A network group can contain one or more ipNetwork objects that each define a range of IP addresses.
Adding ipNetwork objects to:
- An internal network group applies any policy of which the group is a member to the IP addresses specified in the contained ipNetwork objects.
- An external network group exempts the IP addresses specified in the contained ipNetwork objects from any policy of which the group is a member.
Changes to the network configuration in the directory service, including changes to the internal and external network groups, require a TPA reset to force the database to reload the network cache.