Address Objects

An Address object represents a set of one or more IPs, CIDRs or FQDNs for use as a source or destination in a security policy rule set rule, or as a target backend address in a reverse proxy service object, depending on how it is defined. The address object can be configured statically using traditional constructs or dynamically using cloud constructs.

An address object represents a set of one or more IPs, CIDRs or FQDNs within a Source, Destination, or Reverse Proxy Target field within a security policy rule or rule set. You can also define it as a target backend address within a reverse proxy service object. This section focuses on source and destination objects.

These are the general guidelines to follow when you define address objects:

• Initially create address objects using static IP addresses and CIDRs, and confirm proper matching.

• When replacing address objects, use address objects that use dynamic cloud resource (tags, labels) and confirm proper matching.

• Ensure that the private address object includes both RFC 1918 and RFC 6598.

• Ensure that the Internet address object does not include RFC 1918 and RFC 6598.

As of Version 24.04 and later, you can now configure an address object to exclude specific IP addresses or an IP address range.