Access Lists Template

Use this page to create, modify, delete, and rename Access Control Lists (ACL).

An ACL is a reusable MATCH criteria for filtering flows, and is associated with an action, permit or deny: You can use the same ACL as the MATCH condition in more than one policy --- Route, QoS, Optimization, or NAT.

n	An Access Control List (ACL) consists of one or more ordered access control rules.

n	An ACL only becomes active when it's used in a policy.

n	Deny prevents further procesing of the flow by that ACL, specifically. The appliance continues to the next entry in the policy.

n	Permit allows the matching traffic flow to proceed on to the policy entry's associated SET action(s). The default is permit.

n	When creating ACL rules, list deny statements first, and prioritize less restrictive rules ahead of more restrictive rules.

Priority

n	With this template, you can create rules with priority from 1000 – 9999, inclusive. When you apply the template to an appliance, the Orchestrator deletes all appliance entries in that range before applying its policies.

n	If you access an appliance directly (via the WebUI or the command line interface), you can create rules with higher priority than Orchestrator rules (1 – 999) and rules with lower priority (10000 – 65534).

n	Adding a rule increments the last Priority by 10. This leaves room for you to insert a rule in between rules without having to renumber subsequent priorities. Likewise, you can just edit the number.

Source or Destination

n	An IP address can specify a subnet - for example: 10.10.10.0/24.

n	To allow any IP address, use 0.0.0.0/0.

n	Ports are available only for the protocols tcp, udp, and tcp/udp.

n	To allow any port, use 0.

Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com.