R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

Figure 57 Basic ACL rule configuration page

Table 24 Basic ACL rule configuration items

Item Descri

tion

Rule ID

Select the Rule ID check box and type a number for the rule.

If you do not specify a rule number, the system automatically assigns one for the rule.

IMPORTANT:

If the rule already exists, the configuration overwrites the old rule.

Operation

Select the operation to be performed for packets matching the rule.

•

Permit: Allows matching packets to pass.

•

Deny: Denies matching packets.

Time Range

Select a time range for the rule.

If you select None, the rule will always be effective.

Available time ranges are configured by selecting Security > Time Range from the

navigation tree.

Non-first Fragments

Only

Select this check box to apply the rule to only non-first fragments. If you do no select this

check box, the rule applies to all fragments and non-fragments.

Logging

Select this check box to log matching packets.

A log entry contains the ACL rule number, action on the matching packets, protocol that

IP carries, source/destination address, source/destination port number, and number of

matching packets.

Source IP Address

Select the Source IP Address check box and type a source IP address and source

wildcard, in dotted decimal notation.

Source Wildcard

VPN Instance

Specify the VPN.

If you select None, the rule applies to only non-VPN packets.

The LB module does not support this configuration item.

Return to ACL configuration task list.

Configuring an advance ACL rule

Select Security > ACL from the navigation tree. Then, select the advanced ACL for which you want to

configure ACL rules and click the corresponding icon in the Operation column to list all existing rules