You can now use an address object, which can include an IPv4 or IPv6 address (a single IP address, range, or subnet) or an FQDN when you configure any of the following network settings in a GlobalProtect gateway client configuration.
IP address pools—Support address objects that define a single IP address, range of IP addresses, or IP netmask.
Access routes—Support address objects that define a single IP address or IP netmask.
You can also define address objects in Panorama and deploy them with GlobalProtect settings to gateway devices.
Configure Address Objects in a GlobalProtect Gateway Client Configuration
Create an address object or, if managing multiple firewalls using Panorama, create a shared or device group object.
Select
Objects
>
Addresses.
(
Panorama device groups only
) To create a device group object, select the appropriate device group from the Device Group drop-down.
Add
a new object and then enter a
Name
to identify it.
Select
Shared
if you want the address object to be available for use elsewhere:
In every virtual system (vsys) on a multi-vsys firewall—if you clear the
Shared
option, the address object will be available only to the
Virtual System
selected in the
Objects
tab.
In every device group on Panorama—if you clear the
Shared
option, the address object will be available only to the
Device Group
selected in the
Objects
tab.
(
Panorama only
)
Disable Override
if you want to prevent administrators from creating local copies of the address in descendant device groups by overriding its inherited values.
Disable Override
is cleared by default, which means overriding is enabled.
(
Optional
) Enter a description for the object (up to 255 characters).
Select the
Type
of address object (
IP Netmask,
IP Range, or
FQDN) and the associated value. For example, select
IP Range
and enter the IP address range.
(
Optional
) Select a one or more tags to group your object with other objects that share keywords or phrases.
Click
OK
and
Commit.
(
Panorama only
) To commit a shared object, you must also select
Panorama
for the
Commit Type
and click
Commit
again. To commit a device group object, click
Commit
and then, for the
Commit Type,
select
Device Group, select the device group to which you added the object, and click
Commit
again.
Configure a GlobalProtect Gateway (either an existing configuration or a new one) and then, for a tunnel interface, use the address object for an IP address pool or access route.
Select
Network
>
GlobalProtect
>
Gateways
and then select an existing gateway configuration or
Add
a new one.
Select
Agent
>
Client Settings
and then select an existing client configuration or
Add
a new one.
(
New
) On the
Network Settings
tab,
Add
the address object to the
IP Pool
or
Access Route, as needed, by selecting it from the drop-down.
Click
OK
twice.
Commit
your changes.
