Adding A Network Object Group - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Simplifying Access Lists with Object Grouping
Adding a Network Object Group
To add or change a network object group, follow these steps. After you add the group, you can add more
objects as required by following this procedure again for the same group name and specifying additional
objects. You do not need to reenter existing objects; the commands you already set remain in place unless
you remove them with the no form of the command.
A network object group supports IPv4 and IPv6 addresses, depending on the type of access list. For more
Note
information about IPv6 access lists, see
To add a network group, follow these steps:
To add a network group, enter the following command:
Step 1
hostname(config)# object-group network grp_id
The grp_id is a text string up to 64 characters in length.
The prompt changes to network configuration mode.
(Optional) To add a description, enter the following command:
Step 2
hostname(config-network)# description text
The description can be up to 200 characters.
Step 3
To define the networks in the group, enter the following command for each network or address:
hostname(config-network)# network-object {host ip_address | ip_address mask}
For example, to create network group that includes the IP addresses of three administrators, enter the
following commands:
hostname(config)# object-group network admins
hostname(config-network)# description Administrator Addresses
hostname(config-network)# network-object host 10.1.1.4
hostname(config-network)# network-object host 10.1.1.78
hostname(config-network)# network-object host 10.1.1.34
Adding a Service Object Group
To add or change a service object group, follow these steps. After you add the group, you can add more
objects as required by following this procedure again for the same group name and specifying additional
objects. You do not need to reenter existing objects; the commands you already set remain in place unless
you remove them with the no form of the command.
To add a service group, follow these steps:
To add a service group, enter the following command:
Step 1
hostname(config)# object-group service grp_id {tcp | udp | tcp-udp}
The grp_id is a text string up to 64 characters in length.
Cisco Security Appliance Command Line Configuration Guide
16-12
Chapter 16
"Configuring IPv6 Access Lists" section on page
Identifying Traffic with Access Lists
12-6.
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
