Editing Variables

You must have the IPS license (for threat defense devices) or the Protection license (all other device types).

You can edit both custom and default variables.

You cannot change the Name or Type values in an existing variable.

Procedure

Step 1

In the variable set editor, click Edit (edit icon) next to the variable you want to modify.

If View (View button) appears instead, the object belongs to an ancestor domain, or you do not have permission to modify the object.

Step 2

Modify the variable:

  • If you want to move items from the list of available networks or ports to the list of included or excluded items, you can select one or more items and then drag and drop, or click Include or Exclude.
    Tip

    If addresses or ports in the included and excluded lists for a network or port variable overlap, excluded addresses or ports take precedence.

  • Enter a single literal value, then click Add. For network variables, you can enter a single IP address or address block. For port variables you can add a single port or port range, separating the upper and lower values with a hyphen (-). Repeat this step as needed to enter multiple literal values.
  • If you want to remove an item from the included or excluded lists, click Delete (delete icon) next to the item.
Note

The list of items to include or exclude can be comprised of any combination of literal strings and existing variables, objects, and network object groups in the case of network variables.

Step 3

Click Save to save the variable.

Step 4

Click Save to save the variable set. If the variable set is in use by an access control policy, click Yes to confirm that you want to save your changes. Your changes are saved, and any access control policy the variable set is linked to displays an out-of-date status.

What to do next

  • If an active policy references your object, deploy configuration changes.