Objects > Addresses

An address object can include either IPv4 or IPv6 addresses (a single IP address, a range of addresses, or a subnet) or an FQDN. An address object allows you to reuse that same address or group of addresses as source or destination addresses across all policy rulebases without having to add each address manually for each instance. It is configured using the web interface or CLI and changes require a commit operation to make the object a part of the configuration.
First
Add
a new address object and then specify the following values:
Address Object Settings
Description
Name
Enter a name (up to 63 characters) that describes the addresses you will include as part of this object. This name appears in the address list when defining security policies. The name is case-sensitive, must be unique, and can contain only letters, numbers, spaces, hyphens, and underscores.
Shared
Select this option if you want to share this address object with:
  • Every virtual system (vsys) on a multi-vsys firewall
    —If you do not select this option, the address object will be available only to the
    Virtual System
    selected in the
    Objects
    tab.
  • Every device group on Panorama
    —If you do not select this option, the address object will be available only to the
    Device Group
    selected in the
    Objects
    tab.
Disable override (
Panorama only
)
Select this option to prevent administrators from overriding the settings of this address object in device groups that inherit this object. By default, this selection is disabled, which means administrators can override the settings for any device group that inherits the object.
Description
Enter a description for the object (up to 255 characters).
Type
Specify an IPv4 or IPv6 address or address range, or an FQDN.
IP Netmask
:
Enter the IPv4 or IPv6 address or IP address range using the following notation:
ip_address
/
mask
or
ip_address
where the mask is the number of significant binary digits used for the network portion of the address. Ideally, for IPv6, you specify only the network portion, not the host portion.
Examples:
  • 192.168.80.150/32
    —Indicates one address.
  • 192.168.80.0/24
    —Indicates all addresses from 192.168.80.0 through 192.168.80.255.
  • 2001:db8::/32
  • 2001:db8:123:1::/64
IP Range
:
Enter a range of addresses using the following format:
ip_address
-
ip_address
where both ends of the range are IPv4 addresses or both are IPv6 addresses.
Example:
2001:db8:123:1::1-2001:db8:123:1::22
FQDN
:
To specify an address using the FQDN, select
FQDN
and enter the domain name.
The FQDN initially resolves at commit time. Entries are subsequently refreshed when the firewall performs a check (every 30 minutes) and all changes in the IP address for the entries are picked up during the refresh cycle.
The FQDN is resolved by the system DNS server or a Network > DNS Proxy object, if a proxy is configured.
Resolve
After selecting the address type and entering an IP address or FQDN, click
Resolve
to see the associated FQDN or IP addresses, respectively (based on the DNS configuration of the firewall or Panorama).
You can easily change an address object from an FQDN to an IP Netmask or vice versa. To change from an FQDN to an IP Netmask, click
Resolve
to see the IP addresses the FQDN resolves to, then select one and click
Use this address
. The address object Type dynamically changes to IP Netmask and the IP address you selected appears in the text field.
Alternatively, to change an address object from an IP Netmask to an FQDN, click
Resolve
to see the DNS name that the IP Netmask resolves to, then select the FQDN and click
Use this FQDN
. The Type changes to FQDN and the FQDN appears in the text field.
Tags
Select or enter the tags that you wish to apply to this address object.
You can define a tag here or use the Objects > Tags tab to create new tags. For information about tags, see Objects > Tags.

Related Documentation