv4 address followed by a slash and a mask (which must begin with a zero); for example, 10.182.1.1/0.127.248.0. In the wildcard mask, a zero (0) bit indicates that the bit being compared must match the bit in the IP address that is covered by the 0. A one (1) bit in the mask is a wildcard bit, meaning the bit being compared need not match the bit in the IP address that is covered by the 1. Convert the IP address and the wildcard mask to binary. To illustrate the matching: on binary snippet 0011, a wildcard mask of 1010 results in four matches (0001, 0011, 1001, and 1011).
    You can use an address object of type IP Wildcard Mask only in a Security rule.
  • FQDN—The domain name. The FQDN initially resolves at commit time. An FQDN entry is subsequently refreshed based on the TTL of the FQDN if the TTL is greater than or equal to the Minimum FQDN Refresh Time; otherwise the FQDN entry is refreshed at the Minimum FQDN Refresh Time. The FQDN is resolved by the system DNS server or a DNS proxy object if a proxy is configured.
Resolve
After selecting the address type and entering an IP address or FQDN, click Resolve to see the associated FQDN or IP addresses, respectively (based on the DNS configuration).
You can change an address object from an FQDN to an IP Netmask or vice versa. To change from an FQDN to an IP Netmask, click Resolve to see the IP addresses that the FQDN resolves to, then select one and Use this address. The address object Type dynamically changes to IP Netmask and the IP address you selected appears in the text field.
Alternatively, to change an address object from an IP Netmask to an FQDN, click Resolve to see the DNS name that the IP Netmask resolves to, then select the FQDN and Use this FQDN. The Type changes to FQDN, and the FQDN appears in the text field.
Tags
The tags that you want to apply to this address object. You can define a tag here or use the Tags tab to create new tags.