| Precedence |
Assign a Precedence value for this IP policy in the
range 1 – 5000. Rules with lower precedence are always
applied to packets first. If you are modifying a precedence
to apply a higher integer—and assuming the rule table is
sorted with highest precedence first—the rule will move down
the table to reflect its lower priority. |
| Allow |
Every IPv4 ACL rule consists of matching criteria rules.
The Allow parameter defines the packet‘s
disposition if it matches the specified criteria. The
following actions are supported:
-
Deny: Instructs the firewall to restrict a
packet from proceeding to its destination.
- Allow: Instructs the firewall to allow a
packet to proceed to its destination.
|
| Source |
Select the source IP address used as basic matching
criteria for this IP ACL rule. |
| Destination |
Determine the characteristics of the filtered packet
destinations for this IP firewall rule. Select the
corresponding Destination setting, as follows: |
| Network Service Alias |
The Network Service Alias is a set of configurations consisting of protocol and port
mappings. Both source and destination ports are
configurable. Set an alphanumeric service alias (beginning
with a $) and include the protocol as relevant. |
| Protocol |
Set a service alias as a set of configurations consisting
of protocol and port mappings. Both source and destination
ports are configurable. Set an alphanumeric service alias
(beginning with a $) and include the protocol as relevant.
Selecting either tcp or udp displays an additional set of specific
TCP/UDP source and destination port options. |
| Source Port |
If you are using either tcp or udp as the protocol, define whether the source
port for incoming IP ACL rule application is any, equals, or an administrator defined range.
This is the data local origination port designated by the
administrator. Selecting equals invokes a drop-down list for selecting
a protocol type. Selecting range invokes spinner controls to set low
and high numeric range settings. A source port cannot be
a destination port.
|
| Destination Port |
If you are using either tcp or udp as the protocol, define whether the
destination port for outgoing IP ACL rule application is
any, equals, or an administrator defined range.
This is the data destination virtual port designated by the
administrator. Selecting equals invokes a drop-down list for
selecting a protocol type.
Selecting range invokes spinner controls to set low
and high numeric range settings. A source port cannot be
a destination port.
|
| ICMP Type |
Selecting ICMP as the protocol for the IP rule displays
an additional set of ICMP specific options for ICMP type and
code. The Internet Control Message Protocol
(ICMP) uses messages identified by numeric type. ICMP
messages are used for packet flow control or generated in IP
error responses. ICMP errors are directed to the source IP
address of the originating packet. Assign an ICMP type from
1-10. |
| ICMP Code |
Selecting ICMP as the protocol for the IP rule displays
an additional set of ICMP specific options for ICMP type and
code. Many ICMP types have a corresponding code, helpful for
troubleshooting network issues, for example 0 - Net
Unreachable, 1 - Host
Unreachable, and 2 -
Protocol Unreachable. |
| Description |
Lists the administrator assigned description applied to
the IP ACL rule. |
| Start VLAN |
Select Start
VLAN to set a start VLAN range for this IP
ACL filter. The Start VLAN represents the virtual LAN
beginning numeric identifier arriving packets must adhere to
in order to have the IP ACL rules apply. |
| End VLAN |
Select End
VLAN to set (apply) an end VLAN range for
this IP ACL filter. The End VLAN represents the virtual LAN
end numeric identifier arriving packets must adhere to in
order to have the IP ACL rules apply. |
| Log |
Select Log to enable or disable event logging for
this rule‘s usage. |
| Enable |
Select Enable to include this rule
with the IP firewall policy. |
adjacent to the target IPv4 ACL policy.
Choose from the following actions:
adjacent to the target rule.
to create a new rule.
