Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
3
Replies

FTD Object-Group Wildcards

JimWicks
Level 1
Level 1

‎04-25-2023 12:55 PM

Hello all, I am trying to define FTD1150 using Firepower Device Manager and I want to permit deivces on any of my subnets with the same 4th octet at the host-portion of the address, so for example matching any from 10.1.1.250/24, 10.1.2.250/24, 10.1.3.250/24, etc and I was hoping to use a mask on the network-object-group to define this in a single rule like you would on an ACL using "0.0.255.0"

Unfortunately the only option in network-object config GUI in FDM allows for the mask to be defined as a prefix-length and not a 32-bit mask and therefore is my only option to define all (several hundred) host-objects then bundle them all under a network-group to configure the permit access-policy or is there a more elegant method that I missing ?

Thanks.

0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎04-25-2023 01:09 PM

If I understand it correctly then you can use 

0.0.3.255 as wildcard this will include all host from all subnet.

0 Helpful

JimWicks
Level 1
Level 1
In response to MHM Cisco World

‎04-25-2023 01:17 PM

Unfortunately I am not looking to match all hosts from all subnets, I only want the host with 4th octet=250 from all subnets and hence defining the network object with a /24 won't work and the host-object does not allow a mask to be configured.

0 Helpful

MHM Cisco World
VIP
VIP
In response to JimWicks

‎04-25-2023 01:24 PM

Config object network for each host in each subnet 

Then config object group include all object network and use it in acl.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card