Table of Contents
Advertisement
following single IP rule could be added but more restrictive IP rules are recommended.
Action
Src Interface
Allow
any
Restricting the Network Parameter
As NetDefendOS listens to ARP traffic, it continuously adds single host routes to the routing table
as it discovers on which interface IP addresses are located. As the name suggests, single host
routes give a route for a single IP address. The number of these routes can therefore become
large as connections are made to more and more hosts.
A key advantage of specifying a network or a range of IP addresses instead of all-nets for the
Network parameter is that the number of routes automatically generated by NetDefendOS will
be significantly smaller. A single host route will only be added if the IP address falls within the
network or address specified. Reducing the number of routes added will reduce the processing
overhead of route lookups.
Specifying a network or address range is, of course, only possible if the administrator has some
knowledge of the network topology and often this may not be the case.
Multiple Switch Routes are Connected Together
The setup steps listed above describe placing all the interfaces into a single interface group
object which is associated with a single switch route.
An alternative to one switch route is to not use an interface group but instead use an individual
switch route for each interface. The end result is the same. All the switch routes defined in a
single routing table will be connected together by NetDefendOS and no matter how interfaces
are associated with the switch routes, transparency will exist between them.
For example, if the interfaces if1 to if6 appear in a switch routes in routing table A, the resulting
interconnections will be as illustrated below.
Connecting together switch routes in this way only applies, however, if all interfaces are
associated with the same routing table. The situation where they are not, is described next.
Creating Separate Transparent Mode Networks
If we now have two routing tables A and B so that interfaces if1, if2 and if3 appear in a switch
route in table A and interfaces if4, if5, if6 appear in a switch route in table B, the resulting
interconnections will be as illustrated below.
Src Network
Dest Interface
all-nets
any
382
Chapter 4: Routing
Dest Network
Service
all-nets
all_services
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
