Create an ASA Network Group

A network group can contain IP address values, network objects, and network groups. When you are creating a new network group, you can search for existing objects by their name, IP addresses, IP address range, or FQDN and add them to the network group. If the object isn't present, you can instantly create that object in the same interface and add it to the network group. Network groups can contain both IPv4 and IPv6 addresses.

Note

If cloud-delivered Firewall Management Center is deployed on your tenant:

When you create an FTD, FDM, or ASA network object or group on the Objects page, a copy of the object is automatically added to the cloud-delivered Firewall Management Center and vice-versa. In addition, an entry is created in the Devices with Pending Changes page for each on-premises management center with Discover & Manage Network Objects enabled, from which you can choose and deploy the objects to the on-premises management center on which you want these objects.

Procedure

Step 1

In the left pane, click Objects.

Step 2

Click the blue plus button to create an object.

Step 3

Click ASA > Network.

Step 4

Enter an Object Name.

Step 5

Select Create a network group.

Step 6

(optional) Enter an object description.

Step 7

In the Values field, enter a value or object name. When you start typing, Security Cloud Control provides object names or values that match your entry.

Step 8

You can choose one of the existing objects shown or create a new one based on the name or value that you have entered.

Step 9

If Security Cloud Control finds a match, to choose an existing object, click Add to add the network object or network group to the new network group.

Step 10

If you have entered a value or object that is not present, you can perform one of the following:

  • Click Add as New Object With This Name to create a new object with that name. Enter a value and click the check mark to save it.

  • Click Add as New Object to create a new object. The object name and value are the same. Enter a name and click the check mark to save it.

  • Click Add Value to create an inline value without using an object. Enter a value and click the check mark to save it.

It's is possible to create a new object even though the value is already present. You can make changes to those objects and save them.

Note

You can click the edit icon to modify the details. Clicking the delete button doesn't delete the object itself; instead, it removes it from the network group.

Step 11

After adding the required objects, click Add to create a new network group.

Step 12

Preview and Deploy Configuration Changes for All Devices.