Network rule conditions

A network condition is a traffic matching criterion that

controls or decrypts traffic based on source and destination IP addresses using inner packet headers,
enables administrators to specify exact IP addresses or blocks for granular policy enforcement, and
can be built using predefined network objects or by manually entering IP addresses or address blocks.

Network rule condition restrictions

Minimize the number of matching criteria whenever possible, especially those for security zones, network objects, and port objects. When you specify multiple criteria, the system must match against every combination of the contents of the criteria you specify.

Note	You cannot use FDQN network objects in identity rules.