Owner's Manual

ManualsBrandsDell ManualsSoftwareDell OpenManage Network Manager Version 4.4

461

462

463

464

465

466

467

468

469

470

Interface Specific

—Check to make this filter specific to an interface.

Match Criteria Tab

You can specify multiple match conditions in a filter, effectively chaining together a series of match

action operations to apply to the packets on an interface. If multiple match conditions exist you

can also select and reorder them (indicating the order they apply) using the

and

Down

buttons.

Select the

Advanced Type

, enter the fields for that type and then click

Add

to add the criteria.

Select a criteria and select

Delete

to remove it from the match-condition.

Figure 13-42. Advanced Firewall Filter Match Conditions

Address filter conditions match prefix values in a packet. Types include the following:

Source / Destination / Address

—If you select one of the

Address

terms (

Source, Destination

blank, which means

Either

), the editor panel lets you enter IP addresses for source or

destination. Click

Add

to add the address you type in the field below the list. Check

Except

you want to exclude this address from the criteria.

Single prefix

—Either source-address, destination-address or both where the format can be

192.168.0.1 or 192.168.1.0/24.

Multiple prefix

—A set of source-addresses, destination-addresses or both.

Source / Destination / Prefix-lists

—These define a list of IP address prefixes under a prefix-list

alias for frequent reference. Select

SecondVPN,

ThirdVPN

from the pick list.

Source / Destination / Port

—Select from the pick list. Options include

afs, bgp, biff, bootpc,

bootps, cmd, cvspserver, dhcp, domain, eklogin, ekshell, exec, finger, ftp, ftp-data, http, https,

ident, imap, kerberos-sec, klogin, kpasswd, krb-prop, krbupdate, kshell, ldap, ldp, login,

mobileip-agent, mobileip-mn, msdp, nebios-dgm, netbios-ns, netbios-ssn, nfsd, nntp, ntalk,

ntp, pop3, pptp, printer, radacct, radius, rip, rkinit, smtp, snmp, snmptrapp, snpp, socks, ssh,

sunrpc, syslog, tacacs, talk, telnet, ttfp, timed, who, xdmcp.

IP options—

These include

any, loose-source-route, route-record, route-alert, security, stream-id,

strict-source-route, timestamp.

Ah Spi

—Enter a value under the table and click

Add.

Esp Spi

—Enter a value under the table and click

Add.

DSCP

—Select a value from the pick list and click

Add.

Values include

af11 - af43, be, cs1 - cs7,

ef.