Help for Open Group Network Object
Field Index
Contents
General Information on Network Objects
Group Name
Description
Objects in Group
Select
Remove
OK
Cancel
General Information on Network Objects
The Network Objects function allows you to maintain information about
network addressable components on your network. This function acts as
a central repository for use by other functions in the Firewall.
Primarily, network objects are used to designate source
and destination addresses when you create your connections.
Individual network objects can be placed into groups.
Use of these groups can save time when configuring connections.
Key elements that
should be defined as network objects include:
- Secure Interface of the Firewall
- NonSecure Interface of the Firewall
- Secure Network
The figure below illustrates how network objects can become
part of a connection configuration.
Tip for Configuring Network Objects
Wherever possible, it is a good idea to encompass contiguous
network addresses into a single network object, rather than
creating a network group. This will help to improve the
performance of the connection rule processing. For example,
if you have a set of contiguous addresses such as the following:
ACCOUNTING DEPARTMENT
George 191.1.10.1
Susan 191.1.10.3
Helen 191.1.10.5
Peter 191.1.10.7
John 191.1.10.9
You could represent all of these addresses with a single
network object (IP address = 191.1.10.0, subnet mask =
255.255.255.0). For purposes of improving the performance
of rule processing, this would be much more efficient than
if each of these addresses had been placed into one network
group.
Further Information
Group Name
Enter the group name. The group name should NOT contain a pipe
symbol(|), a single quote (or apostrophe) character('), or a double
quote(") character as these are used as SMIT and file
delimiters. Use of these characters will result in unreliable data.
Description
This field is optional and is provided in case you want to
provide a comment or additional information about this item.
Objects in Group
Click Select to choose all the network objects that
you wish to form for this group. Click Remove to remove objects from
the group.
Select
Press the "Select..." button to access a list of defined objects that are
valid for this function.
Click "Select" and choose an object or group from the Network Object
menu. Click Apply. This will be the Source Object.
Click "Select" and choose an object or group from the Network Object
menu. Click Apply. This will be the Destination Object.
Click "Select" and choose from the list of services available.
Click Apply. You can select more than one service,
but you must select one service at a time.
You can rearrange your list of services by highlighting a service and
clicking Move Up or Move Down.
You can remove a service by highlighting it and clicking Remove.
Click "Select" and choose from the list of
Socks entries available. Click Apply. You can select more than one entry
but you must select one Socks object at a time.
You can remove a Socks entry by highlighting it and clicking Remove.
a tunnel by pressing the "Select" button.
Click "Select" and choose from the list of
rules available. You can select more than one rule.
Note: There can be more than one instance of the same rule
added to this list. This is because it is possible that an administrator
would want to use the same rule template twice, and assign a different value
for the "Flow" field. Use caution when selecting rule templates so that you do
not select the same instance of a template more times than what you intended.
Flow Icons
 | Left to Right indicates that the Source and Destination
of the Connection will get written directly to the
rule as it is written into the Rule Base File. |
 | Right to Left indicates that the Source and Destination
of the Connection will be reversed when it is written
to the Rule Base File. |
Click "Select" and choose an adapter name. This
field can only be used when the Interface adapter (previous field) is
"specific". Otherwise, this field is not required.
choose to press the "Select" button and select a Network Object that
has already been defined.
choose to press the "Select" button and select a Network Object that
has already been defined.
Click "Select" to get a list of tunnel
id(s). Select the tunnel id(s) you want to export.
Click "Select" to get a list of tunnel
id(s). Select the tunnel id(s) you want to export.
are to be controlled by the Enterprise Firewall Manager. Click "Select" to choose a Security Agreement from
the list of defined Security Agreements.
The default Security Agreement is "Host Only" which will not permit the Enterprise Firewall Manager to update any of
the configuration files for this Managed Firewall.
copied. Click "Select" to choose a Managed Firewall from the list of defined Managed Firewalls.
here must have already been created in the listing of Managed Firewalls. Click "Select" to either a) choose
a Managed Firewall from the list of defined Managed Firewalls, or b) create a Managed Firewall and then choose the newly created Managed Firewall.
Note that the Recipient firewall must have "Host Only" selected for its Security Agreement.
When the recipient firewall is cloned, the source's assigned Security Agreement
will be assigned to the recipient.
on the "Select" button.
Remove
Press the "Remove" button to eliminate a selected item from this list.
This action will only remove the item from this list. This action will
have no effect on other places where this item is defined.
either the "Select..." or "Remove" buttons accordingly.
either the "Select..." or "Remove" buttons accordingly.
OK
Press the "OK" button to save changes and close the window.
Press the "OK" button to populate the field on the previous panel
with your current selection and to close the window.
the adminstrator either clicks on "OK", a Connection Configuration gets set up
and queued for the next time the Connection Rules get regenerated and activated. These
Security Policy Services generate connection rules that have 0.0.0.0 as
both the source and destination addresses (meaning that these rules apply to any traffic
datagrams). Note that these rules get placed at the top of the active Connection Rules file.
Note: Anytime you click on a checkbox that pertains to a Predefined Service,
and you click on "OK", you must activate these changes
via the Connection Activation window. You do not need to
activate after changing either of the Transparent Proxy checkboxes as these two
do not pertain to Predefined Services.
Further Information
(by pressing "OK") and then Activate it via the "Connection Activation"
window.
(by pressing "OK") and then Activate it via the "Connection Activation"
window.
(by pressing "OK") and then Activate it via the "Connection Activation"
window.
(by pressing "OK") and then Activate it via the "Connection Activation"
window.
(by pressing "OK") and then Activate it via the "Connection Activation"
window.
(by pressing "OK") and then Activate it via the "Connection Activation"
window.
Warning: Use of this Service can open your Firewall up to security exposures.
Use this service with extreme caution.
You only need to save it by pressing "OK" in order for the
change to take place.
You only need to save it by pressing "OK" in order for the
change to take place.
You can select an item and press "OK" in order to
populate the field on the previous panel. You can also add to
this list or modify its contents by using the buttons described
below.
Icon Key
 | Create new |
 | Carrier |
You can select an item and press "OK" in order to
populate the field on the previous panel. You can also add to
this list or modify its contents by using the buttons described
below.
Icon Key
 | Create new modem |
 | Modem |
Cancel
Press the "Cancel" button to close the window without saving any changes.
Click "Cancel" to close the Logon window without
submitting any Logon commands.