Network/Address_Objects.htm

Network > Address Objects

Address Objects are one of four object classes (Address, User, Service, and Schedule) in SonicOS Enhanced. These Address Objects allow for entities to be defined one time, and to be re-used in multiple referential instances throughout the SonicOS interface. For example, take an internal Web-Server with an IP address of 67.115.118.80. Rather than repeatedly typing in the IP address when constructing Access Rules or NAT Policies, Address Objects allow you to create a single entity called "My Web Server" as a Host Address Object with an IP address of 67.115.118.80. This Address Object, "My Web Server" can then be easily and efficiently selected from a drop-down menu in any configuration screen that employs Address Objects as a defining criterion.

Types of Address Objects

Since there are multiple types of network address expressions, there are currently the following Address Objects types:

Host - Host Address Objects define a single host by its IP address. The netmask for a Host Address Object will automatically be set to 32 bit (255.255.255.255) to identify it as a single host. For example, "My Web Server" with an IP address of "67.115.118.110" and a default netmask of "255.255.255.255"

Range - Range Address Objects define a range of contiguous IP addresses. No netmask is associated with Range Address Objects, but internal logic generally treats each member of the specified range as a 32 bit-masked Host object. For example "My Public Servers" with an IP address starting value of "67.115.118.66" and an ending value of "67.115.118.90". All 25 individual host addresses in this range would be comprised by this Range Address Object.

Network - Network Address Objects are like Range objects in that they comprise multiple hosts, but rather than being bound by specified upper and lower range delimiters, the boundaries are defined by a valid netmask. Network Address Objects must be defined by the network's address and a corresponding netmask. For example "My Public Network" with a Network Value of "67.115.118.64" and a Netmask of "255.255.255.224" would comprise addresses from 67.115.118.64 through to 67.115.118.95. As a general rule, the first address in a network (the network address) and the last address in a network (the broadcast address) are unusable.

MAC Address - MAC Address Objects allow for the identification of a host by its hardware address or MAC (Media Access Control) address. MAC Addresses are uniquely assigned to every piece of wired or wireless networking device by their hardware manufacturers, and are intended to be immutable. MAC addresses are 48 bit values that are expressed in 6 byte hex-notation. For example "My Access Point" with a MAC address of "00:06:01:AB:02:CD". MAC Address objects are used by various components of Wireless configurations throughout SonicOS.

Address Object Groups

SonicOS Enhanced has the ability to group Address Objects into Address Object Groups. Groups of Address Objects can be defined to introduce further referential efficiencies. Groups can comprise any combination of Host, Range, or Network Address Objects. MAC Address Objects should be grouped separately, although they can safely be added to Groups of IP-based Address Objects, where they will be ignored when their reference is contextually irrelevant (e.g. in a NAT Policy). For example "My Public Group" can contain Host Address Object "My Web Server" and Range Address Object "My Public Servers", effectively representing IP Addresses 67.115.118.66 to 67.115.118.90 and IP Address 67.115.118.110.

Creating and Managing Address Objects

The Network > Address Objects page allows you to create and manage your Address Objects.

You can view Address Objects in the following ways using the View Style menu:

All Address Objects - displays all configured Address Objects.

Custom Address Objects - displays Address Objects with custom properties.

Default Address Objects - displays Address Objects configured by default on the SonicWALL security appliance.

Sorting Address Objects allows you to quickly and easily locate Address Objects configured on the SonicWALL security appliance.

Note: An Address Object must be defined before configuring NAT Policies, Access Rules, and Services.

Navigating and Sorting the Address Objects and Address Groups Entries

The Address Objects and Address Groups tables provides easy pagination for viewing a large number of address objects and groups. You can navigate a large number of entries listed in the Address Objects or Address Groups tables by using the navigation control bar located at the top right of the tables. Navigation control bar includes four buttons. The far left button displays the first page of the table. The far right button displays the last page. The inside left and right arrow buttons moved the previous or next page respectively.

You can enter the policy number (the number listed before the policy name in the # Name column) in the Items field to move to a specific entry. The default table configuration displays 50 entries per page. You can change this default number of entries for tables on the System > Administration page.

