Cisco Cisco Expressway Manuel De Maintenance
5.
If there are no errors, the new rules are temporarily activated and you are taken to the Firewall rules
confirmation page.
You now have 15 seconds to confirm that you want to keep the new rules:
confirmation page.
You now have 15 seconds to confirm that you want to keep the new rules:
—
Click Accept changes to permanently apply the rules.
—
If the 15 seconds time limit expires or you click Rollback changes, the previous rules are reinstated and you
are taken back to the configuration page.
are taken back to the configuration page.
The automatic rollback mechanism provided by the 15 seconds time limit ensures that the client system that
activated the changes is still able to access the system after the new rules have been applied. If the client
system is unable to confirm the changes (because it can no longer access the web interface) then the
rollback will ensure that its ability to access the system is reinstated.
activated the changes is still able to access the system after the new rules have been applied. If the client
system is unable to confirm the changes (because it can no longer access the web interface) then the
rollback will ensure that its ability to access the system is reinstated.
When configuring firewall rules, you also have the option to Revert all changes. This discards all pending changes
and resets the working copy of the rules to match the current active rules.
and resets the working copy of the rules to match the current active rules.
Rule settings
The configurable options for each rule are:
Field
Description
Usage tips
Priority
The order in which the
firewall rules are applied.
firewall rules are applied.
The rules with the highest priority (1, then 2, then 3 and so on) are
applied first.
applied first.
Firewall rules must have unique priorities. Rule activation will fail if
there are multiple rules with the same priority.
there are multiple rules with the same priority.
Interface
The LAN interface on which
you want to control access.
you want to control access.
This only applies if the Advanced Networking option key is installed.
IP address
and Prefix
length
and Prefix
length
These two fields together
determine the range of IP
addresses to which the rule
applies.
determine the range of IP
addresses to which the rule
applies.
The Address range field shows the range of IP addresses to which
the rule applies, based on the combination of the IP address and
Prefix length.
the rule applies, based on the combination of the IP address and
Prefix length.
The prefix length range is 0-32 for an IPv4 address, and 0-128 for an
IPv6 address.
IPv6 address.
Service
Choose the service to which
the rule applies, or choose
Custom to specify your own
transport type and port
ranges.
the rule applies, or choose
Custom to specify your own
transport type and port
ranges.
Note that if the destination port of a service is subsequently
reconfigured on the Expressway, for example from 80 to 8080, any
firewall rules containing the old port number will not be automatically
updated.
reconfigured on the Expressway, for example from 80 to 8080, any
firewall rules containing the old port number will not be automatically
updated.
Transport
The transport protocol to
which the rule applies.
which the rule applies.
Only applies if specifying a Custom service.
Start and
end port
end port
The port range to which the
rule applies.
rule applies.
Only applies if specifying a UDP or TCP Custom service.
22
Cisco Expressway Administrator Guide