Conditions Syntax in Micro Edge Rules
Overview
Micro Edge has configurable rules that follow the format of
If all the following Conditions are met
[list of Conditions]
Apply the following Action
[Action]
Guidance below provides syntax to use when configuring Conditions for both routing and firewall rules.
Condition Type Syntax
In the tables below, the Condition Type specifies the type of value supported by the Condition. The table below lists the Condition Types supported.
IP Addresses |
An IPv4 or an IPv6 address.
|
Ports |
A numeric value representing a port
|
Integers | A single value, such as 1 or 5 or 10 |
Shell Glob Pattern |
A shell glob pattern match including use of * to match anything ? to match any single character [] to match a character sequence ! to exclude a character sequence Examples Arista, Aris*, Ar?ta, Aris[!a-e] |
Strings |
A string value with optional trailing asterisk. Examples eth0 or eth* |
Application Conditions
Condition | Condition Type | Examples | Description |
Application Name (Inferred) | Glob Pattern |
DNS, Google Hangouts |
Application name as predicted on the first-packet Predictive Routing |
Application Name (Matched) | Glob Pattern | DNS, Google Hangouts | Application name as matched during a session using Micro Edge's classification engine |
Application Category (Inferred) | Glob Pattern | Mail, Networking | Application category as predicted on the first packet using our Predictive Routing technology |
Application Category (Matched) | Glob Pattern | Mail, Networking | Application category as matched during a session using Micro Edge's classification engine |
Application Detail | Glob Pattern |
spade.twitch.tv |
Additional application information such as server hostname, or certificate SNI name |
Application ID (Inferred) | Glob Pattern |
SSL, NETFLIX |
Application ID as predicted on the first packet. |
Application ID (Matched) | Glob Pattern |
SSL, NETFLIX |
Application ID as matched during a session. |
Application Protochain (Inferred) | Glob Pattern |
IP, TCP,GOOGLE |
Application protochain as predicted on the first packet |
Application Protochain (Matched) | Glob Pattern |
IP, TCP, GOOGLE |
Application protochain as matched during a session |
Application Confidence (Inferred) | Integer |
5 |
Confidence rating that the predicted Application is correct (1 - 100) |
Application Confidence (Matched) | Integer |
5 |
Confidence rating that the matched Application is correct (1 - 100) |
Application Productivity (Inferred) | Integer |
4 |
Rates the impact on productivity of a predicated Application. Use 1 for a low rating, and 5 for a high rating. |
Application Productivity (Matched) | Integer |
4 |
Rates the impact on productivity of a matched application. (1 - 5) |
Application Risk (Inferred) | Integer |
5 |
Rates the risk that an application poses to introducing viruses or other exploits onto the network. (1 - 5) 1 for low risk, 5 for high risk. |
Application Risk (Matched) | Integer |
5 |
Rates the risk of a matched application. (1 - 5) |
Source Conditions
Condition | Condition Type | Examples | Description |
Source Address | IP address or range | 192.168.1.8 | Source address of the packet |
Source Address IPv6 | Ip address or range | 1234:1234:1234:1234:1234:1234:1234:1234 | IPv6 source address of the packet |
Source Address Type | Selected from list | Unicast, Local, Broadcast | Source address type of the packet. Local refers to the gateway host device. |
Source Port | Port | 443, 80 | Source port of the packet. Must be combined with a preceding 'IP Protocol' condition. |
Source Interface Name | String | eth0, lan2 | Source interface name for the packet. |
Source Interface Zone | Selected from list | LAN1, WAN0 | Source interface zone for the packet |
Source Interface Type | Selected from a list | Unset, WAN, LAN | Source interface type for the packet |
Destination Conditions
Condition | Condition Type | Examples | Description |
Destination Address | IP address or range | 116.3.21.4 | Destination address of a packet |
Destination Address IPv6 | IP address or range | 1234:1234:1234:1234:1234:1234:1234:1234 | Destination IPv6 address of a packet |
Destination Address Type | Selected from a list | Local, Broadcast, Multicast | Destination address type of a packet. Local refers to the gateway host device. |
Destination Port | Port | 443, 80 | Destination port of the packet (must be combined with a preceding 'IP Protocol' condition) |
Destination Interface Name | String | eth0, lan2, wan1, or wan* | Destination interface name for the packet |
Destination Interface Zone | Selected from a list | LAN1, LAN0 | Destination interface zone for the packet |
Destination Interface Type | Selected from a list | Unset, WAN, LAN | Destination interface type for the packet |
