beautypg.com

Fortinet 548B User Manual

Page 899

background image

- 899 -

Selection Criteria

IPv6 ACL Name - Use the pull down menu to select the IPv6 ACL for which to create or update a
rule.

Rule - Select an existing rule from the pull down menu, or select 'Create New Rule.' New rules
cannot be created if the maximum number of rules has been reached. For each rule, a packet must
match all the specified criteria in order to be true against that rule and for the specified rule action
(Permit/Deny) to take place.

Configurable Data

Rule ID - Enter a whole number in the range of (1 to 10) that will be used to identify the rule.

Action - Specify what action should be taken if a packet matches the rule's criteria. The choices are
permit or deny.

Logging - When set to 'True', logging is enabled for this ACL rule (subject to resource availability in
the device). If the Access List Trap Flag is also enabled, this will cause periodic traps to be
generated indicating the number of times this rule was 'hit' during the current report interval. A fixed 5
minute report interval is used for the entire system. A trap is not issued if the ACL rule hit count is
zero for the current interval. This field is visible for a 'Deny' Action.

Assign Queue ID - Specifies the hardware egress queue identifier used to handle all packets
matching this IPv6 ACL rule. Valid range of Queue Ids is (0 to 7). This field is visible for a 'Permit'
Action.

Mirror Interface - Specifies the specific egress interface where the matching traffic stream is copied
in addition to being forwarded normally by the device. This field cannot be set if a Redirect Interface
is already configured for the ACL rule. This field is visible for a 'Permit' Action

Redirect Interface - Specifies the specific egress interface where the matching traffic stream is
forced, bypassing any forwarding decision normally performed by the device. This field cannot be set
if a Mirror Interface is already configured for the ACL rule. This field is visible for a 'Permit' Action.

Match Every - Select true or false from the pull down menu. True signifies that all packets will match
the selected IPv6 ACL and Rule and will be either permitted or denied. In this case, since all packets