Configure Network Objects
Network objects represent hosts on a network and can include subnets, single hosts, or groups of both. Once defined, a network object may be used throughout the Exinda appliance for monitoring, for identifying which traffic should be processed in the policy engine, and to configure other objects, such as applications, adaptive response rules, application performance score objects, and application performance metric objects. Network objects are also used to determine which traffic is considered inbound to your network and which traffic is outbound.
The location of a network object determines the direction of traffic. If one end of the conversation is defined in an external network object and the other is defined in an internal network object, then traffic from an external network object to an internal network object is considered inbound traffic. Conversely, traffic from an internal network object to an external network object is considered outbound traffic.
You can also indicate whether you want to report on the traffic relative to the network object, that is chart the traffic in and out of a given network object. By checking the Subnet Report checkbox, the data for the network object will be shown on the subnet monitor page. This setting only affects the display of the data. The data will be collected regardless of this setting.
Some network objects are automatically created by the appliance: ALL, private net and local
- All Ñ Represents all traffic on the network. When used in Optimizer Policies, it matches all traffic. This network object is not editable and cannot be deleted.
- private net Ñ Represents all possible non-routable, private IP addresses.
- local Ñ Created when an IP address is assigned to one or more bridge interfaces. The object contains the IP address and subnet mask of each bridge interface
Where to configure it
Go to Configuration > Objects > Network Object > Network Objects.To create network object
- Specify a name for the network object.
Select the location of the network object - internal, external, or inherit.
Packets are matched to a network object, and the closest subnet within that network object determines the location. See examples below.
Internal Ñ All subnets and hosts defined by the network object will be considered on the LAN side of the appliance.
- External Ñ All subnets and hosts defined by the network object will be considered to be on the WAN side of the appliance.
Inherit Ñ The locations of the subnets and hosts defined by the network object is determined or inherited by closest match to other network objects.
- If all the subnets in this network object are contained in other network objects that are internal, then the location of this network object will inherit the internal location.
- Similarly, if all the subnets in this network objects are contained in other network objects that are external, then the location of this network object will inherit the external location.
- If some subnets in this network object are contained in other internal network objects and some are contained in other external network objects, then the location of this network object will be mixed.
- If no network objects match, then the location defaults to external.
Note: When creating network objects that have location set to "inherit", you can use the CLI command show network-object <name> to show the location.
- Select whether the traffic for this network object should be shown on the Subnet reports.
Specify the network IP address and netmask length of the subnet. IPv4 and IPv6 addresses are accepted.
Although only four lines for IP addresses are displayed for a new object, add more IP addresses by saving the network object and click Edit to be presented with an extra 4 lines.
- Click Add new Network Object.
To save the changes to the configuration file, in the status bar click the Unsaved changes menu and select Save configuration changes.