Cisco
Login
Search

Security Policies Policy Objects Address Objects Create a Source/Destination Address Object

Last updated: Jul 03, 2025

Create a Source/Destination Address Object

For information on what this object is, see Source or Destination Address Object Parameters. Use the following procedure to create a src/dst address object in Multicloud Defense:

Procedure

1

In the Security Cloud Control platform menu, choose Products > Multicloud Defense .
2

Go to Policies > Security Policies > Addresses.
3

Click Create.
4

Select Src/Dest.
5

Enter a unique Name to identify the address object.
6

(Optional) Enter a description for the object. This may provide context to help differentiate the object from other objects.
7

Select the Object Type. For information on object types and what they are, see Address Objects. Select one of the following types:

  • IP/CIDR/FQDN

  • VPC/VNet ID

  • Security Group

  • Application ID (Azure only)

  • Instance ID

  • Subnet ID

  • User-Defined Tag

  • Geo IP

  • Service End Point (Cloud Service IP)

  • Group


     

    If you select Group, you can include a specific IP address or a range of IP addresses to either include or exclude.
8

Depending on which type you selected in step 6, enter the following paramters:

  • Value - Enter a valid IP, CIDR, or FQDN IP address.

  • CSP Account - Use the drop-down menu to select a cloud service provider account that has already connected to the controller.

  • Region - Select the region your cloud service provider is located in.

  • VPC - Use the drop-down menu to select the VPC or VNet. Note that options available may change depending on the cloud service provider account your choose.

  • Subnet - Use the drop-down menu to select the subnet that applies to your VPC or VNet.

  • (Azure only) Resource Group - Use the drop-down menu to select the resource group that is compatible with your selections.

    • Resource Level - Use the drop-down menu to select a value.

    • Resource Tag - Use the drop-down menu to select a keyword as the resource tag.

    • Value - Enter a valid value for the resource group. Note that this is different from the Value entry expected for IP/CIDR/FQDN objects.

  • Geo IP - Use the drop-down menu to select a specific IP that is associated with the gelocation of your choice.

  • X-Forwarded-For Match Enabled - Check this box to allow the gateway to match against XFF HTTP header fields.

  • Address - Select an existing object. This selection determines the group of addresses that

  • Include Addresses - This option is only applicable if you select "Group" as the type in step 6. Enter a specific IP address or a range of IP addresses to include. You can also use any to include all valid addresses.

  • Exclude Addresses - This option is only applicable if you select "Group" as the type in step 6. Enter a specific IP address or a range of IP addresses to exclude. You can also use any to include all valid addresses. Note that there is no validation from the Multicloud Defense Controller for address exclusion.
9

(Optional) Include a Matching Expression. This represent the set of conditions which must be matched for the object to execute.
10

Click Save when complete.
Previous topic System Objects Next topic Create a Reverse Proxy Target Address Object