Address and Service
Address IPv4
You can create address objects to identify IPv4 addresses and subnets that you want to match in the following policy rule bases:
- Global ACL
- Do Not Track
- SPP ACL
- TCP Session Extended Source Address IPv4
Before you begin:
- You must have Read-Write permission for Global Settings.
To configure IPv4 addresses:
- Go to System > Address and Service> Address IPv4.
- Click Add to display the configuration editor.
- Complete the configuration as described in the following table.
- Save the configuration.
|
Setting |
Description |
|---|---|
| Name | Configuration name. Must not contain spaces. |
| Type |
Address Netmask- Create an entry for a subnet using an IP address/mask notation. Address Range - Create an entry for a address range with “Address Range From” and “To” . Geo - Create an entry for an address list belonging to a country or area. |
Note: In the Global ACL for IPv4 addresses, you can add “deny rules” based on specified IP addresses or IP netmask configuration objects; you can add “allow rules” based on IP address configuration objects only.
|
To configure using the CLI: config system address4 edit addr1 set type {ip-netmask|ip-range|geo} set ip-netmask <ip/mask> set ip-max <ip> set ip-min <ip> set country <string> next end |
Address IPv4 Group
Create an address group to include one or more address objects.
To configure IPv4 Address Group:
- Go to System > Address and Service> Address IPv4 Group.
- Click Add to display the configuration editor.
- Complete the configuration and click Save.
|
|
To configure using the CLI: config system addressgrp edit <name> set member-list <address1> <address2> … next end |
Address IPv6
You create address objects to identify IPv6 addresses and subnets that you want to match in the following policy rule bases:
- Global ACL
- Do Not Track
- SPP ACL
Before you begin:
- You must have Read-Write permission for Global Settings.
To configure IPv6 addresses:
- Go to Global System > Address and Service> Address IPv6.
- Click Add to display the configuration editor.
- Complete the configuration and click Save.
|
|
To configure using the CLI: config system addressgrp edit <name> set member-list <address1> <address2> … next end |
Address IPv6 Group
To configure IPv6 Address Group:
- Go to System > Address and Service> Address IPv4 Group.
- Click Add to display the configuration editor.
- Complete the configuration and click Save.
|
|
To configure using the CLI: config system addressgrp6 edit <name> set member-list <address ipv6> <address ipv6> … next end |
Service
You configure service objects to identify the services that you want to match in SPP ACL or Global ACL policies.
Before you begin:
- You must have Read-Write permission for Protection Profile settings.
To configure service objects:
- Go to System > Address and Service> Service.
- View all build-in service.
- Click Add to display the configuration editor.
- Select Protocol type and set protocol ID.
- Complete the configuration and click Save.
|
|
To configure using the CLI: config system service edit <name> set protocol-type {ip|icmp|tcp|udp|tcp-and-udp} set specify-source-port {enable|disable} set source-port-min <0-65535> set source-port-max <0-65535> set destination-port-min <0-65535> set destination-port-max <0-65535> next end |
Service Group
To configure Service Group:
1. Go to System > Address and Service> Service Group.
2. Click Add to display the configuration editor.
3. Complete the configuration and click Save.
|
|
To configure using the CLI: config system servicegrp edit <name> set member-list <service1> <service2> … next end |