Fields for Exceptions to Stateful Firewalls in Enterprise Manager Portal

Priority

• Numeric value to indicate which firewall exception takes precedence if a subscriber has multiple exceptions for a firewall service.

• Value—Integer in the range specified by the online help for this field

• Guidelines—You must specify a priority for the firewall exception. A lower number indicates a higher priority. Use a unique priority for each firewall exception that relates to the same traffic. If two rules have the same priority, they will be applied to traffic in an unpredictable order.

• Default—No value

• Example—5

Name

• Name of the subscription to the firewall service.

• Value—Text string

• Guidelines—You must specify a name for the firewall exception.

• Default—No value

• Example—videoConference

Direction

• Direction, with respect to the enterprise, of the initial traffic flow in a conversation.

• Value
  • Incoming—Applies to an initial traffic flow that starts outside the enterprise
  • Outgoing—Applies to an initial traffic flow that starts inside the enterprise
  • Both—Applies to initial traffic flows that start inside or outside the enterprise

• Default—Incoming

• Example—Both

Source IPs

• Source IP addresses (as contained in the IP packets) of traffic to which the firewall exception applies.

• Value—[ not ]<networkAddress>/<networkMask>
  • not—All addresses except the listed addresses
  • <networkAddress>—IP address of the network
  • <networkMask>—Subnet mask

• Guidelines—To specify traffic with a particular source IP address, enter an IP address. To specify all traffic except that with a particular source IP address, precede the IP address with the keyword not. To specify traffic with any source IP address, leave the field empty. To specify multiple source IP addresses, set the configuration level of the portal to Advanced (see Setting the Configuration Level for Enterprise Manager Portal), and enter multiple addresses on different lines.

• Default—No value

• Example—192.0.2.0/24

Destination IPs

• Destination TCP/UDP ports (as contained in the IP packets) of traffic to which this firewall exception applies.

• Value—[ not ]<networkAddress>/<networkMask>
  • not—All addresses except the listed addresses
  • <networkAddress>—IP address of the network
  • <networkMask>—Subnet mask

• Guidelines—To specify traffic with a particular destination IP address, enter an IP address. To specify all traffic except that with a particular destination IP address, precede the IP address with the keyword not. To specify multiple destination IP addresses, set the configuration level of the portal to Advanced (see Setting the Configuration Level for Enterprise Manager Portal), and enter multiple addresses on different lines.

• Default—No value

• Example—192.0.2.0/24

Application

• Application object to which the firewall applies.

• Value—Application object you defined

• Guidelines—Select an application object from the menu.

• Default—Any

• Example—ftp

Firewall Action

• The way in which the firewall should handle the incoming or outgoing traffic.

• Value
  • Allow—Let the traffic through the firewall
  • Reject—Send an ICMP reply that explains why the firewall blocked the traffic
  • Discard—Drop the traffic without sending any reply

• Default—Allow

• Example—Discard

Schedule

• Configured schedule to use.

• Name of the schedule

• Guidelines—This field appears if scheduling is enabled for the portal.

• Default—No value

Enabled

• Status of the firewall exception.

• Value
  • Gray box—Firewall exception is inherited from a parent subscriber
  • White box—Firewall exception is configured for this subscriber
  • Box with check mark—Firewall exception is enabled
  • Empty box—Firewall exception is disabled

• Guidelines—Click box to enable or disable a firewall exception.

• Default—Firewall exception is disabled