10-22-2014 12:27 AM
I have a question, is it possible to write a rule that matches only a part of the IP address? For example match any IP ending in .51? Using wildcards this would be *.*.*.51
Put another way, i would like to match all IP's that are x.x.x.51 where x is any number. Someone in our teams suggested using 0.0.0.51/32 but this does not work, although there are 0.0.124.0 type rules in our firewall.
Can you clarify if it's possible to match on only a specific part of an IP address and if so how is this done?
10-22-2014 02:20 AM
Thanks guys, this has been very helpful, I will contact out SE. (Sales Executive?) and ask for this feature.
10-22-2014 03:27 AM
Is there a place where you can see all the feature requests?
10-22-2014 07:51 AM
Customer dont have access to it, you can get that information either from forum or from TAC or from SE.
02-26-2021 11:21 AM
Wildcard IP objects are supported as of PAN-OS 9.0. Please see the documentation below on it.
Also, please do watch out for the longest prefix match limitation/caveat.
You could do a match of x.x.x.51 Ip addresses via wildcard IP object of 10.0.0.51/255.255.255.0.
Please do double-check my math.
Also to my knowledge, you cannot add IP Wildcard addresses to address groups.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!