| Home Prev |  cOS Stream 4.00.03 Administration Guide
|
Next |
|---|
Any set of interfaces can be grouped together into an InterfaceGroup object. This can then be used in creating security policies in the place of a single group. When an InterfaceGroup is used, for example, as the source interface in an IP rule , any of the interfaces in the group could provide a match for the rule.
An InterfaceGroup can consist of ordinary Ethernet interfaces or it could consist of other types such as VLAN interfaces or VPN Tunnels. Also, the members of a group do not need to be the same type. For example, a group might consist of a combination of two Ethernet interfaces and a VLAN interface.
Configuration Usage of Interface Groups
An InterfaceGroup object can be referenced by the same object types and object properties that can reference the Zone object. A list of these can be found in Section 3.5, Zones.Differences with Zones
The Zone object is similar to an InterfaceGroup object except that an interface points to a single Zone object whereas an InterfaceGroup points to one or more interfaces. Both can be used in a standalone firewall to provide a way to reference multiple interfaces with a single object. However, the Zone object is specifically designed to allow the deployment of a common configuration rule across multiple firewalls when they are under management by InCenter.