Source of the traffic:

any: Acts as a wildcard and applies to any source address.

user: This refers to traffic from the wireless client.

host: This refers to traffic from a specific host. When this option is chosen, you must configure the IPv6 address of the host. For example, 2002:d81f:f9f0:1000:c7e:5d61:585c:3ab.

network: This refers to a traffic that has a source IP from asubnetSubnet is the logical division of an IP network.of IP addresses. When you chose this option, you must configure the IPv6 address and network mask of thesubnetSubnet is the logical division of an IP network.. For example, 2002:ac10:fe:: ffff:ffff:ffff::.

alias: This refers to using an alias for a host or network.

NOTE:This release does not support IPv6 aliases. You cannot configure an alias for an IPv6 host or network.

Destination of the traffic, which you can configure in the same manner as source.

NOTE:VoIPVoice over IP. VoIP allows transmission of voice and multimedia content over an IP network.services are unavailable for IPv6 policies.

Type of traffic:

any: This option specifies that this rule applies to any type of traffic.

tcp: Using this option, you configure a range ofTCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data.ports to match the rule to be applied.

udp: Using this option, you configure a range ofUDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received.ports to match the rule to be applied.

service: Using this option, you use one of the pre-defined services (common protocols such asHTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection.,HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands., and others) as the protocol to match the rule to be applied. You can also specify a network service that you configure by navigating to theConfiguration > Advanced Services > Stateful Firewall > Network Servicespage.

protocol:使用这个选项,你指定一个不同的层4 protocol (other thanTCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data.orUDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received.) by configuring the IP protocol value.

The action that you want themanaged deviceto perform on a packet that matches the specified criteria.

permit:Permits traffic matching this rule.

drop:滴数据包匹配此规则没有任何notification.

NOTE:The only actions for IPv6 policy rules are permit or deny; in this release, themanaged devicecannot performNATNetwork Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.or redirection on IPv6 packets. You can specify options such as logging, mirroring, or blacklisting (described below).

Logs a match to this rule. This is recommended when a rule indicates a security breach, such as a data packet on a policy that is meant only to be used for voice calls.

Mirrors session packets to a datapath or remote destination specified in the IPv6firewallFirewall is a network security system used for preventing unauthorized access to or from a private network.function (seeTable 1). If the destination is an IP address, it must be an IPv4 IP address.

The queue in which a packet matching this rule should be placed. SelectHighfor higher priority data, such as voice, andLowfor lower priority traffic.

Time range for which this rule is applicable. You configure time ranges in theConfiguration > Security > Access Control > Time Rangespage.

Automatically blacklists a client that is the source or destination of traffic matching this rule. This option is recommended for rules that indicate a security breach where the blacklisting option can be used to prevent access to clients that are attempting to breach the security.

Value ofToSType of Service. The ToS field is part of the IPv4 header, which specifies datagrams priority and requests a route for low-delay, high-throughput, or a highly reliable service.bits to be marked in the IP header of a packet matching this rule when it leaves themanaged device.