If you plan to manage security policy by IP address you must create 2 network group containers using the required common names.
The container name determines the function of network group objects in the container.
Container Type | Required Common Name | Function |
---|---|---|
Internal network groups container | cn=internal-network-groups | Internal network groups contain ipNetwork objects that specify the IP addresses included in a policy of which the group is a member. |
External network groups container | cn=external-network-groups | External network groups contain ipNetwork objects that specify IP addresses excluded from a policy in which the group is a member. |