Use of "jokers" in USP
When setting up a USP, first of all the networks need to be assigned to Zones. This is done via Menu > Network > Zones. Here Zones and corresponding networks can be edited and/or imported.
In many cases a "joker" is needed to fetch all IP addresses which are not mentioned in a Zone. Since longer time the default Zone "Internet" is available here. It matches for all official IP addresses not being in another Zone.
Big enterprises have possibly also private IP addresses (RFC 1918) they don't trust. So here another "joker" is necessary. Current versions of SecureTrack allow to use:
- Internet
Zone of all official IP addresses that are not belonging to any other Zone in SecureTrack - Unassociated Networks
Zone of all private IP addresses that are not belonging to any other Zone in SecureTrack
So it's quite easy to set up a USP that matches for all IP addresses (official as well as private). It might look like e.g.
In this example, allowed and forbidden traffic between the Zones "Internal", "DMZ", "Internet", and "Unassociated Networks" is described, matching for all (official and private) IP addresses.