An address object can include an IPv4 or IPv6 address (single IP, range, subnet) or a FQDN. It allows you to reuse the same object as a source or destination address across all the policy rulebases without having to add it manually each time. It is configured using the web interface or the CLI and a commit operation is required to make the object a part of the configuration.
To define an address object, click Add and fill in the following fields.
New Address Setting Description
Name Enter a name that describes the addresses to be defined (up to 63 characters). This name appears in the address list when defining security policies. The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Shared Select this option if you want the address object to be available to: Every virtual system (vsys) on a multi-vsys firewall. If you clear this selection, the address object will be available only to the Virtual System selected in the Objects tab. Every device group on Panorama. If you clear this selection, the address object will be available only to the Device Group selected in the Objects tab.
Disable override ( Panorama only ) Select this option if you want to prevent administrators from creating local copies of the address in descendant device groups by overriding its inherited values. This selection is cleared by default, which means overriding is enabled.
Description Enter a description for the object (up to 255 characters).
Type Specify an IPv4 or IPv6 address or address range, or FQDN. IP Netmask Enter the IPv4 or IPv6 address or IP address range. The format is ip_address/mask or ip_address where the mask is the number of significant binary digits used for the network portion of the address. IPv4 examples: “192.168.80.150/32” indicates one address, and “192.168.80.0/24” indicates all addresses from 192.168.80.0 through 192.168.80.255. IPv6 examples: “2001:db8:123:1::1” or “2001:db8:123:1::/64” IP Range To specify an address range, select IP Range, and enter a range of addresses. The format is ip_address–ip_address where each address can be IPv4 or IPv6. Example: “2001:db8:123:1::1 - 2001:db8:123:1::22” FQDN To specify an address using the FQDN, select FQDN and enter the domain name. The FQDN initially resolves at commit time. Entries are subsequently refreshed when the firewall performs a check every 30 minutes; all changes in the IP address for the entries are picked up at the refresh cycle The FQDN is resolved by the system DNS server or a Network > DNS Proxy object, if a proxy is configured.
Tags Select or enter the tags that you wish to apply to this address object. You can define a tag here or use the Objects > Tags tab to create new tags. For information on tags, see Objects > Tags.

Related Documentation