Configuring ACL Priority

Management of ACLs is flexible, with configurable priority for dynamic ACLs. This includes ACLs inserted by internal and external applications, as well as those inserted using the CLI. The priority is assigned by a system of zones, and within zones by numeric codes.

Zones are of two types:

To view both System Space and User Space zones, use the show access-list zone command.

Default Assignment and Priority of Applications, by Zone shows the priority of System Space zones and User Space zones together with the default assignments and priority of applications by zone.

Table 1. Default Assignment and Priority of Applications, by Zone
Zone/Default Application Default Priority Platform
SYSTEM SPACE ZONES
hal 1
USER SPACE ZONES
DOS 2
hal 1 All platforms
Dos 2 All platforms
SYSTEM 3
Cli 1 All platforms
IpSecurity 2 All platforms
NetLogin 6 All platforms
SECURITY 4
GenericXml (Allows configuration of one additional external application) 4 All platforms
SYSTEM SPACE ZONES
hal 1
Note

Note

The priority of static ACLs is determined by the order they are configured, with the first rule configured having the highest priority.