CHAPTER 8: About Security Policies182 VcontrollerIf you chose IP Address Range, type the starting andending IP addresses for the range.If you chose Address Group, from the Address Groupdrop-down list, select the appropriate item. This drop-down list lists every address group created for use withthe Firebox Vclass appliance.6 When you are finished, click Done.The new member name is displayed in the Address GroupMembers list of the New Address Group dialog box.7 Repeat this process until you have defined all therequired members.8 After you have added all the required group members,click Done to close the New Address Group dialogbox.When the Insert New Policy dialog box reappears, the Source orDestination drop-down list automatically displays the newlycreated address group.NOTEYou can nest address groups as “members” within otheraddress groups, as suggested by the Address Group drop-down list in the New Address Group Member dialog box. Thisdoes require, however, the creation of each group before youcan do so. For example, you could create an address grouprepresenting employee departments or employees within asubnet, then, in a separate process, create a master addressgroup, “Employees,” that contains, as members, all theother staff address groups.Defining a serviceThe service component of a traffic specification enablesyou to designate one or more network protocols that willbe used by the source device for a particular data stream.Your service selection will be a service group, which canconsist of any combination of the following attributes:• A single service for a particular type of data traffic,which includes a single protocol and port number.• A range of port numbers used by a single service orapplication.
