Address objects can be grouped in order to simplify configuration. Consider a number of public
servers that should be accessible from the Internet. The servers have IP addresses that are not in
a sequence, and can therefore not be referenced to as a single IP range. Consequently, individual
IP Address objects have to be created for each server.
Instead of having to cope with the burden of creating and maintaining separate filtering policies
allowing traffic to each server, an
Address Group
named, for example
web-servers
, could be
created with the web server hosts as group members. Now, a single policy can be used with this
group, thereby greatly reducing the administrative workload.
IP Addresses Can Be Excluded
When groups are created with the Web Interface, it is possible to not only add address objects to
a group but also to explicitly exclude addresses from the group. However, exclusion is not
possible when creating groups with the CLI.
For example, if a network object is the network
192.168.2.0/24
and this is added to a group, it is
possible to then explicitly exclude the IPv4 address
192.168.2.1
. This means that the group will
then contain the range
192.168.2.2
to
192.168.2.255
.
Groups Can Contain Different Subtypes
Address Group objects are not restricted to contain members of the same subtype. IP host
objects can be teamed up with IP ranges, IP networks and so on. All addresses of all group
members are then combined by NetDefendOS, effectively resulting in the union of all the
addresses.
For example, if a group contains the following two IP address ranges:
•
192.168.0.10 - 192.168.0.15
•
192.168.0.14 - 192.168.0.19
The result of combining these two will be a single address range containing
192.168.0.10 -
192.168.0.19
.
Note: IP and MAC Addresses
Address book objects can never contain both IP addresses and Ethernet MAC addresses
since these are entirely different in their usage. MAC address book objects are primarily
used with the NetDefendOS Proxy ARP feature.
3.1.5. Auto-Generated Address Objects
To simplify the configuration, a number of address objects in the address book are automatically
created by NetDefendOS when the system starts for the first time and these objects are used in
various parts of the initial configuration.
The following address objects are auto-generated:
•
Interface Addresses
For each Ethernet interface in the system, two IP Address objects are predefined; one object
for the IPv4 address of the actual interface, and one object representing the local network for
that interface.
Interface IPv4 address objects are named
<interface-name>_ip
and network objects are
Chapter 3: Fundamentals
149
Summary of Contents for NetDefendOS
Page 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Page 32: ...Chapter 1 NetDefendOS Overview 32 ...
Page 144: ...Chapter 2 Management and Maintenance 144 ...
Page 284: ...Chapter 3 Fundamentals 284 ...
Page 392: ...Chapter 4 Routing 392 ...
Page 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Page 420: ...Chapter 5 DHCP Services 420 ...
Page 573: ...Chapter 6 Security Mechanisms 573 ...
Page 607: ...Chapter 7 Address Translation 607 ...
Page 666: ...Chapter 8 User Authentication 666 ...
Page 775: ...Chapter 9 VPN 775 ...
Page 819: ...Chapter 10 Traffic Management 819 ...
Page 842: ...Chapter 11 High Availability 842 ...
Page 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Page 879: ...Chapter 13 Advanced Settings 879 ...