On This Page
Advanced Options Free Text Field
When building a traffic connection for an access request, under Advanced Objects, you can use the free text field to add objects to the ticket.
Formats for adding objects
User
Type a username or a list of usernames separated by commas.
Source and Destination
Enter one of the following:
- IP - Enter an IP address and netmask and click Add. You can also enter a NAT address and netmask for the entry.
- DNS - Enter a DNS name and click Add. You can click Lookup to see the resolved IP address before you add the DNS name.
- Object - Search for host, network, group and range objects by name or device, and click Add to select an object.
- Internet - Click Internet and click Add. The Internet object includes all public IP addresses except for addresses that are defined in other SecureTrack zones. If you do not have SecureTrack zones defined then the Internet zone is treated as ANY.
- URL Category (Supported for Palo Alto devices, Destination only) - Enter the URL category name and click the search icon. If you click the search icon without entering a name, all available results appear. Click +Add to select a category.
-
External/Cloud - Search to see a list of all network elements that are supported by SecureCloud or an external provider and click Add to select an object.
This option is only available if you have enabled SecureChange-SecureCloud integration. For a list of limitations, see Limitations of Azure Change Automation.
In the Source or Destination field, External or Secure Cloud network elements are identified with a # before the name of the device. Hover over the name of the device to view additional information including IP representation.
-
LDAP (Source only) - Click LDAP, find an LDAP group and click Add. If you do not see LDAP groups, check with your SecureChange administrator that SecureChange is not in Multi-Domain interconnected mode, and check with your SecureTrack administrator to make sure LDAP server configuration in SecureTrack is correct.
For supported devices, SecureChange includes the LDAP groups in Designer and Verifier results for User Identity. SecureChange provides risk results for LDAP groups that have addresses in the Users Networks zone in the security zone matrix requirements of SecureTrack Unified Security Policy.
Service/App ID
Enter one of the following:
- Protocol - Select the protocol (TCP, UDP or ICMP), enter the port number, and click Add.
- Predefined - Select from the list of predefined services and click Add.
- Object - Search for service objects by protocol, name or device, and click Add to select an object. Use the Search options to limit the number of items displayed; if the search criteria returns more than 100 results, only the first 100 results are displayed.
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague