Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create Addresses or Address Groups

Use the Addresses page to create addresses and address groups. Addresses and address groups are used in firewall and NAT services. After you create an address, you can combine it with other addresses to form an address group. Address groups are useful when you want to apply the same policy to multiple services.

To create an address or address group:

  1. Select Shared Services > Objects > Addresses.

    The Addresses page appears.

  2. Click the add icon (+).

    The Create Addresses page appears.

  3. Complete the configuration according to the guidelines provided in Table 1 and Table 2.
  4. Click OK to save the changes. If you want to discard your changes, click Cancel instead.

    A new address or address group with your configurations is created. You can use this object in firewall or NAT policies.

    Table 1: Fields on the Create Addresses Page

    Field

    Description

    Name

    Enter a unique name for the address. The name must begin with an alphanumeric character and can contain alphanumeric characters and some special characters (colons, hyphens, forward slashes, periods, and underscores). The maximum length is 63characters.

    Description

    Enter a description for your address. The description can contain alphanumeric characters and special characters (excluding ampersand, lesser than (<) and greater than (>), and newline (\n)). The maximum length is 900 characters.

    You should make this description as useful as possible for all administrators.

    Object Type

    Select Address or Address Group. If you select Address Group, then the screen changes so you can select the addresses you want to include in your address group. Table 2 describes address group configuration parameters.

    Type

    Select a type of address and fill in the corresponding fields. Available types are:

    • Host

      • Host IP—Enter the IPv4 host IP address. For example: 192.0.2.0. If you do not know the IP address, you can enter the hostname and click Look up hostname.

      • Hostname—Enter the hostname. It must begin with an alphanumeric character and cannot exceed 63 characters. Dashes and underscores are allowed. If you do not know the host name, you can enter the IP address and click Look up IP address. For example, enter www.company.com and click Look up IP address. Hostname lookup is supported for IPv4 addresses.

    • Range

      • Start Address—Enter a starting IPv4 address along with the classless inter-domain routing (CIDR) for the address range. For example: 192.0.2.0/24.

      • End Address—Enter an ending IPv4 address for the address range. The range is validated after you enter the address.

      Note:

      An address range is configured on a managed device as an address set with one or more network address objects covering the specified address range.

    • Network

      • Network—Enter the network IP address. For example: 192.0.2.0. IPv6 is also supported. For example: 2001:db8:4136:e378:8000:63bf:3fff:fdd2.

      • Subnet Mask—Enter the subnet mask for the network range. For example, IPv4 netmask: 192.0.2.0/24. IPv6 prefix: 2001:db8::/32 The subnet mask is validated as you enter it. You must enter the correct subnet mask in accordance with the network value.

    • DNS Host

      • DNS Name—Enter the DNS name. For example: company.com. Only alphanumeric characters, dashes, and periods are accepted. This name cannot exceed 63 characters in length, and must end with an alphanumeric character.

      • DNS Type—Select the DNS type as IPv4-only or IPv6-only.

    • Variable

      • Default address—This default address is replaced with the mapped device-specific address when applied to the group firewall policy.

      • Variable address—Steps to add the variable address:

        1. Click the add icon (+). Create variable page appears.
        2. Select the check box beside each device to which you want to map this variable address. Click the arrow to move the selected device or devices from the Available column to the Selected column. Only devices from the current and child domain are listed. You can use the fields at the top of each column to search for listed devices.
        3. Select a predefined address by clicking anywhere within this field and choosing an address from the Select Address window. The default address is replaced by this device-specific address when applied to a policy that includes the selected device or device
        4. Click OK. A new variable with your configurations is created. You can use this variable address in policies. See Select a Security Policy Rule Source and Select a Security Policy Rule Destination
          Note:

          Variables addresses are used in group policies only. Variable addresses are not applicable to device policies.

    Table 2: Address Group Settings

    Field

    Description

    Name

    Enter a unique name for the address group that must begin with an alphanumeric character. The name can contain alphanumeric characters and some special characters (colons, hyphens, forward slashes, periods, and underscores). The maximum length is 63-character.

    Description

    Enter a description for your address. The description can contain alphanumeric characters and special characters (excluding ampersand, lesser than (<) and greater than (>), and newline (\n)). The maximum length is 900 characters.

    You should make this description as useful as possible for all administrators.

    Object Type

    Select Address or Address Group. If you select Address Group, then the screen changes so you can select the addresses you want to include in your address group.

    Addresses

    Select the check box beside each address you want to include in the address group. Click the greater-than icon (>) to move the selected address or addresses from the Available column to the Selected column. Note that you can use the fields at the top of each column to search for addresses.