ACL definition protocols/ports
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-25-2015 10:44 PM
Hi, It's possible to configure more than one protocol on the same line definition ?
I tried "protocol tcp,udp" but doesn't work.
When specifying a port, it's possible to add on the same line more than one ?
I tried :
destination-port 88; -> specify port 88
destination-port 88 - 90; -> specifies ports 88,89,90
It's possible to have an ACL policy file with e.g. protocols and ports definitions to be used by later by more than one policy ?
Thanks.
BR
I tried "protocol tcp,udp" but doesn't work.
When specifying a port, it's possible to add on the same line more than one ?
I tried :
destination-port 88; -> specify port 88
destination-port 88 - 90; -> specifies ports 88,89,90
It's possible to have an ACL policy file with e.g. protocols and ports definitions to be used by later by more than one policy ?
Thanks.
BR
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-26-2015 11:55 AM
Great ! Very clear.
It's possible to have a definition of ports on a file and then make a reference from another policy file ?
It's possible to have a definition of ports on a file and then make a reference from another policy file ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-26-2015 10:57 AM
Hello agd
The only way to specify more than one port is to have multiple entries in the same policy file. For example you can have one entry that looks at source IP address and destination-port 88 and then entry #2 with the same source IP and destination port 389.
That would accomplish any packet that matches either scenario.
Let me know if that helps
P
The only way to specify more than one port is to have multiple entries in the same policy file. For example you can have one entry that looks at source IP address and destination-port 88 and then entry #2 with the same source IP and destination port 389.
That would accomplish any packet that matches either scenario.
Let me know if that helps
P
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-26-2015 10:32 AM
If I want to specify a port list but they are not on a range, It's possible ?
e.g. I want to allow AD authentication, that haves different ports but they are not on a range, can I list on some way ?
I tried without success:
destination-port 88,389;
e.g. I want to allow AD authentication, that haves different ports but they are not on a range, can I list on some way ?
I tried without success:
destination-port 88,389;
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-26-2015 06:40 AM
ACL have a "match all" rule, ie a logical AND. For such reason you cannot have several protocols definition, because no packet could match them all. A packet cannot be udp and tcp at the same time, for example. Range of port is supported, you have it right. The "match any" that you can find is for Routing Policies only.
