Use network objects to reference networks, IPv4 and IPv6 addresses, hostnames, geolocation objects, MAC addresses or interfaces when you create access rules. MAC address and interface are optional components that are only evaluated when the network object is used in the source of an access rule. For all other uses these optional parameters are ignored. A network object can also include other existing network objects. Network objects are stored in the host and forwarding firewall. If the F-Series Firewall is managed by a NextGen Control Center, it also inherits all network objects in the Global, Range, and Cluster Firewall Object stores.
Access rule management is simplified with the use of network objects instead of explicit IP addresses. For example, if an IP address changes, you do not have to edit it in every rule that references it; you must only change the IP address in the network object. The IP address is then automatically updated for every rule that references the network object.
Network Object Types
A network object may consist of the following:
- Generic IPv4 Network Objects – You can add IPv4 network addresses of all types. All default network objects are generic IPv4 network objects.
- Single IP Address – A single IP address.
- List of IP Addresses – Multiple single IP addresses and/or references to other single IP address objects. For example:
- Single Network Address – A single network. For example:
- List of Network Addresses – Any combination of multiple networks, IP addresses, and/or references to other network address objects. For example:
Hostname (DNS Resolved) – A single DNS resolvable host name. For example:
Single IPv6 Address – A single IPv6 address.
- List of IPv6 Addresses – Multiple IPv6 addresses and/or references to other single IPv6 address objects.
- Single IPv6 Network – A single IPv6 network.
- List of IPv6 Networks – Any combination of multiple IPv6 networks, IPv6 IP addresses, and/or references to other IPv6 network address objects.
Excluded Entries – Specific networks that are excluded from the network object.
Enable L3 Pseudo Bridging – When bridging is activated on an interface, host routes and PARPs are automatically created by the Barracuda NextGen Firewall F-Series. In this section, you can specify the information required for this task. The Bridging section is only available in the Local Networks list of the Forwarding Firewall service. Select Bridging enabled (Advanced Settings) from the list (default: Bridging not Enabled) if you want to configure bridging details.
- Interface Address Reside – The name of the interface on which bridging is to be enabled (for example, eth1).
- Parent Network – The superordinate network from which the bridged interface has been separated.
- Introduce Routes – Introduces host routes to the IP addresses to be separated from the superordinate network (IP addresses listed in the network object) automatically.
- Restrict PARP to Parent Network – Restricts the Proxy ARP to only answering ARP requests within the parent network.