Avaya G430 Manual page 558

Policy lists
QoS list parts
Allowed values on QoS fields
Use of policy-based routing
About access control lists
Access lists have the following parts:
Global rules: A set of rules that are executed before the list is evaluated.
Rule list: A list of filtering rules and actions for the Branch Gateway to take when a packet
matches the rule. Match actions on this list are pointers to the composite operation table.
Actions (composite operation table): A table that describes actions to be performed when
a packet matches a rule. The table includes pre-defined actions, such as permit and deny. You
can configure more complex rules. See
Related topics:
Access control list rule specifications
Network security using access control lists
Access control list rule specifications
You can use access control lists to control which packets are authorized to pass through an
interface. When a packet matches a rule on the access control list, the rule specifies whether
the Branch Gateway:
• Accepts the packet or drops the packet
• Sends an ICMP error reply if it drops the packet
• Sends an SNMP trap if it drops the packet
Network security using access control lists
The primary use of access control lists is to act as a component of network security. You can
use access control lists to determine which applications, networks, and users can access hosts
on your network. Also, you can restrict internal users from accessing specific sites or
applications outside the network. Access control lists can be based on permitting or denying
specific values or groups of IP addresses, protocols, ports, IP fragments, or DSCP values. The
following figure illustrates how access control lists are used to control traffic into and out of
your network.
558 Administering Avaya G430 Branch Gateway
on page 559
on page 560
on page 560
Comments? infodev@avaya.com
Composite operations
on page 558
on page 558
on page 574.
October 2013