Fortinet 548B User Manual

- 900 -

match the rule, the option of configuring other match criteria will not be offered. To configure specific
match criteria for the rule, remove the rule and re-create it, or re-configure 'Match Every' to 'False' for
the other match criteria to be visible.

Protocol - There are two ways to configure IPv6 protocol.

Specify an integer ranging from 0 to 255 after selecting protocol keyword "other". This number
represents the IP protocol

Select name of a protocol from the existing list of Internet Protocol (IP), Transmission Control
Protocol (TCP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMPv6).

Source Prefix / PrefixLength - Specify IPv6 Prefix combined with IPv6 Prefix length of the network
or host from which the packet is being sent. Prefix length can be in the range (0 to 128).

Source L4 Port - Specify a packet's source layer 4 port as a match condition for the selected IPv6
ACL rule. Source port information is optional. Source port information can be specified in two ways:

Select keyword "other" from the drop down menu and specify the number of the port in the range
from 0 to 65535.

Select one of the keyword from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP, SMTP, SNMP,
TELNET, TFTP, and WWW. Each of these values translates into its equivalent port number,
which is used as both the start and end of the port range.

Destination Prefix / PrefixLength - Enter up to 128-bit prefix combined with prefix length to be
compared to a packet's destination IP Address as a match criteria for the selected IPv6 ACL rule.
Prefix length can be in the range (0 to 128).

Destination L4 Port Keyword - Specify the destination layer 4 port match conditions for the
selected IPv6 ACL rule. The possible values are DOMAIN, ECHO, FTP, FTPDATA, HTTP, SMTP,
SNMP, TELNET, TFTP, and WWW. Each of these values translates into its equivalent port number,
which is used as both the start and end of the port range. This is an optional configuration.

Destination L4 Port Number - Specify a packet's destination layer 4 port number match condition
for the selected IPv6 ACL rule. This is an optional configuration.

Flow Label - Flow label is 20-bit number that is unique to an IPv6 packet, used by end stations to
signify quality-of-service handling in routers. Flow label can specified within the range (0 to
1048575).

IPv6 DSCP Service - Specify the IP DiffServ Code Point (DSCP) field.The DSCP is defined as the
high-order six bits of the Service Type octet in the IPv6 header. This is an optional configuration.
Enter an integer from 0 to 63. The IPv6 DSCP is selected by possibly selection one of the DSCP
keyword from a dropdown box. If a value is to be selected by specifying its numeric value, then
select the 'Other' option in the dropdown box and a text box will appear where the numeric value of
the DSCP can be entered.

Command Buttons

Configure - Configure the corresponding match criteria for the selected rule.

Delete - Remove the currently selected Rule from the selected ACL. These changes will not be
retained across a power cycle unless a save configuration is performed.

11.7.1.7 Configuring MAC Access Control List Configuration Page

A MAC ACL consists of a set of rules which are matched sequentially against a packet. When a packet
meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional
rules are not checked for a match. On this menu the interfaces to which an MAC ACL applies must be
specified, as well as whether it applies to inbound or outbound traffic. Rules for the MAC ACL are
specified/created using the MAC ACL Rule Configuration menu.