How to create firewall (Edgelayer) rules?

• Define Source IP
• Define Source Port
• Choose a Device
• Define Destination Port
• Select Protocol
• ICMP message and Packet Length
• Choose a Command

This article will help you to create Edgelayer ACLs for your network. Login to your dashboard area and click on the 'Edge Layer ACL' button under the 'Tools' option placed on the navigation bar on the left-hand side of the page. You can also click Edge Layer ACL to access the page and sign-in using your client dashboard user ID and Password provided.

Under this page, you can see all the ACL rules you will create. To create a new rule, click on the 'CreateEgelayeracl' button on the top right corner of your page.

To create a new rule, you will have to define several parameters as provided on this page. Let us now look at each one of them in detail.

Source IP

Specify the source IP on which you want the operation to be performed. You can specify either a source IP or an IP range. If you leave the field blank, it will block all source IPs for that specific rule.

Source Port

Specify the source port on which you want the operation to be performed. You can specify either a source port or a port range. If you leave the field blank, it will block all source ports for that specific rule.

Device

Please choose the device from the drop-down list on which you want to perform the action. The device selection will display the IP ranges assigned to it, and you can specify the entire IP range or a specific IP of the selected device.

Destination Port

Select the destination port or an entire range for which the action should be performed.

Protocol

While creating Access Control List, you can choose the protocol (for incoming traffic) on which the action should be performed. Please select from the following protocols. The ACL will perform operations only on the selected protocol.

- UDP
- TCP
- ICMP

ICMP message and Packet length

You can specify the ICMP message that you want to filter out. You can also set the packet length so any message with an inappropriate packet length should be filtered out.

Following are the drop-down menu options

Echo Reply: Used to ping
Echo Request: Also used to Ping
Info Reply: Information Reply
Info Request: Information Request
Mask reply: Address Mask Reply
Mask Request: Address Mask Request
Parameter Problem: Missing a required option
Redirect: send packets on an alternative route
Router Discovery: protocol for computer hosts to discover the presence and location of routers
Router Solicit: Router discovery/selection/solicitation
Source Quench: Sender decreases the rate of messages sent to a router or host
Time exceeded: Inform about discarded datagram due to the time to live field reaching zero
Timestamp: used for time synchronization
Timestamp reply: Timestamp Reply replies to a Timestamp message
unreachable: inform the client that the destination is unreachable

Command

The command field specifies the operation that you wish to perform on the selected IP range. The operations that you want to perform are the following -

- Accept
- Discard
- Rate-limit