Address Groups; Auto-Generated Address Objects - D-Link NetDefend DFL-210 User Manual
Network security firewall
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
3.1.4. Address Groups
2.
Specify a suitable name for the Ethernet Address object, for example wwwsrv1_mac
3.
Enter 08-a3-67-bc-2e-f2 as the MAC Address
4.
Click OK
3.1.4. Address Groups
Groups Simplify Configuration
Address objects can be grouped in order to simplify configuration. Consider a number of public
servers that should be accessible from the Internet. The servers have IP addresses that are not in a
sequence, and can therefore not be referenced to as a single IP range. Consequently, individual IP
Address objects have to be created for each server.
Instead of having to cope with the burden of creating and maintaining separate filtering policies
allowing traffic to each server, an Address Group named, for example web-servers, could be created
with the web server hosts as group members. Now, a single policy can be used with this group,
thereby greatly reducing the administrative workload.
Groups Can Contain Different Subtypes
Address Group objects are not restricted to contain members of the same subtype. IP host objects
can be teamed up with IP ranges, IP networks and so on. All addresses of all group members are
then combined by NetDefendOS, effectively resulting in the union of all the addresses. As an
example, a group containing two IP ranges, one with addresses 192.168.0.10 - 192.168.0.15 and the
other with addresses 192.168.0.14 - 192.168.0.19, will result in a single IP range with addresses
192.168.0.10 - 192.168.0.19.
Keep in mind, however, that for obvious reasons, IP address objects cannot be combined with
Ethernet MAC addresses.
3.1.5. Auto-Generated Address Objects
To simplify the configuration, a number of address objects in the Address Book are automatically
created by NetDefendOS when the system starts for the first time and these objects are used in
various parts of the initial configuration.
The following address objects are auto-generated:
Interface Addresses
Default Gateway
For each Ethernet interface in the system, two IP Address objects are
pre-defined; one object for the IP address of the actual interface, and
one object representing the local network for that interface.
Interface IP address objects are named <interface-name>_ip and
network objects are named <interface-name>_net. As an example,
an interface named lan will have an associated interface IP object
named lan_ip, and a network object named lannet.
An IP Address object named wan_gw is auto-generated and
represents the default gateway of the system. The wan_gw object is
used primarily by the routing table, but is also used by the DHCP
client subsystem to store gateway address information acquired from
a DHCP server. If a default gateway address has been provided
during the setup phase, the wan_gw object will contain that address.
Otherwise, the object will be left empty (in other words, the IP
address will be 0.0.0.0/0).
73
Chapter 3. Fundamentals
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
