Manualshelf

User`s manual

ManualsBrandsMoxa ManualsNetworkingEDR-G902
51525354555657585960
EDR-G903/G902 Features and Functions
3-39
Mask: Policy [X] is masked by Policy [Y]
The Source/Destination IP range or Source/Destination port number of policy [X] is smaller or equal to policy
[Y] but the action target (Accept/Drop) is different.
For example, two firewall policies are shown below:
Index Input Output Protocol Source IP Destination IP Target
1 WAN1 LAN All 10.10.10.10 192.168.127.10 ACCEPT
2 WAN2 LAN All 20.20.20.10
to 20.20.20.30
192.168.127.20 ACCEPT
Suppose the user next adds a new policy with the following configuration:
Index Input Output Protocol Source IP Destination IP Target
3 WAN2 LAN All 20.20.20.20 192.168.127.20 DROP
After clicking the PolicyCheck button, the EtherDevice Router will issue a message informing the user that
policy [3] is masked by policy [2] because the IP range of policy [3] is smaller than the IP range of policy [2],
and the Target action is different.
Include: Policy [X] is included in Policy [Y]
The Source/Destination IP range or Source/Destination port number of policy [X] is less than or equal to policy
[Y], and the action target (Accept/Drop) is the same. In this case policy [X] will increase the loading of the
EtherDevice Router and lower its performance.
For example, two firewall policies are shown in the following table:
Index Input Output Protocol Source IP Destination IP Target
1 WAN1 LAN All 10.10.10.10 192.168.127.10 ACCEPT
2 WAN2 LAN All 20.20.20.10
to 20.20.20.30
192.168.127.20 ACCEPT
Suppose the user next adds a new policy with the following configuration:
Index Input Output Protocol Source IP Destination IP Target
3 WAN2 LAN All 20.20.20.20 192.168.127.20 ACCEPT
After clicking the PolicyCheck button, the EtherDevice Router will issue a message informing the user that
policy [3] is included in policy [2] because the IP range of policy [3] is smaller than the IP range of policy [2],
and the Target action is the same.
Cross Conflict: Policy [X] cross conflicts with Policy [Y]
Two firewall policy configurations, such as Source IP, Destination IP, Source port, and Destination port, in
policy [X] and policy [Y] are masked, and the action target (Accept/Drop) is different.
For example, two firewall policies are shown in the following table:
Index Input Output Protocol Source IP Destination IP Target
1 WAN1 LAN All 10.10.10.10 192.168.127.10 ACCEPT
2 WAN2 LAN All 20.20.20.20
to 20.20.20.30
192.168.127.25
ACCEPT