Create an Address Object
Create an address object to group IP addresses or specify an FQDN, and then reference the address object in a firewall policy rule, filter, or other function to avoid specifying multiple IP addresses in multiple places.
- Create an address object.
- Select ObjectsAddresses and Add an address object by Name. The name is case-sensitive, must be unique, and can be up to 63 characters (letters, numbers, spaces, hyphens, and underscores).
- Select the Type of address object:
- IP Netmask—Specify a single IPv4 or IPv6 address, an IPv4 network with slash notation, or an IPv6 address and prefix. For example, 192.168.80.0/24 or 2001:db8:123:1::/64. Optionally click Resolve to see the associated FQDN (based on the DNS configuration of the firewall or Panorama). To change the address object type from IP Netmask to FQDN, select the FQDN and click Use this FQDN. The Type changes to FQDN and the FQDN you select appears in the text field.
- IP Range—Specify a range of IPv4 addresses or IPv6 addresses separated by a hyphen. For example, 192.168.40.1-192.168.40.255 or 2001:db8:123:1::1-2001:db8:123:1::22.
- IP Wildcard Mask—Specify an IP wildcard address (IPv4 address followed by a slash and a mask, which must begin with a 0); for example, 10.5.1.1/0.127.248.2. A zero in the mask indicates the bit being compared must match the bit in the IP address that is covered by the zero. A one in the mask (wildcard bit) indicates the bit being compared need not match the bit in the IP address covered by the one.
- FQDN—Specify the domain name. The FQDN initially resolves at commit time. The firewall subsequently refreshes the FQDN based on the time-to-live (TTL) of the FQDN in DNS, as long as the TTL is greater than or equal to the Minimum FQDN Refresh Time you configure (or the default setting of 30 seconds). The FQDN is resolved by the system DNS server or a DNS proxy object, if a proxy is configured. Optionally click Resolve to see the associated IP address (based on the DNS configuration of the firewall or Panorama). To change the address object type from FQDN to IP Netmask, select an IP Netmask and click Use this address. The Type changes to IP Netmask and the IP address you select appears in the text field.
- (Optional) Enter one or more Tags to apply to the address object.
- Click OK.
- Commit your changes.
- View logs filtered by address object, address group,
or wildcard address.
- Select MonitorLogsTraffic, for example, to view traffic logs.
- Select to add a log filter.
- Select the Address attribute, the in Operator, and enter the name of the address object for which you want to view logs. Alternatively, enter an address group name or a wildcard address, such as 10.155.3.4/0.0.240.255.
- Click Apply.
- View a custom report based on an address object.
- Select MonitorManage Custom Reports and select a report that uses a Database such as Traffic Log.
- Select Filter Builder.
- Select an Attribute such as Address, Destination Address or Source Address, select an Operator, and enter the name of the address object for which you want to view the report.
- Use a filter in the ACC to view network activity based
on a source IP address or destination IP address that uses an address
- Select ACCNetwork Activity.
- View the Source IP Activity—For Global Filters, click to add a filter and select one of the following: Address or SourceSource Address or DestinationDestination Address and select an address object.
- View the Destination IP Activity—For Global Filters, click the to add a filter and select one of the following: Address or SourceSource Address or DestinationDestination Address and select an address object.
Objects > Addresses
Objects > Addresses An address object can include either IPv4 or IPv6 addresses (a single IP address, a range of addresses, or a subnet), an ...
An address object is a set of IP addresses that you can manage in one place and then use in multiple firewall policy rules, filters, ...
Wildcard Address Support in Security Policy Rules
Specify an address object that uses a wildcard address (IPv4 address/wildcard mask) as the source or destination of a Security policy rule to control access ...
Enable Clients on the Internal Network to Access your Publi...
Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT) When a user on the internal network sends a request for ...
Configure Destination NAT Using Dynamic IP Addresses
Configure Destination NAT Using Dynamic IP Addresses You can use Destination NAT to translate the original destination address to a destination host or server that ...
Advanced Session Distribution Algorithms for Destination NAT
When a destination NAT address is a dynamic IP address that returns more than one address, select the method the firewall uses to distribute incoming ...
Configure NAT64 for IPv6-Initiated Communication
Configure NAT64 for IPv6-Initiated Communication This configuration task and its addresses correspond to the figures in IPv6-Initiated Communication . Enable IPv6 to operate on the ...
Policy Objects A policy object is a single object or a collective unit that groups discrete identities such as IP addresses, URLs, applications, or users. ...