Instead of calling the Ipv4 Rule objects directly in firewall policy, which can exceed the limits, Create a Network Group.
- Click the Policy tab.
- Click Objects, Rule Objects, Add Network Group.
- Under the Network Group, select the Ipv4 Rule Endpoint objects.
For example:
You create Ipv4 Endpoint object 1 and list 10 Ipv4 addresses in it. Ipv4 Endpoint object 2 and Ipv4 Endpoint object 3 each have 10 IP addresses listed.
Calling the 3 Ipv4 Endpoint objects in a firewall policy as a source or destination increases the number of effective access rules on a sensor. This access rise is because
each reference is counted.
Don't directly call the Ipv4 Endpoint objects in firewall policy. Create One
Network Group and list all Ipv4 Endpoint objects under one
Network Group.
This Network group can be called in firewall policy.
The Network Group contains Multiple IPv4 Rule Endpoint objects inside it. But, the count for Source remains at 1 and the rule line is considered as a single entity.