Name |
Rule name, containing 2 to 32 characters. The name can contain alphanumeric characters, hyphen (-), underscore (_), period (.), and colon (:). You cannot change the name after it is saved. |
Description |
Brief rule description, containing 1 to 256 characters. The name can contain alphanumeric characters, hyphen (-), underscore (_), period (.), and colon (:). |
Action to Take |
-
Select the action to take if the rule conditions are met:
-
Drop—Drops traffic or denies access.
-
Permit—Forwards traffic or allows access.
-
Reset—Resets the connection.
-
Check the Log check box to enable logging.
|
Condition Match Criteria |
Condition Match Options.
-
Choose match-all for the ACL Policy Rule to match all the conditions (AND).
-
Choose match-any for the ACL Policy Rule to match any one condition (OR).
Note |
If VNMC is installed on Hyper-V Hypervisor, the Condition Match Criteria is disabled. The vZone must match all the conditions. |
|
Src-Dest-Service Tab A rule can have a service condition or a protocol condition, but not both. |
Source Conditions |
Source Rule Condition
-
Click Add.
-
Enter the required values for following:
-
Attribute Type
Note |
If VNMC is installed on Hyper-V Hypervisor, the VM and User Defined attribute types are not supported. |
-
Attribute Name
-
Operator
-
Attribute Value
-
Click OK.
|
Destination Conditions |
Destination Rule Condition
-
Click Add.
-
Enter the required values for following:
-
Attribute Type
Note |
If VNMC is installed on Hyper-V Hypervisor, the attribute type VM is not supported. |
-
Attribute Name
-
Operator
-
Attribute Value
-
Click OK.
|
Service |
Service Expression
-
Click Add.
-
Enter the required values for following:
-
Click OK.
Note |
If VNMC is installed on Hyper-V Hypervisor, the Service Condition is disabled. |
|
Protocol Tab |
Specify the protocols to which the rule applies:
-
To apply the rule to any protocol, check the Any check box.
-
To apply the rule to specific protocols:
-
Uncheck the Any check box.
-
From the Operator drop-down list, choose a qualifier: Equal, Not Equal, Member, Not Member, In range, or Not in range.
-
In the Value fields, specify the protocol, object group, or range.
|
Ether Type Tab |
Specify the encapsulated protocols to be examined for this rule. To examine specific encapsulated protocols:
-
From the Operator drop-down list, choose a qualifier: Equal, Not equal, Greater than, Less than, Member, Not Member, In range, or Not in range.
-
In the Value fields, specify the hexadecimal value, object group, or hexadecimal range.
|
Time Range Tab |
To apply the rule all the time |
Check the Always check box. |
To apply the rule for a specific time range |
-
Uncheck the Always check box.
-
Check the Range check box.
-
In the Absolute Start Time fields, provide the start date and time.
-
In the Absolute End Time fields, provide the end date and time.
|
To apply the rule based on membership in an object group |
-
Uncheck the Always check box.
-
Check the Pattern check box.
-
From the Operator drop-down list, choose member (Member of).
-
Do any of the following :
-
From the Select Object Group drop-down list, choose an existing object group.
-
Click Add Object Group to create a new object group.
-
Click the Resolved Object Group link to review or modify the specified object group.
|
To apply the rule on a periodic basis, with the frequency you specify |
-
Uncheck the Always check box.
-
Check the Pattern check box.
-
From the Operator drop-down list, choose range (In range).
-
In the Begin fields:
-
From the Begin drop-down list, choose the beginning day of the week or the frequency of the time range.
-
Choose the beginning hour and minute, and AM or PM.
-
In the End fields:
-
From the End drop-down list, choose the ending day of the week or frequency.
-
Choose the ending hour and minute, and AM or PM.
Note |
If you choose a frequency in the Begin drop-down list, choose the same frequency in the End drop-down list. For example, choose Weekdays from both the Begin and End drop-down lists. |
|
Advanced Tab |
Source port attributes that must be matched for the current policy to apply. To add a new source port:
-
Click Add.
-
Provide the required information in the following fields, then click
OK:
-
Attribute Name
-
Operator
-
Attribute Value
|