Create an ASA Network Object

A network object can contain a host name, a network IP address, a range of IP addresses, a fully qualified domain name (FQDN), or a subnetwork expressed in CIDR notation. Network objects are used in access rules, network policies, and NAT rules. You can create, update, and delete network objects and network groups using Security Cloud Control.

Note

If cloud-delivered Firewall Management Center is deployed on your tenant:

When you create an FTD, FDM, or ASA network object or group on the Objects page, a copy of the object is automatically added to the cloud-delivered Firewall Management Center and vice-versa. In addition, an entry is created in the Devices with Pending Changes page for each on-premises management center with Discover & Manage Network Objects enabled, from which you can choose and deploy the objects to the on-premises management center on which you want these objects.

Procedure


Step 1

In the left pane, click Objects.

Step 2

Click the blue plus button to create an object.

Step 3

Click ASA > Network.

Step 4

Enter an object name.

Step 5

Select Create a network object.

Step 6

(optional) Enter an object description.

Step 7

In the Value section, add the IP address information in one of these ways:

  • Select eq and then enter a single IP address, a subnet address using CIDR notation, or a Partially Qualified Domain Name (PQDN).

  • Select range and then enter a range of IP addresses. Enter the range with the beginning and ending address in the range separated by a space. For example, 10.1.1.1 10.1.1.255 or 2001:DB8:1::1 2001:DB8:1::3

Step 8

Click Add.

Important

The newly created network objects aren't associated with any ASA device as they aren't part of any rule or policy. To see these objects, select the Unassociated objects category in object filters. For more information, see Object Filters. Once you use the unassociated objects in a device's rule or policy, such objects are associated with that device.