Configuration object groups, Adding an allow ip rule – Amer Networks E5Web GUI User Manual

Using folders is simply a way for the administrator to conveniently divide up IP rule set entries
and no special properties are given to entries in different folders. cOS Core continues to see all
entries as though they were in a single set of IP rules.

The folder concept is also used by cOS Core in the address book, where related IP address objects
can be grouped together in administrator created folders.

Example 3.23. Adding an Allow IP Rule

This example shows how to create a simple Allow rule that will allow HTTP connections to be
opened from the lan_net network on the lan interface to any network (all-nets) on the wan
interface.

Command-Line Interface

Device:/> add IPRule

Action=Allow
Service=http
SourceInterface=lan
SourceNetwork=lan_net
DestinationInterface=wan
DestinationNetwork=all-nets
Name=lan_http

Configuration changes must be saved by then issuing an activate followed by a commit
command.

Web Interface

1.

Go to: Policies > Add > IPRule

2.

Specify a suitable name for the rule, for example LAN_HTTP

3.

Now enter:

•

Name: A suitable name for the rule. For example lan_http

•

Action: Allow

•

Service: http

•

Source Interface: lan

•

Source Network: lan_net

•

Destination Interface: wan

•

Destination Network: all-nets

4.

Click OK

3.6.6. Configuration Object Groups

The concept of folders can be used to organise groups of cOS Core objects into related
collections. These work much like the folders concept found in a computer's file system. Folders
are described in relation to the address book in Section 3.1.6, “Address Book Folders” and can also

Chapter 3: Fundamentals

200