Select a service from the list of available services. You can allow or deny access to any or all of the services based on your requirement:

Any—Access is allowed or denied to all services.

Custom—Customize the access based on available options such as TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. , UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received., and other options. If you select the TCP or UDP options, enter appropriate port numbers. If the Other option is selected, ensure that an appropriate ID is entered.

Select any of following actions:

Select Allow to allow user access based on the access rule.

Select Deny to deny user access based on the access rule.

Select Destination-NAT to allow making changes to the destination IP address and the port.

Select Source-NAT to allow making changes to the source IP address. The destination NATNetwork Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. and source NATSource NAT changes the source address of the packets passing through the router. Source NAT is typically used when an internal (private) host initiates a session to an external (public) host. actions apply only to the network services rules.

Select any of the following options:

From all sources—Traffic from all sources is either allowed, denied, or the IP address is translated at the source or the destination as defined in the rule.

From a particular host—Traffic from a particular host is either allowed, denied, or the IP address is translated at the source or the destination as defined in the rule. After selecting this option, specify the IP address of the host.

From a network—Traffic from a particular network is either allowed, denied, or the IP address is translated at the source or the destination as defined in the rule. After selecting this option, specify the IP address and netmask of the source network.

Select a destination option for the access rules for network services, applications, and application categories. You can allow or deny access to any the following destinations based on your requirements.

To all destinations—Traffic for all destinations is allowed, denied, or the IP address is translated at the source or the destination as defined in the rule.

To a particular server—Traffic to a specific server is allowed, denied, or the IP address is translated at the source or the destination as defined in the rule. After selecting this option, specify the IP address of the destination server.

Except to a particular server—Access is allowed or denied to servers other than the specified server. After selecting this option, specify the IP address of the destination server.

To a network—Traffic to the specified network is allowed, denied, or the IP address is translated at the source or the destination as defined in the rule. After selecting this option, specify the IP address and netmask for the destination network.

Except to a network—Access is allowed or denied to networks other than the specified network. After selecting this option, specify the IP address and netmask of the destination network.

To a Domain name—Traffic to the specified domain is allowed, denied, or the IP address is translated at the source or the destination as defined in the rule. After selecting this option, specify the domain name in the Domain Name text box.

To AP IP—Traffic to the specified Instant AP is allowed. After selecting this option, specify the domain name in the IP text box.

To AP Network—Traffic to the specified Instant AP network is allowed. After selecting this option, specify the domain name in the IP text box.

To master IP—Traffic to the specified master Instant AP or virtual controller is allowed. After selecting this option, specify the domain name in the IP text box.

Select the Log check box if you want a log entry to be created when this rule is triggered. Instant supports firewall-based logging function. Firewall logs on the Instant APs are generated as security logs.

Select the Blacklist check box to blacklist the client when this rule is triggered. The blacklisting lasts for the duration specified in the Auth failure blacklist time on the Blacklisting tab of the Security window.

Select the Classify Media check box to classify and tag media on HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. traffic as voice and video packets.

Select Disable scanning check box to disable ARMAdaptive Radio Management. ARM dynamically monitors and adjusts the network to ensure that all users are allowed ready access. It enables full utilization of the available spectrum to support maximum number of users by intelligently choosing the best RF channel and transmit power for APs in their current RF environment. scanning when this rule is triggered. The selection of Disable scanning applies only if ARM scanning is enabled.

Select the DSCP TAG check box to specify a DSCPDifferentiated Services Code Point. DSCP is a 6-bit packet header value used for traffic classification and priority assignment. value to prioritize traffic when this rule is triggered. Specify a value within the range of 0–63. To assign a higher priority, specify a higher value.