Fortinet 548B Switch User Manual


 
- 902 -
Protocol Number - Specify that a packet's IP protocol is a match condition for the selected IP ACL
rule and identify the protocol by number. The protocol number is a standard value assigned by IANA
and is interpreted as an integer from 1 to 255. Either the 'Protocol Number' field or the 'Protocol
Keyword' field can be used to specify an IP protocol value as a match criterion.
Source IP Address - Enter an IP address using dotted-decimal notation to be compared to a packet's
source IP Address as a match criteria for the selected IP ACL rule.
Source Wildcard Mask - Specify the IP Mask in dotted-decimal notation to be used with the Source
IP Address value.
Source L4 Port Keyword - Specify a packet's source layer 4 port as a match condition for the
selected extended IP ACL rule. This is an optional configuration. The possible values are DOMAIN,
ECHO, FTP, FTPDATA, HTTP, SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values
translates into its equivalent port number, which is used as both the start and end of the port range.
Source L4 Port Number - Specify a packet's source layer 4 port as a match condition for the
selected extended IP ACL rule. This is an optional configuration.
Destination IP Address - Enter an IP address using dotted-decimal notation to be compared to a
packet's destination IP Address as a match criteria for the selected extended IP ACL rule.
Destination IP Mask - Specify the IP Mask in dotted-decimal notation to be used with the Destination
IP Address value.
Destination L4 Port Keyword - Specify the destination layer 4 port match conditions for the selected
extended IP ACL rule. The possible values are DOMAIN, ECHO, FTP, FTPDATA, HTTP, SMTP,
SNMP, TELNET, TFTP, and WWW. Each of these values translates into its equivalent port number,
which is used as both the start and end of the port range. This is an optional configuration.
Destination L4 Port Number - Specify a packet's destination layer 4 port number match condition for
the selected extended IP ACL rule. This is an optional configuration.
Service Type - Select a Service Type match condition for the extended IP ACL rule from the pulldown
menu. The possible values are IP DSCP, IP precedence, and IP TOS, which are alternative ways of
specifying a match criterion for the same Service Type field in the IP header, however each uses a
different user notation. After a selection is made the appropriate value can be specified.
IP DSCP Configuration Specify the IP DiffServ Code Point (DSCP) field. The DSCP is
defined as the high-order six bits of the Service Type octet in the IP header. This is an optional
configuration. Enter an integer from 0 to 63. The IP DSCP is selected by possibly selection
one of the DSCP keyword from a dropdown box. If a value is to be selected by specifying its
numeric value, then select the 'Other' option in the dropdown box and a text box will appear
where the numeric value of the DSCP can be entered.
IP Precedence Configuration The IP Precedence field in a packet is defined as the
high-order three bits of the Service Type octet in the IP header. This is an optional
configuration. Enter an integer from 0 to 7.
IP TOS Configuration The IP TOS field in a packet is defined as all eight bits of the Service
Type octet in the IP header. The TOS Bits value is a hexadecimal number from 00 to FF. The
TOS Mask value is a hexadecimal number from 00 to FF. The TOS Mask denotes the bit
positions in the TOS Bits value that are used for comparison against the IP TOS field in a
packet. For example, to check for an IP TOS value having bits 7 and 5 set and bit 1 clear,
where bit 7 is most significant, use a TOS Bits value of 0xA0 and a TOS Mask of 0xFF. This is
an optional configuration.
Command Buttons
Configure - Configure the corresponding match criteria for the selected rule.
Delete - Remove the currently selected Rule from the selected ACL. These changes will not be
retained across a power cycle unless a save configuration is performed.