Name
|
Rule name, containing 2 to 32 characters. The name can contain alphanumeric characters, hyphen (-), underscore (_), period (.), and colon (:). You cannot change the name after it is saved.
|
Description
|
Brief rule description, containing 1 to 256 characters. The name can contain alphanumeric characters, hyphen (-), underscore (_), period (.), and colon (:).
|
Action to Take
|
- Select the action to take if the rule conditions are met:
Drop—Drops traffic or denies access.
Permit—Forwards traffic or allows access.
Reset—Resets the connection.
Check the Log check box to enable logging.
|
Condition Match Criteria
|
Condition Match Options.
|
Src-Dest-Service Tab
A rule can have a service condition or a protocol condition, but not both.
|
Source Conditions
|
Source Rule Condition
Click Add.
- Enter the required values for following:
Attribute Type
Note
| If Prime Network Services Controller is installed on Hyper-V Hypervisor, the VM and User Defined attribute types are not supported.
|
Attribute Name
Operator
Attribute Value
Click OK.
|
Destination Conditions
|
Destination Rule Condition
Click Add.
- Enter the required values for following:
Attribute Type
Note
| If Prime Network Services Controller is installed on Hyper-V Hypervisor, the VM attribute type is not supported.
|
Attribute Name
Operator
Attribute Value
Click OK.
|
Service
|
Service Expression
Click Add.
- Enter the required values for following:
Click OK.
|
Protocol Tab
|
Specify the protocols to which the rule applies:
|
Ether Type Tab
|
Specify the encapsulated protocols to be examined for this rule. To examine specific encapsulated protocols: From the Operator drop-down list, choose a qualifier: Equal, Not equal, Greater than, Less than, Member, Not Member, In range, or Not in range.
In the Value fields, specify the hexadecimal value, object group, or hexadecimal range.
|
Time Range Tab
|
To apply the rule all the time
|
Check the Always check box.
|
To apply the rule for a specific time range
|
Uncheck the Always check box.
Check the Range check box.
In the Absolute Start Time fields, provide the start date and time.
In the Absolute End Time fields, provide the end date and time.
|
To apply the rule based on membership in an object group
|
Uncheck the Always check box.
Check the Pattern check box.
From the Operator drop-down list, choose member (Member of).
- Do any of the following :
From the Select Object Group drop-down list, choose an existing object group.
Click Add Object Group to create a new object group.
Click the Resolved Object Group link to review or modify the specified object group.
|
To apply the rule on a periodic basis, with the frequency you specify
|
Uncheck the Always check box.
Check the Pattern check box.
From the Operator drop-down list, choose range (In range).
- In the Begin fields:
From the Begin drop-down list, choose the beginning day of the week or the frequency of the time range.
Choose the beginning hour and minute, and AM or PM.
- In the End fields:
From the End drop-down list, choose the ending day of the week or frequency.
Choose the ending hour and minute, and AM or PM.
Note
| If you choose a frequency in the Begin drop-down list, choose the same frequency in the End drop-down list. For example, choose Weekdays from both the Begin and End drop-down lists.
|
|
Advanced Tab
|
Source port attributes that must be matched for the current policy to apply. To add a new source port:
Click Add.
- Provide the required information in the following fields, then click OK:
Attribute Name
Operator
Attribute Value
|