Reference for Rule Objects

This article describes the objects that can be configured in the Source, Destination, and App/Category fields in rules for policies.

Source and Destination Objects

The following table describes the objects that you can use in the Source and Destination fields.

Item

Description

Screen Where Defined

Site

Sites defined for the account

Assets > Sites

Host

Hosts and servers defined in the sites

Assets > Sites > Site Settings > Hosts

Interface Subnet

Subnets and network ranges defined for the LAN interfaces of a site

Assets > Sites > Site Settings > Networks

Global Range

Native range for the LAN interface of a site

Assets > Sites > Site Settings > Networks

Network Interface

Networks defined in the sites

Assets > Sites > Site Settings > Networks

Floating Subnet

Global IP ranges that are not connected to a specific site, but can be learned from any site with a BGP neighbor

Network > Floating Ranges

SDP User

Individual users defined for the account

Access > VPN Users

Group

Groups in the account

Assets > Groups

System Group

Predefined groups

N/A

User

Users that are imported with Directory Services

Access > Directory Services

IP

Enter the IP address with the CIDR that is applied to this rule

N/A

IP Range

For the Source of a rule, enter the multiple separate IP addresses or IP range that is applied to this rule (in one of the following formats):

  • 192.168.0.26, 192.168.0.58, 192.168.0.200

  • 192.168.0.1-192.168.0.100

  • 192.168.0.0/24

N/A

Any

Any source or destination

N/A

App/Category Objects

The following table describes the objects that you can use in the App/Category field.

Item

Description

Where Configured

Application

Default applications defined by Cato

Default values, cannot be configured

Custom Application

Custom applications defined for the account

Assets > Custom Apps

Application Category

Default categories defined by Cato

Default values, cannot be configured

Custom Category

Custom categories defined for the account

Assets > Categories

FQDN

FQDN is an exact match of the fully qualified domain (for example, the FQDN example.com only matches example.com)

  • You can't use "*" or regex expressions when configuring an FQDN

Setting for this rule

Domain

A Domain is a Second-Level Domain (SLD) and matches all Top Level Domains (TLD) and subdomains that include the Domain (for example, the Domain sample matches sample.biz and host.sample.com)

  • You can't use "*" or regex expressions when configuring a Domain

Setting for this rule

IP Range

Enter the IP addresses with the CIDR for that apps that are applied to this rule

Setting for this rule

Any

Any web content, application, or category

Default values, cannot be configured

Was this article helpful?

0 out of 0 found this helpful

0 comments

Add your comment