5.2.18. Dynamic Object Groups

Dynamic Groups allow you to define filter criteria to match objects based on their Object Type and Keywords. When a Dynamic Group is used in a rule the compiler automatically expands the group to include all the objects that match the filter criteria at the time the compiler is run.

To create a Dynamic Group right-click on the Groups system folder in the object tree and select "New Dynamic Group". Figure 5.90 shows the new group in the Editor Panel with the default values set.

Figure 5.90. Creating a Dynamic Group

Creating a Dynamic Group

Click Add Match to create filter rules that will be used to determine which objects will be included in the Dynamic Group. Multiple filter rules can be created in a single group. The logic used between rules is "OR" where an object that matches any of the rules will be included in the group.

Within a filter rule, the logic between the Object Type and Keyword fields is "AND" logic where both elements need to match in order for an object to be included in the group. For example, a filter rule with the Object Type set to Network and the Keyword set to "New York" will only match Network objects that have the keyword set to New York.

Dynamic Group Example

In this example the Firewall Builder data file includes a number of objects that have already been defined. Some of these objects have been configured with keywords like "New York" and "London" to identify the city where the element the object represents is located.

To create a rule that matches all the network objects that are associated with New York, we create a new Dynamic Group called New York Networks as shown in Figure 5.91.

Figure 5.91. Example of Dynamic Group

Example of Dynamic Group

From the preview window you can see that there are four networks that have Keywords that include New York (remember that an object can have more than one Keyword defined).

Figure 5.92 shows a rule that includes the Dynamic Group object in the Source column of the rule.

Figure 5.92. Dynamic Group Used in a Rule

Dynamic Group Used in a Rule

Running a single rule compile, shown in Section 10.2, for this rule will result in all the objects that match the current filter rules in the "New York Networks" Dynamic Group getting expanded to match the four network elements that have Keywords that include New York. The single rule compile output is shown in Figure 5.93.

Figure 5.93. Compile Output of a Rule That Uses Dynamic Group

Compile Output of a Rule That Uses Dynamic Group

Adding a new filter rule to the "New York Networks" Dynamic Group to include any Address Ranges that include the Keyword of New York will result in the group shown in Figure 5.94.

Figure 5.94. Updated Dynamic Group

Updated Dynamic Group

Recompiling a rule that uses the "New York Networks" Dynamic Group object will automatically detect the additional Address Ranges that include the Keyword of New York. Figure 5.95 shows the updated compiler output.

Figure 5.95. Updated Dynamic Group

Updated Dynamic Group

 

Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
 Using free CSS Templates.