The standard Access Control Lists (ACLs) represent predefined protocol packet types. For each ACL, select one of the following settings. The ACL setting overrides the default behavior and any port/protocol rules.
Allow: Allows the ACL’s protocol packets.
Inherit: If the policy’s Inherit from Policy Hierarchy setting is enabled, inherits this setting from other Firewall policies assigned higher in the policy hierarchy. For example, if you assign this policy to a user, the setting is inherited from any Firewall policies assigned to the user’s groups, folders, or zone.
The following list provides a brief descriptions of each ACL:
802.1x: Allows 802.1x packets. To overcome deficiencies in Wired Equivalent Privacy (WEP) keys, Microsoft and other companies are utilizing 802.1x as an alternative authentication method. 802.1x is a port-based network access control that uses the Extensible Authentication Protocol (EAP) or certificates. Currently, most major wireless card vendors and many access point vendors support 802.1x. This setting also allows Light Extensible Authentication Protocol (LEAP) and WiFi Protected Access (WPA) authentication packets.
ARP: Allows Address Resolution Protocol (ARP) packets. Address resolution refers to the process of finding an address of a computer in a network. The address is resolved by using a protocol in which a piece of information is sent by a client process executing on the local computer to a server process executing on a remote computer. The information received by the server allows the server to uniquely identify the network system for which the address was required and therefore to provide the required address. The address resolution procedure is completed when the client receives a response from the server containing the required address.
Ethernet Multicast: Allows Ethernet Multicast packets. Multicast is a bandwidth-conserving technology that reduces traffic by simultaneously delivering a single stream of information to thousands of corporate recipients and homes. Applications that take advantage of multicast include video conferencing, corporate communications, distance learning, and distribution of software, stock quotes, and news. Multicast packets can be distributed by using either IP or Ethernet addresses.
ICMP: Allows Internet Control Message Protocol (ICMP) packets. ICMP packets are used by routers, intermediary devices, or hosts to communicate updates or error information to other routers, intermediary devices, or hosts. ICMP messages are sent in several situations; for example, when a datagram cannot reach its destination, when the gateway does not have the buffering capacity to forward a datagram, and when the gateway can direct the host to send traffic on a shorter route.
IP Multicast: Allows IP Multicast packets. Multicast is a bandwidth-conserving technology that reduces traffic by simultaneously delivering a single stream of information to thousands of corporate recipients and homes. Applications that take advantage of multicast include video conferencing, corporate communications, distance learning, and distribution of software, stock quotes, and news. Multicast packets can be distributed by using either IP or Ethernet addresses.
IP Subnet Broadcast: Allows Subnet Broadcast packets. Subnet broadcasts are used to send packets to all hosts of a subnetted, supernetted, or otherwise nonclassful network. All hosts of a nonclassful network listen for and process packets addressed to the subnet broadcast address.
Logical Link Layer Control: Allows LLC-encoded packets.
SNAP: Allows SNAP-encoded packets. Subnetwork Access Protocol (SNAP) is an extension of the Logic Link Control (LLC IEEE 802.2) header and is used for encapsulating IP datagrams and ARP requests and replies on IEEE 802 networks.
ZENworks Server: Allows packets sent to and received from the ZENworks Server.