Netdestination and Netservice Aliases
A netdestination is an alias for a specific host, network, or a combination of both. To use netdestination, an IP address should be configured for the host or network.
Aliases are useful for allowing or blocking specific host, network, or both. When you have multiple hosts or networks to whitelist or blacklist, you can create a single alias and add the list of hosts or network's IP addresses to it. This helps in allowing or blocking multiple entries at the same time.
Aliases can simplify configuration of sessionACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port., as you can use an alias when specifying the traffic source and/or destination in multiple sessionACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.. Once you configure an alias, you can use it to manage network and host destinations from a central configuration point, because all policies that reference the alias will be updated automatically when you change the alias. You can also set aliases for network protocols using netservice aliases.
的following procedure describes how to create a Netdestination alias:
1.In thenode hierarchy, navigate to the>>tab.
2.Clickto create a.
3.Select anfrom the drop-down list.
4.Enter thefor the host or domain within 63 characters.
5.Enter aof the destination within 128 characters.
6.Selectto specify that the inverse of the network addresses configured are used.
7.Clickto create. In thewindow:
a.Select afrom the drop-down list.
b.Enter theif theis.
c.Enter theif theis.
d.Enter theandif theis.
e.Enter theandif theis.
f.Selectfrom the drop-down list if theis.
g.Click.
8.Click.
9.Click.
10.In thewindow, select the check box and click.
的following procedure describes how to create a Netservice alias:
1.In thenode hierarchy, navigate to the>>tab.
2.Clickto create a.
3.Enter afor the alias within 63 characters.
4.Select afrom the drop-down list.
a.ForTCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data.orUDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received., select the,,, and.
5.Selectfrom thedrop-down list and enter the IP number.
6.Select anfrom the drop-down list.
7.Click.
8.Click.
9.In thewindow, select the check box and click.
Parameter |
Description |
IP Version |
指定了别名是否适用于IPv4或IPv6 traffic. Default: IPv4 |
Name |
Name for the host or domain. The maximum length for host name is 63 characters. |
Description |
Description about the destination. The maximum length of the description is 128 characters. |
Invert |
Specifies that the inverse of the network addresses configured are used. For example, if a network of 172.16.0.0 255.255.0.0 is configured, this parameter specifies that the alias matches everything except this subnetwork. |
Rule type |
指定规则类型应用到别名。的rule type can be host, name, range, network, or override. Default: Override |
IP address |
IP address assigned to the alias. |
Domain name |
Domain name assigned to the alias name. |
Start IP address |
Starting IP address for a range. |
End IP address |
Ending IP address for a range. |
Network mask |
的network mask that has to be set for the alias. |
Service name |
Name for the service alias. |
Protocol |
Configures the IP protocol value. You can configureTCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data.,UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received., or protocol from the drop-down list. |
Port type |
Select a list or range from the drop-down. Port type can be configured only forTCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data.orUDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received.. |
Starting port |
Sets the starting port number for a defined port range between 0 to 65535. |
End port |
Sets the ending port number or a defined port range between 0 to 65535. |
Port list |
Specifies a single port number, a list, or a defined port range by specifying both the lower and upper port numbers. |
Protocol |
Specify a number from 0 to 255 to define the IP protocol number. |
Specify anALGApplication Layer Gateway. ALG is a security component that manages application layer protocols such as SIP, FTP and so on.for this alias. Select one of the following service types from the drop-down list: ftp: Service isFTPFile Transfer Protocol. A standard network protocol used for transferring files between a client and server on a computer network. tftp: Service isTFTPTrivial File Transfer Protocol. The TFTP is a software utility for transferring files from or to a remote host. sips: Service is SecureSIPSession Initiation Protocol. SIP is used for signaling and controlling multimedia communication session such as voice and video calls. sccp: Service is SCCP vocera: Service is VOCERA noe: Service is AlcatelNOENew Office Environment. NOE is a proprietary VoIP protocol designed by Alcatel-Lucent Enterprise. h323: Service is H323 jabber: Service is JABBER facetime: Service is facetime |