You can sort the entries in the table by clicking on the column header. The entries are sorted by ascending or descending order. The arrow to the right of the column entry indicates the sorting status. A down arrow means ascending order. An up arrow indicates a descending order.

Default Address Objects and Groups

The Default Address Objects view displays the default Address Objects and Address Groups for your SonicWALL security appliance. The Default Address Objects entries cannot be modified or deleted. Therefore, the Notepad (Edit) and Trashcan (delete) icons are dimmed. The following lists the default Address Objects and Address Groups for the TZ 170 SP Wireless.

SonicWALL PRO 5060

Default Address Objects

X0 IP

X0 Subnet

X1 IP Host

X1 Subnet

X2 IP

X2 Subnet

X3 IP

X3 Subnet

X4 IP

X4 Subnet

X5 IP

X5 Subnet

Default Gateway

Secondary Default Gateway

SonicPoint

Default Address Groups

LAN Subnets

Firewalled Subnets

LAN Interface IP

WAN Subnets

WAN Interface IP

DMZ Subnets

DMZ Interface IP

ALL WAN IP

All Interface IP

All X0 Management IP

All X1 Management IP

Custom Subnets

Custom Interface IP

All SonicPoints

All Authorized Access Points

WLAN Subnets

WLAN Interface IP

All SonicPoints

All Authorized Access Points

Node License Exclusion List

RBL User White List

RBL User Black List

Default SonicPoint ACL Allow Group

Default SonicPoint ACL Deny Group

All X0 Management IP

SonicWALL PRO 4060

Default Address Objects

LAN Primary IP

LAN Primary Subnet

WAN Primary IP

WAN Primary Subnet

X2 IP

X2 Subnet

X3 IP

X3 Subnet

X4 IP

X4 Subnet

X5 IP

X5 Subnet

Default Gateway

Secondary Default Gateway

WAN Remote Access Networks

VPN DHCP Clients

LAN Remote Access Networks

SonicPoint

Default Address Groups

LAN Subnets

Firewalled Subnets

WAN Subnets

DMZ Subnets

ALL WAN IP

All Interface IP

All X0 Management IP

All X1 Management IP

All SonicPoints

All Authorized Access Points

LAN Interface IP

WAN Interface IP

DMZ Interface IP

WLAN Subnets

WLAN Interface IP

Wireless2 Subnets

Wireless2 Interface IP

All SonicPoints

All Authorized Access Points

Node License Exclusion List

RBL User White List

RBL User Black List

Default SonicPoint ACL Allow Group

Default SonicPoint ACL Deny Group

All X0 Management IP

SonicWALL PRO 3060

Default Address Objects

LAN Primary IP

LAN Primary Subnet

WAN Primary IP

WAN Primary Subnet

X2 IP

X2 Subnet

X3 IP

X3 Subnet

X4 IP

X4 Subnet

X5 IP

X5 Subnet

Default Gateway

Secondary Default Gateway

WAN Remote Access Networks

VPN DHCP Clients

LAN Remote Access Networks

SonicPoint

Default Address Groups

LAN Subnets

Firewalled Subnets

WAN Subnets

DMZ Subnets

ALL WAN IP

All Interface IP

All X0 Management IP

All X1 Management IP

All SonicPoints

All Authorized Access Points

LAN Interface IP

WAN Interface IP

DMZ Interface IP

WLAN Subnets

WLAN Interface IP

Wireless2 Subnets

Wireless2 Interface IP

All SonicPoints

All Authorized Access Points

Node License Exclusion List

RBL User White List

RBL User Black List

Default SonicPoint ACL Allow Group

Default SonicPoint ACL Deny Group

All X0 Management IP

SonicWALL PRO 2040

Default Address Objects

LAN Primary IP

LAN Primary Subnet

WAN Primary IP

WAN Primary Subnet

X2 IP

X2 Subnet

X3 IP

X3 Subnet

X4 IP

X4 Subnet

X5 IP

X5 Subnet

Default Gateway

Secondary Default Gateway

WAN Remote Access Networks

VPN DHCP Clients

LAN Remote Access Networks

SonicPoint

Default Address Groups

LAN Subnets

Firewalled Subnets

WAN Subnets

DMZ Subnets

ALL WAN IP

All Interface IP

All X0 Management IP

All X1 Management IP

All SonicPoints

All Authorized Access Points

LAN Interface IP

WAN Interface IP

DMZ Interface IP

WLAN Subnets

WLAN Interface IP

Wireless2 Subnets

Wireless2 Interface IP

All SonicPoints

All Authorized Access Points

Node License Exclusion List

RBL User White List

RBL User Black List

Default SonicPoint ACL Allow Group

Default SonicPoint ACL Deny Group

All X0 Management IP

SonicWALL TZ 170 Series

Default Address Objects

