Object Group with exclusions

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Object Group with exclusions

L1 Bithead

Checkpoint has option to creat an address group object with exclusion (e.g Include 10.20.x.x/16 and exclude 10.20.30.0/24 or other subnets from supernet). Is similar option available in Palo Alto.

Negate option in PA is just to negate all source/destination. 

 

2 REPLIES 2

Cyber Elite
Cyber Elite

@Vikram511,

You can't exclude in an address or address-group object. If you want this feature you would need to reach out to your SE and get a feature request put together or have your vote added to an existing request.

You are correct that negate-source and negate-destination will negate anything specified and match everything else. 

@BPry  Thanks for the quick reply. 

I checked in expedition while converting the object group with exclusion it has converted the object group into range of address excluding the subnet which was under exclude list in the checkpoint object. It serves the purpose.

 

  • 2947 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!