Siemens E-110-I User Manual
Page 67
Chapter 4: Advanced Configuration
Field
Description
Dest Port
Port number criteria for the destination computer(s) (i.e., the port number of the
type of computer to which the packet is being sent).
This field will be dimmed (unavailable for entry) unless you have selected TCP or
UDP as the protocol.
See the description of Src IP Address for the selection options.
TCP Flag
Specifies whether the rule should apply only to TCP packets that contain the
synchronous (SYN) flag, only to those that contain the non-synchronous
(NOT-SYN) flag, or to all TCP packets (All). This field will be dimmed (unavailable
for entry) unless you selected TCP as the Protocol.
ICMP Type
Specifies whether the value in the type field in ICMP packet headers will be used
as a criteria. The code value can be any decimal value from 0 to 255. You can
specify that the value must equal (eq) or not equal (neq) the specified value, or
you can select any to enable the rule to be invoked on all ICMP packets. This field
will be dimmed (unavailable for entry) unless you specify ICMP as the Protocol.
ICMP Code
Specifies whether the value in the code field in ICMP packet headers will be used
as a criteria. The code value can be any decimal value from 0 to 255. You can
specify that the value must equal (eq) or not equal (neq) the specified value, or
you can select any to enable the rule to be invoked on all ICMP packets. This field
will be dimmed (unavailable for entry) unless you specify ICMP as the Protocol.
IP Frag Pkt
Determines how the rule applies to IP packets that contain fragments. You can
choose from the following options:
Yes: The rule will be applied only to packets that contain fragments.
No: The rule will be applied only to packets that do not contain fragments.
Ignore: (Default) The rule will be applied to packets whether or not they contain
fragments, assuming that they match the other criteria.
IP Option Pkt
Determines whether the rule should apply to IP packets that have options
specified in their packet headers.
Yes: The rule will be applied only to packets that contain header options.
No: The rule will be applied only to packets that do not contain header options.
Ignore: (Default) The rule will be applied to packets whether or not they contain
header options, assuming that they match the other criteria.
Packet Size
Specifies that the IP Filter rule will take affect only on packets whose size in bytes
matches this criteria. (lt = less than, gt = greater than, lteq = less than or equal
to, etc.)
TOD Rule Status The Time of Day Rule Status determines how the Start Time/End Time settings
are used.
Enable: (Default) The rule is in effect for the specified time period.
Disable: The rule is not in effect for the specified time period, but is effective at
all other times.
3. When you are done selecting criteria, ensure that Enable is selected and then click [Apply].
If the security level of the rule matches the globally configured setting, a green ball in the Oper.
Status column for that rule, indicating that the rule is now in effect. A red ball will display when the
rule is disabled or if its security level is different than the globally configured level.
4. Ensure that the Security Level and Private/Public/DMZ Default Action settings on the
IP Filter
Configuration
page are configured as needed, then click [Apply].
A page gives a receipt for the changes.
5. Select
Admin > Commit & Reboot and click [Save] to save your changes to permanent storage.
Rev:01_040220
61