Create a Source/Destination Address Object

For information on what this object is, see Source or Destination Address Object Parameters. Use the following procedure to create a src/dst address object in Multicloud Defense:

Procedure

Step 1

Navigate to Policies > Security Policies > Addresses.

Step 2

Click Create.

Step 3

Select Src/Dest.

Step 4

Enter a unique Name to identify the address object.

Step 5

(Optional) Enter a description for the object. This may provide context to help differentiate the object from other objects.

Step 6

Select the Object Type. For information on object types and what they are, see Address Objects. Select one of the following types:

  • IP/CIDR/FQDN

  • VPC/VNet ID

  • Security Group

  • Application ID (Azure only)

  • Instance ID

  • Subnet ID

  • User-Defined Tag

  • Geo IP

  • Service End Point (Cloud Service IP)

  • Group

    Note

    If you select Group, you can include a specific IP address or a range of IP addresses to either include or exclude.

Step 7

Depending on which type you selected in step 6, enter the following paramters:

  • Value - Enter a valid IP, CIDR, or FQDN IP address.

  • CSP Account - Use the drop-down menu to select a cloud service provider account that has already connected to the controller.

  • Region - Select the region your cloud service provider is located in.

  • VPC - Use the drop-down menu to select the VPC or VNet. Note that options available may change depending on the cloud service provider account your choose.

  • Subnet - Use the drop-down menu to select the subnet that applies to your VPC or VNet.

  • (Azure only) Resource Group - Use the drop-down menu to select the resource group that is compatible with your selections.

    • Resource Level - Use the drop-down menu to select a value.

    • Resource Tag - Use the drop-down menu to select a keyword as the resource tag.

    • Value - Enter a valid value for the resource group. Note that this is different from the Value entry expected for IP/CIDR/FQDN objects.

  • Geo IP - Use the drop-down menu to select a specific IP that is associated with the gelocation of your choice.

  • X-Forwarded-For Match Enabled - Check this box to allow the gateway to match against XFF HTTP header fields.

  • Address - Select an existing object. This selection determines the group of addresses that

  • Include Addresses - This option is only applicable if you select "Group" as the type in step 6. Enter a specific IP address or a range of IP addresses to include. You can also use any to include all valid addresses.

  • Exclude Addresses - This option is only applicable if you select "Group" as the type in step 6. Enter a specific IP address or a range of IP addresses to exclude. You can also use any to include all valid addresses. Note that there is no validation from the Multicloud Defense Controller for address exclusion.

Step 8

(Optional) Include a Matching Expression. This represent the set of conditions which must be matched for the object to execute.

Step 9

Click Save when complete.