Table of Contents
The FB6000 has, at its core, a configuration based on a hierarchy of objects, with each object having one or more attributes. An object has a type, which determines its role in the operation of the FB6000. The values of the attributes determine how that object affects operation. Attributes also have a type (or datatype), which defines the type of data that attribute specifies. This in turn defines what the valid syntax is for a value of that datatype - for example some are numeric, some are free-form strings, others are strings with a specific format, such as a dotted-quad IP address. Some examples of attribute values are :-
The object hierarchy can be likened to a family-tree, with relationships between objects referred to using terms such as Parent, Child, Sibling, Ancestor and Descendant. This tree-like structure is used to :-
Additional inter-object associations are established via attribute values that reference other objects, typically by name, e.g. a firewall rule can specify one of several destinations for log information to be sent when the rule is processed.
An IP address group is a named definition of a range of IP addresses, which can be referenced in many places where you would otherwise explicitly specify such ranges. This allows you to specify commonly occuring ranges (for example a trusted group of addresses) in one place, which aids maintainability, and then reference them by name, which speeds configuration and aids readability.
An IP address group is defined using an ip-group
top-level object - in the web user interface, click on the "IP group" category icon
to create and edit these objects.