In BIG-IQ Security, the shared objects that you can view and manage include:
As an alternative, you can create a new shared object and replace the original shared object where it is in use.
You can rename objects that are not in use.
An address list is a collection of IPv4 or IPv6 addresses, adress ranges, or subnets saved on a server and available for use in firewall rules, rule lists, and policies.
Firewall rules refer to address lists to allow or deny access to specific IP addresses in IP packets. Firewall rules compare all addresses from the list to either the source or the destination IP address (in IP packets), depending on how the list is applied. If there is a match, the rule takes an action, such as accepting or dropping the packet.
Address lists are containers and must contain at least one address entry. You cannot create an empty address list.
Furthermore, you can add an address list to a firewall by opening the firewall and dragging-and-dropping the address list onto the firewall from the Shared Objects panel.
You can define one or more reusable lists of addresses, and you can select one or more address lists to be included in a firewall rule.
|Name||Text field naming the address list.|
|Description||Optional description of the address list.|
|Partition||Informational, read-only field.|
|Type||Address or address range.|
|Addresses||IPv4 or IPv6 address. The format for an IPv4 address is
For example: 18.104.22.168
The format for an IPv6 address is a:b:c:d:e:f:g:h[/prefix]. For example: 2001:db7:3f4a:9dd:ca90:ff00:42:8329
IPv6 abbreviated form is supported.
You can shorten IPv6 addresses by eliminating leading zeros from each field. For example, you can shorten 2001:0db7:3f4a:09dd:ca90:ff00:0042:8329 to 2001:db7:3f4a:9dd:ca90:ff00:42:8329.
You can also shorten IPv6 addresses by removing the longest contiguous field of zeros. For example, you can shorten 2001:0:0:0:c34a:0:23ff:678 to 2001::c34a:0:23ff:678. The Traffic Management Shell (tmsh) accepts any valid text representation of IPv6 addresses.
You can specify subnets using forward slash (/) notation; for example: 22.214.171.124/24. An example of an IPv6 subnet follows: 2001:db8:a::/64.
You can specify the route domain as well. For example: 255.255.255.0%/24
|Description||Optional text field used to describe the address or address range.|
Port lists are lists of ports or port ranges that can be referred to from firewall rules. Firewall rules refer to port lists to allow or deny access to specific ports in IP packets. They compare a packet's source port and/or destination port with the ports in a port list. If there is a match, the rule takes an action, such as accepting or dropping the packet.
Furthermore, you can add a port list to a firewall by opening the firewall and dragging-and-dropping the port list onto the firewall from the Shared Objects panel.
Schedules are assigned to rules, rule lists, and policies to control when these shared objects are actively evaluated.
By default, all rules, rule lists, and policies are on a continuously active schedule. Schedules are continuously active if created without any scheduling specifics (such as the hour that the schedule starts). If you apply a schedule to a rule, rule list, or policy, you can reduce the time that the rule, rule list, or policy is active.
You can also add a schedule to a firewall, policy, or rule by opening the firewall (or policy or rule), locking it for edit, and dragging-and-dropping the schedule onto the rule's State column.
|Name||Unique name used to identify the schedule.|
|Description||Optional description for the schedule.|
|Partition||Informational, read-only field displaying the name of the partition associated with the schedule.|
Note: Using the GUI to specify the start and end dates and times is the preferred method. However, if you do specify dates manually, use the format: YYYY-MM-DD HH:MM:SS.
|Click the first field to display a calendar popup screen and select a start date.
Click the second field to display a calendar and select an end date. You can specify:
|Time Span||Time is specified in military time format: HH:MM. You can specify time manually
or click in the fields and use the Choose Time popup screen. Click the first time
span field and use the sliders to specify a start time in the popup
Click the second time span field and use the sliders to specify an end time in the popup screen.If you leave these fields blank, the schedule runs all day, which is the default on the BIG-IQ Security system and on BIG-IP devices. (This option is explicitly called All Day on BIG-IP devices.)
|Day||Select check boxes for all days that apply. You must select at least one day per week.|