User Guide
OmniAccess SafeGuard OS Administration Guide
308
Chapter 7: Establishing a Security Policy
Policy Made Simple
For those who are new to configuring policies, start with some simple, yet powerful
policy statements. For example:
■ Network Zone – Is a collection of nodes and network segments?
■ Application Group – Is a method of permitting or denying a group of applications?
■ Application Filters – Is a further refinement of application group?
Network Zone
An easy way to define a collection of nodes or network segments is to create a network
zone. The order of the entries is not significant. By defining the network into zones, uses
can later be filtered based upon their zone. A zone is a useful way to designate a physical
topology or a building configuration.
1 Name the zone using the network-zone Global Configuration command. To
remove a zone, use the no form of the command. The syntax of the commands is:
network-zone zone_name
no network-zone
zone_name
The following example defines a network zone for all the servers in a topology.
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #network-zone finance_servers
(SafeGuardOS) (network_zone) #
The network-zone command places you in network_zone mode.
2 Define the zone by host, IP address, or a range of IP addresses.
— Host – By IP or MAC address
host [ip-address addr | mac-address addr]
The following example specifies the finance_servers zone as host address
192.168.0.2:
(SafeGuardOS) (config) # network-zone finance_servers
(SafeGuardOS) (network_zone) # host ip-address 192.168.0.2
(SafeGuardOS) (network_zone) #
Syntax Description zone_name Name of the zone
Syntax Description addr IP or MAC address of the host