Network Security
Create an Address Object (PAN-OS & Panorama)
Table of Contents
Expand All
|
Collapse All
Network Security Docs
Create an Address Object (PAN-OS & Panorama)
Create an address object to group IP addresses or specify an FQDN, and then reference
it in a firewall security rule, filter, or other function to avoid specifying multiple IP
addresses in places.
- Create an address object.
- SelectandObjectsAddressesAddan address object byName. The name is case-sensitive, must be unique, and can be up to 63 characters (letters, numbers, spaces, hyphens, and underscores).
- Select theTypeof address object:
- IP Netmask—Specify a single IPv4 or IPv6 address, an IPv4 network with slash notation, or an IPv6 address and prefix. For example, 192.168.80.0/24 or 2001:db8:123:1::/64. Optionally, clickResolveto see the associated FQDN (based on the DNS configuration of the firewall or Panorama). To change the address object type fromIP NetmasktoFQDN, select the FQDN and clickUse this FQDN. TheTypechanges toFQDNand the FQDN you select appears in the text field.
- IP Range—Specify a range of IPv4 addresses or IPv6 addresses separated by a hyphen. For example, 192.168.40.1-192.168.40.255 or 2001:db8:123:1::1-2001:db8:123:1::22.
- IP Wildcard Mask—Specify an IP wildcard address (IPv4 address followed by a slash and a mask, which must begin with a 0). For example, 10.5.1.1/0.127.248.2. A zero (0) in the mask indicates the bit being compared must match the bit in the IP address that is covered by the zero. A one (1) in the mask (wildcard bit) indicates the bit being compared need not match the bit in the IP address covered by the one.
- FQDN—Specify the domain name. The FQDN initially resolves at commit time. The firewall subsequently refreshes the FQDN based on the time-to-live (TTL) of the FQDN in DNS, as long as the TTL is greater than or equal to theMinimum FQDN Refresh Timeyou configure (or the default of 30 seconds). The FQDN is resolved by the system DNS server or a DNS proxy object, if a proxy is configured. ClickResolveto see the associated IP address (based on the DNS configuration of the firewall or Panorama). To change the address object type from FQDN to IP Netmask, select an IP Netmask and clickUse this address. TheTypechanges toIP Netmaskand the IP address you select appears in the text field.
- (Optional) Enter one or more tags to apply to the address object.
- ClickOK.
- Commityour changes.
- View logs filtered by address object, address group, or wildcard address.
- For example, selectto view traffic logs.MonitorLogsTraffic
- Select
- Select theAddressattribute, theinOperator, and enter the name of the address object for which you want to view logs. Alternatively, enter an address group name or a wildcard address, such as 10.155.3.4/0.0.240.255.
- ClickApply.
- View a custom report based on an address object.
- Selectand select a report that uses a Database such as Traffic Log.MonitorManage Custom Reports
- SelectFilter Builder.
- Select an Attribute such asAddress,Destination AddressorSource Address, select an Operator, and enter the name of the address object for which you want to view the report.
- Use a filter in the ACC to view network activity based on a source IP address or destination IP address that uses an address object.
- Select.ACCNetwork Activity
- View theSource IP Activity—For Global Filters, clickAddressororSourceSource Addressand select an address object.DestinationDestination Address
- View theDestination IP Activity—For Global Filters, clickAddressororSourceSource Addressand select an address object.DestinationDestination Address