disappears and the individual members appear unindented in the normal ungrouped color.
Individual object index positions within the table are not affected.
A group is also removed if there are no members left. If there is only one member of a group,
when this leaves the group, the group will no longer exist and the title line will disappear..
Groups and Folders
It is important to distinguish between collecting together objects using a folder and collecting it
together using groups.
Either can be used to group objects but a folder is similar to the concept of a folder in a
computer's file system. However, a folder cannot be part of a group. Groups collect together
related basic objects and a folder is not of this type. It is possible, on the other hand, to use
groups within a folder.
It is up to the administrator how to best use these features to best arrange NetDefendOS objects.
3.6.7. IP Policy
The IP Rule objects described previously provide very finely grained control over how arriving
traffic is handled by NetDefendOS. The IP Policy object provides the ability to achieve the same
results as IP rules but in a more intuitive way.
IP Policies Must be Used for Some Features
Certain features are only available with IP Policy objects. These include:
• Geolocation filtering of traffic. One of the traffic filtering options is to specify the location in
the world where the traffic is coming from or going to.
• Using FQDN Address objects for the source or destination network. These are described
further in Section 3.1.7, “FQDN Address Objects”.
IP Policies Can Simplify Configuration
IP policies can be used is to hide the complexities of IP rules. For example, a NAT policy might
require several IP rules but may be achievable with a single IP policy. The several IP rules are still
created in the background but the administrator is only aware of the IP policy object.
IP Policies Are Not Configured Using ALGs
Another key advantage of IP policies, is that ALG objects are not needed. By configuring a
particular protocol's Service object on an IP Policy, all the properties usually associated with that
protocol's ALG now become directly configurable on the IP Policy.
When a service is used with IP policies and the Protocol property of the service is correctly set,
the relevant properties previously available in any corresponding ALG, as well as some additional
properties become available in the IP policy. The explanations for many of these properties are
the same as the ALG explanations in this document since the ALG is being used by the IP policy
in the background.
It is up to the administrator to decide if they will use an IP rule or an IP policy when configuring
NetDefendOS. Where there is a choice, using an IP policy is recommended.
Chapter 3: Fundamentals
245
To Next Page
Loading...
