Manual Chapter : Creating a custom address space

Applies To:

  • BIG-IP APM

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0

back-action Configuring Address Spaces

Updated Date: 04/01/2026

Creating a custom address space

Create an address space by manually adding list of addresses.

  1. On the Main tab, select Access > Connectivity / VPN > Network Access (VPN) > Address Spaces.

    The Address Spaces list appears.

  2. Click Create.

  3. In the Name field, type a unique name for the address space.

  4. In the Description field, specify a description of the address space.

  5. Select Custom in the Type list.

  6. For the IPV4 Address Space and the IPV6 Address Space, enter the IP address or network address in the CIDR field that you want to add to the address space and click Add.

    In CIDR format, the IP address is written as a prefix, and the suffix indicates how many bits are in the address - for example, 192.0.1.0/32. If you add many addresses for split tunneling, Edge Client cannot establish a tunnel connection. The limits for these addresses are:

    • Windows max limit is 20 KB (each Network Access property)
    • macOS max limit is 64 KB (all Network Access properties)
    • Linux max limit is 64 KB (all Network Access properties)
    • Mobile clients (Android, iOS, Chrome) do not have a limit but may vary based on the platforms’ support

  7. For the DNS Address Space, type the domain name in the form site.example.com, *.example.com, or *example.com and click Add. To pass all DNS requests to the internal DNS server, specify *. If you do not specify a DNS address space or *, DNS does not work over split tunnels on Windows, macOS, Linux, or iOS. To pass all DNS requests to the internal DNS server, specify *. VPNs on Android devices do not support split tunneling.

    Wildcard matching occurs as follows:

    • site.example.com matches only site.example.com. On macOS, site.example.com also matches <prefix>.site.example.com, for example, a.site.example.com.
    • example.com matches only example.com.
    • *.example.com matches all <prefix>.example.com addresses, including site.example.com, example.site.example.com, and www.example.com. However, it does not match example.com with no prefix.
    • *example.com matches example.com, *<prefix>*example.com (for example, dnsexample.com) and all <prefix>.example.com addresses, including site.example.com, example.site.example.com, and www.example.com. For DNS Address Space to work properly on a Windows-based system, the DNS Relay Proxy service must be installed and running on the client.

  8. Click Finished.

The address space displays in the Address Space list.