Name |
Rule name, containing 2 to 32 characters. The name can contain alphanumeric characters, hyphen (-), underscore (_), period (.), and colon (:). You cannot change the name after it is saved. |
Description |
Rule description, containing 1 to 256 characters. The name can contain alphanumeric characters, hyphen (-), underscore (_), period (.), and colon (:). |
Action |
-
Select the action to take if the rule conditions are met:
-
Drop—Drops traffic or denies access.
-
Permit—Forwards traffic or allows access.
-
Reset—Resets the connection.
-
Check the Log check box to enable logging.
|
Condition Match Criteria |
Choose the match option to use:
-
Match-all—Match all of the conditions (AND).
-
Match-any—Match any one of the conditions (OR).
|
Src-Dest-Service |
Source Conditions |
Source attributes that must be met for the rule to apply.
-
Click Add.
-
Enter values for the following, then click
OK:
-
Attribute Name
-
Operator
-
Attribute Value
|
Destination Conditions |
Destination attributes that must be met for the rule to apply.
-
Click Add.
-
Enter values for the following, then click
OK:
-
Attribute Type
-
Attribute Name
-
Operator
-
Attribute Value
|
Service |
Service attributes that must be met for the rule to apply.
-
Click Add.
-
Enter values for the following, then click
OK:
|
Protocol |
Specify the protocols to which the rule applies:
-
To apply the rule to any protocol, check the Any check box.
-
To apply the rule to specific protocols:
-
Uncheck the Any check box.
-
From the Operator drop-down list, choose a qualifier: Equal, Not Equal, Member, Not Member, In range, or Not in range.
-
In the Value fields, specify the protocol, object group, or range.
|
Ether Type |
Specify the encapsulated protocols to be examined for this rule:
-
To examine all encapsulated protocols, check the Any check box.
-
To examine specific encapsulated protocols:
-
Uncheck the Any check box.
-
From the Operator drop-down list, choose a qualifier: Equal, Not Equal, Member, Not Member, In range, or Not in range.
-
In the Value fields, specify the hexadecimal value, object group, or hexadecimal range.
|
Time Range |
To apply the rule all the time |
Check the Always check box. |
To apply the rule for a specific time range |
-
Uncheck the Always check box.
-
Check the Range check box.
-
In the Absolute Start Time fields, provide the start date and time.
-
In the Absolute End Time fields, provide the end date and time.
|
To apply the rule based on membership in an object group |
-
Uncheck the Always check box.
-
Check the Pattern check box.
-
From the Operator drop-down list, choose member (Member of).
-
Do any of the following :
-
Choose an existing object group from the drop-down list.
-
Click Add Object Group to create a new object group.
-
Click the Resolved Object Group link to review or modify the specified object group.
|
To apply the rule on a periodic basis, with the frequency you specify |
-
Uncheck the Always check box.
-
Check the Pattern check box.
-
From the Operator drop-down list, choose range (In range).
-
In the Begin fields:
-
From the Begin drop-down list, choose the beginning day of the week or the frequency of the time range.
-
Choose the beginning hour and minute, and AM or PM.
-
In the End fields:
-
From the End drop-down list, choose the ending day of the week or frequency.
-
Choose the ending hour and minute, and AM or PM.
Note |
If you choose a frequency in the Begin drop-down list, choose the same frequency in the End drop-down list. For example, choose Weekdays from both the Begin and End drop-down lists. |
|
Advanced |
Source port attributes that must be matched for the rule to apply. To add a source port:
-
Click Add.
-
Enter the required information, then click OK.
|