General Information on Network Objects
The Network Objects function allows you to maintain information about
network addressable components on your network. This function acts as
a central repository for use by other functions in the Firewall.
Primarily, network objects are used to designate source
and destination addresses when you create your connections.
Individual network objects can be placed into groups.
Use of these groups can save time when configuring connections.
Key elements that
should be defined as network objects include:
- Secure Interface of the Firewall
- NonSecure Interface of the Firewall
- Secure Network
The figure below illustrates how network objects can become
part of a connection configuration.
Tip for Configuring Network Objects
Wherever possible, it is a good idea to encompass contiguous
network addresses into a single network object, rather than
creating a network group. This will help to improve the
performance of the connection rule processing. For example,
if you have a set of contiguous addresses such as the following:
ACCOUNTING DEPARTMENT
George 191.1.10.1
Susan 191.1.10.3
Helen 191.1.10.5
Peter 191.1.10.7
John 191.1.10.9
You could represent all of these addresses with a single
network object (IP address = 191.1.10.0, subnet mask =
255.255.255.0). For purposes of improving the performance
of rule processing, this would be much more efficient than
if each of these addresses had been placed into one network
group.
Further Information