An ipNetwork object defines an IP address range that can be used to define security policy assignments. However, ipNetwork objects do not link directly to a security policy. Instead, you must create internal and external network group objects, assign network group membership for ipNetwork objects that define affected IP address ranges, and then assign security policy membership to the network groups to link the IP address ranges to policies.
The following policy types can be assigned by IP address:
- Quality of Protection (QOP) policies for integrity and confidentiality.
- Options policies (has-policy and no-direct-logon)