Iprule – Amer Networks E5 CLI User Manual

3.57. IPRule

Description

An IP rule specifies what action to perform on network traffic that matches the specified filter
criteria.

Properties

Index

The index of the object, starting at 1. (Identifier)

Name

Specifies a symbolic name for the rule. (Optional)

Action

Reject, Drop, FwdFast, Allow, NAT, SAT ,SLB_SAT,
GOTO or RETURN.

SourceInterface

Specifies the name of the receiving interface to be
compared to the received packet.

DestinationInterface

Specifies the the destination interface to be
compared to the received packet.

SourceNetwork

Specifies the sender span of IP addresses to be
compared to the received packet.

DestinationNetwork

Specifies the span of IP addresses to be compared
to the destination IP of the received packet.

Service

Specifies a service that will be used as a filter
parameter when matching traffic with this rule.

Schedule

By adding a schedule to a rule, the security
gateway will only allow that rule to trigger at those
designated times. (Optional)

NATAction

Specify sender address or Use interface address.
(Default: UseInterfaceAddress)

NATSenderAddress

Specifies which sender address will be used.

NATPool

Specifies the NATPool object to use.

SATTranslate

Specifies whether to translate source IP or
destination IP. (Default: DestinationIP)

SATTranslateToIP

Translate to this IP address.

SATTranslateToPort

Translate to this port. (Optional)

SATAllToOne

Rewrite all destination IPs to a single IP. (Default:
No)

SLBAddresses

The IP addresses of the servers in the server farm.

SLBStickiness

Specifies stickiness mode. (Default: None)

SLBIdleTimeOut

New connections that arrive within the idle
timeout are assigned to the same real server as
previous connections from that address. The
timeout is refreshed after each new connection.

Chapter 3: Configuration Reference

176