Objects enable you to construct, schedule, and search for security rules. Think of an object as a container that groups specific policy filter values—such as IP addresses, URLs, applications, users, or services—for simplified rule definition. Use them to define and group entities, settings, or preferences. An address object, for example, might contain specific IP address definitions for the web and application servers in your DMZ zone. With policy objects that are a collective unit, you can reference the object in a Security policy instead of manually selecting multiple objects one at a time. Typically, when creating a policy object, you group objects that require similar permissions in policy. For example, if your organization uses a set of server IP addresses for authenticating users, you can group the set of server IP addresses as an address group policy object and reference the address group in the Security policy. When you update an object definition (or if it can be updated dynamically), the security rules referencing that object automatically enforce your latest changes. By grouping objects, you can significantly reduce the administrative overhead in creating policies.