About Slash Notation

Your Firebox uses slash notation, also known as CIDR (Classless Inter-Domain Routing) notation, for many purposes, such as policy configuration. You use slash notation differently for IPv4 and IPv6 addresses.


Slash notation is a compact way to show or write an IPv4 subnet mask. When you use slash notation, you write the IP address, a forward slash (/), and the subnet mask number.

To find the subnet mask number:

  1. Convert the decimal representation of the subnet mask to a binary representation.
  2. Count each “1” in the subnet mask. The total is the subnet mask number.

For example, to write the IPv4 address with a subnet mask of in slash notation:

  1. Convert the subnet mask to binary.
    In this example, the binary representation of is:
  2. Count each 1 in the subnet mask.
    In this example, there are twenty-four (24).
  3. Write the original IP address, a forward slash (/), and then the number from Step 2.
    The result is

This table shows common network masks and their equivalents in slash notation.

Network Mask Slash Equivalent /8 /16 /24 /25 /26 /27 /28 /29

/30 /31 /32


In IPv6, slash notation is used to represent the network identifier prefix for an IPv6 network. The prefix is expressed as a slash (/) followed by the prefix size, which is a decimal number between 1 and 128. The CIDR notation works exactly the same as with IPv4, which means if you have a /48, that means the first 48 bits of the address are the prefix.

This table shows common IPv6 network prefixes and the number of IPv6 subnets and IPv6 addresses they support.

Prefix Number of Subnets
/64 1 IPv6 subnet with up to 18,446,744,073,709,551,616 IPv6 host addresses
/56 256 /64 subnets
/48 65,536 /64 subnets

A network site that is assigned a /48 prefix can use prefixes in the range /49 to /64 to define valid subnets.

Related Topics

About IP Addresses

About Wildcard IPv4 Addresses