Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Creating Addresses and Address Groups

 

Use the Addresses page to create addresses that can be used across all devices managed by Security Director. Addresses are used in firewall, NAT, IPS, and VPN services and apply to corresponding SRX Series devices.

Once you create an address, you can combine it with other addresses to form an address group. Address groups are useful when you want to apply the same policy to multiple devices.

Before You Begin

  • Read the topic.

  • Decide on the type of address object to define: Host, Range, Network, Wildcard, or DNS Host.

  • Review the addresses main page for an understanding of your current data set. See Addresses Main Page Fields for field descriptions.

To create an address object:

  1. Select Configure > Shared Objects > Addresses.
  2. Click Create.
  3. Complete the configuration according to the guidelines provided in Table 1 and Table 2.
  4. Click OK.

A new address or address group with your configurations is created. You can use this object in policies. You can also assign it to a domain; see Assigning Policies and Profiles to Domains.

Table 1: Fields on the Create Addresses Page

Setting

Guideline

Object Type

Select Address or Address Group. If you select Address Group, then the screen changes so you can select the addresses you want to include in your address group. Table 2 describes address group configuration parameters.

Name

Enter a unique name for the address. It must begin with an alphanumeric character and cannot exceed 63 characters. Dashes and underscores are allowed.

Description

Enter a description for your address; maximum length is 1,024 characters. You should make this description as useful as possible for all administrators.

Type

Select a type of address and fill in the corresponding fields. Available types are:

  • Host

    • Host IP—Enter the IPv4 or IPv6 host IP address. For example: 1.2.3.4 or 0:0:0:0:0:FFFF:0102:0304. If you do not know the IP address, you can enter the hostname and click Look up hostname.

    • Hostname—Enter the hostname. It must begin with an alphanumeric character and cannot exceed 63 characters. Dashes and underscores are allowed. If you do not know the host name, you can enter the IP address and click Look up IP address. For example, enter www.company.com and click Look up IP address. Hostname lookup is supported for IPv4 and IPv6 addresses.

  • Range

    • Start Address—Enter a starting IPv4 or IPv6 address for the address range. For example: 10.0.0.0 or 0:0:0:0:0:FFFF:A00:0.

    • End Address—Enter an ending IPv4 or IPv6 address for the address range. The range is validated once you enter the address.

    Note: An address range is configured on managed device(s) as address-set with one or more network address objects covering the specified address range. Security Director supports range address objects in 'mem*' format.

  • Network

    • Network—Enter the network IP address. For example: 10.0.0.0. IPv6 is also supported. For example: 4001:334:244:2255:24a2:244::

    • Subnet Mask—Enter the subnet mask for the network range. For example, IPv4 netmask: 10.0.0.0/24. The subnet mask is validated as you enter it. You should enter the correct subnet mask in accordance with the network value. For example, IPv6 netmask: 4001:334:244:2255:24a2:244:: / 126.

  • Wildcard

    • Network—Enter the network IPv4 or IPv6 address. For example: 1.2.3.4 or 2001:4860:800f::68

    • Wildcard Mask—Enter the wildcard mask for the network range. For example: 0.0.0.255.

  • DNS Host

    • DNS Name—Enter the DNS name. For example: www.example.com. Only alphanumeric characters, dashes, and periods are accepted. This name cannot exceed 69 characters and must end with an alphanumeric character.

    • DNS Type—Select the DNS type as IPv4-only or IPv6-only.

Starting in Security Director Release 18.3R1, while creating an address object, if you enter a duplicate host IP address, address range, network IP address, wildcard mask, or DNS name, then the creation of addresses with duplicate content is based on the shared objects settings in Junos Space Network Management Platform.

By default, you can create duplicate address. If you do not want to allow creation of duplicate addresses in Security Director, go to Network Management Platform and select Administration>Application>Modify Application Settings>Shared Objects. Select the check box to prevent creation of addresses with duplicate content. When any duplicate content is selected in Security Director, an error message is displayed.

Assign Metadata

Select the required metadata from the list to assign to an address object.

Only host and range address types are supported.

When associating the address (host or range) with metadata, you can use only AND operator.

For example: Location = Bengaluru AND Location = Chennai AND Zone = East.

Table 2: Address Group Settings

Setting

Guideline

Object Type

Select Address Group. When you select Address Group, then the screen changes so you can select the addresses you want to include in your address group.

Name

Enter a unique name for the address group. It must begin with an alphanumeric character and cannot exceed 63 characters. Dashes and underscores are allowed.

Description

Enter a description for your address group. You should make this description as useful as possible for all administrators.

Addresses

Select the check box beside each address you want to include in the address group. Click the arrow to move the selected address or addresses from the Available column to the Selected column. Note that you can use the fields at the top of each column to search for addresses.

While address groups are being created, if the selected address groups are already available, then the creation of address groups with duplicate content is based on the shared objects settings in Junos Space Network Management Platform.

By default, you can create duplicate address groups. If you do not want to allow creation of duplicate addresses in Security Director, go to Network Management Platform and select Administration> Application>Modify Application Settings>Shared Objects. Select the check box to prevent creation of address groups with duplicate content. When any duplicate content is selected in Security Director, an error message is displayed.