Managing access control lists (ACLs)

The table of access control lists is displayed in the CPE template and on the CPE device:

• To display the table of access control lists in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the Routing filters → Access control lists tab.
• To display the table of access control lists on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, and select the Routing filters → Access control lists tab.

Information about access control lists is displayed in the following columns of the table:

• Name is the name of the access control list.
• Inherited indicates whether the access control list is inherited from the CPE template:
  • Yes
  • No

  This column is displayed only on the CPE device.

• Sequence is the sequence number of the rule in the access control list. The rule with the lowest sequence number is the first to be applied to the IPv4 prefix by the access control list.
• Network is the IPv4 prefix to which the access control list applies the rule.
• Action is the action that the rule performs on the IPv4 prefix:
  • Permit allows the IPv4 prefix.
  • Deny — deny the IPv4 prefix.
• Management contains the actions that can be performed on the access control list.

Creating an access-control list

You can create an access control list in a CPE template or on a CPE device. An access control list created in the CPE template is automatically created on all CPE devices that use this CPE template.

To create an access control list:

1. Create an access control list in one of the following ways:
   • If you want to create an access control list in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the Routing filters → Access control lists tab.
   • If you want to create an access control list on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, and select the Routing filters → Access control lists tab and select the Override check box.

   A table of access control lists is displayed.

2. Click + Access control list.
3. This opens a window; in that window, in the Name field, enter the name of the access control list. Maximum length: 50 characters. Do not use spaces in this field.
4. Create a rule in the access control list:
   1. Click + Rule.
   2. In the Sequence field, enter the sequential number of the rule. The rule with the lowest sequence number is the first to be applied to the IPv4 prefix by the access control list. Range of values: 1 to 4,294,967,295.
   3. In the Network drop-down list, select the type of the rule:
      • Any network for a rule that allows or denies all IPv4 prefixes.
      • IP/mask for a rule that allows or denies the specified IPv4 prefix. Default value. If you select this value, enter the IPv4 prefix in the field that is displayed.
   4. In the Action drop-down list, select the action that the rule performs with the IPv4 prefix:

   The rule is created. You can create multiple rules or delete a rule. To delete a rule, click the delete icon next to it.

5. Click Create.

   The access control list is created and displayed in the table.

6. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.

Editing an access control list

You can edit an access control list in the CPE template or on a CPE device. An access control list edited in the CPE template is automatically modified on all CPE devices that use this CPE template.

To edit an access control list:

1. Edit an access control list in one of the following ways:
   • If you want to edit an access control list in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the Routing filters → Access control lists tab.
   • If you want to edit an access control list on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, and select the Routing filters → Access control lists tab and select the Override check box.

   A table of access control lists is displayed.

2. Click Edit next to the access control list that you want to edit.
3. This opens a window; in that window, if necessary, edit the settings of the access control list. For a description of the settings, see the instructions for creating an access control list.
4. Click Save.

   The access control list is modified and updated in the table.

5. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.

Deleting an access control list

You can delete an access control list in the CPE template or on a CPE device. An access control list deleted in the CPE template is automatically deleted on all CPE devices that use this CPE template.

Deleted access control lists cannot be restored.

To delete an access control list:

1. Delete an access control list in one of the following ways:
   • If you want to delete an access control list in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the Routing filters → Access control lists tab.
   • If you want to delete an access control list on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, and select the Routing filters → Access control lists tab and select the Override check box.

   A table of access control lists is displayed.

2. Click Delete next to the access control list that you want to delete.
3. In the confirmation window, click Delete.

   The access control list is deleted and is no longer displayed in the table.

4. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.