...
- External Networks: Select this to add external networks to the network scope. For more information, see Configuring External Networks.
- DNS Forwarding Proxy: Select this to add DNS forwarding proxies to your network scope. For more information about DNS forwarding proxy, see DNS Forwarding Proxy.
- Endpoint Groups: Select this to add BloxOne Endpoint groups to your network scope. For information about BloxOne Endpoint groups, see BloxOne Endpoint Group Assignment.
- User Groups: Select this to add user groups to the network scope. The available user groups are those that have been synchronized through the third-party IdP (identify provider) that your admin has configured for access authentication. For more information, see Synchronizing User Groups.
- IPAM: Select this to add internal networks to the network scope. When adding tags to IPAM scopes, any tag-based changes in an IPAM scope based on tags can take up to 5 minutes to take effect.
- To associate a security policy with DDI IPAM objects in the DNS query, do the following:
1. Select an IP Space to add to your security policy (Manage > IPAM/DHCP).
2. Click the horizontal menu item to display the IP Address block(s) associated with the IP Space. From among the listed address blocks, choose an address block to add to your security policy. Make a note of your selected IP space and address block you want associated with your security policy.
- To associate a security policy with DDI IPAM objects in the DNS query, do the following:
Allowing Overlapping Internal and External Subnets When Defining Security Policy Scope
...
3. For each source you have added, click Add. The source appears in the table. You can click the Add Source menu again to choose another source for your network scope.
4. After you define your network scope, you can proceed to add policy rules, set precedence order and bypass codes.
5. Click Next in the wizard to define policy rules. For more information, see Adding Policy Rules and Setting Policy Precedence.
To associate a security policy with DDI IPAM objects in the DNS query, do the following:
1. Select an IP Space to add to your security policy (Manage > IPAM/DHCP).
2. Click the horizontal menu item to display the IP Address block(s) associated with the IP Space. From among the listed address blocks, choose an address block to add to your security policy. Make a note of your selected IP space and address block you want associated with your security policy.
| Note | ||
|---|---|---|
| ||
A security policy can also be applied to a specific fixed IP address or reserved address. Both fixed addresses and reserved addresses can be added to IPAM within an address block residing on your server. To do this, select the IP block and drill down until the fixed or reserved IP address is displayed. Once you have located the fixed or reserve IP address to which you are interested in applying the security policy, click Add to apply the policy to the fixed IP address or hostname. |
...