User Guide
OmniAccess SafeGuard OS Administration Guide
317
Chapter 7: Establishing a Security Policy
filter name {direction} from source to destination protocol action
{[mirror] [log] [precedence number]}
Syntax Description name Name of the user filter.
direction Specifies the direction that a flow is initiated.
Direction can be any of the following:
■ flow-in – apply to flows initiated from the
host-side of the SafeGuard device
■ flow-out – apply to flows initiated from the
network-side of the device
■ (Default) blank, which applies to flows in
either direction
source Specifies the source endpoint of the traffic. It
can be any of the following:
■ any – Wildcard, which matches all source
■ host – L3 IP address of the host
■ macmask – L2 MAC mask of the host
■ network – L3 IP address of the subnet
■ network-zone – L3 address (MAC address, IP
address, network address, or address range)
■ port – L1 physical source port
■ range – L3 IP address range
■ role – User role
■ username – User name
■ NOT – Negates the from criteria, except for
‘any’
Note: Filters using role or username are not
supported for unauthenticated user role. Also
these filters do not take effect if the policy
applied to a role of a user does not match.
destination Specifies the destination endpoint of the traffic.
It can be any of the following:
■ any – Wildcard, which matches all
destination.
■ host – L3 IP address of the host
■ network – L3 IP address of the subnet
■ network-zone – L3 address (MAC address, IP
address, network address, or address range)
■ range – L3 IP address range
■ NOT – Negates the from criteria, except for
‘any’