Creating Common Objects and Policies for Multiple Screens

When creating common objects and policies for multiple Screens, the object or policy rule by default applies to all Screens controlled by that primary Screen. You can restrict an object or rule to a single Screen by specifying its name in the Screen field in objects and rules.

While you could restrict all your objects and rules to a single Screen, the power of centralized administration comes when you can use common objects and rules to apply to multiple Screens. The following section provides some pointers on when this is and is not possible.

Address Objects

Most address objects should be applicable to all the Screens. Sometimes addresses such as Inside may be different on different Screens. In this case, it is generally better to make the names unique by adding a suffix or prefix to the name (for example Inside-East and Inside-West) rather than using the Screen option to restrict the scope of the object.

Interface Objects

You generally need to limit interface objects to a specific Screen because the names must be the name of the network interface on that machine. Because you cannot modify the names, use the Screen entry in the interface object to restrict that object to a single Screen.

Rules

You set up rules for the entire centralized management group of Screens using the administration GUI.