Field Description
IP version Specifies whether the policy applies to IPv4 or IPv6 traffic.
Source
(required)
Source of the traffic, which can be one of the following:
n any: Acts as a wildcard and applies to any source address.
n user: This refers to traffic from the wireless client.
n host: This refers to traffic from a specific host. When this option is chosen, you must
configure the IP address of the host.
n network: This refers to a traffic that has a source IP from a subnet of IP addresses.
When this option is chosen, you must configure the IP address and network mask of
the subnet.
n alias: This refers to using an alias for a host or network. You configure the alias by
navigating to the Configuration > Advanced Services > Stateful Firewall >
Destination page.
Destination
(required)
Destination of the traffic, which can be configured in the same manner as Source.
Service
(required)
Type of traffic, which can be one of the following:
n any: This option specifies that this rule applies to any type of traffic.
n application: For session and route policies on a OAW-40xx Series switch, you can
create a rule that applies to a specific application type. Click the Application drop-
down list and select an application type.
n application category: For session and route policies on a OAW-40xx Series switch,
you can create a rule that applies to a specific application category. Click the
Application Category drop-down list and select a category type.
n web category/ Reputation: For session policies on a OAW-40xx Series switch, you
can create a rule that applies to a specific web category or application type. For
more information on web category classification, see AppRF on page 798
n tcp: Using this option, you configure a range of TCP port(s) to match for the rule to
be applied.
n udp: Using this option, you configure a range of UDP port(s) to match for the rule to
be applied.
n service: Using this option, you use one of the pre-defined services (common
protocols such as HTTPS, HTTP, and others) as the protocol to match for the rule to
be applied. You can also specify a network service that you configure by navigating
to the Configuration > Advanced Services > Stateful Firewall > Network
Services page.
n protocol: Using this option, you specify a different layer 4 protocol (other than
TCP/UDP) by configuring the IP protocol value.
Table 86: Firewall Policy Rule Parameters
AOS-W 6.5.3.x | User Guide Roles and Policies | 377
To Next Page
Loading...