IP scopes are designated network segments or specific ip addresses used for exclusions in connection security rules or as a scope when creating standard firewall allow rules. when used to create exceptions to connection security rules, this means that any connection from such an address will be able connect to the computer without ipsec authentication. see no authentication under the section connection security rules in this manual. when used to create allow rules from specific ip scopes, the effect will be a narrower allow rule that only allows connections from specific ip scopes to the specified port, program and or service. to configure allow rules with an ip scope, open up the firewall rule set where the allow rule ip scope is going to be applied. click add under “connection allowed from following ip-scopes” and choose the ip scope. in the example below, the rules in the rule set will only allow connections from the mainframenet-stockholm.
When creating or editing a IP Scope you are presented with the following form to fill with information:
This tab show where this IP Scope is used. i.e. What policy uses this IP Scope.
On the History tab, you can view any configuration that have been performed for this IP Scope, when they where performed and by who.