Chapter 19 Application Patrol
NXC5200 User’s Guide
285
User
Select a user name or user group to which to apply the policy. Use
Create new Object if you need to configure a new user account. Select
any to apply the policy for every user.
From
Select the source zone of the traffic to which this policy applies.
To
Select the destination zone of the traffic to which this policy applies.
Source
Select a source address or address group for whom this policy applies.
Use Create new Object if you need to configure a new one. Select any
if the policy is effective for every source.
Destination
Select a destination address or address group for whom this policy
applies. Use Create new Object if you need to configure a new one.
Select any if the policy is effective for every destination.
Protocol
Select the protocol for which this condition applies. Choices are: TCP
and UDP. Select any to apply the policy to both TCP and UDP traffic.
Access
This field controls what the NXC does with packets that match this policy.
Choices are:
forward - the NXC routes the packets.
Drop - the NXC does not route the packets and does not notify the client
of its decision.
Reject - the NXC does not route the packets and notifies the client of its
decision.
DSCP Marking
Set how the NXC handles the DSCP value of the outgoing packets that
match this policy. Inbound refers to the traffic the NXC sends to a
connection’s initiator. Outbound refers to the traffic the NXC sends out
from a connection’s initiator.
Select one of the pre-defined DSCP values to apply or select User
Defined to specify another DSCP value. The “af” choices stand for
Assured Forwarding. The number following the “af” identifies one of four
classes and one of three drop preferences.
Select preserve to have the NXC keep the packets’ original DSCP value.
Select default to have the NXC set the DSCP value of the packets to 0.
Bandwidth
Management
Configure these fields to set the amount of bandwidth the application
can use. These fields only apply when Access is set to forward.
Inbound
kbps
Type how much inbound bandwidth, in kilobits per second, this policy
allows the traffic to use. Inbound refers to the traffic the NXC sends to a
connection’s initiator.
If you enter 0 here, this policy does not apply bandwidth management
for the matching traffic that the NXC sends to the initiator. Traffic with
bandwidth management disabled (inbound and outbound are both set to
0) is automatically treated as the lowest priority (7).
If the sum of the bandwidths for routes using the same next hop is
higher than the actual transmission speed, lower priority traffic may not
be sent if higher priority traffic uses all of the actual bandwidth.
Table 104
AppPatrol > Other > Add/Edit (continued)
LABEL
DESCRIPTION