ESR series service routers.ESR-Series. User manual
•
•
Step Description Command Keys
8 Set the profile of sender TCP/UDP
ports for which the rule should work.
For protocol icmp value, source-port
can only be any.
esr(config-ips-category-rule)#
source-port {any | <PORT> | object-
group <OBJ-GR-NAME> }
<PORT> – number of sender
TCP/UDP port, takes values of
[1..65535].
<OBJ_GR_NAME> – sender
TCP/UDP ports profile name,
set by the string of up to 31
characters.
When specifying the 'any' value,
the rule will work for any sender
TCP/UDP port.
9 Set destination IP addresses for which
the rule should trigger.
esr(config-ips-category-rule)#
destination-address
{ip <ADDR> | ip-prefix <ADDR/LEN>
| object-group <OBJ_GR_NAME> |
policy-object-group { protect |
external } | any }
<<ADDR> – recipient IP
address, defined as
AAA.BBB.CCC.DDD where each
part takes values of [0..255];
<ADDR/LEN> – recipient IP
subnet, defined as
AAA.BBB.CCC.DDD/EE where
each part AAA-DDD takes
values of [0..255] and LEN
takes values of [1..32].
<OBJ_GR_NAME> – name of IP
addresses profile that contains
recipient IP address, set by the
string of up to 31 characters.
protect – sets recipient
addresses, protect
addresses defined in
IPS/IDS policy;
external – sets external
addresses defined in
IPS/IDS policy as
recipient addresses.
When specifying the 'any' value,
the rule will work for any sender
IP address.
10 Set the profile of destination TCP/UDP
ports for which the rule should work.
For protocol icmp value, destination-
port can only be any.
esr(config-ips-category-rule)#
destination-port
{any | <PORT> | object-group <OBJ-
GR-NAME> }
<PORT> – number of
destination TCP/UDP port,
takes values of [1..65535].
<OBJ_GR_NAME> – recipient
TCP/UDP ports profile name,
set by the string of up to 31
characters.
When specifying the 'any' value,
the rule will be triggered for any
source TCP/UDP port.
To Next Page
Loading...