SnapGear 2.0.1 User Manual

Firewall

74

Before configuring a filter or NAT rule, you need to define the addresses and service
groups.

Addresses

Click the Addresses tab. Any addresses that have already been defined will be
displayed. Click New to add a new address, or select an existing address and click
Modify. There is no need to add addresses for the CyberGuard SG appliance’s
interfaces, these are predefined.

Adding or modifying an address is shown in the following figure:

Figure 6-4

You can define an address using either the DNS hostname, or the IP address.

To define an address using the DNS hostname, enter the DNS hostname in the Name
field, and leave the IP Address field empty. The CyberGuard SG appliance will perform
a DNS lookup, and fill in the IP Address field. If the DNS hostname is invalid, you may
need to wait while the DNS lookup times out.

Warning

The DNS lookup is only performed once, when you enter it. If the IP address
corresponding to the DNS hostname ever changes, you will need to delete the IP
address to force the CyberGuard SG appliance to perform another DNS lookup. This
means that this option is not suitable for use with dynamic DNS.

Additionally, some DNS hostnames resolve to several IP addresses (eg. www.cnn.com).
In this case, you must create an address entry and rule for each of these IP addresses.

To define an address using the IP address, fill in the IP Address field. The Name field is
optional, and will only be used as a description of the address. Entering a description will
make the rules easier to read.