I have a question, is it possible to write a rule that matches only a part of the IP address? For example match any IP ending in .51? Using wildcards this would be *.*.*.51
Put another way, i would like to match all IP's that are x.x.x.51 where x is any number. Someone in our teams suggested using 0.0.0.51/32 but this does not work, although there are 0.0.124.0 type rules in our firewall.
Can you clarify if it's possible to match on only a specific part of an IP address and if so how is this done?
Solved! Go to Solution.
I hope 0.0.0.51/32 will not work, since this indicates a specific host /32 ip address ( only 0.0.0.51 ip address). Regex will also not work, because it requires at least 7 byte fixed data patterns.
In Regex, every pattern you create must contain at least a 7-byte string with fixed values.
o The 7-byte fixed string can be anywhere in your pattern.
o The 7 values must be fixed, this means no ‘.’ (dot), no ‘*’ (star), no ‘+’ (plus), or other wildcard characters within the 7 bytes. Hence, it will not be applicable for the mentioned IP address 0.0.0.51/32.
Hope this helps.
Here is the details of the feature request: For questions like these you may talk to your SE to place feature requests.
Subject: Subnet wildcards in a security policy
FR ID: 1038
Hope this helps.
Customer dont have access to it, you can get that information either from forum or from TAC or from SE.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!