ā04-25-2023 12:55 PM
Hello all, I am trying to define FTD1150 using Firepower Device Manager and I want to permit deivces on any of my subnets with the same 4th octet at the host-portion of the address, so for example matching any from 10.1.1.250/24, 10.1.2.250/24, 10.1.3.250/24, etc and I was hoping to use a mask on the network-object-group to define this in a single rule like you would on an ACL using "0.0.255.0"
Unfortunately the only option in network-object config GUI in FDM allows for the mask to be defined as a prefix-length and not a 32-bit mask and therefore is my only option to define all (several hundred) host-objects then bundle them all under a network-group to configure the permit access-policy or is there a more elegant method that I missing ?
Thanks.
ā04-25-2023 01:09 PM
If I understand it correctly then you can use
0.0.3.255 as wildcard this will include all host from all subnet.
ā04-25-2023 01:17 PM
Unfortunately I am not looking to match all hosts from all subnets, I only want the host with 4th octet=250 from all subnets and hence defining the network object with a /24 won't work and the host-object does not allow a mask to be configured.
ā04-25-2023 01:24 PM
Config object network for each host in each subnet
Then config object group include all object network and use it in acl.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide