Справочник Пользователя для SonicWALL 5.8.1
Network > Address Objects
305
SonicOS 5.8.1 Administrator Guide
See Part 21, Wizards for more information on configuring the SonicWALL security appliance
using wizards.
using wizards.
Working with Dynamic Addresses
From its inception, SonicOS Enhanced has used Address Objects (AOs) to represent IP
addresses in most areas throughout the user interface. Address Objects come in the following
varieties:
addresses in most areas throughout the user interface. Address Objects come in the following
varieties:
•
Host – An individual IP address, netmask and zone association.
•
MAC (original) – Media Access Control, or the unique hardware address of an Ethernet
host. MAC AOs were originally introduced in SonicOS 2.5 and were used for:
host. MAC AOs were originally introduced in SonicOS 2.5 and were used for:
–
Identifying SonicPoints
–
Allowing hosts to bypass Guest Services authentication
–
Authorizing the BSSID (Basic Service Set Identifier, or WLAN MAC) of wireless access
points detected during wireless scans.
points detected during wireless scans.
MAC AOs were originally not allowable targets in other areas of the management
interface, such as Access Rules, so historically they could not be used to control a
host’s access by its hardware address.
interface, such as Access Rules, so historically they could not be used to control a
host’s access by its hardware address.
•
Range – A starting and ending IP address, inclusive of all addresses in between.
•
Group – A collection of Address Objects of any assortment of types. Groups may contain
other Groups, Host, MAC, Range, or FQDN Address Objects.
other Groups, Host, MAC, Range, or FQDN Address Objects.
SonicOS Enhanced 3.5 redefined the operation of MAC AOs, and introduces Fully Qualified
Domain Name (FQDN) AOs:
Domain Name (FQDN) AOs:
•
MAC – SonicOS Enhanced 3.5. and higher will resolve MAC AOs to an IP address by
referring to the ARP cache on the SonicWALL.
referring to the ARP cache on the SonicWALL.
•
FQDN – Fully Qualified Domain Names, such as ‘www.reallybadWebsite.com’, will be
resolved to their IP address (or IP addresses) using the DNS server configured on the
SonicWALL. Wildcard entries are supported through the gleaning of responses to queries
sent to the sanctioned DNS servers.
resolved to their IP address (or IP addresses) using the DNS server configured on the
SonicWALL. Wildcard entries are supported through the gleaning of responses to queries
sent to the sanctioned DNS servers.
While more effort is involved in creating an Address Object than in simply entering an IP
address, AOs were implemented to complement the management scheme of SonicOS
Enhanced, providing the following characteristics:
address, AOs were implemented to complement the management scheme of SonicOS
Enhanced, providing the following characteristics:
•
Zone Association – When defined, Host, MAC, and FQDN AOs require an explicit zone
designation. In most areas of the interface (such as Access Rules) this is only used
referentially. The functional application are the contextually accurate populations of
Address Object drop-down lists, and the area of “VPN Access” definitions assigned to
Users and Groups; when AOs are used to define VPN Access, the Access Rule auto-
creation process refers to the AO’s zone to determine the correct intersection of VPN
designation. In most areas of the interface (such as Access Rules) this is only used
referentially. The functional application are the contextually accurate populations of
Address Object drop-down lists, and the area of “VPN Access” definitions assigned to
Users and Groups; when AOs are used to define VPN Access, the Access Rule auto-
creation process refers to the AO’s zone to determine the correct intersection of VPN
[zone]
for rule placement. In other words, if the “192.168.168.200 Host” Host AO, belonging to the
LAN zone was added to “VPN Access” for the “Trusted Users” User Group, the auto-
created Access Rule would be assigned to the VPN
LAN zone was added to “VPN Access” for the “Trusted Users” User Group, the auto-
created Access Rule would be assigned to the VPN
LAN zone.
•
Management and Handling – The versatilely typed family of Address Objects can be easily
used throughout the SonicOS Enhanced interface, allowing for handles (e.g. from Access
Rules) to be quickly defined and managed. The ability to simply add or remove members
from Address Object Groups effectively enables modifications of referencing rules and
policies without requiring direct manipulation.
used throughout the SonicOS Enhanced interface, allowing for handles (e.g. from Access
Rules) to be quickly defined and managed. The ability to simply add or remove members
from Address Object Groups effectively enables modifications of referencing rules and
policies without requiring direct manipulation.
•
Reusability – Objects only need to be defined once, and can then be easily referenced as
many times as needed.
many times as needed.