Conditions Syntax in SD-WAN Router Rules

Overview

Untangle SD-WAN Router has configurable rules that follow the format of

If all the following Conditions are met

[list of Conditions]

Apply the following Action

[Action]

Guidance below provides syntax to use when configuring Conditions for both routing and firewall rules.

Condition Type Syntax

In the tables below, the Condition Type specifies the type of value supported by the Condition.  The table below lists the Condition Types supported.

 IP Addresses

 An IPv4 or an IPv6 address.

  • a single IP address, such as 1.2.3.4 or 1234:1234:1234:1234:1234:1234:1234:1234
  • a range of IP addresses, such as 1.2.3.4-1.2.3.10
  • a CIDR Range, such as 192.168.1.0/24, 2001:db8::/124
  • a list of IP address matches, such as 1.2.3.4,1.2.3.5,1.2.3.10-1.2.3.15
 Ports

 A numeric value representing a port

  • a single port, such as 80
  • multiple ports, such as 80,443
  • a range of ports, such as 2000-2003
Integers   A single value, such as 1 or 5 or 10
Shell Glob Pattern

 A shell glob pattern match including use of

 * to match anything

 ? to match any single character

 [] to match a character sequence

 ! to exclude a character sequence

 Examples

 Untangle, Untan*, Unt?ngle, Untangl[!a-e]

Strings

 A string value with optional trailing asterisk.

 Examples

 eth0 or eth*

 

Application Conditions

Condition Condition Type  Examples  Description
Application Name (Inferred)  Glob Pattern

 DNS, Google  Hangouts  

Application name as predicted on the first packet Untangle's Predictive Routing
Application Name (Matched)  Glob Pattern  DNS, Google Hangouts Application name as matched during a session using SD-WAN Router's classification engine
Application Category (Inferred)  Glob Pattern  Mail, Networking Application category as predicted on the first packet using Untangle's Predictive Routing technology
Application Category (Matched)  Glob Pattern  Mail, Networking Application category as matched during a session using SD-WAN Router's classification engine
Application Detail  Glob Pattern

www.googleapis.com, 

 spade.twitch.tv

Additional application information such as server hostname, or certificate SNI name
Application ID (Inferred) Glob Pattern

 SSL, NETFLIX

Application ID as predicted on the first packet.
Application ID (Matched)  Glob Pattern

 SSL, NETFLIX

Application ID as matched during a session.
Application Protochain (Inferred)  Glob Pattern

 IP, TCP,GOOGLE

Application protochain as predicted on the first packet
Application Protochain (Matched) Glob Pattern

 IP, TCP, GOOGLE

Application protochain as matched during a session
Application Confidence (Inferred)  Integer

 5

Confidence rating that the predicted Application is correct (1 - 100)
Application Confidence (Matched)  Integer

 5

Confidence rating that the matched Application is correct (1 - 100) 
Application Productivity (Inferred)  Integer

 4

Rates the impact on productivity of a predicated Application. Use 1 for a low rating, and 5 for a high rating.
Application Productivity (Matched)  Integer

 4

Rates the impact on productivity of a matched application. (1 - 5)
Application Risk (Inferred)  Integer

 5

Rates the risk that an application poses to introducing viruses or other exploits onto the network. (1 - 5) 1 for low risk, 5 for high risk.
Application Risk (Matched)  Integer

 5

Rates the risk of a matched application. (1 - 5)

 

Source Conditions

Condition Condition Type Examples Description
Source Address  IP address or range  192.168.1.8 Source address of the packet
Source Address IPv6 Ip address or range 1234:1234:1234:1234:1234:1234:1234:1234  IPv6 source address of the packet
Source Address Type  Selected from list  Unicast, Local, Broadcast Source address type of the packet
Source Port  Port  443, 80 Source port of the packet. Must be combined with a preceding 'IP Protocol' condition.
Source Interface Name  String  eth0, lan2 Source interface name for the packet.
Source Interface Zone Selected from list  LAN1, WAN0 Source interface zone for the packet
Source Interface Type Selected from a list  Unset, WAN, LAN Source interface type for the packet

 

