Understanding Address Objects in SonicOS

04/21/2021 1,464 People found this article helpful 213,860 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

Address Objects are one of four object classes (address, user, service, and schedule) in SonicOS Enhanced. These address objects allow for entities to be defined one time, and to be re-used in multiple referential instances throughout the SonicOS interface.

EXAMPLE:Take an internal Web-Server with an IP address of 223.228.190.209. Rather than repeatedly typing in the IP address when constructing Access Rules or NAT Policies, Address Objects allow you to create a single entity called My Web Serveras a Hostaddress object with an IP address of 223.228.190.209.

This Address Object, My Web Server can then be easily and efficiently selected from a drop-down menu in any configuration screen that employs Address Objects as a defining criterion.

Resolution

To create an Address object, you need to Navigate to Manage | Policies | Objects | Address Object and click Add  underneath Address Object.

• Host:
  Host Address Objects define a single host by its IP address. The Netmask for a Host Address Object will automatically be set to 32-bit (255.255.255.255) to identify it as a single host.
   EXAMPLE: My Web Server with an IP address of 223.228.190.209 and a default Netmask of 255.255.255.255.

• Range:
    Range Address Objects define a range of contiguous IP addresses. No Netmask is associated with Range Address Objects, but internal logic generally treats each member of the specified range as a 32-bit masked Host object.
  

   EXAMPLE: My Public Servers with an IP address starting value of 223.228.190.210 and an ending value of  223.228.190.214 . All 5 individual host addresses in this range would be comprised by this Range Address Object.

• Network: 
   Network Address Objects are like Range objects in that they comprise multiple hosts, but rather than being bound by specified upper and lower range delimiters, the boundaries are defined by a valid Netmask. Network Address Objects must be defined by the network's address and a corresponding Netmask.
  

   EXAMPLE: My Public Network with a Network Value of 223.228.190.208 and a Netmask of 255.255.255.248 would comprise addresses from 223.228.190.208 through to 223.228.190.215. As a general rule, the first address in a network (the network address) and the last address in a network (the broadcast address) are unusable.

• FQDN: 
   FQDN address objects allow for the identification of a host by its Fully Qualified Domain Names (FQDN), such as  www.SonicWall.com. FQDNs are be resolved to their IP address (or IP addresses) using the DNS server configured on the security appliance. Wildcard entries are supported through the gleaning of responses to queries sent to the sanctioned DNS servers.
• MAC Address:
   MAC Address Objects allow for the identification of a host by its hardware address or MAC (Media Access Control) address. MAC addresses are uniquely assigned to every piece of wired or wireless networking device by their hardware manufacturers, and are intended to be immutable. MAC addresses are 48-bit values that are expressed in 6 byte hex-notation. For example "My Access Point" with a MAC address of "C0:EA:E4:00:C2:E8". MAC addresses are resolved to an IP address by referring to the ARP cache on the security appliance MAC address objects are used by various components of Wireless configurations throughout SonicOS.

Address Object Groups:
 
SonicOS Enhanced has the ability to group Address Objects into Address Object Groups. Groups of Address Objects can be defined to introduce further referential efficiencies. Groups can comprise any combination of Host, Range, or Network address objects. MAC address Objects should be grouped separately, although they can safely be added to Groups of IPbased Address Objects, where they will be ignored when their reference is contextually irrelevant (e.g. in a NAT Policy). 

EXAMPLE: My Public Group can contain Host Address Object My Web Server and Range Address Object My Public Servers, effectively representing IP address 223.228.190.210 and IP addresses 223.228.190.211 to 223.228.190.214.

Creating Group Address Objects:

• Navigate to Manage | Policies | Objects |Address Objects | Address Groups.
• Click Add to display the Add Address Object Group window.
• Create a name for the group in the Name field.
• Select the Address Object from the list and click the right arrow. It is added to the group.
• Clicking while pressing the Ctrl key allows you to select multiple objects.
• Click OK.
  

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

To create an Address object, you need to Navigate to Network | Address object and click Add underneath Address Object.

• Host :
   Host Address Objects define a single host by its IP address. The Netmask for a Host Address Object will automatically be set to 32-bit (255.255.255.255) to identify it as a single host.
  

  EXAMPLE: My Web Server with an IP address of 223.228.190.209 and a default Netmask of 255.255.255.255.

• Range:
    Range Address Objects define a range of contiguous IP addresses. No Netmask is associated with Range Address Objects, but internal logic generally treats each member of the specified range as a 32-bit masked Host object.
  

  EXAMPLE: My Public Servers with an IP address starting value of 223.228.190.210 and an ending value of  223.228.190.214 . All 5 individual host addresses in this range would be comprised by this Range Address Object.

• Network:
   Network Address Objects are like Range objects in that they comprise multiple hosts, but rather than being bound by specified upper and lower range delimiters, the boundaries are defined by a valid Netmask. Network Address Objects must be defined by the network's address and a corresponding Netmask.
  

  EXAMPLE: My Public Network with a Network Value of 223.228.190.208 and a Netmask of 255.255.255.248 would comprise addresses from 223.228.190.208 through to 223.228.190.215. As a general rule, the first address in a network (the network address) and the last address in a network (the broadcast address) are unusable.

• FQDN:
   FQDN address objects allow for the identification of a host by its Fully Qualified Domain Names (FQDN), such as  www.SonicWall.com. FQDNs are be resolved to their IP address (or IP addresses) using the DNS server configured on the security appliance. Wildcard entries are supported through the gleaning of responses to queries sent to the sanctioned DNS servers.
• MAC Address:
   MAC Address Objects allow for the identification of a host by its hardware address or MAC (Media Access Control) address. MAC addresses are uniquely assigned to every piece of wired or wireless networking device by their hardware manufacturers, and are intended to be immutable. MAC addresses are 48-bit values that are expressed in 6 byte hex-notation. For example "My Access Point" with a MAC address of "C0:EA:E4:00:C2:E8". MAC addresses are resolved to an IP address by referring to the ARP cache on the security appliance MAC address objects are used by various components of Wireless configurations throughout SonicOS.
   

Address Object Groups:
 SonicOS Enhanced has the ability to group Address Objects into Address Object Groups. Groups of address objects can be defined to introduce further referential efficiencies. Groups can comprise any combination of Host, Range, or Network address objects. MAC address Objects should be grouped separately, although they can safely be added to Groups of IPbased Address Objects, where they will be ignored when their reference is contextually irrelevant (e.g. in a NAT Policy).

EXAMPLE: My Public Group can contain Host Address Object My Web Server and Range Address Object My Public Servers, effectively representing IP address 223.228.190.210 and IP addresses 223.228.190.211 to 223.228.190.214.

Creating Group Address Objects:

• Navigate to Network | Address Objects.
• Click Add Group to display the Add Address Object Group window.
• Create a name for the group in the Name field.
• Select the Address Object from the list and click the right arrow. It is added to the group.
• Clicking while pressing the Ctrl key allows you to select multiple objects.
• Click OK.
  

Related Articles

• Bandwidth usage and tracking in SonicWall
• How to force an update of the Security Services Signatures from the Firewall GUI
• Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.

Categories

• Firewalls > NSa Series > Networking
• Firewalls > TZ Series > Networking
• Firewalls > NSv Series > Networking