62
Automatic rule numbering and renumbering
The ID automatically assigned to an ACL rule takes the nearest higher multiple of the numbering
step to the current highest rule ID, starting with 0.
For example, if the numbering step is 5 (the default), and there are five ACL rules numbered 0, 5, 9,
10, and 12, the newly defined rule is numbered 15. If the ACL does not contain any rule, the first rule
is numbered 0.
Whenever the step changes, the rules are renumbered, starting from 0. For example, if there are five
rules numbered 5, 10, 13, 15, and 20, changing the step from 5 to 2 causes the rules to be
renumbered 0, 2, 4, 6, and 8.
Time range
You can implement a service based on the time of the day by applying a time range to it. A
time-based service only takes effect in any time periods specified by the time range. For example,
you can implement time-based ACL rules by applying a time range to them. If a time range does not
exist, the service based on the time range does not take effect.
The following basic types of time ranges are available:
•
Periodic time range
—Recurs periodically on a day or days of the week.
•
Absolute time range
—Represents only a period of time and does not recur.
A time range is uniquely identified by the time range name. A time range can include multiple periodic
statements and absolute statements. The active period of a time range is calculated as follows:
1.
Combining all periodic statements.
2.
Combining all absolute statements.
3.
Taking the intersection of the two statement sets as the active period of the time range.
SSL
Secure Sockets Layer (SSL) is a cryptographic protocol that provides communication security for
TCP-based application layer protocols such as HTTP. SSL has been widely used in applications
such as e-business and online banking to provide secure data transmission over the Internet.
SSL provides the following security services:
•
Privacy
—SSL uses a symmetric encryption algorithm to encrypt data. It uses the asymmetric
key algorithm RSA to encrypt the key used by the symmetric encryption algorithm.
•
Authentication
—SSL uses certificate-based digital signatures to authenticate the SSL server
and client. The SSL server and client obtain digital certificates through PKI.
•
Integrity
—SSL uses the message authentication code (MAC) to verify message integrity.
Public key
The device supports the following asymmetric key algorithms:
•
Revest-Shamir-Adleman Algorithm (RSA).
•
Digital Signature Algorithm (DSA).
•
Elliptic Curve Digital Signature Algorithm (ECDSA).
Many security applications, including SSH, SSL, and PKI, use asymmetric key algorithms to secure
communications. Asymmetric key algorithms use two separate keys (one public and one private) for
encryption and decryption.