Creating Addresses and Address Groups
Before You Begin
Read the topic.
Decide on the type of address object to define: Host, Range, Network, Wildcard, or DNS Host.
Review the addresses main page for an understanding of your current data set. See Addresses Main Page Fields for field descriptions.
Use the Addresses page to create addresses that can be used across all devices managed by Security Director. Addresses are used in firewall, NAT, IPS, and VPN services and apply to corresponding SRX Series devices.
Once you create an address, you can combine it with other addresses to form an address group. Address groups are useful when you want to apply the same policy to multiple devices.
To create an address object:
- Select Configure > Shared Objects > Addresses.
- Click Create.
- Complete the configuration according to the guidelines provided in Table 1 and Table 2.
- Click OK.
A new address or address group with your configurations is created. You can use this object in policies. You can also assign it to a domain; see Assigning Policies and Profiles to Domains.
Setting |
Guideline |
---|---|
Object Type |
Select Address or Address Group. If you select Address Group, then the screen changes so you can select the addresses you want to include in your address group. Table 2 describes address group configuration parameters. |
Name |
Enter a unique name for the address. It must begin with an alphanumeric character and cannot exceed 63 characters. Dashes and underscores are allowed. |
Description |
Enter a description for your address; maximum length is 1,024 characters. You should make this description as useful as possible for all administrators. |
Type |
Select a type of address and fill in the corresponding fields. Available types are:
Starting in Security Director Release 18.3R1, while creating an address object, if you enter a duplicate host IP address, address range, network IP address, wildcard mask, or DNS name, then the creation of addresses with duplicate content is based on the shared objects settings in Junos Space Network Management Platform. By default, you can create duplicate address. If you do not want to allow creation of duplicate addresses in Security Director, go to Network Management Platform and select Administration>Application>Modify Application Settings>Shared Objects. Select the check box to prevent creation of addresses with duplicate content. When any duplicate content is selected in Security Director, an error message is displayed. |
Assign Metadata |
Select the required metadata from the list to assign to an address object. Only host and range address types are supported. When associating the address (host or range) with metadata, you can use only AND operator. For example: Location = Bengaluru AND Location = Chennai AND Zone = East. |
Setting |
Guideline |
---|---|
Object Type |
Select Address Group. When you select Address Group, then the screen changes so you can select the addresses you want to include in your address group. |
Name |
Enter a unique name for the address group. It must begin with an alphanumeric character and cannot exceed 63 characters. Dashes and underscores are allowed. |
Description |
Enter a description for your address group. You should make this description as useful as possible for all administrators. |
Addresses |
Select the check box beside each address you want to include in the address group. Click the arrow to move the selected address or addresses from the Available column to the Selected column. Note that you can use the fields at the top of each column to search for addresses. While address groups are being created, if the selected address groups are already available, then the creation of address groups with duplicate content is based on the shared objects settings in Junos Space Network Management Platform. By default, you can create duplicate address groups. If you do not want to allow creation of duplicate addresses in Security Director, go to Network Management Platform and select Administration> Application>Modify Application Settings>Shared Objects. Select the check box to prevent creation of address groups with duplicate content. When any duplicate content is selected in Security Director, an error message is displayed. |