Client Conditions
Condition | Condition Type | Examples | Description |
Client Address | IP Address | 112.110.7.4 | Client address of the session |
Client Address IPv6 | IP Address | 1221:1222:1221:1222:1221:1222:1221:1222 | IPv6 address of the session |
Client Port | Port | 443 | Client port of the session |
Client Interface Zone | Selected from a list | LAN1, LAN0, WAN0 | Client interface zone for the session |
Client Interface Type | Selected from a list | Unset, WAN, LAN | Client interface type for the session |
Client Reverse DNS | Glob Pattern | MacBook-Pro-2.arista.int. | Client hostname of the session determined by reverse DNS |
Client DNS Hint | Glob Pattern | scre-tasfa.globas.com | Client hostname of the session determined by DNS |
Server Conditions
Condition | Type | Examples | Description |
Server Address | IP address | 110.121.4.6 | Server address of the session |
Server Address IPv6 | IP address | 1221:1222:1221:1222:1221:1222:1221:1222 | IPv6 server address of the session |
Server Port | Port | 443 | Server port of the session |
Server Interface Zone | Selected from a list | LAN1, WAN0, WAN1 | Server interface zone for the session |
Server Interface Type | Selected from a list | Unset, LAN, WAN | Server interface type for the session |
Server Reverse DNS | Glob Pattern | ec2-54-200-60-33.us-west-2.compute.amazonaws.com. | Server hostname of the session determined by reverse DNS |
Server DNS Hint | Glob Pattern | widget-mediator.zopim.com | Server hostname of the session determined by DNS |
Certificate Issuer Conditions
Condition | Condition Type | Examples | Description |
Common Name | Glob Pattern | DigiCert SHA2 Secure Server CA | Issuer common name specified in the certificate associated with the session |
Serial Number | Glob Pattern |
5:f5:d1:2d:5e:6f:0b:d4:ea:f2 :a2:c9:66:f3:b4:ce3:b4:ce |
Issuer serial number specified in the the certificate associated with the session |
Country | Glob Pattern | US | Issuer country specified in the certificate associated with the session |
Organization | Glob Pattern | DigiCert Inc | Issuer organization specified in the certificate associated with the session |
Organization Unit | Glob Pattern | Domain Control Validated|PositiveSSL Wildcard | Issuer organization unit specified in the certificate associated with the session |
Locality | Glob Pattern | Salford | Issuer locality specified in the certificate associated with the session |
Province | Glob Pattern | Manchester | Issuer province specified in the certificate associated with the session |
Street Address | Glob Pattern | 599 Farnbridge Road, Salford, Manch | Issuer street address specified in the certificate associated with the session |
Postal Code | Glob Pattern | 95873 | Issuer postal code specified in the certificate associated with the session |
Certificate Subject
Condition | Condition Type | Examples | Description |
Common Name | Glob Pattern | lb.slack-msgs.com | Subject common name specified in the certificate associated with the session |
Serial Number | Glob Pattern |
5:f5:d1:2d:5e:6f:0b:d4: ea:f2:a2:c9:66:f3:b4:ce |
Subject serial number specified in the the certificate associated with the session |
Country | Glob Pattern | US | Subject country specified in the certificate associated with the session |
Organization | Glob Pattern | Slack Technologies- Inc. | Subject organization specified in the certificate associated with the session |
Organization Unit | Glob Pattern | Domain Control Validated|PositiveSSL Wildcard | Subject organization unit specified in the certificate associated with the session |
Locality | Glob Pattern | San Francisco | Subject locality specified in the certificate associated with the session |
Province | Glob Pattern | California | Subject province specified in the certificate associated with the session |
Street Address | Glob Pattern | 100 West Union Street, San Francisco | Subject street address specified in the certificate associated with the session |
Postal Code | Glob Pattern | 95873 | Subject postal code specified in the certificate associated with the session |
Subject Alternative Name | Glob Pattern | far.ssl.com | Subject alternative name specified in the certificate associated with the session |
All DNS Names | Glob Pattern | example.com | Value in either Common Name or Subject Alternative name |
Other Conditions
Condition | Condition Type | Examples | Description |
IP Protocol | Selected from a list | TCP, UDP, ICMP | IP protocol of the packet |
Connection State | Selected from a list | Established, New, Invalid, Related | Connection state of the session |
Limit Rate | Integer | 100 | The throughput for the given rate and group selector |
Comments
0 comments
Please sign in to leave a comment.