Table of Contents
Advertisement
Address objects can be grouped in order to simplify configuration. Consider a number of public
servers that should be accessible from the Internet. The servers have IP addresses that are not in
a sequence, and can therefore not be referenced to as a single IP range. Consequently, individual
IP Address objects have to be created for each server.
Instead of having to cope with the burden of creating and maintaining separate filtering policies
allowing traffic to each server, an Address Group named, for example web-servers, could be
created with the web server hosts as group members. Now, a single policy can be used with this
group, thereby greatly reducing the administrative workload.
IP Addresses Can Be Excluded
When groups are created with the Web Interface, it is possible to not only add address objects to
a group but also to explicitly exclude addresses from the group. However, exclusion is not
possible when creating groups with the CLI.
For example, if a network object is the network 192.168.2.0/24 and this is added to a group, it is
possible to then explicitly exclude the IPv4 address 192.168.2.1. This means that the group will
then contain the range 192.168.2.2 to 192.168.2.255.
Groups Can Contain Different Subtypes
Address Group objects are not restricted to contain members of the same subtype. IP host
objects can be teamed up with IP ranges, IP networks and so on. All addresses of all group
members are then combined by NetDefendOS, effectively resulting in the union of all the
addresses.
For example, if a group contains the following two IP address ranges:
•
192.168.0.10 - 192.168.0.15
•
192.168.0.14 - 192.168.0.19
The result of combining these two will be a single address range containing 192.168.0.10 -
192.168.0.19.
3.1.5. Auto-Generated Address Objects
To simplify the configuration, a number of address objects in the address book are automatically
created by NetDefendOS when the system starts for the first time and these objects are used in
various parts of the initial configuration.
The following address objects are auto-generated:
•
Interface Addresses
For each Ethernet interface in the system, two IP Address objects are predefined; one object
for the IPv4 address of the actual interface, and one object representing the local network for
that interface.
Interface IPv4 address objects are named <interface-name>_ip and network objects are
Note: IP and MAC Addresses
Address book objects can never contain both IP addresses and Ethernet MAC addresses
since these are entirely different in their usage. MAC address book objects are primarily
used with the NetDefendOS Proxy ARP feature.
149
Chapter 3: Fundamentals
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
