Addresses

The following types of addresses need to be defined in SunScreen:

• Host addresses

• Address ranges

• Address groups

SunScreen uses IP addresses to define the network elements that make up the configuration. These addresses are then used in defining the Screen's network interfaces and as the source and destination addresses for filtering rules and NAT.

The IP address can be for a single system, or for a whole network or subnetwork. Additionally, addresses (individual and network) can be grouped to form an address group. SunScreen allows you to define address groups that specifically include or exclude other defined addresses (single IP hosts, ranges, or groups).

Use the following worksheets to help you organize your IP addresses. Reproduce them as necessary. Group the IP addresses and names for the following network elements:

• A single system, or a whole network or subnetwork

• Addresses (individual and network) grouped to form an address group

Host Addresses

Use the Host Addresses worksheet to list your host addresses. For individual elements, such as the router and individual systems, you need to know the IP address, in standard dotted Internet-address notation (w.x.y.z format), and the name of the host.

Address Ranges

Use the Address Ranges worksheet to list your address ranges. For networks and subnetworks, you need to know the beginning and ending addresses of the network or subnetwork, both in standard dotted Internet-address notation (w.x.y.z format).

Address Group

Use the Address Group worksheet to list your address group. Groups of host addresses, network addresses, and other address groups can be combined to form logical groups of addresses that can then be manipulated as a single element. Groups can be inclusive or exclusive or a combination of both, but cannot be cyclic, as in cases where address group A includes (references) address group B, which in turn includes address group A.