User's Manual

ManualsBrandsSHANGHAI UTT TECHNOLOGIES ManualsElectronicsRouter

331

332

333

334

335

336

337

338

339

340

UTT Technologies Chapter 12 Security

http://www.uttglobal.com Page 325

valid packets received by the LAN interface. After you have enabled access control, the

Device will examine each packet received by the LAN interface to determine whether to

forward or drop the packet, based on the criteria you specified in the access control rules.

When receiving a packet initiated from LAN, the Device will analyze the packet by

extracting its source MAC address, source IP address, destination IP address, protocol

type (TCP, UDP or ICMP), port number, content, and the date and time at which the

packet was received, and then compare them with each rule in the order in which the rules

are listed in the Access Control List.

The first rule that matches the packet will be applied

to the packet, and the Device will forward or drop it according to this

rule¶s action. Note that

after a match is found, no further rules will be checked; and if no match is found, the

Device will drop the packet to ensure security.

The access control rules are applied to the packets that are received by the Device¶s LAN

interface, that is, those packets that arrive on the LAN interface and then go through the

Device. If a packet matches a rule whose Action is Allow, the packet will be allowed to

pass, and then be further processed by route, NAT and other modules. Else, if the packet

matches a rule whose Action is Drop, or doesn¶t match any rule, the packet will be

dropped immediately. As these dropped packets are no longer further processed by route,

NAT and other modules, it will reduce CPU load and improve the Device

performance.

12.3.1.3 The Action of an Access Control Rule

The action of an access control rule is either Allow or Deny. When receiving a packet that

matches a rule in the Access Control List, the Device will forward the packet if the rule¶s

action is Allow; else the Device will drop it.

12.3.1.4 The Execution Order of Access Control Rules

The order of access control rules is very important. When receiving a packet initiated from

LAN, the Device will search Access Control List to find out if there is a rule that matches

the packet. It will check the packet against each rule in the order in which the rules are

listed. After a match is found, no further rules will be checked. If no match is found, the

Device will drop the packet to ensure security. Note that by default the rules are listed in

reverse chronological order of creation, the later the rule is created, the upper the rule is

listed; and the Device allows you to manually move a rule to a different position in the list.

Because the Device will allow or deny a packet to pass according to the first rule that

matches the packet, you should arrange the rules in Access Control List from specific to

general. For example, if you create an access control rule at the beginning that explicitly

allows all packets to pass, no further rules are ever checked. Another example is that if