Configure Provisional ACL

 

The configuration of the Provisional ACL can be done using two objects, the Access Control List (ACL) and the Access Control Subnet (ACS).

The ACL object defines the overall default access action (accept/drop/continue) to be applied to a local IP resource.  

The ACS object defines the override access (accept/drop) from specific remote IP addresses to that local IP address.

  • ACL without ACS [where default access is accept], accepts all packets to that local IP address with no further IP Firewall rules processing.

  • ACL without ACS [where default access is drop], drops all packets to that local IP address with no further IP Firewall rules processing. 

  • ACL without ACS [where default access is continue] causes remaining IP Firewall rules to be checked. If no match is found, packets are dropped.

  • ACL with ACS where remote IP address matches one of the ACS object, accepts/drops packets from that remote IP address is based on override action defined by the ACS object.

  • ACL with ACS where no remote IP address matches any of the ACS’s, have the same behavior as ACL without ACS (above):  The default access will apply.

 

Create ACL object

Right click the Security and select New Access Control Lists

Right click on Access Control Lists and select New Access Control List. The Access Control List screen will be displayed as below.

 

 

ACL ID - Access Control List Identification number.

ACL Name - Access Control List Name.

Default Access - The overall default access action (accept/drop/continue) to be applied to a local IP resource.

Activation on Service IP – Activation behavior (Automatic/Manual) when associated to a Local Service IP address.  When Manual activation is selected, two buttons will appears in the Service IP panel to Activate/Deactivate the ACL.

Entries – Number of configured ACS.

 

Create ACS object

Right click on Access Control List object and select New Access Control Subnet. The Access Control Subnet screen will be displayed as below.

 

 

ACS Name – Access Control Subnet Identification number.

IP address – Remote IP address.

/ Subnet – The subnet prefix to be applied to the remote IP address to define the scope of the IP address. It can specify either an exact match, or a range of IP addresses.

Access Type – The override access (accept/drop) from specific remote IP addresses to a local IP address.

Protocol – UDP/TCP, identify the protocol affected by the ACS.

Starting Port / Ending Port – Define the range of ports affected by the ACS .

Related Topics

Provisional ACL (F-6582)

IP Address

Physical Node - Direct Connect

Physical Node - Multinode

 

 

 

 

Return to Documentation Home I Return to Sangoma Support