In this section:
Resequencing Rules are not supported in the SBC SWe Edge.
To add or modify an ACL rule:
- In the WebUI, click the Settings tab.
- In the left navigation pane, go to Protocols > IP > Access Control Lists.
Creating a Rule Entry
For System Default IPv4 and IPv6 Access Control Lists Configuration, refer to: IPv4 and IPv6 ACLs.
For Sample Teams Direct Routing ACL Rule Configuration, refer to Teams Direct Routing ACLs.
Below includes instructions for creating an ACL rule entry.
- In the left navigation panel, click on Access Control Lists and click on the desired table.
- Click on the desired entry.
Enter the desired configuration. See General Information Panel - Field Definitions.
NoteFederated IP addresses and FQDNs specified in an Access Control List are whitelisted.
Click OK.
General Information Panel - Field Definitions
Protocol
The protocol of the IP packets subject to this rule. Valid options: TCP, UDP, ICMP, OSPF, Any, or Other. Default value: TCP.
Action
Specifies the action to be taken upon packets matching this rule. Valid selections: Allow (default, packets matching this rule are accepted) or Deny (packets matching this rule are not accepted).
IANA IP Protocol Number
The Internet Assigned Numbers Authority (IANA) port number for various protocols. This field is available only when Other is selected from the Protocol drop down box.
Port Selection Method
The Services option allows you to define the service for either UDP or TCP protocol. The Single Port option should be used to specify a specific source or destination port number. This field is available only when either TCP or UDP is selected from the Protocol drop down box. Valid entry: Service or Single.
Port range is not supported in SWe Edge.
Service
| When this is the Protocol selection... | ...the Service choices are: |
|---|---|
| TCP |
|
| UDP |
|
Precedence
Every rule should have a unique precedence value. Value range is 1 - 65535. Default: 1.
Bucket Size
The policing bucket size (in packets). It represents a credit balance that should be consumed before the packets are discarded. The consumed credits reside in the bucket and gets reduced for every packet received.
Valid entry: 0-255 packets/second.
Fill Rate
The number of packets to add to the bucket credit balance (in packets/second). If a packet is received at a rate exceeding this fill rate, it is discarded subjected to the discard rate set in the IP Policing Alarm profile or in the Policing Alarm monitoring this Media Port. The bucket credit balance is always less than the configured bucket size regardless of the size of this increment.
Valid entry: 0-25000 packet/second.
Interface Name
A drop-down menu that allows the user to select an interface to which this ACL rule should be applied.
Source Panel - Field Definitions
IP Address
The IPv4 source address of the packets subject to this rule.
Netmask
The subnet mask of the source IP address.
Port Number
The port number associated with the source packets subject to this rule. This field is available only when TCP or UDP is selected from the Protocol drop down box and Single Port is selected from the Port Selection Method drop down box.
Destination Panel - Field Definitions
IP Address
The IPv4 destination address of the packets subject to this rule.
Netmask
The subnet mask of the destination IP address.
Port Number
The port number associated with the source packets subject to this rule. This field is available only when TCP or UDP is selected from the Protocol drop down box and Single Port is selected from the Port Selection Method drop down box.
Modifying a Rule
- Click the expand (
) Icon next to the entry you wish to modify. - Edit the entry properties as required, see details below.
To delete an entry, select the checkbox next to the entry and then click the Delete (
) icon.
System Default IPv4 and IPv6 Access Control Lists
The following are the system defaults for IPv4 and IPv6 Access Control Lists.
System defaults for IPv4 and IPv6 cannot be deleted.
