Objects > Addresses
An address object can include either IPv4 or IPv6 addresses (a single IP address, a range of addresses, or a subnet) or an FQDN. An address object allows you to reuse that same address or group of addresses as source or destination addresses across all policy rulebases without having to add each address manually for each instance. It is configured using the web interface or CLI and changes require a commit operation to make the object a part of the configuration.
Adda new address object and then specify the following values:
Address Object Settings
Enter a name (up to 63 characters) that describes the addresses you will include as part of this object. This name appears in the address list when defining security policies. The name is case-sensitive, must be unique, and can contain only letters, numbers, spaces, hyphens, and underscores.
Select this option if you want to share this address object with:
Disable override (
Select this option to prevent administrators from overriding the settings of this address object in device groups that inherit this object. By default, this selection is disabled, which means administrators can override the settings for any device group that inherits the object.
Enter a description for the object (up to 255 characters).
Specify an IPv4 or IPv6 address or address range, or an FQDN.
Enter the IPv4 or IPv6 address or IP address range using the following notation:
where the mask is the number of significant binary digits used for the network portion of the address. Ideally, for IPv6, you specify only the network portion, not the host portion.
Enter a range of addresses using the following format:
where both ends of the range are IPv4 addresses or both are IPv6 addresses.
To specify an address using the FQDN, select
FQDNand enter the domain name.
The FQDN initially resolves at commit time. Entries are subsequently refreshed when the firewall performs a check (every 30 minutes) and all changes in the IP address for the entries are picked up during the refresh cycle.
The FQDN is resolved by the system DNS server or a Network > DNS Proxy object, if a proxy is configured.
After selecting the address type and entering an IP address or FQDN, click
Resolveto see the associated FQDN or IP addresses, respectively (based on the DNS configuration of the firewall or Panorama).
You can easily change an address object from an FQDN to an IP Netmask or vice versa. To change from an FQDN to an IP Netmask, click
Resolveto see the IP addresses the FQDN resolves to, then select one and click
Use this address. The address object Type dynamically changes to IP Netmask and the IP address you selected appears in the text field.
Alternatively, to change an address object from an IP Netmask to an FQDN, click
Resolveto see the DNS name that the IP Netmask resolves to, then select the FQDN and click
Use this FQDN. The Type changes to FQDN and the FQDN appears in the text field.
Select or enter the tags that you wish to apply to this address object.
You can define a tag here or use the Objects > Tags tab to create new tags. For information about tags, see Objects > Tags.