访问列表模板

使用此页面创建，修改，删除和重命名访问控制列表（ACLS）。

ACL是用于过滤流量的可重复使用的匹配标准。它与动作相关permit或者否定. You can use the same ACL as the MATCH condition in more than one policy: Route, QoS, Optimization, or NAT.

• An ACL consists of one or more ordered access control rules.

• An ACL only becomes active when it is used in a policy.

• 否定prevents further processing of the flow by那个ACL，特别是. The appliance continues to the next entry in the policy.

• 允许allows the matching traffic flow to proceed on to the policy entry’s associated SET actions. The default ispermit.

• 创建ACL规则时，列出否定首先说明声明，并在更限制的规则之前确定限制性较小的规则。

优先

• 使用此模板，您可以从优先级创建规则1000 – 9999. When the template is applied to an appliance, Orchestrator will delete all rules having a priority in that range before applying its policies.

• 如果您直接访问设备，则可以创建比编排规则更高的优先级规则（1 – 999) and rules with lower priority (10000 - 19999和25000 - 65534).

  笔记：The priority range from20000至24999保留用于编排。

• When adding a rule, the priority is incremented by ten from the previous rule. The priority can be changed, but this default behavior helps to ensure you can insert new rules without having to change subsequent priorities.

Match Criteria

• 要指定入站和出站流量的不同标准，请选择资料来源：DEST复选框。

Source or Destination

• IP地址可以指定子网 - 例如：10.10.10.0/24。

• To allow任何IP地址，使用0.0.0.0/0。

• 端口仅适用于协议tcp,udp, andTCP/UDP.

• To allowany port， 利用0.

基于通配符的前缀匹配

• When using a range or a wildcard, the IPv4 address must be specified in the 4-octet format, separated by the dot notation. For example,A.B.C.D.

• Range is specified using a dash. For example,128-129.

• 通配符指定为星号（*).

• 范围和通配符都可以在同一地址中使用，但是八位位置只能包含一个或另一个。例如，10.136-137.*.64-95.

• 通配符只能用来定义整个八位位。例如，10.13*。*。64-95不支持。指定此范围的正确方法是10.130-139。*。64-94.

• 相同的规则适用于IPv6地址。

• CIDR notation and (Range or Wildcard) are mutually exclusive in the same address. For example, use either192.168.0.0/24或者192.168.0.1-127.

• These prefix-matching rules only apply to the following policies: Router, QoS, Optimization, NAT, Security, and ACLs.

---