Object Types
The following table describes the objects that you can create for your devices and manage using CDO.
|
Object Type |
Description |
|---|---|
|
Network groups and network objects (collectively referred to as network objects) define the addresses of hosts or networks. |
|
|
Use URL objects and groups (collectively referred to as URL objects) to define the URL or IP addresses of web requests. You can use these objects to implement manual URL filtering in access control policies or blocking in Security Intelligence policies. |
|
Object |
Description |
|---|---|
|
Address pool objects can be configured to match against an individual IPv4 or IPv6 address or an IP address range. |
|
|
AnyConnect Client Profile objects are file objects and represent files used in configurations, typically for remote access VPN policies. They can contain an AnyConnect Client Profile and AnyConnect Client Image files. |
|
|
Network groups and network objects (collectively referred to as network objects) define the addresses of hosts or networks. |
|
|
Service objects, service groups, and port groups are reusable components that contain protocols or ports considered part of the TCP/IP protocol suite. |
|
|
A time range object defines a specific time consisting of a start time, an end time, and optional recurring entries. You use these objects in network policies to provide time-based access to certain features or assets. |
|
|
Trustpoints let you manage and track digital certificates in ASA. |
|
Object |
Description |
|---|---|
|
An application filter object defines the applications used in an IP connection, or a filter that defines applications by type, category, tag, risk, or business relevance. You can use these objects in policies to control traffic instead of using port specifications. |
|
|
AnyConnect Client Profile objects are file objects and represent files used in configurations, typically for remote access VPN policies. They can contain an AnyConnect Client Profile and AnyConnect Client Image files. |
|
|
Digital certificates provide digital identification for authentication. Certificates are used for SSL (Secure Socket Layer), TLS (Transport Layer Security), and DTLS (Datagram TLS) connections, such as HTTPS and LDAPS. |
|
|
DNS servers are needed to resolve fully-qualified domain names (FQDN), such as www.example.com, to IP addresses. You can configure different DNS group objects for management and data interfaces. |
|
|
A geolocation object defines countries and continents that host the device that is the source or destination of traffic. You can use these objects in policies to control traffic instead of using IP addresses. |
|
|
An IKEv1 policy object contain the parameters required for IKEv1 policies when defining VPN connections. |
|
|
IKEv2 Policy |
An IKEv2 policy objects contain the parameters required for IKEv2 policies when defining VPN connections. |
|
IKEv1 IPSEC Proposal |
IPsec Proposal objects configure the IPsec proposal used during IKE Phase 1 negotiations. The IPsec proposal defines the combination of security protocols and algorithms that secure traffic in an IPsec tunnel. |
|
IKEv2 IPSEC Proposal |
IPsec Proposal objects configure the IPsec proposal used during IKE Phase 2 negotiations. The IPsec proposal defines the combination of security protocols and algorithms that secure traffic in an IPsec tunnel. |
|
Network groups and network objects (collectively referred to as network objects) define the addresses of hosts or networks. |
|
|
A security zone is a grouping of interfaces. Zones divide the network into segments to help you manage and classify traffic. |
|
|
Service objects, service groups, and port groups are reusable components that contain protocols or ports considered part of the TCP/IP protocol suite. |
|
|
A SGT dynamic object identifies source or destination addresses based on an SGT assigned by ISE and can then be matched against incoming traffic. |
|
|
A syslog server object identifies a server that can receive connection-oriented or diagnostic system log (syslog) messages. |
|
|
Use URL objects and groups (collectively referred to as URL objects) to define the URL or IP addresses of web requests. You can use these objects to implement manual URL filtering in access control policies or blocking in Security Intelligence policies. |
|
Object |
Description |
|---|---|
|
Network groups and network objects (collectively referred to as network objects) define the addresses of hosts or networks. |
|
|
Service objects, service groups, and port groups are reusable components that contain protocols or ports considered part of the TCP/IP protocol suite. |
|
Object |
Description |
|---|---|
|
Network groups and network objects (collectively referred to as network objects) define the addresses of hosts or networks. |
|
|
Service objects, service groups, and port groups are reusable components that contain protocols or ports considered part of the TCP/IP protocol suite. |