Is it possible to write a rule matching any IP ending in .xx

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is it possible to write a rule matching any IP ending in .xx

Not applicable

Hi all,

I have a question, is it possible to write a rule that matches only a part of the IP address? For example match any IP ending in .51? Using wildcards this would be  *.*.*.51

Put another way, i would like to match all IP's that are x.x.x.51 where x is any number. Someone in our teams suggested using but this does not work, although there are type rules in our firewall.

Can you clarify if it's possible to match on only a specific part of an IP address and if so how is this done?

Thank you!



Thanks guys, this has been very helpful, I will contact out SE. (Sales Executive?) and ask for this feature.

Is there a place where you can see all the feature requests?

Hi Santonic,

Customer dont have access to it, you can get that information either from forum or from TAC or from SE.


Hardik Shah

L1 Bithead

Wildcard IP objects are supported as of PAN-OS 9.0. Please see the documentation below on it. 


Also, please do watch out for the longest prefix match limitation/caveat.


You could do a match of x.x.x.51 Ip addresses via wildcard IP object of 

Please do double-check my math. 


Also to my knowledge, you cannot add IP Wildcard addresses to address groups. 



Usama Ahmed


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!