Fortinet 548B User Manual

- 895 -

11.7.1.3 Configuring IP Access Control List Rule Configuration Page

Use these screens to configure the rules for the IP Access Control Lists created using the IP Access
Control List Configuration screen. What is shown on this screen varies depending on the current step in
the rule configuration process. A Standard/Extended IP ACL must first be selected to configure rules for.
The rule identification, and the 'Action' and 'Match Every' parameters must be specified next. If 'Match
Every' is set to false a new screen will then be presented from which the match criteria can be
configured.

Selection Criteria

IP ACL ID - Use the pulldown menu to select the IP ACL for which to create or update a rule.

Rule - Select an existing rule from the pulldown menu, or select 'Create New Rule.' ACL as well as
an option to add a new Rule. New rules cannot be created if the maximum number of rules has been
reached. For each rule, a packet must match all the specified criteria in order to be true against that
rule and for the specified rule action (Permit/Deny) to take place.

Configurable Data

Rule ID - Enter a whole number in the range of 1 to 8 that will be used to identify the rule. An IP ACL
may have up to 8 rules.

Action - Specify what action should be taken if a packet matches the rule's criteria. The choices are
permit or deny.

Logging - When set to 'True', logging is enabled for this ACL rule (subject to resource availability in
the device). If the Access List Trap Flag is also enabled, this will cause periodic traps to be
generated indicating the number of times this rule was 'hit' during the current report interval. A fixed 5