Get Started with Network and Service Objects

Cisco Secure Access connects end users on networks to the internet and private destinations. In Secure Access, administrators can add Network and Service Objects as resources and configure access rules with these resources in the Access policy.

When you include Network and Service Objects on the access rules, you can apply security controls on these resources for the organization.

Table of Contents

About Network and Service Objects and Groups

Network Objects and Groups are reusable resources that you add in Secure Access either for the networks that end users will connect on to reach destinations or networks that end users will use to connect to from other networks.

Service Objects and Groups are reusable resources that you add in Secure Access for the applications that end users in the organization will connect to from private and public networks.

Benefits of Adding and Using Network and Service Objects

  • Reuse—Include the network and service resources in any number of access rules in the Access policy.
  • Groups—Manage groups of resources instead of single networks or services.
  • Observability—View the reports for the traffic on the networks and to the networks and services.
  • Resource management—Add, edit, duplicate, and delete large quantities of resources.
  • Protecting end users—Apply pre-configured security controls on the Network and Service resources included in the access rules.

General Limits for Objects

  • Secure Access supports adding up to 50000 Network Objects and 50000 Service Objects in an organization.
    Note: The total number of Network or Service Objects includes any non-reusable objects that you add directly to a group.
  • Secure Access supports the import of 1000 rows of object properties in a comma-separated values (CSV) file.
    Note: The CSV file cannot exceed 10MB.
  • Secure Access supports the selection of 10 objects and 10 groups in an access rule.
  • Secure Access supports including up to 50000 objects in a group.
  • The total number of objects referenced in the internet and private access rules combined cannot exceed 50000.
    For example, since the maximum number of rules that an organization can configure is 10000, if you have 10000 rules, you cannot configure more than 5 objects on each rule in the Access policy.
    Note: The total number of objects referenced in the access rules includes the use of the same object in any number of access rules.

General Limits for Groups

  • Secure Access supports adding up to 10000 Network Object Groups and 10000 Service Object Groups in an organization.
  • Secure Access supports three levels of nested Network Object Groups and three levels of Service Objects Groups.
  • Secure Access supports adding up to 1500 Network Object Groups in a Network Object Group.
  • Secure Access supports adding up to 1500 Service Object Groups in a Service Object Group.

Get Started with Network and Service Objects

To get started, add the Network and Service Objects for the organization in Secure Access. For more information, see Quick Start: Network and Service Objects.

Network Objects and Network Object Groups

Service Objects and Service Object Groups


Application Portal for Zero Trust Access Browser-Based User Access < Get Started with Network and Service Objects > Quickstart: Network and Service Objects