Object Grouping
Introduced in PIX software adaptation 6.2, article alignment makes actual circuitous access
lists abundant simpler to configure. Before object-grouping, anniversary different network,
node, service, and agreement aggregate authentic in an admission account had to be configured
with a abstracted access-list statement. However, in best authoritative security
policies, groups of entries accept agnate admission rights. Article groups allow
groups of arrangement addresses, services, protocols, and ICMP types to be defined,
reducing the cardinal of admission account entries.
For example, if an alignment wants to abjure admission to several alien FTP
servers, they had to bear an admission account admission for anniversary alone FTP server.
www.syngress.com
118 Chapter 3 • Passing Traffic
Using article groups, we can ascertain a arrangement article accumulation absolute the IP
addresses of the banned FTP servers. IP addresses can calmly be added and removed
from this group. Only one admission account admission has to be created abstinent admission to the
object group.The admission account does not charge to be adapted if entries are added or
removed from the article group.Object groups abridge admission account configuration
and maintenance.