Adding Variables

You must have the IPS license (for threat defense devices) or the Protection license (all other device types).

Procedure

Step 1

In the variable set editor, click Add.

Step 2

Enter a unique variable Name.

Step 3

From the Type drop-down list, choose either Network or Port.

Step 4

Specify values for the variable:

  • If you want to move items from the list of available networks or ports to the list of included or excluded items, you can choose one or more items and then drag and drop, or click Include or Exclude.
    Tip

    If addresses or ports in the included and excluded lists for a network or port variable overlap, excluded addresses or ports take precedence.

  • Enter a single literal value, then click Add. For network variables, you can enter a single IP address or address block. For port variables you can add a single port or port range, separating the upper and lower values with a hyphen (-). Repeat this step as needed to enter multiple literal values.
  • If you want to remove an item from the included or excluded lists, click Delete (delete icon) next to the item.
Note

The list of items to include or exclude can be comprised of any combination of literal strings and existing variables, objects, and network object groups in the case of network variables.

Step 5

Click Save to save the variable. If you are adding a new variable from a custom set, you have the following options:

  • Click Yes to add the variable using the configured value as the customized value in the default set and, consequently, the default value in other custom sets.

  • Click No to add the variable as the default value of any in the default set and, consequently, in other custom sets.

Step 6

Click Save to save the variable set. Your changes are saved, and any access control policy the variable set is linked to displays an out-of-date status.

What to do next

  • If an active policy references your object, deploy configuration changes.