Overview of Address Objects and Address Groups

An address object is a set of IPv4/IPv6 addresses or MAC addresses. An address group is a set of address objects.

Address Object

An address object contains one or more IPv4/IPv6 addresses or MAC addresses. Similar to a basic component, an address object can be referenced by various policies, such as security policies and NAT policies, once being defined. For example, the network segment address of an office network is 192.168.1.0/24. You can create an address object, name it office, and add 192.168.1.0/24 to the address object to translate the addresses of IP packets from this network. The NAT policy configured for the network can reference the address object.

The FW can add the following types of addresses to address objects:

IPv4/IPv6 host addresses
IPv4/IPv6 address ranges
MAC addresses

Address Group

An address group comprises host address objects, range address objects, network segment address objects, and existing address groups. Compared with address objects, address groups increase the flexibility of address management.

For example, an enterprise has three departments: Finance, R&D, and Marketing. The three departments can access different network resources but require address translation to access the Internet. Perform the following operations to improve the address translation efficiency:

Create address object Finance Object for the Finance department, Research Object for the R&D department, and Market Object for the Marketing department. The access control policy defined for each department references the corresponding address object.
Create address group named Total Group and add Finance Object, Research Object, and Market Object to the group. The address translation policy can just reference Total Group instead of referencing the three address objects.