Addresses

The Address object allows you manage the IP addresses and subnets that you use to define your network, firewall rules, application access rules and web filter rules.

To view the Address object, access the Harmony SASE Administrator Portal and click Objects.

Creating an Address Object

  1. Access the Harmony SASE Administrator Portal and click Objects > Addresses.

  2. Click Add Address.

    The Add Address window appears.

  3. Enter these:

    1. Name - Name of the address object.

    2. (Optional) Description

    3. Type - Select the address type and enter the address value.

      • IP

      • Subnet

      • List

      • FQDN

  4. Click Add Address.

    The system creates the address and displays it in the Addresses page.

Managing Addresses

  1. Access the Harmony SASE Administrator Portal and click Objects > Addresses.

  2. Hover over the address and do one of these:

    • To edit, click .

      Make the required changes and click Apply.

    • To delete, click and then click Delete.

    • To duplicate, click .

  3. To search for an address, enter the address name in the Search box.

  4. To filter the addresses by their Type, click Filter and select the address Type.

  5. To edit the Addresses table settings, click .

  6. To edit the number of addresses displayed in the table, click .

FQDN-based Firewall Objects

FQDN-based firewall objects allows you to use FQDN as objects in firewall rules. You can use FQND object for services with dynamic IP address and use DNS to eliminate the requirement to manually update the IP address of services.

FQDN Wildcards

You can use the FQDN wildcard support to specify sub-domains. For example, *.example.com includes all sub-domains, such as sales.example.com, support.example.com and so on.

Multi-Level Sub-domains

FQDN objects support multi-level subdomains, up to 5 levels.

For example, one.two.three.four.five.example.com

Important Considerations

  • The firewall supports a total of 100 FQDN objects.

    Examples:

    • One FQDN object per rule, across 100x rules, or:

    • 100x FQDN objects contained in a single rule.

  • FQDN objects can contain a maximum of 1000 domains per account.

    Examples:

    • Ten FQDN objects containing 100x domains, or:

    • 100x FQDN objects containing ten domains each.

Limitations

  • FQDN firewall rules may be bypassed by using an IP.

  • CDN is not permitted, only FQDN.

  • If you have two or more FQDNs sharing the same IP, both are affected by the Firewall rule. For example, if you block one FQDN, another resource sharing the same IP is also be blocked.

  • Limited compatibility with services supported by multiple FQDN (for example, websites).

  • No compatibility with DNS load balancers as they return different IPs for each query.

  • The browser and local DNS cache take priority over FQDN Firewall rules.

  • No compatibility with third-party DNS services, for example, DoH (The admin must enforce user VPN interface DNS).