Non continuous ip range definition

Hi all from Spain.

I need to define a IP range object based only in the third digit/octect. The goal is a list of all "22" IP of each /24 network on a /16 set.

Example: to

The fw allows me to create a ip range definition with those values, but ¿is it interpreting it as 10.66.1-254.22 or is it including also 10.66.1.[23,24,25...]?

We need to expose that range on a IPsec, and using a /16 network (, and I thing is too much wide for only a few hosts :-(

If this is not possible, ¿any ideas?

Thank you all.

  • Hi Carlos,

    Thanks for reaching out to Sophos Community.

    Let me know if I understand your situation correctly, what you want is a network scheme of 10.66.x.22 to on a /16 subnet? 

    This would not be possible as the usable hosts for a /16 on this given subnet is from -

    How much usable address do you need for each subnet? you might want to settle to a much lower scope such as /27 up to /30 (which is good for a point-to-point setup as this only has 2 usable addresses, 1 network address, and 1 broadcast)


    Name: "Connection 1"

    Network add: 

    Usable host: - .2



    "Connection 2"

    Net add:

    usable: - .6


    and so forth...

    Hope this helps. Have a nice day and thank you for choosing Sophos.


    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • In theory a range with netmask should do. However most IP stacks (as the one in Linux) rely on the "continuous number of one bits" without gap and reject such a bit mask.

    If that's the case your best bet is "group of addressees",,... (best generated with a script and used on the CLI to avoid typing).