Authorization realms, 4 authorization realms – Comtech EF Data FX Series Administrator Guide User Manual

Comtech EF Data / Stampede

FX Series Administration Guide - Version 6.1.1

122

Chapter: FX Series Optimization Settings
Section: Configure Application Policies

MN-FXSERIESADM6 Rev 5

Persistent Connection:

The FX Series maintains a persistent TCP connection with clients with a configurable timeout
based on application policy.

Content Aware Caching:

The FX Series accelerates client accesses by eliminating round-trips to servers to validate data.
This is intelligently performed to avoid unnecessary network consumption and reduces server
transaction processing.

8.1.4 Authorization Realms

Authorization realms provide a means for grouping users so that different policy application attributes can
be assigned. For example, perhaps you want a set of users to have unrestricted Internet access and
others you wish to be routed to another appliance that performs filtering, then you can define
authorization realms to delineate these user groups by assigning different application policies based on
authorization realm.

NOTE: Examples for using Authorization Realms is shown in Section 8.3.2

Realm Name:

This specifies the logical name to assign to this realm. This name is used to reference the definition in the
application policies and client policies.

Comment:

This is a description in which the administrator can enter up to 64 characters of text.

Origin IP Address Ranges:

Specified using “CIDR” notation where a base IP address is followed by a ‘/’ character which is followed by
a value between 1 and 32 that denotes the number of bits used to describe the network and the
remaining bits (32 – the value) are used to specify the nodes on that network. For example a setting of
192.110.1.0/24 would be equivalent to specifying a network of 192.110.1.0 with a net mask of
255.255.255.0. Separating each CIDR entry with a comma can specify multiple destinations. You may also
enter one or more single IP addresses or hyphenated IP address ranges, separated by commas in the
same manner. i.e. 10.2.2.5 or 10.2.2.50-10.2.2.59. In a two-sided environment with FX-Remotes, the IP
address must be that of an in-path interface of the FX-Remote. The default setting is any network.

VLAN ID:

Specifies the VLAN ID for which the realm should apply. If “None” is selected then the VLAN ID is not part
of the match criteria when realms are evaluated. The selector only shows VLAN IDs for which an in-path
interface has been defined.