Smart Access Gateway (SAG) supports access control lists (ACLs). You can create an ACL to allow or deny specific data traffic to improve the security of your networks.
Descriptions of ACLs
- Match condition: You can specify the following items as match conditions for an ACL
rule: network type, rule direction, protocol type, source CIDR block, source port,
destination CIDR block, destination port, application group, and application type.
For more information, see Manage ACL rules.
Note Before you create an application-aware ACL rule, you must enable the deep packet inspection (DPI) feature. You can create application-aware ACL rules for only SAG instances that have DPI enabled. For more information about how to enable DPI, see Manage DPI. For more information about DPI, see Overview.
- Action policy: You can specify whether to allow or deny traffic that meets the ACL rule.
- If traffic meets an ACL rule, the system allows or denies the traffic based on the specified action policy. In this case, the matching process ends immediately and the system stops comparing the traffic with another ACL rule.
- If the traffic does not meet any ACL rule, the system allows the traffic by default.
|Item||Default limit||Quota increase|
|The maximum number of ACLs that can be associated with an SAG instance||1||N/A|
|The number of ACL rules that can be created for an ACL||50||Submit a ticket|
|The number of ACLs that can be created under an Alibaba Cloud account||10||Submit a ticket|