[PaloAlto] Completely understand the address object settings

Firewall (UTM)

Work environment

  • PA-200
    • Version 8.1.19

Address object setting screen in GUI

Click Objects > Addresses > Add to display the address object setting screen.

Screen when the address type is IP Netmask.

Screen when the address type is IP Range.

Screen when the address type is FQDN.

Address object settings in CLI config

IP Netmask Type

Suppose you set the GUI as shown in the image below.

In this case, the settings added to the CLI config are as follows:

set address IP_Netmask_10.20.30.0_24 ip-netmask 10.20.30.0/24
set address IP_Netmask_10.20.30.0_24 tag Smaple_Tag
set address IP_Netmask_10.20.30.0_24 description Smaple_IP_Netmask

IP Range Type

Suppose you set the GUI as shown in the image below.

In this case, the settings added to the CLI config are as follows:

set address IP_Range_10.100.1.10_to_20 ip-range 10.100.1.10-10.100.1.20
set address IP_Range_10.100.1.10_to_20 description Sample_IP_Range
set address IP_Range_10.100.1.10_to_20 tag Smaple_Tag

FQDN Type

Suppose you set the GUI as shown in the image below.

In this case, the settings added to the CLI config are as follows:

set address FQDN_netowork-knowledge.work fqdn netowork-knowledge.work
set address FQDN_netowork-knowledge.work tag Smaple_Tag
set address FQDN_netowork-knowledge.work description Sample_FQDN

Address group settings in GUI

An address group is an object that is a collection of multiple address objects.

Click Objects > Address Groups > Add to display the address group setting screen.

Screen when the address type is Static.

Screen when the address type is Dynamic.

Address group settings in CLI config

Static Type

Suppose you set the GUI as shown in the image below.

In this case, the settings added to the CLI config are as follows:

set address-group Address_Group01 static [ IP_Netmask_10.20.30.0_24 IP_Range_10.100.1.10_to_20 ]
set address-group Address_Group01 tag Smaple_Tag
set address-group Address_Group01 description Sample_Address_Group01

Dynamic Type

In the Dynamic address group, specify the tag as a match condition. Multiple tags can be concatenated with And or Or.

Suppose you set the GUI as shown in the image below.

In this case, the settings added to the CLI config are as follows:

set address-group Address_Group02 dynamic filter "'Smaple_Tag'"
set address-group Address_Group02 tag Smaple_Tag
set address-group Address_Group02 description Sample_Address_Group02

As shown in the image below, add a tag to Match with OR.

In this case, the settings added to the CLI config are as follows:

set address-group Address_Group02 dynamic filter "'Smaple_Tag' or 'Smaple_Tag' "
set address-group Address_Group02 tag Smaple_Tag
set address-group Address_Group02 description Sample_Address_Group02

References

PAN-OS
PAN-OS®isthesoftwarethatrunsallPaloAltoNetworks®next-generationfirewalls.ByleveragingthethreekeytechnologiesthatarebuiltintoPAN-OSnatively—App-ID,Content-ID,and...
docs.paloaltonetworks.com

Palo Alto Configuration Information Summary
HowtoconfigureastaticrouteCompletelyunderstandtheaddressobjectsettingsCompletelyunderstandtheserviceobjectsettingsSimple...
network-knowledge.work
2021.11.13

スポンサーリンク

Comments

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.

Copied title and URL