1093| Behavior and Defaults AOS-W 6.5.3.x| User Guide
Predefined Policy Description
ip access-list session noe-acl
any any svc-noe permit queue high
Use for Alcatel NOE VoIP devices to automatically permit
and prioritize NOE traffic.
ip access-list session h323-acl
any any svc-h323-tcp permit queue high
any any svc-h323-udp permit queue high
Use for H.323 VoIP devices to automatically permit and
prioritize H.323 traffic.
ipv6 access-list session v6-control
user any udp 68 deny
any any svc-v6-icmp permit
any any svc-v6-dhcp permit
any any svc-dns permit
any any svc-tftp permit
Provides equivalent functionality to the "control" policy,
but for IPv6 clients.
ipv6 access-list session v6-icmp-acl
any any svc-v6-icmp permit
Permits all ICMPv6 traffic.
ipv6 access-list session v6-https-acl
any any svc-https permit
Permits all IPv6 HTTPS traffic.
ipv6 access-list session v6-dhcp-acl
any any svc-v6-dhcp permit
Permits all IPv6 DHCP traffic.
ipv6 access-list session v6-dns-acl
any any svc-dns permit
Permits all IPv6 DNS traffic.
ipv6 access-list session v6-allowall
any any any permit
Permits all IPv6 traffic.
ipv6 access-list session v6-http-acl
any any svc-http permit
Permits all IPv6 HTTP traffic.
ipv6 access-list session v6-tftp-acl
any any svc-tftp permit
Permits all IPv6 TFTP traffic.
ipv6 access-list session v6-logon-control
user any udp 68 deny
any any svc-v6-icmp permit
any any svc-v6-dhcp permit
any any svc-dns permit
Provides equivalent functionality to the "logon-control"
policy, but for IPv6 clients.
Validuser and Logon-control ACLs
Default firewall rules for both the validuser and logon-control ACLs prevent malicious users from ip spoofing
source addresses the default firewall rule in the validuser ACL causes the packet to be dropped.
A client with the correct source address can send traffic to the below networks as a destination IP address. To
deny traffic, the default firewall rule added to logon-control ACL denies traffic to the reserved addresses from
user with the logon role.
The following networks can be blocked by the default firewall rules in both the validuser and logon-control
ACLs:
n Network packets where the source address of the network packet is defined as being on a broadcast
network (source address == 255.255.255.255)
n Network packets where the source address of the network packet is defined as being on a multicast
network (source address = 224.0.0.0 – 239.255.255.255)
To Next Page
Loading...