Network objects
Network objects
Network objects are used to categorize IP addresses into different types of network entities. These network entities are then used to represent sources and destinations in the access rules, publishing rules, cache rules, traffic chaining rules, and HTTP compression settings that make up your firewall policy.
The following table describes the network objects are created in the Toolbox of the Microsoft Forefront Threat Management Gateway Management console. For information on network objects of type "network," see Networks.
| Network Object | Details | Predefined Objects |
|---|---|---|
Network Sets |
A set of one or more networks. There are two types of network sets, Exclude and Include. Exclude network sets are defined by selecting a set of networks excluded from the network set. The network set is actually comprised of all the networks that are not selected. Include network sets are defined by selecting the networks that are included in the network set. Use network sets to specify a source or destination in firewall policy rules. |
All Networks (including Local Host). This predefined network set includes all the currently defined Forefront TMG networks (user-defined and built-in networks). All Protected Networks. This predefined network set includes all currently defined Forefront TMG networks (user-defined and built-in networks), except for the built-in External network. |
Computers |
A computer object represents a single IP address that can be used in firewall policy rules. A computer name cannot be used. Use a computers object to specify a single IP address as a source or destination in a firewall policy rule. |
None |
Address Ranges |
An address range is a collection of contiguous IP addresses to which you want to apply rules. Use an IP address range entity to define a single object that encompasses IP addresses within a specified range. Use as a source or destination in firewall policy rules. For example, you may want to give a set of client computers in a specific address range access to resources in another network. |
None |
Subnets |
A subnet represents a group of computers located on the same subnet. The subnet object only includes IP addresses that fall within a range that can be defined by a standard address mask, unlike an address set entity, which can include addresses within any range. Use subnets as a source or destination in firewall policy rules. |
None |
Computer Sets |
A computer set is a collection of computers, IP address ranges, or subnets. Use as a source or destination in firewall policy rules. |
Anywhere. Includes all IP address ranges. Remote Management Computers. Includes all computers allowed to manage Forefront TMG remotely. If Forefront TMG is installed remotely within an active Remote Desktop session, the IP address of the remote computer is added automatically to this computer set. IPsec Remote Gateways. Includes all the IP addresses of Internet Protocol security (IPsec) remote VPN gateways that are configured using the Forefront TMG Site-to-Site VPN Wizard. |
URL Sets |
A URL set defines one or more URLs. Used in access rules to allow or deny access to Web sites specified in the URL set. Specify in the following format: <protocol>://<host>:<port>/<path>. For more information about URL Set and Domain Name Set processing, see Processing domain name sets and URL sets. |
None |
URL Categories |
URL categories include URLs grouped by category |
For a list of URL categories, see the Toolbox in the Forefront TMG Management console. |
Domain Name Sets |
A domain name set defines one or more domains, so that you can apply a firewall policy to the specified domains. For more information about URL Set and Domain Name Set processing, see Processing domain name sets and URL sets. |
Microsoft Error Reporting Sites. Used to allow error reporting. System Policy Allowed Sites. Used to allow access to trusted sites for maintenance and management. Microsoft Update Domain Name Set. Set of all Microsoft update servers. This domain name set is used in the Forefront TMG Microsoft Update Cache Rule properties. |