beautypg.com

Address groups – Amer Networks E5Web GUI User Manual

Page 131

background image

InControl

Follow the same steps used for the Web Interface below.

Web Interface

1.

Go to: Objects > Address Book > Add > Ethernet Address

2.

Specify a suitable name for the Ethernet Address object, for example wwwsrv1_mac

3.

Enter 08-a3-67-bc-2e-f2 as the MAC Address

4.

Click OK

3.1.4. Address Groups

Groups Simplify Configuration

Address objects can be grouped in order to simplify configuration. Consider a number of public
servers that should be accessible from the Internet. The servers have IP addresses that are not in
a sequence, and can therefore not be referenced to as a single IP range. Consequently, individual
IP Address objects have to be created for each server.

Instead of having to cope with the burden of creating and maintaining separate filtering policies
allowing traffic to each server, an Address Group named, for example web-servers, could be
created with the web server hosts as group members. Now, a single policy can be used with this
group, thereby greatly reducing the administrative workload.

IP Addresses Can Be Excluded

When groups are created with the Web Interface or InControl, it is possible to not only add
address objects to a group but also to explicitly exclude addresses from the group. However,
exclusion is not possible when creating groups with the CLI.

For example, if a network object is the network 192.168.2.0/24 and this is added to a group, it is
possible to then explicitly exclude the IPv4 address 192.168.2.1. This means that the group will
then contain the range 192.168.2.2 to 192.168.2.255.

Groups Can Contain Different Subtypes

Address Group objects are not restricted to contain members of the same subtype. IP host
objects can be teamed up with IP ranges, IP networks , with DNS names and so on. All addresses
of all group members are then combined by cOS Core, effectively resulting in the union of all the
addresses.

For example, if a group contains the following two IP address ranges:

192.168.0.10 - 192.168.0.15

192.168.0.14 - 192.168.0.19

The result of combining these two will be a single address range containing 192.168.0.10 -
192.168.0.19.

Chapter 3: Fundamentals

131

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: