Symantec 360R Administration Guide - Page 64

64 Network traffic control Understanding computers and computer groups ■ What kinds of users will be protected by the security gateway? Will all users have the same access and privileges? ■ What types of services do you want to make available to internal users? ■ What standard application services do you want to make available to external users? ■ What types of special application services do you want to allow for external users and hosts? Understanding computers and computer groups Computers are all nodes behind the appliance. This includes permanent resident laptops on the LAN, application servers, and any host or printer. You configure the appliance to recognize the computer by its MAC (physical) address. Computer groups let you create outbound rules and apply them to computers who should have the same access. Instead of creating a traffic rule for each individual computer in your network, you define computer groups, assign each computer to a computer group, and then create rules for the group. By default, all computers are part of the Everyone group and have no restrictions on Internet use until they are assigned to another computer group which has traffic rules configured. You can create rules that apply to the Everyone group, or, for greater control, you can divide the computers into one of four computer groups, and then assign each group different rules. If a computer is not defined in the computers table, it belongs to the Everyone computer group. Note: The appliance has five computer groups: Everyone, Group 1, Group 2, Group 3, and Group 4. You cannot add, delete, or rename computer groups. Before you create inbound and outbound rules to govern traffic, perform the following tasks in this order: ■ Define the computer groups. See "Defining computer group membership" on page 65. ■ Define computers behind the appliance and assign them to computer groups. See "Defining computer group membership" on page 65.