LAN Primary IP

LAN Primary Subnet

WAN Primary IP

WAN Primary Subnet

OPT IP

OPT Subnet

Modem IP

Modem Subnet

WLAN IP

WLAN Subnet

Default Gateway

Secondary Default Gateway

WLAN RemoteAccess Networks

Dial-Up Default Gateway (TZ 170 SP and TZ 170 SP Wireless only)

SonicPoint

Default Address Groups

LAN Subnets

Firewalled Subnets

LAN Interface IP

WAN Subnets

WAN Interface IP

DMZ Subnets

DMZ Interface

WLAN Subnets

WLAN Interface IP

All WAN IP

All Interface IP

All LAN Management IP

All WAN Management IP

All SonicPoints

All Authorized Access Points

Default ACL Allow Group

Default ACL Deny Group

Node License Exclusion List

Adding an Address Object

To add an Address Object, click Add button under the Address Objects table in the All Address Objects or Custom Address Objects views to display the Add Address Object window.

Enter a name for the Network Object in the Name field.

Select Host or Range or Network from the Type menu.

If you select Host, enter the IP address and netmask in the IP Address and Netmask fields.

If you selected Range, enter the starting and ending IP addresses in the Starting IP Address and Ending IP Address fields.

If you selected Network, enter the network IP address and netmask in the Network and Netmask fields.

Select the zone to assign to the Address Object from the Zone Assignment menu. You can choose LAN, WAN, DMZ, or VPN.

Editing or Deleting an Address Object

To edit an Address Object, click the edit icon in the Configure column in the Address Objects table. The Edit Address Object window is displayed, which has the same settings as the Add Address Object window.

To delete an Address Object, click the Delete icon in the Configure column for the Address Object you want to delete. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the Address Object. To delete multiple active Address Objects, select them and click the Delete button.

Creating Group Address Objects

As more and more Address Objects are added to the SonicWALL security appliance, you can simplify managing the addresses and access policies by creating groups of addresses. Changes made to the group are applied to each address in the group.

To add a Group of Address Objects, click Add Group to display the Add Address Object Group window.

Create a name for the group in the Name field.

Select the Address Object from the list and click the right arrow. It is added to the group. Clicking while pressing the Ctrl key allows you to select multiple objects.

Click OK.

Tip: To remove an address or subnet from the group, select the IP address or subnet in the right column and click the left arrow. The selected item moves from the right column to the left column.

Editing or Deleting Address Groups

To edit a group, click the edit icon in the Configure column of the Address Groups table. The Edit Address Object Group window is displayed. Make your changes and then click OK.

To delete a group, click on the Delete icon in the Configure column to delete an individual Address Group. A dialog box is displayed asking you to confirm the deletion. Click OK to delete the Address Group. To delete multiple active Address Groups, select them and click the Delete button.

Public Server Wizard

SonicOS Enhanced includes the Public Server Wizard to automate the process of configuring the SonicWALL security appliance for handling public servers. For example, if you have an e-mail and Web servers on your network for access from users on the Internet.

The Public Server Wizard allows you to select or define the server type (HTTP, FTP, Mail), the private (external) address objects, and the public (internal) address objects. Once the server type, private and public network objects are configured, the wizard creates the correct NAT Policies and Access Rule entries on the security appliance for the server. You can use the SonicWALL Management Interface for additional configuration options.

Cross Reference: See Part 14, Wizards for more information on configuring the SonicWALL security appliance using wizards.