General Information on Network Objects

The Network Objects function allows you to maintain information about network addressable components on your network. This function acts as a central repository for use by other functions in the Firewall. Primarily, network objects are used to designate source and destination addresses when you create your connections. Individual network objects can be placed into groups. Use of these groups can save time when configuring connections. Key elements that should be defined as network objects include:

The figure below illustrates how network objects can become part of a connection configuration.

Tip for Configuring Network Objects

Wherever possible, it is a good idea to encompass contiguous network addresses into a single network object, rather than creating a network group. This will help to improve the performance of the connection rule processing. For example, if you have a set of contiguous addresses such as the following:
ACCOUNTING DEPARTMENT
 
   George 191.1.10.1
   Susan  191.1.10.3
   Helen  191.1.10.5
   Peter  191.1.10.7
   John   191.1.10.9
You could represent all of these addresses with a single network object (IP address = 191.1.10.0, subnet mask = 255.255.255.0). For purposes of improving the performance of rule processing, this would be much more efficient than if each of these addresses had been placed into one network group.

Further Information

Network Objects

Object Type

You can select any one of the different object types available. All network objects, except user types, require the attributes of IP address and subnet mask. If you select "User" as the object type, then you must select a valid user name. Object types are:

Object Name

Enter the object name. The object name should NOT contain a pipe symbol(|), a single quote (or apostrophe) character('), or a double quote(") character as these are used as SMIT/smitty and file delimiters. Use of these characters will result in unreliable data. The length limit is 100.

Description

This field is optional and is provided in case you want to provide a comment or additional information about this item.

User Name (Network Object)

If you select a type of "User", then you must select a valid user name. This user can then be configured to use the secure remote client function. The user name replaces the IP address and subnet mask fields.

Filter Lifetime

The filter lifetime field represents the lifetime (in minutes) of the filter object for a user.

IP Address

Enter a dotted-decimal IP address that identifies this network object.

Subnet Mask

Enter a mask, like a subnet mask that specifies the bits in the address to compare to the address of the IP packet.

The mask is an address mask, very much like a subnet mask, used to specify how much of the IP Address in the IP packet will be compared to the address field in the rule. Bits in these masks that are set to zero(0) indicate the bit positions to be ignored during comparisons of IP Addresses. So specifying 255.255.255.255 in the mask demands an exact match with the specified IP Address field, whereas a mask of 0.0.0.0 causes a match no matter what IP Address is specified.

OK

Press the "OK" button to save changes and close the window.

Cancel

Press the "Cancel" button to close the window without saving any changes.