Name
|
Rule name,
containing 2 to 32 characters. The name can contain alphanumeric characters,
hyphen (-), underscore (_), period (.), and colon (:). You cannot change the
name after it is saved.
|
Description
|
Brief rule
description, containing 1 to 256 characters. The name can contain alphanumeric
characters, hyphen (-), underscore (_), period (.), and colon (:).
|
Action to
Take
|
-
Click
the action to take if the rule conditions are met:
-
Drop—Drops traffic or denies access.
-
Permit—Forwards traffic or allows access.
-
Reset—Resets the connection.
-
Check
the
Log check box to enable logging.
|
Condition
Match Criteria
|
|
Src-Dest-Service Tab
A rule can
have a service condition or a protocol condition, but not both.
|
Source
Conditions
|
-
Click
Add.
-
Enter
the required values for following:
-
Attribute Type
-
Attribute Name
-
Operator
-
Attribute Value
-
Click
OK.
|
Destination Conditions
|
-
Click
Add.
-
Enter
the required values for following:
-
Attribute Type
-
Attribute Name
-
Operator
-
Attribute Value
-
Click
OK.
|
Service
|
-
Click
Add.
-
Enter
the required values for following:
-
Click
OK.
|
Protocol Tab
|
Specify
the protocols to which the rule applies:
|
Ether Type Tab
|
Specify the encapsulated protocols to be examined for this rule:
-
From
the Operator drop-down list, choose a qualifier: Equal, Not equal, Greater
than, Less than, Member, Not Member, In range, or Not in range.
-
In the
Value fields, specify the hexadecimal value, object group, or hexadecimal
range.
|
Time Range Tab
|
To apply
the rule all the time
|
Check the
Always check box.
|
To apply
the rule for a specific time range
|
-
Uncheck the
Always check box.
-
Check
the
Range check box.
-
In the
Absolute Start Time fields, provide the start date and time.
-
In the
Absolute End Time fields, provide the end date and time.
|
To apply
the rule based on membership in an object group
|
-
Uncheck the
Always check box.
-
Check
the
Pattern check box.
-
From
the Operator drop-down list, choose
member (Member of).
- Do any of the following :
-
From the
Select Object Group drop-down list, choose an
existing object group.
-
Click
Add Object Group to create a new object group.
-
Click the Resolved Object Group link to review or modify the
specified object group.
|
To apply
the rule on a periodic basis, with the frequency you specify
|
-
Uncheck the
Always check box.
-
Check
the
Pattern check box.
-
From
the Operator drop-down list, choose
range (In range).
-
In the
Begin fields:
-
From the Begin drop-down list, choose the beginning day of the
week or the frequency of the time range.
-
Choose the beginning hour and minute, and AM or PM.
-
In the
End fields:
-
From the End drop-down list, choose the ending day of the week
or frequency.
-
Choose the ending hour and minute, and AM or PM.
Note
|
If you
choose a frequency from the Begin drop-down list, choose the same frequency
from the End drop-down list. For example, choose Weekdays from both the Begin
and End drop-down lists.
|
|
Advanced Tab
|
Specify any source
port attributes that must be matched for the current policy to apply:
-
Click
Add.
-
Provide the required information in the following fields, and
then click
OK:
-
Attribute Name
-
Operator
-
Attribute Value
|