User's Manual
UTT Technologies Chapter 12 Security
http://www.uttglobal.com Page 326
you only allow a LAN user to access Web service, and block any other service, then the
rule that allows the user to access Web service should be listed above the rule that denies
the user to access any other service.
12.3.1.5 Address Group and Service Group
On the Device, you can create the IP address groups in the Security > Address Group
page or service groups in the Security > Service Group page firstly, and then reference
them by name in the source or destination address group, or service group fields of
access control rules.
1. Address Group
Using address groups can facilitate the configuration of access control rules. For example,
if some LAN hosts¶ IP addresses are discontinuous, but the hosts have the same
privileges of accessing the Internet, you can create an address group for these hosts.
Then you only need to create one access control rule by using the address group to meet
the KRVWV¶ requirements. Else you need to create multiple access control rules for these
hosts. Refer to section 12.6 Address Group for more information about address group.
2. Service Group
The service group is used to match the source MAC address, protocol type (TCP, UDP or
ICMP), port number and content of the packets that are received by the Device. Using
service groups can facilitate the configuration of access control rules. For example, you
can add telnet, pop3 and http services into a service group, and then create one rule by
using the service group to control the access to these services. Else, you need to create
multiple access control rules for the access to these services, one rule per service. Refer
to section 12.7 Service Group for more information about service group.
12.3.1.6 System Default Access Control Rules
Besides user-defined access control rules, the Device will automatically created some
system default access control rules in the Access Control List. The following table
describes the purposes of these rules.
ID Description