Use network objects to reference networks, IPv4 addresses, hostnames, geolocation objects, MAC addresses, or interfaces when you create access rules. MAC address and interface are optional components that are evaluated only when the network object is used in the source of an access rule. For all other uses, these optional parameters are ignored. A network object can also include other existing network objects.
Access rule management is simplified with the use of network objects instead of explicit IP addresses. For example, if an IP address changes, you do not have to edit it in every rule that references it; you only need to change the IP address in the network object. The IP address is then automatically updated for every rule that references the network object.
Network Object Types
A network object can consist of the following:
- Generic IPv4 Network Objects – You can add network addresses of all types. All default network objects are generic IPv4 network objects.
- Single IP Address – A single IP address.
List of IP Addresses – Multiple single IP addresses and/or references to other single IP address objects. For example:
Single Network Address – A single network. For example:
List of Network Addresses – Any combination of multiple networks, IP addresses, and/or references to other network address objects. For example:
Excluded Entries – Specific networks that are excluded from the network object.
Create Network Objects
Create network objects that refer to IP addresses, other network objects, and / or networks. Network objects are re-usable, which means that you can use one object in as many rules as required.
For more information, see How to Create Network Objects.