System Default IPv4 ACL List
| IPv4 Default List | Protocol | Source IP/Mask | Destination IP/Mask | Protocol Service | Action | Interface Name | Precedence | Primary Key |
|---|---|---|---|---|---|---|---|---|
| Allow DHCP Access | ||||||||
| allow-dhcpv4-dstPort-67 | UDP | Any | Any | DHCP/BOOTP (Server) | Allow | - | 65000 | 1 |
| allow-dhcpv4-dstPort-68 | UDP | Any | Any | --None-- | Allow | - | 65001 | 2 |
| allow-dhcpv4-srtPort-67 | UDP | Any | Any | --None-- | Allow | - | 65002 | 3 |
| allow-dhcpv4-srtPort-68 | UDP | Any | Any | --None-- | Allow | - | 65003 | 4 |
| Allow Terminal Services | ||||||||
| allow-ssh-=dstPort-22 | TCP | Any | Any | SSH | Allow | - | 65004 | 1 |
| allow-ssh-=dstPort-80 | TCP | Any | Any | HTTP | Allow | - | 65005 | 2 |
| allow-ssh-=dstPort-443 | TCP | Any | Any | HTTPS | Allow | - | 65006 | 3 |
| Allow Everything | ||||||||
| allow-all-tcp | TCP | Any | Any | --None-- | Allow | - | 65007 | 1 |
| allow-all-udp | UDP | Any | Any | --None-- | Allow | - | 65008 | 2 |
| allow-all-icmp | ICMP | Any | Any | --None-- | Allow | - | 65009 | 3 |
System Default IPv6 ACL List
| IPv6 Default List | Protocol | Source IP/Mask | Destination IP/Mask | Protocol Service | Action | Interface Name | Precedence | Primary Key |
|---|---|---|---|---|---|---|---|---|
| Allow DHCP Access | ||||||||
| allow-dhcpv4-dstPort-67 | UDP | Any | Any | --None-- | Allow | - | 64000 | 1 |
| allow-dhcpv4-dstPort-68 | UDP | Any | Any | --None-- | Allow | - | 64001 | 2 |
| allow-dhcpv4-srtPort-67 | UDP | Any | Any | --None-- | Allow | - | 64002 | 3 |
| allow-dhcpv4-srtPort-68 | UDP | Any | Any | --None-- | Allow | - | 64003 | 4 |
| Allow Terminal Services | ||||||||
| allow-ssh-=dstPort-22 | TCP | Any | Any | --None-- | Allow | - | 64004 | 1 |
| allow-ssh-=dstPort-80 | TCP | Any | Any | --None-- | Allow | - | 64005 | 2 |
| allow-ssh-=dstPort-443 | TCP | Any | Any | --None-- | Allow | - | 64006 | 3 |
| Allow Everything | ||||||||
| allow-all-tcp | TCP | Any | Any | --None-- | Allow | - | 64007 | 1 |
| allow-all-udp | UDP | Any | Any | --None-- | Allow | - | 64008 | 2 |
| allow-all-icmp | ICMPv6 | Any | Any | --None-- | Allow | - | 64009 | 3 |
Sample Teams Direct Routing ACL Rule Configuration
Sample ACL Rule for Microsoft Teams
| Description | Protocol | Source IP/Mask | Destination IP/Mask | Protocol Service | Action | Interface Name | Precedence | Primary Key |
|---|---|---|---|---|---|---|---|---|
| Outbound DNS Request | TCP | <Source IP/Mask> | Any | DNS | Allow | Ethernet 1 | 1 | 1 |
| Outbound DNS Reply | TCP | Any | <Destination IP/Mask> | --None-- | Allow | Ethernet 1 | 2 | 2 |
| Outbound DNS Request | UDP | <Source IP/Mask> | Any | DNS | Allow | Ethernet 1 | 3 | 3 |
| Outbound DNS Reply | UDP | Any | <Destination IP/Mask> | --None-- | Allow | Ethernet 1 | 4 | 4 |
| Outbound NTP Request | UDP | <Source IP/Mask> | Any | --None-- | Allow | Ethernet 1 | 5 | 5 |
| Outbound NTP Reply | UDP | Any | <Destination IP/Mask> | --None-- | Allow | Ethernet 1 | 6 | 6 |
| Outbound SIP Request | TCP | <Source IP/Mask> | Any | --None-- | Allow | Ethernet 1 | 7 | 7 |
| Outbound SIP Reply | TCP | Any | <Destination IP/Mask> | --None-- | Allow | Ethernet 1 | 8 | 8 |
| Inbound SIP Request | TCP | Any | <Destination IP/Mask> | --None-- | Allow | Ethernet 1 | 9 | 9 |
| Inbound SIP Reply | TCP | <Source IP/Mask> | Any | --None-- | Allow | Ethernet 1 | 10 | 10 |
| Outbound DHCP Request Port-67 | UDP | Any | Any | DHCP/BOOTP (Server) | Allow | Ethernet 1 | 11 | 11 |
| Outbound DHCP Request Port-68 | UDP | Any | Any | --None-- | Allow | Ethernet 1 | 12 | 12 |
| Outbound DHCP Reply Port-67 | UPD | Any | Any | --None-- | Allow | Ethernet 1 | 13 | 13 |
| Outbound DHCP Reply Port-68 | UPD | Any | Any | --None-- | Allow | Ethernet 1 | 14 | 14 |
| Deny All Protocol | Any | Any | Any | --None-- | Deny | Ethernet 1 | 15 | 15 |
Overview
Content Tools