https://community.cisco.com/t5/network-security/how-do-i-use-ip-ranges-in-asa-firepower-asdm/m-p/2941626#M148838 <P>How do I use IP ranges in ASA firepower ASDM ?</P> <P>Individual addresses work like 192.168.1.100/32<BR />Full subnets also work like 192.168.1.0/24</P> <P>But I cannot seem to find a way to use IP ranges in network --&gt; individual objects.<BR />I tried something like 192.168.1.20-192.168.1.30/24 and the rule applied for the whole 192.168.1.* class instead of the interval.</P> <P>Is this method of putting ranges with "-" between valid ?<BR />Would the above example work if I use the same 192.168.1.20-192.168.1.30 but with /32 ?</P> <P>How do I actually use IP ranges as network objects ?</P> <P>Please provide a practical tested answer, not links towards obscure documentation.</P> <P>I cannot test all possibilities that I can think of because it's a server environment and wrong settings cause disruption.</P> Tue, 12 Mar 2019 08:28:46 GMT Infuscomus 2019-03-12T08:28:46Z https://community.cisco.com/t5/network-security/how-do-i-use-ip-ranges-in-asa-firepower-asdm/m-p/2941626#M148838 <P>How do I use IP ranges in ASA firepower ASDM ?</P> <P>Individual addresses work like 192.168.1.100/32<BR />Full subnets also work like 192.168.1.0/24</P> <P>But I cannot seem to find a way to use IP ranges in network --&gt; individual objects.<BR />I tried something like 192.168.1.20-192.168.1.30/24 and the rule applied for the whole 192.168.1.* class instead of the interval.</P> <P>Is this method of putting ranges with "-" between valid ?<BR />Would the above example work if I use the same 192.168.1.20-192.168.1.30 but with /32 ?</P> <P>How do I actually use IP ranges as network objects ?</P> <P>Please provide a practical tested answer, not links towards obscure documentation.</P> <P>I cannot test all possibilities that I can think of because it's a server environment and wrong settings cause disruption.</P> Tue, 12 Mar 2019 08:28:46 GMT https://community.cisco.com/t5/network-security/how-do-i-use-ip-ranges-in-asa-firepower-asdm/m-p/2941626#M148838 Infuscomus 2019-03-12T08:28:46Z https://community.cisco.com/t5/network-security/how-do-i-use-ip-ranges-in-asa-firepower-asdm/m-p/2941627#M148839 <P>IP ranges in object definitions are supported as of FirePOWER 6.1.</P> <P>You define them as shown in this practical example (open in new tab to zoom):</P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/firepower_object_range_example.png" class="migrated-markup-image" /></P> <P></P> <P>The obscure documentation covers it in this section:</P> <P>http://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/Reusable_Objects.html?bookSearch=true#ID-2243-000000f2</P> Wed, 02 Nov 2016 13:54:52 GMT https://community.cisco.com/t5/network-security/how-do-i-use-ip-ranges-in-asa-firepower-asdm/m-p/2941627#M148839 Marvin Rhoads 2016-11-02T13:54:52Z https://community.cisco.com/t5/network-security/how-do-i-use-ip-ranges-in-asa-firepower-asdm/m-p/2941628#M148841 <P>Thanks for answering. After some more testing with ICMP as test I managed to successfully make a range. "-" is indeed used as separator. I had to use /32 though, as /24 would block the whole class no matter the IP interval. I was wondering what's the default if you just put the range and do not use any mask info.</P> Thu, 03 Nov 2016 07:08:46 GMT https://community.cisco.com/t5/network-security/how-do-i-use-ip-ranges-in-asa-firepower-asdm/m-p/2941628#M148841 Infuscomus 2016-11-03T07:08:46Z