beautypg.com

H3C Technologies H3C SecBlade LB Cards User Manual

Page 36

background image

25

Item Description

Time Range

Select a time range for the rule.
If you select None, the rule is always effective.
Available time ranges are configured by selecting Security > Time Range from

the navigation tree.

Non-first Fragments Only

Select this box to apply the rule to only non-first fragments. To apply the rule to
all fragments and non-fragments, do not select this box.

Logging

Select this box to log matching IPv4 packets.
A log entry contains the ACL rule number, action on the matching packets,

protocol over the IP, source/destination address, source/destination port

number, and number of matching packets.

Source IP Address

Select the Source IP Address box, and enter the source IP address and source
wildcard, in dotted decimal notation.

Source Wildcard

Destination IP Address

Select the Destination IP Address box, and enter the destination IP address and
destination wildcard, in dotted decimal notation.

Destination Wildcard

VPN Instance

Specify the VPN.
To apply the rule to only non-VPN packets, select None.

Protocol

Select the protocol to be carried over by IP.
If you select 1 ICMP, you can configure the ICMP message type and code.
If you select 6 TCP or 17 UDP, you can configure the TCP or UDP specific items.

ICMP Message

Specify the ICMP message type and code.
These items are available only when you select 1 ICMP from the Protocol list.
If you select Others from the ICMP Message list, you must enter values in the

ICMP Type and ICMP Code fields. Otherwise, the two fields take the default
values, which cannot be changed.

ICMP Type

ICMP Code

TCP Connection Established

If you select this box, the rule matches packets used for establishing and
maintaining TCP connections.
This item is available only when you select 6 TCP from the Protocol list.
A rule with the item configured matches TCP connection packets with the ACK or
RST flag.

Source

Operator

Select the operators, and enter the source port numbers and destination port
numbers, as required.
These items are available only when you select 6 TCP or 17 UDP from the
Protocol list.
Different operators have different configuration requirements for the port

number fields:

None—The following port number fields cannot be configured.

inclusive range—The following port number fields must be configured to

define a port range.

Other values—The first port number field must be configured and the second

must not.

Port

Destination

Operator

Port

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: