|
| Chapter 4: Advanced Configuration | |
|
|
|
|
| Field | Description |
|
| Dest Port | Port number criteria for the destination computer(s) (i.e., the port number of the |
|
|
| type of computer to which the packet is being sent). | |
|
| This field will be dimmed (unavailable for entry) unless you have selected TCP or | |
|
| UDP as the protocol. | |
|
| See the description of Src IP Address for the selection options. | |
|
|
|
|
| TCP Flag | Specifies whether the rule should apply only to TCP packets that contain the | |
|
| synchronous (SYN) flag, only to those that contain the | |
|
| ||
|
| for entry) unless you selected TCP as the Protocol. | |
|
|
|
|
| ICMP Type | Specifies whether the value in the type field in ICMP packet headers will be used | |
|
| as a criteria. The code value can be any decimal value from 0 to 255. You can | |
|
| specify that the value must equal (eq) or not equal (neq) the specified value, or | |
|
| you can select any to enable the rule to be invoked on all ICMP packets. This field | |
|
| will be dimmed (unavailable for entry) unless you specify ICMP as the Protocol. | |
|
|
|
|
| ICMP Code | Specifies whether the value in the code field in ICMP packet headers will be used | |
|
| as a criteria. The code value can be any decimal value from 0 to 255. You can | |
|
| specify that the value must equal (eq) or not equal (neq) the specified value, or | |
|
| you can select any to enable the rule to be invoked on all ICMP packets. This field | |
|
| will be dimmed (unavailable for entry) unless you specify ICMP as the Protocol. | |
|
|
|
|
| IP Frag Pkt | Determines how the rule applies to IP packets that contain fragments. You can | |
|
| choose from the following options: | |
|
| Yes: The rule will be applied only to packets that contain fragments. | |
|
| No: The rule will be applied only to packets that do not contain fragments. | |
|
| Ignore: (Default) The rule will be applied to packets whether or not they contain | |
|
| fragments, assuming that they match the other criteria. | |
|
|
|
|
| IP Option Pkt | Determines whether the rule should apply to IP packets that have options | |
|
| specified in their packet headers. | |
|
| Yes: The rule will be applied only to packets that contain header options. | |
|
| No: The rule will be applied only to packets that do not contain header options. | |
|
| Ignore: (Default) The rule will be applied to packets whether or not they contain | |
|
| header options, assuming that they match the other criteria. | |
|
|
|
|
| Packet Size | Specifies that the IP Filter rule will take affect only on packets whose size in bytes | |
|
| matches this criteria. (lt = less than, gt = greater than, lteq = less than or equal | |
|
| to, etc.) | |
|
|
|
|
| TOD Rule Status | The Time of Day Rule Status determines how the Start Time/End Time settings | |
|
| are used. | |
|
| Enable: (Default) The rule is in effect for the specified time period. | |
|
| Disable: The rule is not in effect for the specified time period, but is effective at | |
|
| all other times. | |
|
|
|
|
3.When you are done selecting criteria, ensure that Enable is selected and then click [Apply].
If the security level of the rule matches the globally configured setting, a green ball in the Oper. Status column for that rule, indicating that the rule is now in effect. A red ball will display when the rule is disabled or if its security level is different than the globally configured level.
4.Ensure that the Security Level and Private/Public/DMZ Default Action settings on the IP Filter Configuration page are configured as needed, then click [Apply].
A page gives a receipt for the changes.
5.Select Admin > Commit & Reboot and click [Save] to save your changes to permanent storage.
Rev:01_040220 | 61 |