Objects enable you to construct, schedule, and search for security rules. Think of an
object as a container that groups specific policy filter values—such as IP addresses,
URLs, applications, users, or services—for simplified rule definition. Use them to
define and group entities, settings, or preferences. An address object, for example,
might contain specific IP address definitions for the web and application servers in
your DMZ zone. With policy objects that are a collective unit, you can reference the
object in a Security policy instead of manually selecting multiple objects one at a
time. Typically, when creating a policy object, you group objects that require similar
permissions in policy. For example, if your organization uses a set of server IP
addresses for authenticating users, you can group the set of server IP addresses as an
address
group policy object and reference the address group in the Security policy.
When you update an object definition (or if it can be updated dynamically), the security
rules referencing that object automatically enforce your latest changes. By grouping
objects, you can significantly reduce the administrative overhead in creating
policies.