Understanding Address Objects in SonicOS

Address Objects are one of four object classes (address, user, service, and schedule) in SonicOS Enhanced. These address objects allow for entities to be defined one time, and to be re-used in multiple referential instances throughout the SonicOS interface.

EXAMPLE:Take an internal Web-Server with an IP address of 223.228.190.209. Rather than repeatedly typing in the IP address when constructing Access Rules or NAT Policies, Address Objects allow you to create a single entity called My Web Server as a Host address object with an IP address of 223.228.190.209.

This Address Object, My Web Server can then be easily and efficiently selected from a drop-down menu in any configuration screen that employs Address Objects as a defining criterion.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

To create an Address object, you need to Navigate to OBJECT | Match Objects | Addresses page and click Add underneath Address Objects tab.

• Host:
  Host Address Objects define a single host by its IP address. The Netmask for a Host Address Object will automatically be set to 32-bit (255.255.255.255) to identify it as a single host.
   EXAMPLE: My Web Server with an IP address of 223.228.190.209 and a default Netmask of 255.255.255.255.

• Range:
    Range Address Objects define a range of contiguous IP addresses. No Netmask is associated with Range Address Objects, but internal logic generally treats each member of the specified range as a 32-bit masked Host object.
  

   EXAMPLE: My Public Servers with an IP address starting value of 223.228.190.210 and an ending value of  223.228.190.214 . All 5 individual host addresses in this range would be comprised by this Range Address Object.

• Network: 
   Network Address Objects are like Range objects in that they comprise multiple hosts, but rather than being bound by specified upper and lower range delimiters, the boundaries are defined by a valid Netmask. Network Address Objects must be defined by the network's address and a corresponding Netmask.
  

   EXAMPLE: My Public Network with a Network Value of 223.228.190.208 and a Netmask of 255.255.255.248 would comprise addresses from 223.228.190.208 through to 223.228.190.215. As a general rule, the first address in a network (the network address) and the last address in a network (the broadcast address) are unusable.

• FQDN: 
   FQDN address objects allow for the identification of a host by its Fully Qualified Domain Names (FQDN), such as  www.SonicWall.com. FQDNs are be resolved to their IP address (or IP addresses) using the DNS server configured on the security appliance. Wildcard entries are supported through the gleaning of responses to queries sent to the sanctioned DNS servers.
• MAC Address:
   MAC Address Objects allow for the identification of a host by its hardware address or MAC (Media Access Control) address. MAC addresses are uniquely assigned to every piece of wired or wireless networking device by their hardware manufacturers, and are intended to be immutable. MAC addresses are 48-bit values that are expressed in 6 byte hex-notation. For example "My Access Point" with a MAC address of "C0:EA:E4:00:C2:E8". MAC addresses are resolved to an IP address by referring to the ARP cache on the security appliance MAC address objects are used by various components of Wireless configurations throughout SonicOS.

Address Object Groups:
 
SonicOS has the ability to group Address Objects into Address Object Groups. Groups of Address Objects can be defined to introduce further referential efficiencies. Groups can comprise any combination of Host, Range, or Network address objects. MAC address Objects should be grouped separately, although they can safely be added to Groups of IP based Address Objects, where they will be ignored when their reference is contextually irrelevant (e.g. in a NAT Policy). 

 EXAMPLE: My Public Group can contain Host Address Object "My Web Server" and Range Address Object "My Public Servers", effectively representing IP address 223.228.190.210 and IP addresses 223.228.190.211 to 223.228.190.214.

Creating Group Address Objects:

• Navigate to OBJECT | Match Objects | Addresses.
• Click Add under Address Groups tab to display the Add Address Object Group window.
• Create a name for the group in the Name field.
• Select the Address Object from the list and click the right arrow. It is added to the group.
• Clicking on multiple objects from the list allows you to select them and add them to the group together.
• Click Save.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

To create an Address object, you need to Navigate to Manage | Policies | Objects | Address Object and click Add  underneath Address Object.

• Host:
  Host Address Objects define a single host by its IP address. The Netmask for a Host Address Object will automatically be set to 32-bit (255.255.255.255) to identify it as a single host.
   EXAMPLE: My Web Server with an IP address of 223.228.190.209 and a default Netmask of 255.255.255.255.

• Range:
    Range Address Objects define a range of contiguous IP addresses. No Netmask is associated with Range Address Objects, but internal logic generally treats each member of the specified range as a 32-bit masked Host object.
  

   EXAMPLE: My Public Servers with an IP address starting value of 223.228.190.210 and an ending value of  223.228.190.214 . All 5 individual host addresses in this range would be comprised by this Range Address Object.

• Network: 
   Network Address Objects are like Range objects in that they comprise multiple hosts, but rather than being bound by specified upper and lower range delimiters, the boundaries are defined by a valid Netmask. Network Address Objects must be defined by the network's address and a corresponding Netmask.
  

   EXAMPLE: My Public Network with a Network Value of 223.228.190.208 and a Netmask of 255.255.255.248 would comprise addresses from 223.228.190.208 through to 223.228.190.215. As a general rule, the first address in a network (the network address) and the last address in a network (the broadcast address) are unusable.

