SonicWALL TZ 190 Key Features of Dynamic Address Objects

Network > Address Objects

213

SonicOS Enhanced 4.0 Administrator Guide

SonicOS Enhanced 3.5 redefined the operation of MAC AOs, and introduces Fully Qualified

Domain Name (FQDN) AOs:

• MAC – SonicOS Enhanced 3.5. and higher will resolve MAC AOs to an IP address by

referring to the ARP cache on the SonicWALL.

• FQDN – Fully Qualified Domain Names, such as ‘www.reallybadwebsite.com’, will be

resolved to their IP address (or IP addresses) using the DNS server configured on the

SonicWALL. Wildcard entries are supported through the gleaning of responses to queries

sent to the sanctioned DNS servers.

While more effort is involved in creating an Address Object than in simply entering an IP

address, AOs were implemented to complement the management scheme of SonicOS

Enhanced, providing the following characteristics:

• Zone Association – When defined, Host, MAC, and FQDN AOs require an explicit Zone

designation. In most areas of the interface (such as Access Rules) this is only used

referentially. The functional application are the contextually accurate populations of

Address Object drop-down lists, and the area of “VPN Access” definitions assigned to

Users and Groups; when AOs are used to define VPN Access, the Access Rule auto-

creation process refers to the AO’s Zone to determine the correct intersection of VPN

[Zone] for rule placement. In other words, if the “192.168.168.200 Host” Host AO, belonging

to the LAN Zone was added to “VPN Access” for the “Trusted Users” User Group, the auto-

created Access Rule would be assigned to the VPN LAN Zone.

• Management and Handling – The versatilely typed family of Address Objects can be easily

used throughout the SonicOS Enhanced interface, allowing for handles (e.g. from Access

Rules) to be quickly defined and managed. The ability to simply add or remove members

from Address Object Groups effectively enables modifications of referencing rules and

policies without requiring direct manipulation.

• Reusability – Objects only need to be defined once, and can then be easily referenced as

many times as needed.

Key Features of Dynamic Address Objects

The term Dynamic Address Object (DAO) describes the underlying framework enabling MAC

and FQDN AOs. By transforming AOs from static to dynamic structures Firewall > Access

Rules can automatically respond to changes in the network.

Note The initial SonicOS Enhanced 4.0 release will only support Dynamic Address Objects within

Access Rules. Future versions of SonicOS Enhanced might introduce DAO support to other

subsystem, such as NAT, VPN, etc.