User Guide
OmniAccess SafeGuard OS Administration Guide
318
Chapter 7: Establishing a Security Policy
protocol Matches the IP protocol of the traffic. It can be
any of the following:
■ any – Wildcard, which matches TCP or UDP
protocols and application
■ application-filter – L7+ rule
Configuring application filters is discussed
separately. For more details, see Application
Filters on page 311.
■ application-group – L7 application
Configuring application groups is discussed
separately. For more details, see Application
Group on page 310.
■ tcp – TCP; specify protocol port number and
the port operation:
1 to 65535 – End port or the start of the end
port
GE – Greater than or equal to
NE – Not equal to
LE – Less than or equal to
range – Destination TCP port range
out-of-range – Out of the destination TCP port
range
■ udp – UDP; specify protocol port number and
the port operation:
1 to 65535 – End port or the start of the end
port
GE – Greater than or equal to
NE – Not equal to
LE – Less than or equal to
range – Destination UDP port range
out-of-range – Out of the destination UDP
port range
■ AND logical operator. Make a UDP or TCP
protocol condition more specific by using the
AND logical operator with an L7 application
filter to application group. For example,
specify ‘tcp 80 AND application-group web’
to define that the traffic is web and that it
only runs on TCP port 80.