Properties

Name

Specifies a symbolic name for the rule. (Optional)

SourceInterface

Specifies the name of the receiving interface to be compared to the received packet.

DestinationInterface

Specifies the destination interface to be compared to the received packet.

SourceNetwork

Specifies the sender span of IP addresses to be compared to the received packet.

DestinationNetwork

Specifies the destination span of IP addresses to be compared to the received packet.

SourceGeolocation

Specifies the sender geolocation to be compared to the received packet. (Default: any-region)

DestinationGeolocation

Specifies the destination geolocation to be compared to the received packet. (Default: any-region)

Service

Specifies a service that will be used as a filter parameter when matching traffic with this rule.

Action

Specifies what action to take for traffic matching this rule.

Stateless

Use stateless packet forwarding. Stateful protocol validation is disabled. (Default: No)

StatelessAllowNewTCP

For stateless forwarding, allow opening of new TCP streams. If disabled, only active TCP streams will open new flows. (Default: Yes)

TTLDecrease

The TTL/HopLimit should always be decremented when a router forwards an IP packet. In some very special address-translation use-cases where packets are not forwarded, but rather echoed back, it might however be desirable to not decrease the TTL/HopLimit. WARNING: Only modify this in use-cases where explicitly documented. Misuse may cause network disturbances. (Default: Enabled)

OnDeny

Specify whether any response should be sent when denying traffic. By default no response is sent, packets are silently dropped. (Default: Drop)

ProtocolTranslation

Specifies how the IP protocol is to be translated. (Default: Disabled)

Prefix

The prefix to use for ProtocolTranslation when using Prefix address translation.

SourceTranslation

Specifies how the source address/port is to be translated. (Default: Disabled)

SetSourceAddress

Specifies how to set the source address.

NewSourceIP4

The address to translate to for IPv4 traffic. (Optional)

NewSourceIP6

The address to translate to for IPv6 traffic. (Optional)

NATPool

The NAT Pool to allocate an address from when NATing using NAT Pool. The IP rule must only handle IPv4 packets, or be a rule translating from IPv6 to IPv4.

SetSourcePort

Specifies how to set the source port. (Default: Disabled)

NewSourcePort

The port to use for source port translation.

DestinationTranslation

Specifies how the destination address/port is to be translated. (Default: Disabled)

SetDestinationAddress

Specifies how to set the destination address.

NewDestinationIP4

The address to translate to for IPv4 traffic. (Optional)

NewDestinationIP6

The address to translate to for IPv6 traffic. (Optional)

SetDestinationPort

Specifies how to set the destination port. (Default: Disabled)

NewDestinationPort

The port to use for destination port translation.

AppControl

Enables deep packet inspection to identify the type of application that likely generated the traffic. (Default: Yes)

TrafficProfile

Selects a traffic profile to use to shape the traffic. (Optional)

DNSAlgProfile

Selects a DNS ALG profile to use on this rule that configures extended processing of traffic that matches this rule and the matching service has AppProto set to DNS. (Optional)

FTPAlgProfile

Selects a FTP ALG profile to use on this rule that configures extended processing of traffic that matches this rule and the matching service has AppProto set to FTP. (Optional)

GTPInspectionProfile

Selects a GTP inspection profile to use on this rule that configures extended processing of traffic that matches this rule and the matching service has AppProto set to GTP. (Optional)

SSLInspectionProfile

Selects an SSL Inspection profile to use on this rule that configures extended processing of traffic that matches this rule. (Optional)

SIPAlgProfile

Selects a SIP ALG profile to use on this rule that configures extended processing of traffic that matches this rule and the matching service has AppProto set to SIP. (Optional)

SyslogAlgProfile

Selects a Syslog ALG profile to use on this rule that configures extended processing of traffic that matches this rule and the matching service has AppProto set to Syslog. (Optional)

LogEnabled

Enable logging. (Default: Yes)

Comments

Text describing the current object. (Optional)