Create an Address Object

1. Create an address object.
   1. Select ObjectsAddresses and Add an address object by Name. The name is case-sensitive, must be unique, and can be up to 63 characters (letters, numbers, spaces, hyphens, and underscores).
   2. Select the Type of address object:
      • IP Netmask—Specify a single IPv4 or IPv6 address, an IPv4 network with slash notation, or an IPv6 address and prefix. For example, 192.168.80.0/24 or 2001:db8:123:1::/64. Optionally, click Resolve to see the associated FQDN (based on the DNS configuration of the firewall or Panorama). To change the address object type from IP Netmask to FQDN, select the FQDN and click Use this FQDN. The Type changes to FQDN and the FQDN you select appears in the text field.
      • IP Range—Specify a range of IPv4 addresses or IPv6 addresses separated by a hyphen. For example, 192.168.40.1-192.168.40.255 or 2001:db8:123:1::1-2001:db8:123:1::22.
      • IP Wildcard Mask—Specify an IP wildcard address (IPv4 address followed by a slash and a mask, which must begin with a 0). For example, 10.5.1.1/0.127.248.2. A zero (0) in the mask indicates the bit being compared must match the bit in the IP address that is covered by the zero. A one (1) in the mask (wildcard bit) indicates the bit being compared need not match the bit in the IP address covered by the one.
      • FQDN—Specify the domain name. The FQDN initially resolves at commit time. The firewall subsequently refreshes the FQDN based on the time-to-live (TTL) of the FQDN in DNS, as long as the TTL is greater than or equal to the Minimum FQDN Refresh Time you configure (or the default of 30 seconds). The FQDN is resolved by the system DNS server or a DNS proxy object, if a proxy is configured. Click Resolve to see the associated IP address (based on the DNS configuration of the firewall or Panorama). To change the address object type from FQDN to IP Netmask, select an IP Netmask and click Use this address. The Type changes to IP Netmask and the IP address you select appears in the text field.
   3. (Optional) Enter one or more Use Tags to Group and Visually Distinguish Objects to apply to the address object.
   4. Click OK.
2. Commit your changes.
3. View logs filtered by address object, address group, or wildcard address.
   1. For example, select MonitorLogsTraffic to view traffic logs.
   2. Select
      to add a log filter.
   3. Select the Address attribute, the in Operator, and enter the name of the address object for which you want to view logs. Alternatively, enter an address group name or a wildcard address, such as 10.155.3.4/0.0.240.255.
   4. Click Apply.
4. View a custom report based on an address object.
   1. Select MonitorManage Custom Reports and select a report that uses a Database such as Traffic Log.
   2. Select Filter Builder.
   3. Select an Attribute such as Address, Destination Address or Source Address, select an Operator, and enter the name of the address object for which you want to view the report.
5. Use a filter in the ACC to view network activity based on a source IP address or destination IP address that uses an address object.
   1. Select ACCNetwork Activity.
   2. View the Source IP Activity—For Global Filters, click
      to add a filter and select one of the following: Address or SourceSource Address or DestinationDestination Address and select an address object.
   3. View the Destination IP Activity—For Global Filters, click the
      to add a filter and select one of the following: Address or SourceSource Address or DestinationDestination Address and select an address object.