Object Types
You can create the following types of object. In most cases, if a policy or setting allows an object, you must use an object.
Object Type |
Main Use |
Description |
---|---|---|
AnyConnect Client Profile |
Remote access VPN. |
AnyConnect client profiles are downloaded to clients along with the AnyConnect client software. These profiles define many client-related options, such as auto connect on startup and auto reconnect, and whether the end user is allowed to change the option from the AnyConnect client preferences and advanced settings. |
Application Filter |
Access control rules. |
An application filter object defines the applications used in an IP connection, or a filter that defines applications by type, category, tag, risk, or business relevance. You can use these objects in policies to control traffic instead of using port specifications. |
Certificates |
Identity policies. Remote access VPN. |
Digital certificates provide digital identification for authentication. Certificates are used for SSL (Secure Socket Layer), TLS (Transport Layer Security), and DTLS (Datagram TLS) connections, such as HTTPS and LDAPS. |
Geolocation |
Security policies. |
A geolocation object defines countries and continents that host the device that is the source or destination of traffic. You can use these objects in policies to control traffic instead of using IP addresses. |
Identity Realm |
Identity policies. Remote access VPN. |
An identity realm is a directory server plus other attributes required to provide authentication services. The directory server contains information about the users and user groups who are allowed access to your network. |
IKE Policy |
VPN. |
Internet Key Exchange (IKE) Policy objects define the IKE proposal used to authenticate IPsec peers, negotiate and distribute IPsec encryption keys, and automatically establish IPsec security associations (SAs). There are separate objects for IKEv1 and IKEv2. |
IPsec Proposal |
VPN. |
IPsec Proposal objects configure the IPsec proposal used during IKE Phase 2 negotiations. The IPsec proposal defines the combination of security protocols and algorithms that secure traffic in an IPsec tunnel. There are separate objects for IKEv1 and IKEv2. |
Network |
Security policies and a wide variety of device settings. |
Network groups and network objects (collectively referred to as network objects) define the addresses of hosts or networks. |
Port |
Security policies. |
Port groups and port objects (collectively referred to as port objects) define the protocols, ports, or ICMP services for traffic. |
Security Zone |
Security policies. |
A security zone is a grouping of interfaces. Zones divide the network into segments to help you manage and classify traffic. |
Syslog Servers |
Access control rules. Diagnostic logging. |
A syslog server object identifies a server that can receive connection-oriented or diagnostic system log (syslog) messages. |
URL |
Access control rules. |
URL objects and groups (collectively referred to as URL objects) define the URL or IP addresses of web requests. |