Destination Conditions

Condition Condition Type Examples Description
Destination Address IP address or range 116.3.21.4 Destination address of a packet
Destination Address IPv6 IP address or range 1234:1234:1234:1234:1234:1234:1234:1234  Destination IPv6 address of a packet
Destination Address Type  Selected from a list  Local, Broadcast, Multicast  Destination address type of a packet
Destination Port  Port  443, 80  Destination port of the packet (must be combined with a preceding 'IP Protocol' condition)
Destination Interface Name  String  eth0, lan2, wan1, or wan*  Destination interface name for the packet 
Destination Interface Zone  Selected from a list  LAN1, LAN0  Destination interface zone for the packet
Destination Interface Type  Selected from a list  Unset, WAN, LAN Destination interface type for the packet

 

Client Conditions

Condition Condition Type Examples Description
Client Address  IP Address  112.110.7.4 Client address of the session
Client Address IPv6  IP Address  1221:1222:1221:1222:1221:1222:1221:1222 IPv6 address of the session
Client Port  Port  443  Client port of the session
Client Interface Zone  Selected from a list  LAN1, LAN0, WAN0 Client interface zone for the session
Client Interface Type  Selected from a list  Unset, WAN, LAN  Client interface type for the session
Client Reverse DNS  Glob Pattern  MacBook-Pro-2.untangle.int.  Client hostname of the session determined by reverse DNS
Client DNS Hint Glob Pattern  scre-tasfa.globas.com Client hostname of the session determined by DNS

 

Server Conditions

Condition Type Examples Description
Server Address  IP address  110.121.4.6 Server address of the session
Server Address IPv6  IP address 1221:1222:1221:1222:1221:1222:1221:1222  IPv6 server address of the session
Server Port  Port  443  Server port of the session
Server Interface Zone  Selected from a list  LAN1, WAN0, WAN1  Server interface zone for the session 
Server Interface Type  Selected from a list  Unset, LAN, WAN Server interface type for the session
Server Reverse DNS Glob Pattern  ec2-54-200-60-33.us-west-2.compute.amazonaws.com.  Server hostname of the session determined by reverse DNS
Server DNS Hint Glob Pattern  widget-mediator.zopim.com  Server hostname of the session determined by DNS

 

Certificate Issuer Conditions

Condition Condition Type Examples Description
Common Name  Glob Pattern  DigiCert SHA2 Secure Server CA Issuer common name specified in the certificate associated with the session
Serial Number  Glob Pattern

5:f5:d1:2d:5e:6f:0b:d4:ea:f2

:a2:c9:66:f3:b4:ce3:b4:ce

 Issuer serial number specified in the the certificate associated with the session
Country  Glob Pattern  US  Issuer country specified in the certificate associated with the session
Organization  Glob Pattern  DigiCert Inc  Issuer organization specified in the certificate associated with the session
Organization Unit  Glob Pattern  Domain Control Validated|PositiveSSL Wildcard  Issuer organization unit specified in the certificate associated with the session
Locality  Glob Pattern  Salford  Issuer locality specified in the certificate associated with the session
Province  Glob Pattern  Manchester  Issuer province specified in the certificate associated with the session
Street Address  Glob Pattern  599 Farnbridge Road, Salford, Manch  Issuer street address specified in the certificate associated with the session
Postal Code  Glob Pattern  95873  Issuer postal code specified in the certificate associated with the session

 

Certificate Subject

 Condition  Condition Type  Examples  Description
Common Name  Glob Pattern  lb.slack-msgs.com Subject common name specified in the certificate associated with the session
Serial Number Glob Pattern

  5:f5:d1:2d:5e:6f:0b:d4:

ea:f2:a2:c9:66:f3:b4:ce

Subject serial number specified in the the certificate associated with the session
Country Glob Pattern  US Subject country specified in the certificate associated with the session
Organization Glob Pattern  Slack Technologies- Inc.  Subject organization specified in the certificate associated with the session
Organization Unit Glob Pattern  Domain Control Validated|PositiveSSL Wildcard  Subject organization unit specified in the certificate associated with the session
Locality Glob Pattern  San Francisco  Subject locality specified in the certificate associated with the session
Province Glob Pattern  California  Subject province specified in the certificate associated with the session
Street Address Glob Pattern  100 West Union Street, San Francisco Subject street address specified in the certificate associated with the session
Postal Code Glob Pattern  95873 Subject postal code specified in the certificate associated with the session
Subject Alternative Name Glob Pattern  far.ssl.com Subject alternative name specified in the certificate associated with the session

 

Other Conditions

Condition Condition Type Examples Description
 IP Protocol Selected from a list  TCP, UDP, ICMP IP protocol of the packet
Connection State Selected from a list Established, New, Invalid, Related Connection state of the session
Limit Rate Integer 100 The throughput for the given rate and group selector

 

Follow
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk