Profile Directory:Remote Profile
Firewall Filters
Local IP Address/Network
IP Address of the local device or network that this rule will affect. If you enter the address of a local device, this rule will affect only the session establishments of the local device and the destination address entered in the Remote IP Address/Network field, below. If this rule is to affect “any” local devices/networks, leave this field with an asterisk default symbol *.
Significant Bits
Use this field to identify the number of bits, from left to right that will be used to match the IP Address field within the data packet with the value entered into the Local IP Address/ Network. Range is between
Remote IP Address/Network
Enter the IP Address of the remote device or network that this rule will affect. If you enter the address of a remote device, this rule will affect only the session establishments of the remote device and the device/network address entered in the Local IP Address/Network field, above. If this rule is to affect “any” remote devices/networks, leave this field at the default symbol *.
Significant Bits
Use this field to identify the number of bits, from left to right, that will be used to match the IP Address field within the data packet with the value entered into the Remote IP Address/ Network. Range is between 1 to 32.
<> Packets which match this rule
Use this field to indicate whether a rule match should trigger an Alarm or Log entry.
(Blank) | A transmission match will not trigger an Alarm or Events log entry. |
Alarm | A transmission match will trigger an Alarm entry. |
Log | A transmission match will trigger an Events log entry. |
Log or Alarm entries may also be useful when a specific security issue is at stake. For example, if your security policy does not permit Telnetting, you may wish to keep track of all Telnet attempts. As a general rule, however, we do not recommend keeping a log of all rule matches since this may impact system performance and may cause an Event or Alarm screen overflow.
NOTE: When enabled, a single event/alarm will be logged for all TCP session initiations. An event/alarm will be logged for each packet for all UDP transfers. UDP traffic should typically not be allowed across a firewall.
NOTE: All firewall rules are considered filters and will be applied toward the maximum allowable number of 500 filters.
CMG Router - Release 2.7 |
