add access-rule type outgoing

In the R81.10.X releases, this command is available starting from the R81.10.00 version.

Description

Adds a new firewall access rule to the outgoing (clear) traffic Rule Base.

Note - When you add a new Access rule, you can add only one Source, one Destination, and one Service (application / website) object.

Starting from R81.10.15, you can add more objects in these columns in an existing rule. See set access-rule type outgoing.

In WebUI, this corresponds to:

Click the Access Policy view > Firewall section > Policy page.
In the section Outgoing Internet Access, configure the required rule.

Syntax

add access-rule type outgoing

[ action {accept | ask | block | block-inform | inform} ]

[ { application-name <Application-Name> | application-id <Application-ID> } ]

[ application-negate {true | false} ]

[ { category-name <Category-Name> | category-id <Category-ID> } ]

[ comment "<Comment Text>" ]

[ destination <Destination Object> ]

[ destination-negate {true | false} ]

[ disabled {true | false} ]

[ hours-range-enabled ]

true hours-range-from <HH:mm> hours-range-to <HH:mm>

false

[ limit-application-download { true limit <Speed Limit> | false } ]

[ limit-application-upload { true limit <Speed Limit> | false } ]

[ log {account | alert | log | none} ]

[ name <Name of Rule> ]

[ { position <Rule Number> | position-above <Rule Number> | position-below <Rule Number>} ]

[ service <Service Object> ]

[ service-negate {true | false} ]

[ source <Source Object> ]

[ source-negate {true | false} ]

Parameters

Parameter	Description
action	Specifies the action for this manual rule: `ask` Asks the user who initiated this traffic whether to accept or block the traffic that matched this rule `accept` Accepts the traffic that matched this rule `block` Blocks the traffic that matched this rule `block-inform` Blocks the traffic that matched this rule and informs the user who initiated this traffic `inform` Accepts the traffic that matched this rule and informs the user who initiated this traffic
application-id	Specifies the application by its ID. Press the TAB key to see the available options.
application-name	Specifies the application by its name. Press the TAB key to see the available options.
application-negate	Specifies whether to negate (`true`) or not (`false`) the objects in the "Applications and Services" column of this manual rule. When set to "`true`", the traffic matches all service objects except those you explicitly added in this rule.
category-id	Specifies the application category by its ID. Press the TAB key to see the available options.
category-name	Specifies the application category by its name. Press the TAB key to see the available options.
comment	Description of this manual rule. A string that contains less than 257 characters, of this set: `a-z` (lower-case letters) `A-Z` (upper-case letters) `0-9` (digits) '`,`' (comma) '`.`' (period) '`-`' (minus) '`(`' (opening round bracket) '`)`' (closing round bracket) '`:`' (colon) '`@`' (at)
destination	Specifies the destination Network object of the connection.
destination-negate	Specifies whether to negate (`true`) or not (`false`) the objects in the "Destination" column of this manual rule. When set to "`true`", the traffic matches all destination objects except those you explicitly added in this rule.
disabled	Specifies whether to disable (`true`) or not (`false`) this manual rule. When set to "`true`", the traffic never matches this rule.
hours-range-enabled	Specifies whether to enable (`true`) or not (`false`) this manual rule only during specific hours.
hours-range-from	Specifies the start time (in the format `HH:mm`) when to enable this manual rule. Requires "`hours-range-enabled true`".
hours-range-to	Specifies the end time (in the format `HH:mm`) when to enable this manual rule. Requires "`hours-range-enabled true`".
limit-application-download	Specifies whether to limit (`true`) or not (`false`) the download speed (in kilobytes/sec) for the traffic that matched this rule.
limit-application-upload	Specifies whether to limit (`true`) or not (`false`) the upload speed (in kilobytes/sec) for the traffic that matched this rule.
log	Specifies the logging for this manual rule: `account` Creates an accounting log (shows the number of packets and bytes) `alert` Creates an alert `log` Creates a regular log (without the number of packets and bytes) `none` Does not create a log or an alert
name	Specifies the name for this manual rule. A string of alphanumeric characters without space between them: `a-z` (lower-case letters) `A-Z` (upper-case letters) `0-9` (digits)
position	Specifies the number of this manual rule.
position-above	Specifies the number of an existing rule, above which to add this manual rule.
position-below	Specifies the number of an existing rule, below which to add this manual rule.
service	Specifies the service object.
service-negate	Specifies whether to negate (`true`) or not (`false`) the objects in the "Applications and Services" column of this manual rule. When set to "`true`", the traffic matches all service objects except those you explicitly added in this rule.
source	Specifies the source Network object or User Group object that initiates the connection.
source-negate	Specifies whether to negate (`true`) or not (`false`) the objects in the "Source" column of this manual rule. When set to "`true`", the traffic matches all source objects except those you explicitly added in this rule.

Example Command

add access-rule type outgoing action block log none source MyHost source-negate true destination MyServer destination-negate true service HTTP service-negate true comment "Block non-HTTP traffic from Host to Server" hours-range-enabled true hours-range-from 23:00 hours-range-to 08:00 position 2 name MyRule application-name Zoom application-negate true limit-application-download true limit 200 limit-application-upload true limit 5