Comtech EF Data / Stampede
FX Series Administration Guide - Version 6.2.2
135
Chapter: FX Series Optimization Settings
Section: Application Policies Overview
MN-FXSERIESADM6 Rev 6
Comment:
This is a description in which the administrator can delineate the rationale for this
authorization realm.
Origin IP Address Ranges:
Specified using “CIDR” notation where a base IP address is followed by a ‘/’ character which is followed by
a value between 1 and 32 that denotes the number of bits used to describe the network and the
remaining bits (32 – the value) are used to specify the nodes on that network. For example a setting of
192.110.1.0/24 would be equivalent to specifying a network of 192.110.1.0 with a net mask of
255.255.255.0. Separating each CIDR entry with a comma can specify multiple destinations. You may also
enter one or more single IP addresses or hyphenated IP address ranges, separated by commas in the
same manner. i.e. 10.2.2.5 or 10.2.2.50-10.2.2.59. In a two-sided environment with FX-Remotes, the IP
address must be that of an in-path interface of the FX-Remote. The default setting is any network.
VLAN ID:
Specifies the VLAN ID for which the realm should apply. If “None” is selected then the VLAN ID is not part
of the match criteria when realms are evaluated. The selector only shows VLAN IDs for which an in-path
interface has been defined.
Client Type:
This field allows you to specify that client types that are associated with this authorization realm.
The valid choices are:
Native – Traffic that does not flow thru a FX Remote
FX Remote – Traffic which is accelerated by the FX Series Remote Appliance
NOTE:
Press and hold the control key for multiple selections. The default is any client type.
In-Path Interface:
Allows you to designate the authorization realm to only apply to traffic that flows on a particular VLAN.
NOTE:
When assessing authorization realm membership, if the appliance determines that if all
of the above field criteria are met, then the user is deemed to be a member of the
authorization realm.
Using Authorization Realms for Testing:
Authorization realms can be useful for testing because they provide a convenient means to stage
deployment of new application policy.
•
You can define an authorization realm with just one IP address – that of a test machine.
•
Then you can enable an application policy and limit the deployment to that authorization
realm.
•
When you are satisfied that further deployment is warranted you can broaden the scope of
the authorization realm for further staging or you may choose to delete the authorization
realm altogether from the policy.