• FQDN: 
   FQDN address objects allow for the identification of a host by its Fully Qualified Domain Names (FQDN), such as  www.SonicWall.com. FQDNs are be resolved to their IP address (or IP addresses) using the DNS server configured on the security appliance. Wildcard entries are supported through the gleaning of responses to queries sent to the sanctioned DNS servers.
• MAC Address:
   MAC Address Objects allow for the identification of a host by its hardware address or MAC (Media Access Control) address. MAC addresses are uniquely assigned to every piece of wired or wireless networking device by their hardware manufacturers, and are intended to be immutable. MAC addresses are 48-bit values that are expressed in 6 byte hex-notation. For example "My Access Point" with a MAC address of "C0:EA:E4:00:C2:E8". MAC addresses are resolved to an IP address by referring to the ARP cache on the security appliance MAC address objects are used by various components of Wireless configurations throughout SonicOS.

Address Object Groups:
 
SonicOS Enhanced has the ability to group Address Objects into Address Object Groups. Groups of Address Objects can be defined to introduce further referential efficiencies. Groups can comprise any combination of Host, Range, or Network address objects. MAC address Objects should be grouped separately, although they can safely be added to Groups of IP based Address Objects, where they will be ignored when their reference is contextually irrelevant (e.g. in a NAT Policy). 

EXAMPLE: My Public Group can contain Host Address Object "My Web Server" and Range Address Object "My Public Servers", effectively representing IP address 223.228.190.210 and IP addresses 223.228.190.211 to 223.228.190.214.

Creating Group Address Objects:

• Navigate to Manage | Policies | Objects |Address Objects | Address Groups.
• Click Add to display the Add Address Object Group window.
• Create a name for the group in the Name field.
• Select the Address Object from the list and click the right arrow. It is added to the group.
• Clicking while pressing the Ctrl key allows you to select multiple objects.
• Click OK.
  

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

To create an Address object, you need to Navigate to Network | Address object and click Add underneath Address Object.

• Host :
   Host Address Objects define a single host by its IP address. The Netmask for a Host Address Object will automatically be set to 32-bit (255.255.255.255) to identify it as a single host.
  

  EXAMPLE: My Web Server with an IP address of 223.228.190.209 and a default Netmask of 255.255.255.255.

• Range:
    Range Address Objects define a range of contiguous IP addresses. No Netmask is associated with Range Address Objects, but internal logic generally treats each member of the specified range as a 32-bit masked Host object.
  

  EXAMPLE: My Public Servers with an IP address starting value of 223.228.190.210 and an ending value of  223.228.190.214 . All 5 individual host addresses in this range would be comprised by this Range Address Object.

• Network:
   Network Address Objects are like Range objects in that they comprise multiple hosts, but rather than being bound by specified upper and lower range delimiters, the boundaries are defined by a valid Netmask. Network Address Objects must be defined by the network's address and a corresponding Netmask.
  

  EXAMPLE: My Public Network with a Network Value of 223.228.190.208 and a Netmask of 255.255.255.248 would comprise addresses from 223.228.190.208 through to 223.228.190.215. As a general rule, the first address in a network (the network address) and the last address in a network (the broadcast address) are unusable.

• FQDN:
   FQDN address objects allow for the identification of a host by its Fully Qualified Domain Names (FQDN), such as  www.SonicWall.com. FQDNs are be resolved to their IP address (or IP addresses) using the DNS server configured on the security appliance. Wildcard entries are supported through the gleaning of responses to queries sent to the sanctioned DNS servers.
• MAC Address:
   MAC Address Objects allow for the identification of a host by its hardware address or MAC (Media Access Control) address. MAC addresses are uniquely assigned to every piece of wired or wireless networking device by their hardware manufacturers, and are intended to be immutable. MAC addresses are 48-bit values that are expressed in 6 byte hex-notation. For example "My Access Point" with a MAC address of "C0:EA:E4:00:C2:E8". MAC addresses are resolved to an IP address by referring to the ARP cache on the security appliance MAC address objects are used by various components of Wireless configurations throughout SonicOS.
   

Address Object Groups:
 SonicOS Enhanced has the ability to group Address Objects into Address Object Groups. Groups of address objects can be defined to introduce further referential efficiencies. Groups can comprise any combination of Host, Range, or Network address objects. MAC address Objects should be grouped separately, although they can safely be added to Groups of IP based Address Objects, where they will be ignored when their reference is contextually irrelevant (e.g. in a NAT Policy).

EXAMPLE: My Public Group can contain Host Address Object "My Web Server" and Range Address Object "My Public Servers", effectively representing IP address 223.228.190.210 and IP addresses 223.228.190.211 to 223.228.190.214.

Creating Group Address Objects:

• Navigate to Network | Address Objects.
• Click Add Group to display the Add Address Object Group window.
• Create a name for the group in the Name field.
• Select the Address Object from the list and click the right arrow. It is added to the group.
• Clicking while pressing the Ctrl key allows you to select multiple objects.
• Click OK.