Defining IP addresses as elements
There are several types of elements in the SMC that represent IP addresses.
The elements that you can use for defining IP addresses are called network elements (not to be confused with the Network element, which defines an IP network). Each element can be inserted in several places in the Access, Inspection, or NAT rules (as source and destination of traffic). Network elements are also used in many other places where you have to define IP addresses (for example, in routing and log filtering).
The primary tools for defining IP addresses are elements in the SMC whose only role is to define an IP address. But elements created for configuring a feature in the SMC can also be used in policies (with some limitations) if they represent an IP address.
- Address Range elements allow you to define any continuous range of IP addresses.
- Alias elements represent a variable value in policies. The IP address value is filled in based on the engine on which the policy is installed. Aliases make using the same policy on several engines practical.
- Country elements contain lists of IP addresses that are registered in a particular country.
- Domain Name elements represent all IP addresses that belong to a particular domain.
- Expression elements allow you to define any set of IP addresses in a single element. They are especially suited for excluding some IP addresses from otherwise continuous ranges.
- Group elements allow you to combine different types of elements into a single element.
- Host elements represent a single device in the network. Each Host can represent one or more individual IP addresses in policies.
- IP Address List elements contain IP addresses.
- Network elements represent complete network segments.
- Router elements represent a gateway device in the network and are primarily meant for configuring routing. Each Router can represent one or more IP addresses in policies.
- Zone elements allow you to combine engines’ network interfaces into a single element.