Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Address Objects which is more efficient Network VS Range

Regarding Address Objects, which is more efficient for a Sonicwall to process? A Network object or a Range object?

For example in the following example which would be more efficient for the SW, speed, cpu, and memory wise.

I need to cover all the IP's between and in an object.

As a Range Object I could create it with a range of to

As a Network Object i would have to create it as (Which is -

Secondly, if the Range and Network were the same size which would be more efficient for the SW?

Category: Mid Range Firewalls


  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭

    @MichaelB the answer could be probably answered only by a SNWL engineer who did some performance tests.

    But in my logic, Network should be faster than Range, because Network needs only simple AND, OR (or XOR) operations, while Range needs to do some more math (hopefully it's not implemented in string compares ;-)).

    E.g. Range -
    Start (0+(1*256)+(168*256*256)+(192*256*256*256)
    End (255+(3*256)+(168*256*256)+(192*256*256*256)
    Bitshift is faster of course
    if IpToCheck >=  Start && IpToCheck <= End
    then IP is covered by Range Object

    I'am not sure if using a Network object includes the Broadcast Address as well. This is important if you got a usable "range" like A long time ago the Access Rule with a Network object of did not cover, I had to use a Range therfore.

    For to I wouldn't use a Network object because it's not within subnet limits.


  • Options

    @BWC LoL, we can only hope its not string compares...

    I know I have found a few articals like:

    That say:


     Range Address Objects define a range of contiguous IP addresses. No Netmask is associated with Range Address Objects, but internal logic generally treats each member of the specified range as a 32-bit masked Host object...

    But couldn't find any metrics of speed/CPU/memory on different Address Object types. Or best practices on how to achieve the best efficiency for processing those different objects.

Sign In or Register to comment.