The access control function controls traffic of communication packets by referring to the information of communication packets which attempt to pass through NS Appliance.
The conditions to allow communication packets to pass through can be freely determined by defining a rule on the NS Appliance.
By using this function, it is possible to allow only communication packets from authorized service users or specific communication packets. In this way, it is possible to control which packets are allowed, according to the system requirements.
Figure 1.3 Access Control Function Overview
The following information of communication packets can be used for defining rules on NS Appliance:
Definable Information | Remarks | |
|---|---|---|
IP address | IP address | Destination or sender IP address |
Destination IP address | - | |
Sender IP address | - | |
Port number | Port number | Destination or sender port number |
Destination port number | - | |
Sender port number | - | |
Interface | Incoming interface | - |
ICMP session information | addr.mask | Address Mask Request/Address Mask Reply |
echo / ping | Echo/Echo Reply | |
info | Information Request/Information Reply | |
timestamp | Timestamp/Timestamp Reply | |
any | All ICMP session information is the target. | |
IP protocol number | 1(icmp) | Internet Control Message Protocol for IPv4 |
2(igmp) | Internet Group Management Protocol | |
6(tcp) | Transmission Control Protocol | |
8(egp) | Exterior Gateway Protocol | |
9(igp) | Interior Gateway Protocol | |
17(udp) | User Datagram Protocol | |
45(idrp) | Inter-Domain Routing Protocol | |
46(rsvp) | Resource ReSerVation Protocol | |
47(gre) | General Encapsulation Security Payload | |
50(esp) | IP Encapsulating Security Payload (IPSec) | |
50(ipsec) | Security Architecture for the Internet Protocol | |
51(ah) | IP Authentication Header (IPSec) | |
58(icmpv6) | Internet Control Message Protocol for IPv6 | |
89(ospf) | Open Shortest Path First Protocol | |
103(pim) | Protocol Independent Multicast | |
108(ipcomp) | IP Payload Compression Protocol | |
115(l2tp) | Layer Two Tunneling Protocol | |
132(sctp) | Stream Control Transmission Protocol | |
134(rsvp.e2e) | Aggregation of RSVP End-to-End | |
any | All communication packets are targets. | |
