Owner's Manual
425
-
Term Name
—The identifier for the term.
-
Active
—Check this to enable the term.
Firewall filters consist of one or more terms that specify the filtering criteria and the action to take
if a match occurs. Some handy definitions:
- Match Criteria tab —Specifies values or fields that the packet must contain including the IP
destination address or the TCP protocol.
- Action tab—Specifies what to do if a packet matches the match conditions. Actions include
accepting, discarding, or rejecting a packet, then going to the next term.
The order of the terms within a firewall filter is also significant. The application tests packets
against each term in the listed order. When it finds the first matching conditions, it applies the
action associated with that term to the packet and the evaluation of the firewall filter ends.
After all terms are evaluated, if a packet matches no terms in a filter, the application silently
discards the packet. IPv4 is the supported packet type.
Match Criteria tab
This tab lets you configure match criteria for a rule term.
-
Criteria
—Select criteria from the pick list. Criteria include
Source Address, Destination Address,
Application, Application Sets.
-
Address
—If you select one of the
Address
terms, the editor panel lets you enter IP addresses for
source or destination. You can also check
any-unicast
as an address. Click
Add
to add the
address you type in the field below the list. Check
Except
if you want to exclude this address
from the criteria.
-
Application/Application Sets
—When you select one of the
Application
or
Application Set
terms, the editor panel lets you select from available applications or application sets (see
Applications on page 420 and Application Sets on page 422 for the source of this
information).
Figure 13-6. Firewall Rule Term Match Criteria