Network Wildcard Mask
You can create and manage wildcard mask objects from the Object Management page.
You can create network objects with expanded subnet IP address. The existing network object is extended to support both Network and Network Wildcard object. The network object using wildcard mask is listed as Network Wildcard against the Type column in the network object listing page.
A wildcard mask is an IP address that is a discontinuous mask of bits. You can use contiguous masks to create standard network objects and discontinuous masks for wildcard network objects.
Example IP Address |
Network Wildcard? |
Object Type |
---|---|---|
192.0.0.0/8 |
No |
Network |
10.10.0.0/255.255.0.0 |
No |
Network |
10.10.0.10/255.255.0.255 |
Yes |
Network Wildcard |
72.0.240.10/255.255.240.255 |
Yes |
Network Wildcard |
Note | Network wildcard object and object group, which contains network wildcard objects, are allowed only while configuring the following policies:
|
Guidelines and Limitations
-
To create network wildcard objects, in the management center UI, choose and click Add Network and then Add Object. Select the Network option and enter the value as expanded subnet mask. Example: 10.0.10.10/255.255.0.255.
-
Object override, group object support, group object override, wildcard literals, and wildcard object import are supported.
-
The network wildcard object is supported only for IPv4 addresses.
-
The network wildcard object is supported from management center and Threat Defense 7.1 version onwards.
-
Network wildcard objects are supported only for Snort-3.