Address Groups; Auto-Generated Address Objects - D-Link NetDefend DFL-210 User Manual

3.1.5. Auto-Generated Address Ob-
jects

3.1.4. Address Groups

Address objects can be grouped in order to simplify configuration. Consider a number of public
servers that should be accessible from the Internet. The servers have IP addresses that are not in a
sequence, and can therefore not be referenced to as a single IP range. Consequently, individual IP
Address objects have to be created for each server.
Instead of having to cope with the burden of creating and maintaining separate filtering policies al-
lowing traffic to each server, an Address Group named, for instance, Webservers, can be created
with the web server hosts as group members. Now, a single policy can be used with this group,
thereby greatly reducing the administrative workload.
Address Group objects are not restricted to contain members of the same subtype. In other words, IP
host objects can be teamed up with IP ranges, IP networks with DNS names and so forth. All ad-
dresses of all group members are combined, effectively resulting in a union of the addresses. As an
example, a group containing two IP ranges, one with addresses 192.168.0.10 - 192.168.0.15 and the
other with addresses 192.168.0.14 - 192.168.0.19, will result in a single IP range with addresses
192.168.0.10 - 192.168.0.19.
Keep in mind however that for obvious reasons, IP address objects can not be combined with Ether-
net addresses.

3.1.5. Auto-Generated Address Objects

To simplify the configuration, several address objects are automatically generated when the system
is run for the first time. These objects are being used by other parts of the configuration already
from start.
The following address objects are auto-generated:
Interface Addresses
Default Gateway
all-nets
For each Ethernet interface in the system, two IP Address objects are
pre-defined; one object for the IP address of the actual interface, and
one object representing the local network for that interface.
Interface IP address objects are named interfacename_ip and network
objects are named interfacenamenet. As an example, an interface
named lan will have an associated interface IP object named lan_ip
and a network object named lannet.
An IP Address object named wan_gw is auto-generated and repres-
ents the default gateway of the system. The wan_gw object is used
primarily by the routing table, but is also used by the DHCP client
subsystem to store gateway address information aquired from an DH-
CP server. If a default gateway address has been provided during the
setup phase, the wan_gw object will contain that address. Otherwise,
the object will be left empty (i.e. the IP address being 0.0.0.0).
The all-nets IP address object is initialized to the address 0.0.0.0/0,
thus representing all possible IP addresses. This object is used ex-
tensively throughout the configuration.
34
Chapter 3. Fundamentals