400| Roles and Policies AOS-W 6.5.3.x| User Guide
l source: network 80.0.0.0/24
l destination: any
l service/application: TCP 80
l action: deny
n Rule 2:
l source: network 60.0.0.0/24
l destination: any
l service/application: TCP 80
l action: dual-nat <nat_pool>
n Rule 3:
l source: network 10.0.0.0/24
l destination: any
l service/application: TCP 80
l action: destination nat
In the WebUI
1. Navigate to Configuration > Access Control > Policies.
2. Click Add/Edit.
3. Click Add under Rules/IP Version.
4. Select application or application category from the Service drop-down menu and select configuration
options.
5. Click Apply.
In the CLI
To configure the ACL application-specific parameters using the command-line interface, access the command-
line interface in config mode, run the following commands:
(host)(config)#ip access-list
Configuring Bandwidth Contracts for AppRF 2.0
Bandwidth contract configuration lets you configure bandwidth contracts for both the global or application-
specific levels.
Global Bandwidth Contract Configuration
To configure bandwidth contracts to limit application and application categories on an application or global
level, or to show global bandwidth contract configuration output, access the command-line interface and use
the commands dpi global-bandwidth-contract and show dpi global-bandwidth-contract.
(host)(config) #dpi global-bandwidth-contract[app|appcategory]
(host) #show dpi global-bandwidth-contract
Role-Specific Bandwidth Contracts
Application-specific bandwidth contracts (unlike "generic" bandwidth-contracts) allow you to control or reserve
rates for specific applications only on a per-role basis. An optional exclude list is provided that allows you to
exclude applications or application categories on which a generic user/role bandwidth-contract is not applied.
To Next Page
Loading...