| 主权项 |
1. A method comprising:
causing to be displayed, by a network security appliance, a security rule configuration interface through which a network administrator can specify parameters of a plurality of security rules to be applied to network traffic attempting to traverse the network security appliance through one or more of a plurality of interfaces of the network security appliance; receiving, by the network security appliance via the security rule configuration interface, information defining a traffic flow to be controlled by a security rule of the plurality security rules, wherein the information defining the traffic flow includes:
a set of source interfaces of the plurality of interfaces, representing a proper subset of the plurality of interfaces, from which traffic associated with the traffic flow being defined may be received by the network security appliance;a set of destination interfaces of the plurality of interfaces, representing a proper subset of the plurality of interfaces, through which traffic associated with the traffic flow being defined may be transmitted by the network security appliance if the security rule allows the traffic flow; andwherein the set of source interfaces include multiple interfaces of the plurality of interfaces, whereby the security rule permits the traffic flow to be defined in terms of multiple source interfaces; receiving, by the network security appliance via the security rule configuration interface, information regarding the action to be performed on the network traffic when the network traffic matches the security rule; and storing, by the network security appliance, the security rule as part of a ruleset to be applied to the network traffic. |
