Business Unit Management for IP Ranges - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Product
Cortex XPANSE
Version
2
Creation date
2024-03-28
Last date published
2024-05-24
Category
User Guide
Solution
Cloud
Abstract

Learn about business unit assignments for user-defined and system-defined IPv4 ranges.

You can update the business unit (BU) assignment for the following types of IPv4 address ranges:

  • IPv4 ranges defined by Cortex Xpanse

  • Custom IPv4 ranges that you define

  • Single IP addresses within a range

Note

You can modify the BU for individual IPv6 addresses, but user-defined IPv6 ranges are not supported.

When you define a custom IP range, that new range will appear in the Owned IPv4 Ranges table in the Inventory with a user-defined range icon.

user-defined-range-icon.png

In Expander, all of the IP addresses in a range have the same BU assignment. That means if you define a range that is a subset of an Xpanse-defined range, Xpanse will adjust the existing range as needed. For example, if an Xpanse-defined range is x.x.x.0 - x.x.x.10 and is assigned BU "A", and you define a custom range x.x.x.5 - x.x.x.8 with BU "B", Xpanse will show three IP ranges in the Inventory:

  • x.x.x.0 - x.x.x.4 with BU A

  • x.x.x.5 - x.x.x.8 with BU B

  • x.x.x.9 - x.x.x.10 with BU A

If you create a range that overlaps with other user-defined ranges that conflict with your BU selection, you will be prompted to either keep all previously assigned BUs along with your new BU or to replace all previously assigned BUs with your new BU.

Custom IP range requirements

The IP addresses used to define a custom range must meet the following requirements:

  • Neither the starting or ending IP address can be a reserved IP address.

  • The starting IP address must be lower or equal to the ending IP address. You can create a range of one IP address by making the starting and ending IP addresses the same.

  • The IP address range must be within your scope. You will not be able to create a custom IP range if you do not have access to that IP address space. See Manage User Scope for information about scope-based access control (SBAC).