Name
|
Rule name, containing 2 to 32 characters. The name can contain alphanumeric characters, hyphen (-), underscore (_), period (.), and colon (:). You cannot change the name after it is saved.
|
Description
|
Brief rule description, containing 1 to 256 characters. The name can contain alphanumeric characters, hyphen (-), underscore (_), period (.), and colon (:).
|
Action to Take
|
-
Click the action to take if the rule conditions are met:
-
Drop—Drops traffic or denies access.
-
Permit—Forwards traffic or allows access.
-
Reset—Resets the connection.
-
Check the Log check box to enable logging.
|
Condition Match Criteria
|
Do one of the following:
|
Src-Dest-Service Tab
A rule can have a service condition or a protocol condition, but not both.
|
Source Conditions
|
-
Click Add.
-
Enter the required values for following:
-
Attribute Type
-
Attribute Name
-
Operator
-
Attribute Value
-
Click OK.
|
Destination Conditions
|
-
Click Add.
-
Enter the required values for following:
-
Attribute Type
-
Attribute Name
-
Operator
-
Attribute Value
-
Click OK.
|
Service
|
-
Click Add.
-
Enter the required values for following:
-
Click OK.
|
Protocol Tab
|
Specify the protocols to which the rule applies:
|
Ether Type Tab
|
Specify the encapsulated protocols to be examined for this rule:
-
From the Operator drop-down list, choose a qualifier: Equal, Not equal, Greater than, Less than, Member, Not Member, In range, or Not in range.
-
In the Value fields, specify the hexadecimal value, object group, or hexadecimal range.
|
Time Range Tab
|
To apply the rule all the time
|
Check the Always check box.
|
To apply the rule for a specific time range
|
-
Uncheck the Always check box.
-
Check the Range check box.
-
In the Absolute Start Time fields, provide the start date and time.
-
In the Absolute End Time fields, provide the end date and time.
|
To apply the rule based on membership in an object group
|
-
Uncheck the Always check box.
-
Check the Pattern check box.
-
From the Operator drop-down list, choose member (Member of).
-
Do any of the following :
-
From the Select Object Group drop-down list, choose an existing object group.
-
Click Add Object Group to create a new object group.
-
Click the Resolved Object Group link to review or modify the specified object group.
|
To apply the rule on a periodic basis, with the frequency you specify
|
-
Uncheck the Always check box.
-
Check the Pattern check box.
-
From the Operator drop-down list, choose range (In range).
-
In the Begin fields:
-
From the Begin drop-down list, choose the beginning day of the week or the frequency of the time range.
-
Choose the beginning hour and minute, and AM or PM.
-
In the End fields:
-
From the End drop-down list, choose the ending day of the week or frequency.
-
Choose the ending hour and minute, and AM or PM.
Note
| If you choose a frequency from the Begin drop-down list, choose the same frequency from the End drop-down list. For example, choose Weekdays from both the Begin and End drop-down lists. |
|
Advanced Tab
|
Specify any source port attributes that must be matched for the current policy to apply:
-
Click Add.
-
Provide the required information in the following fields, and then click OK:
-
Attribute Name
-
Operator
-
Attribute Value
|