Class CIM_PacketFilterCondition
extends CIM_PolicyCondition

PacketFilterCondition specifies packet selection criteria (via association to FilterLists) for firewall policies, IPsec policies and similar uses. It is used as an anchor point to associate various types of filters with policy rules via the FilterOfPacketCondition association. By definition, policy rules that aggregate PacketFilterCondition are assumed to operate against every packet received and/or transmitted from an ingress and/or egress point. (Whether policy condition evaluation occurs at ingress or egress is specified by the Direction property in the associated FilterList.) PacketFilterCondition MAY also be used to define the specific CredentialManagementService that validates the credentials carried in a packet. This is accomplished using the association, AcceptCredentialFrom. Associated objects (such as FilterListsor Credential ManagementServices) represent components of the condition that MAY or MAY NOT apply at a given rule evaluation. For example, an AcceptCredentialFrom evaluation is only performed when a credential is available to be evaluated and compared against the list of trusted credential management services. Similarly, a PeerIDPayloadFilterEntry MAY only be evaluated when an ID payload is available for checking. Condition components that do not have applicability at rule evaluation time, MUST be evaluated to TRUE.

Table of Contents
Hierarchy
Direct Known Subclasses
Class Qualifiers
Class Properties
Class Methods


Class Hierarchy

CIM_ManagedElement
   |
   +--CIM_Policy
   |
   +--CIM_PolicyCondition
   |
   +--CIM_PacketFilterCondition

Direct Known Subclasses

Class Qualifiers

NameData TypeValue
DescriptionstringPacketFilterCondition specifies packet selection criteria (via association to FilterLists) for firewall policies, IPsec policies and similar uses. It is used as an anchor point to associate various types of filters with policy rules via the FilterOfPacketCondition association. By definition, policy rules that aggregate PacketFilterCondition are assumed to operate against every packet received and/or transmitted from an ingress and/or egress point. (Whether policy condition evaluation occurs at ingress or egress is specified by the Direction property in the associated FilterList.) PacketFilterCondition MAY also be used to define the specific CredentialManagementService that validates the credentials carried in a packet. This is accomplished using the association, AcceptCredentialFrom. Associated objects (such as FilterListsor Credential ManagementServices) represent components of the condition that MAY or MAY NOT apply at a given rule evaluation. For example, an AcceptCredentialFrom evaluation is only performed when a credential is available to be evaluated and compared against the list of trusted credential management services. Similarly, a PeerIDPayloadFilterEntry MAY only be evaluated when an ID payload is available for checking. Condition components that do not have applicability at rule evaluation time, MUST be evaluated to TRUE.
MappingStringsstringIPSP Policy Model.IETF|SACondition
UMLPackagePathstringCIM::Policy
Versionstring2.8.0

Class Properties

Inherited Properties

NameData TypeClass Origin
CaptionstringCIM_ManagedElement
CommonNamestringCIM_Policy
CreationClassNamestringCIM_PolicyCondition
DescriptionstringCIM_ManagedElement
ElementNamestringCIM_ManagedElement
InstanceIDstringCIM_ManagedElement
PolicyConditionNamestringCIM_PolicyCondition
PolicyRuleCreationClassNamestringCIM_PolicyCondition
PolicyRuleNamestringCIM_PolicyCondition
SystemCreationClassNamestringCIM_PolicyCondition
SystemNamestringCIM_PolicyCondition
PolicyKeywordsstring[]CIM_Policy

Class Methods