Objects > Addresses
An address object can include an IPv4 or IPv6 address (single IP, range, subnet) or a FQDN. It allows you to reuse the same object as a source or destination address across all the policy rulebases without having to add it manually each time. It is configured using the web interface or the CLI and a commit operation is required to make the object a part of the configuration.
To define an address object, click Add and fill in the following fields:
Address Object Settings
Enter a name that describes the addresses to be defined (up to 63 characters). This name appears in the address list when defining security policies. The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Select this option if you want the address object to be available to:
Disable override (Panorama only)
Select this option to prevent administrators from overriding the settings of this address object in device groups that inherit the object. This selection is cleared by default, which means administrators can override the settings for any device group that inherits the object.
Enter a description for the object (up to 255 characters).
Specify an IPv4 or IPv6 address or address range, or an FQDN.
Enter the IPv4 or IPv6 address or IP address range using the following notation: ip_address/maskorip_address
where the mask is the number of significant binary digits used for the network portion of the address. Ideally, for IPv6, you specify only the network portion, not the host portion.
Enter a range of addresses using the following format:
where both addresses can be IPv4 or both can be IPv6.
To specify an address using the FQDN, select FQDN and enter the domain name.
The FQDN initially resolves at commit time. Entries are subsequently refreshed when the firewall performs a check every 30 minutes; all changes in the IP address for the entries are picked up at the refresh cycle
The FQDN is resolved by the system DNS server or a Network > DNS Proxy object, if a proxy is configured.
After selecting the address object type and entering an IP address or FQDN, click Resolve to see the associated FQDN or IP addresses, respectively (based on the DNS configuration of the firewall or Panorama).
Select or enter the tags that you wish to apply to this address object.
You can define a tag here or use the Objects > Tags tab to create new tags. For information on tags, see Objects > Tags.
Create Objects for Use in Shared or Device Group Policy
Create Objects for Use in Shared or Device Group Policy You can use an object in any policy rule that is in the Shared location, ...
Objects > Address Groups
Objects > Address Groups To simplify the creation of security policies, addresses that require the same security settings can be combined into address groups. An ...
Create and Apply Tags
Create and Apply Tags Create tags. To tag a zone, you must create a tag with the same name as the zone. When the zone ...
Policy Objects A policy object is a single object or a collective unit that groups discrete identities such as IP addresses, URLs, applications, or users. ...
Layer 3 Subinterface
Layer 3 Subinterface Network > Interfaces > Ethernet For each Ethernet port configured as a physical Layer 3 interface, you can define additional logical Layer ...
Use Tags to Group and Visually Distinguish Objects
Use Tags to Group and Visually Distinguish Objects You can tag objects to group related items and add color to the tag in order to ...
Create Tags Select Objects Tags to create a tag, assign a color, delete, rename, and clone tags. Each object can have up to 64 tags; ...
Objects > External Dynamic Lists
Objects > External Dynamic Lists An external dynamic list is an address object based on an imported list of IP addresses, URLs, or domain names ...
Network > Interfaces > VLAN
Network > Interfaces > VLAN A VLAN interface can provide routing into a Layer 3 network (IPv4 and IPv6). You can add one or more ...