To create multiple address objects and add them to groups and policies via the CLI, please follow these steps.
Steps
To create an address object, 'test, 'and assign it to an address group, ' test-group.'
- Enter configuration mode:
> configure
- Create an address group
# set address-group testgroup
- Create an address object with an IP address:
# set address test1 ip-netmask 10.30.14.96/32
- Assign the address object to an address group:
# set address-group testgroup static test1
- Commit the changes:
# commit
Add the addresses group test-group to a security policy via CLI: (Or this can be done in the GUI also)
- Enter configuration mode:
> configure
- Assign the address group to a security policy:
# set rulebase security rules trust-DMZ action allow source testgroup
- Commit the changes:
# commit
The following set of commands show previously defined 'test group.'
> configure
# show rulebase security rules DMZ-Trust
DMZ-Trust {
source testgroup;
destination any;
service any;
application any;
action allow;
source-user any;
option {
disable-server-response-inspection no;
}
negate-source no;
negate-destination no;
log-start no;
log-end yes;
from DMZ;
to L3-Trust;
disabled no;
category any;
hip-profiles any;
}
Verification
To view object addresses or groups on the CLI, run the following command:
# show address-group
address-group {
testgroup {
static [ test1 test1-1 test2 test2-1 test3];
}
}
To show individual addresses, run the following command:
# show address
Note: For more information on CLI, please see the CLI Reference Guides in Documentation.
owner: djoksimovic