Draytek is an object oriented machine.

Even though you can add objects with the new firmware while creating the policy, I always recommend preparing the objects before. This will help prepare the Draytek for efficient work with minimum rules.

 

IP Object:

Start with “Special Machines” on your network. Servers, network printers, devices and computers will need an inbound route. They all need to have an object, and if some will have a common policy, than we will have to group them.
Go to Object Setting/IP object and click add. Create your object by giving a Profile name, choosing whether it is a single IP/range/subnet, and setting the IP. When finished, click Apply.

Tip: Create an IP subnet object with all your computers and devices in your network. You might want to “block” all of them from approaching the web in a certain service such as SMTP with an exclusion of just the mail server. I usually create on that to include the range of my DHCP, so those with fixed IP (the server or a network printer…) will not be in the object.

 

Group Object:

Now it’s time for grouping.
In this example, HC is a manager with two computers. We will have to exclude him from any limitation.
I will group those 2 computers so I can set only one policy for those computers.
Go to Object Setting/IP Group and click on Add. Give it a name and a description and choose the computers you want in this group. As I mentioned before, in this example I grouped HC’s computers.

 

Service Type Objects:

Most of the used services such as http,https,smtp,ftp… are already configured in the Draytek (not all devices) as Factory Default.
Some IT people need to secure the SIP/RTP protocol (Asterisk and other phone system).
For that, you need to add the SIP and RTP services to your Draytek