IP address is an important element for the configurations of multiple modules, such as policy rules, NAT rules and session limit rules. Therefore, system uses an address book to facilitate IP address reference and flexible configuration. You can specify a name for an IP range, and only the name is referenced during configuration. The address book is the database in system that is used to store the mappings between IP ranges and the corresponding names. The mapping entry between an IP address and its name in the address book is known as an address entry.
System provides a global address book. You need to specify an address entry for the global address book. When specifying the address entry, you can replace the IP range with a DNS name. Interfaces of the configured IPs will be used as address entries and added to the address book automatically. You can use them for NAT conveniently. Furthermore, an address entry also has the following features:
All address books contain two default address entries named Any and private_network. The IP address of Any is 0.0.0.0/0, which is any IP address. Any can neither be edited nor deleted. The IP addresses of private_network are 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, that all private network address. The private_network can be edited and deleted.
One address entry can contain another address entry in the address book.
If the IP range of an address entry changes, StoneOS will update other modules that reference the address entry automatically.
Address book supports IPv4 and IPv6 address. If IPv6 is enabled, you can configure IPv6 address entry.
Creating an Address Book
To create an address book, take the following steps:
- Click Object>Address Book.
- Click New.
- When you select IPv4 type, configure IP/Netmask, IP Range, Hostname, Address Book, or Country/Region as needed.
- When you select IPv6 type, configure IPv6/prefix, IPv6 Range, Hostname or Address Book as needed.
- Only the security policy and the policy-based route support the address entry with the Country/Region member added.
- The address entry with the Country/Region member added does not support the Excluded Member settings.
- Click OK.
|Name||Type the address entry name into the Name box.|
|Type||Select the IP type, including IPv4 or IPv6. Only the IPv6 firmware supports to configure IPv6 type.|
Select an address entry member from the drop-down list.
|Add||Click Add to add the configured member to the list below. If it is needed, repeat the above steps to add more members.|
|Delete||Delete the selected address entry from the list.|
Specify the excluded member. Select an address entry member from the drop-down list, and configure IP/netmask, IP range, Host name or Address entry as needed.
|Add||Click Add to add the configured excluded member to the list below. If needed, repeat the above steps to add more excluded members.|
|Delete||Delete the selected excluded member entry from the list.|
To view the details of an address entry, take the following steps, including the name, member, description and reference:
- Click Object>Address Book.
- In the Address Book dialog box, select "+" before an address entry from the member list, and view the details under the entry.