Objects are configuration elements that policy rules
reference, for example: IP addresses, URL categories, security profiles,
users, services, and applications. Rules of any type (pre-rules, post-rules,
default rules, and rules locally defined on a firewall) and any
rulebase (Security, NAT, QoS, Policy Based Forwarding, Decryption,
Application Override, Captive Portal, and DoS Protection) can reference
objects. You can reuse an object in any number of rules that have
the same scope as that object in the
Device
Group Hierarchy. For example, if you add an object to the
Shared location, all rules in the hierarchy can reference that
shared
object because all device groups inherit objects from Shared.
If you add an object to a particular device group, only the rules
in that device group and its descendant device groups can reference
that
device group object. If object values in a device
group must differ from those inherited from an ancestor device group,
you can Override inherited object values (see Step
Override
inherited object values.). You can also
Revert
to Inherited Object Values at any time. When you
Create
Objects for Use in Shared or Device Group Policy once and
use them many times, you reduce administrative overhead and ensure
consistency across firewall policies.
