> > 1. Grouping
> Could you explain this more detailed? What would one do with
> those groups? I mean, can you give some examples where those
> groups are an advantage?
Grouping can make life easier. For example you could group the ports for http,https,ftp and other
services to a group called "default-internet" and then use this group for a rule like:
LAN --> ANY , default-internet
Add another group called "admin-internet" and add the services ssh,telnet and other services. Then
you add a machine-group called "admins" which contains only a few machines. Now you can add a rule
admins --> ANY , admin-internet
For mailservers: Services group "mail" containing smtp, pop3, imap. A machine group "mailservers"
with your mailservers:
Mailservers --> ANY , mail
This is much easier to handle, because you only need to define groups of machines and services and
then configure your rules.
Telefax +49 (23 04) 98 32 47
Mobil +49( 160) 44 39 37 1
eMail pd at isb dash gmbh dot biz