Fields for Exceptions to Stateful Firewalls in Enterprise Manager
Portal
Use the fields in this topic to specify
exceptions to stateful firewalls.
Priority
Numeric value to indicate which firewall exception takes
precedence if a subscriber has multiple exceptions for a firewall
service.
Value—Integer in the range specified by the online
help for this field
Guidelines—You must specify a priority for the firewall
exception. A lower number indicates a higher priority. Use a unique
priority for each firewall exception that relates to the same traffic.
If two rules have the same priority, they will be applied to traffic
in an unpredictable order.
Default—No value
Example—5
Name
Name of the subscription to the firewall service.
Value—Text string
Guidelines—You must specify a name for the firewall
exception.
Default—No value
Example—videoConference
Direction
Direction, with respect to the enterprise, of the initial
traffic flow in a conversation.
Value
Incoming—Applies to an initial traffic flow that
starts outside the enterprise
Outgoing—Applies to an initial traffic flow that
starts inside the enterprise
Both—Applies to initial traffic flows that start
inside or outside the enterprise
Default—Incoming
Example—Both
Source IPs
Source IP addresses (as contained in the IP packets) of
traffic to which the firewall exception applies.
Value—[ not ]<networkAddress>/<networkMask>
not—All addresses except the listed addresses
<networkAddress>—IP address of the network
<networkMask>—Subnet mask
Guidelines—To specify traffic with a particular
source IP address, enter an IP address. To specify all traffic except
that with a particular source IP address, precede the IP address with
the keyword not. To specify traffic with
any source IP address, leave the field empty. To specify multiple
source IP addresses, set the configuration level of the portal to
Advanced (see Setting the Configuration Level for Enterprise Manager Portal), and enter multiple
addresses on different lines.
Default—No value
Example—192.0.2.0/24
Destination IPs
Destination TCP/UDP ports (as contained in the IP packets)
of traffic to which this firewall exception applies.
Value—[ not ]<networkAddress>/<networkMask>
not—All addresses except the listed addresses
<networkAddress>—IP address of the network
<networkMask>—Subnet mask
Guidelines—To specify traffic with a particular
destination IP address, enter an IP address. To specify all traffic
except that with a particular destination IP address, precede the
IP address with the keyword not. To specify
multiple destination IP addresses, set the configuration level of
the portal to Advanced (see Setting the Configuration Level for Enterprise Manager Portal), and
enter multiple addresses on different lines.
Default—No value
Example—192.0.2.0/24
Application
Application object to which the firewall applies.
Value—Application object you defined
Guidelines—Select an application object from the
menu.
Default—Any
Example—ftp
Firewall Action
The way in which the firewall should handle the incoming
or outgoing traffic.
Value
Allow—Let the traffic through the firewall
Reject—Send an ICMP reply that explains why the
firewall blocked the traffic
Discard—Drop the traffic without sending any reply
Default—Allow
Example—Discard
Schedule
Configured schedule to use.
Name of the schedule
Guidelines—This field appears if scheduling is enabled
for the portal. .
Default—No value
Enabled
Status of the firewall exception.
Value
Gray box—Firewall exception is inherited from a
parent subscriber
White box—Firewall exception is configured for this
subscriber
Box with check mark—Firewall exception is enabled
Empty box—Firewall exception is disabled
Guidelines—Click box to enable or disable a firewall
exception.
