You can configure ipNetwork objects and Network Group objects for use in assigning security policy by client IP address.
To configure the ipNetwork and Network Group objects necessary to use in assigning policy:
- Make sure you understand the function of internal and external network groups. See Using ipNetworks and Network Groups to Assign Policy.
- Determine whether your directory supports the use of the ipNetwork object. See Directory Schema Requirements for Using ipNetwork Objects.
- Create the required ipNetwork objects. See Creating ipNetwork Objects.
- Create the Network Group containers. See Creating Network Group Containers.
- Create network group objects to use in assigning QOP and Options policies. See:
- Add ipNetwork objects as members of internal and external Network Group objects to define the IP address ranges controlled by the group objects. See Adding ipNetworks to a Network Group.
- Optionally remove ipNetwork objects from Network Groups when needed. See Removing ipNetworks from a Network Group.