I just need confirmation that global objects, eg. a network object, can be used in a local group.
Is that correct?
Yes, We can use global objects in local groups, only issue is if you want to export the policy package then you need to unassigned the global policy and it won't allow you to perform this until you will removed the global objects from local group or local rules.
It is not a good approach better to create local object and call under local group.
Confirmed, this is correct. I just tested it within our Lab.
The full answer is, yes, you can you it. But you do not want to... Every time that global object is modified or deleted, all local groups using it should be updated. It is a manual process prone to human errors
on the other hand, global group can have ONLY global objects in it.
But you can create a Dynamic global object that you can use in a global policy and you can create a Group in the domains, with the same name as that dynamic global object, which you can then fill with local domain objects.
Example would be to allow access to all gateways from your management system through global policy, you create a group called All_Gateways_global in the domains and a dynamic global object in the global policy. Just add the gateways in each domain to the group and the global policy will apply.
yes, Incase of dynamic object we need to specify the local object with same name form local domain.
Retrieving data ...