Address Groups; Auto-Generated Address Objects - D-Link NetDefend DFL-210 User Manual

3.1.4. Address Groups

3.1.4. Address Groups
Address objects can be grouped in order to simplify configuration. Consider a number of public
servers that should be accessible from the Internet. The servers have IP addresses that are not in a
sequence, and can therefore not be referenced to as a single IP range. Consequently, individual IP
Address objects have to be created for each server.
Instead of having to cope with the burden of creating and maintaining separate filtering policies
allowing traffic to each server, an Address Group named, for instance, Webservers, can be created
with the web server hosts as group members. Now, a single policy can be used with this group,
thereby greatly reducing the administrative workload.
Address Group objects are not restricted to contain members of the same subtype. In other words, IP
host objects can be teamed up with IP ranges, IP networks and so on. All addresses of all group
members are combined, effectively resulting in a union of the addresses. As an example, a group
containing two IP ranges, one with addresses 192.168.0.10 - 192.168.0.15 and the other with
addresses 192.168.0.14 - 192.168.0.19, will result in a single IP range with addresses 192.168.0.10 -
192.168.0.19.
Keep in mind however that for obvious reasons, IP address objects can not be combined with
Ethernet addresses.

3.1.5. Auto-Generated Address Objects

To simplify the configuration, several address objects are automatically generated when the system
is run for the first time. These objects are being used by other parts of the configuration already
from start.
The following address objects are auto-generated:
Interface Addresses
Default Gateway
all-nets
For each Ethernet interface in the system, two IP Address objects are
pre-defined; one object for the IP address of the actual interface, and
one object representing the local network for that interface.
Interface IP address objects are named interfacename_ip and network
objects are named interfacenamenet. As an example, an interface
named lan will have an associated interface IP object named lan_ip
and a network object named lannet.
An IP Address object named wan_gw is auto-generated and
represents the default gateway of the system. The wan_gw object is
used primarily by the routing table, but is also used by the DHCP
client subsystem to store gateway address information acquired from
an DHCP server. If a default gateway address has been provided
during the setup phase, the wan_gw object will contain that address.
Otherwise, the object will be left empty (In other words, the IP
address is 0.0.0.0).
The all-nets IP address object is initialized to the IP address
0.0.0.0/0, thus representing all possible IP addresses. This object is
used extensively throughout the configuration.
51
Chapter 3. Fundamentals