Objects > Addresses
An address object can include either IPv4 or IPv6 addresses (a single
IP address, a range of addresses, or a subnet) or an FQDN. An address
object allows you to reuse that same address or group of addresses as
source or destination addresses across all policy rulebases without
having to add each address manually for each instance. It is configured
using the web interface or CLI and changes require a commit operation
to make the object a part of the configuration.
First
Add
a new address object and then
specify the following values:Address Object Settings | Description |
|---|---|
Name | Enter a name (up to 63 characters) that
describes the addresses you will include as part of this object.
This name appears in the address list when defining security policies.
The name is case-sensitive, must be unique, and can contain only
letters, numbers, spaces, hyphens, and underscores. |
Shared | Select this option if you want to share
this address object with:
|
Disable override ( Panorama only ) | Select this option to prevent administrators
from overriding the settings of this address object in device groups
that inherit this object. By default, this selection is disabled,
which means administrators can override the settings for any device
group that inherits the object. |
Description | Enter a description for the object (up to
255 characters). |
Type | Specify an IPv4 or IPv6 address or address
range, or an FQDN. IP Netmask :Enter
the IPv4 or IPv6 address or IP address range using the following
notation: ip_address / mask or ip_addresswhere
the mask is the number of significant binary digits used for the
network portion of the address. Ideally, for IPv6, you specify only
the network portion, not the host portion. Examples:
IP
Range :Enter a range of addresses using the following
format: where
both ends of the range are IPv4 addresses or both are IPv6 addresses. Example: 2001:db8:123:1::1-2001:db8:123:1::22 FQDN :To
specify an address using the FQDN, select FQDN and
enter the domain name.The FQDN initially resolves at commit
time. Entries are subsequently refreshed when the firewall performs
a check (every 30 minutes) and all changes in the IP address for
the entries are picked up during the refresh cycle. The FQDN
is resolved by the system DNS server or a Network
> DNS Proxy object, if a proxy is configured. |
Resolve | After selecting the address type and entering
an IP address or FQDN, click Resolve to see
the associated FQDN or IP addresses, respectively (based on the
DNS configuration of the firewall or Panorama).You can easily
change an address object from an FQDN to an IP Netmask or vice versa.
To change from an FQDN to an IP Netmask, click Resolve to
see the IP addresses the FQDN resolves to, then select one and click Use
this address . The address object Type dynamically changes
to IP Netmask and the IP address you selected appears in the text
field.Alternatively, to change an address object from an
IP Netmask to an FQDN, click Resolve to see
the DNS name that the IP Netmask resolves to, then select the FQDN
and click Use this FQDN . The Type changes
to FQDN and the FQDN appears in the text field. |
Tags | Select or enter the tags that you wish to
apply to this address object. You can define a tag here or
use the Objects > Tags tab to create new tags. For information about tags,
see Objects
> Tags. |
Recommended For You
Recommended Videos
Recommended videos not found.
