Chapter 4. policy object, 1 address, Chapter 4 – PLANET MH-2300 User Manual

Gigabit Multi-Homing VPN Security Gateway

MH-2300

73

Chapter 4. Policy Object

4.1 Address

This chapter will cover the configuration of Address, which allows for

adding LAN, WAN and DMZ addresses and grouping addresses by purpose.

Each IP address can be assigned a friendly name and could represent a

single host or a network subnet. IP addresses are categorized into three types,
namely internal IP address, external IP address, and DMZ IP address. Group
feature is available for address management to help simplify the process of
applying addresses to network policies.

Once an address setting is created, it is ready for selection from the Source
Address or Destination Address drop-down list in a network policy.

Terms in Address

Name

„ Specify a friendly name for the address setting.

Address Type

„ Specify the address by the netmask, prefix length, IP range or FQDN.

1.

FQDN (Fully Qualified Domain Name) consists of Hostname and Domain

Name. For example, “

www.google.com.tw

” is a FQDN; in this case, “www” is the

hostname while “google.com.tw” is the domain name.

2.

When it comes to website blocking, it takes more than just a website

mapped IP (especially true for a website like Facebook and Yahoo), a network
subnet, or a blacklist entry. FQDN provides a more effective means to block the
access to a website by automatically parsing out all the mapped IP addresses.

3.

FQDN is particularly designed to solve the shortness in blacklisting or

whitelisting HTTPS and FTP addresses. It is available for configuration in WAN
interfaces and can be applied to network policies.

IP Version

„ The Internet protocol version for the address setting.

IP Address

„ Specify the IP address of a host, or a network subnet, which can be an

internal IP address, external IP address or DMZ IP address.

Netmask

„ Enter 255.255.255.255 to match a single IPv4 address.
„ Enter 255.255.255.0 to match a Class C IPv4 subnet, such as

192.168.100.x.