9 match dstip, 10 match dstl4port – Fortinet 548B User Manual

- 367 -

7.21.2.9 match dstip

This command adds to the specified class definition a match condition based on the destination IP
address of a packet.

Syntax

match dstip <ipaddr> <ipmask>

<ipaddr> specifies an IP address.

<ipmask> specifies an IP address bit mask; note that although similar to a standard subnet mask,
this bit mask need not be contiguous.

Default Setting

None

Command Mode

Class-Map Config

7.21.2.10 match dstl4port

This command adds to the specified class definition a match condition based on the destination layer 4
port of a packet using a single keyword or numeric notation or a numeric range notation.

Syntax

match dstl4port {<portkey> | <0-65535>}

To specify the match condition as a single keyword, the value for <portkey> is one of the supported port
name keywords. The currently supported <portkey> values are: domain, echo, ftp, ftpdata, http,
smtp, snmp, telnet, tftp, www. Each of these translates into its equivalent port number, which is used
as both the start and end of a port range.

To specify the match condition using a numeric notation, one layer 4 port number is required.

The port number is an integer from 0 to 65535.

To specify the match condition using a numeric range notation, two layer 4 port numbers are required
and together they specify a contiguous port range. Each port number is an integer from 0 to 65535, but
with the added requirement that the second number be equal to or greater than the first.

Default Setting

None