Skip to content
Any configuration changes made locally on the switch won't be synchronized with Sophos Central. We recommend making changes from the Sophos Central control panel instead.

IPv4 ACE

Use this page to view and add rules to IPv4-based ACLs.

Option Description
ACL Name Select the ACL from the list for which a rule is being created.
Sequence Enter the sequence number which signifies the order of the specified ACL relative to other ACLs assigned to the selected interface. The valid range is from 1 to 2147483647, 1 being processed first.
Action Select what action to take if a packet matches the criteria.
Permit: Forwards packets that meet the ACL.
Deny: Drops packets that meet the ACL
Protocol Select Any, Protocol ID, or Select from a List in the drop-down menu.
Any: Check Any to use any protocol.
ID: Enter the protocol in the ACE to which the packet is matched.
Select from List: Selects the protocol from the list in the provided.
ICMP: Internet Control Message Protocol (ICMP). The ICMP enables the gateway or destination host to communicate with the source host.
IPinIP: IP in IP encapsulates IP packets to create tunnels between two routers. This ensures that IP in IP tunnel appears as a single interface rather than several separate interfaces.
TCP: Transmission Control Protocol (TCP). Enables two hosts to communicate and exchange data streams. TCP guarantees packet delivery and guarantees that packets are transmitted and received in the order they are sent. EGP Exterior Gateway Protocol (EGP). Permits exchanging routing information between two neighboring gateway hosts in an autonomous systems network.
IGP: Interior Gateway Protocol (IGP). Enables a routing information exchange between gateways within an autonomous network.
UDP: User Datagram Protocol (UDP). UDP is a communication protocol that transmits packets but does not guarantee their delivery.
HMP: The Host Mapping Protocol (HMP) collects network information from various networks hosts. HMP monitors hosts spread over the Internet as well as hosts in a single network.
RDP: Reliable Data Protocol (RDP). Provides a reliable data transport service for packet-based applications.
IPv6: Matches the packet to the IPV6 protocol.
IPv6 Rout: Routing Header for IPv6.
IPv6 Frag: Fragment Header for IPv6.
RVSP: Matches the packet to the reservation protocol (RSVP).
IPv6: ICMP: The Internet Control Message Protocol (ICMP) allows the gateway or destination host to communicate with the source host.
OSPF: The Open Shortest Path First (OSPF) protocol is a link-state hierarchical interior gateway protocol (IGP) for network routing Layer Two (2) Tunneling Protocols. It is an extension to the PPP protocol that enables ISPs to operate Virtual Private Networks (VPNs).
PIM: Matches the packet to Protocol Independent Multicast (PIM).
L2TP: Matches the packet to Internet Protocol (L2IP).
Source IP Address Value Enter the source IP address.
Source IP Mask Enter the mask of the new source IP address.
Destination IP Address Value Enter the destination IP address.
Destination IP Mask Enter the mask of the new destination IP address.
Type of Service Select Any or DSCP to match from the drop-down list. When DSCP to match is selected, enter the DSCP. The range is from 0 to 63.
ICMP Type Select Any, Protocol ID, or Select from List from the drop-down menu.
Protocol ID: Enter the protocol in the ACE to which the packet is matched. The range is from 0 to 255.
Select from List: Select the ICMP from the list in the provided
ICMP Code Select Any or User Defined from drop down menu. When User Defined is selected, enter the ICMP code value. The range is from 0 to 255.

Click Apply to update the system settings.