How do I use IP ranges in ASA firepower ASDM ?

Infuscomus · ‎11-02-2016

Individual addresses work like 192.168.1.100/32
Full subnets also work like 192.168.1.0/24

But I cannot seem to find a way to use IP ranges in network --> individual objects.
I tried something like 192.168.1.20-192.168.1.30/24 and the rule applied for the whole 192.168.1.* class instead of the interval.

Is this method of putting ranges with "-" between valid ?
Would the above example work if I use the same 192.168.1.20-192.168.1.30 but with /32 ?

How do I actually use IP ranges as network objects ?

Please provide a practical tested answer, not links towards obscure documentation.

I cannot test all possibilities that I can think of because it's a server environment and wrong settings cause disruption.

Marvin Rhoads · ‎11-02-2016

IP ranges in object definitions are supported as of FirePOWER 6.1.

You define them as shown in this practical example (open in new tab to zoom):

The obscure documentation covers it in this section:

http://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/Reusable_Objects.html?bookSearch=true#ID-2243-000000f2

Infuscomus · ‎11-03-2016

Thanks for answering. After some more testing with ICMP as test I managed to successfully make a range. "-" is indeed used as separator. I had to use /32 though, as /24 would block the whole class no matter the IP interval. I was wondering what's the default if you just put the range and do not use any mask info.