Class CIM_PacketFilterCondition
extends CIM_PolicyCondition

PacketFilterCondition specifies packet selection criteria (via association to FilterLists) for firewall policies, IPsec policies and similar uses. It is used as an anchor point to associate various types of filters with policy rules via the FilterOfPacketCondition association. By definition, policy rules that aggregate PacketFilterCondition are assumed to operate against every packet received and/or transmitted from an ingress and/or egress point. (Whether policy condition evaluation occurs at ingress or egress is specified by the Direction property in the associated FilterList.) PacketFilterCondition MAY also be used to define the specific CredentialManagementService that validates the credentials carried in a packet. This is accomplished using the association, AcceptCredentialFrom. Associated objects (such as FilterListsor Credential ManagementServices) represent components of the condition that MAY or MAY NOT apply at a given rule evaluation. For example, an AcceptCredentialFrom evaluation is only performed when a credential is available to be evaluated and compared against the list of trusted credential management services. Similarly, a PeerIDPayloadFilterEntry MAY only be evaluated when an ID payload is available for checking. Condition components that do not have applicability at rule evaluation time, MUST be evaluated to TRUE.

Table of Contents
Hierarchy
Direct Known Subclasses
Class Qualifiers
Class Properties
Class Methods


Class Hierarchy

CIM_ManagedElement
   |
   +--CIM_Policy
   |
   +--CIM_PolicyCondition
   |
   +--CIM_PacketFilterCondition

Direct Known Subclasses

Class Qualifiers

NameData TypeValue
DescriptionstringPacketFilterCondition specifies packet selection criteria (via association to FilterLists) for firewall policies, IPsec policies and similar uses. It is used as an anchor point to associate various types of filters with policy rules via the FilterOfPacketCondition association. By definition, policy rules that aggregate PacketFilterCondition are assumed to operate against every packet received and/or transmitted from an ingress and/or egress point. (Whether policy condition evaluation occurs at ingress or egress is specified by the Direction property in the associated FilterList.) PacketFilterCondition MAY also be used to define the specific CredentialManagementService that validates the credentials carried in a packet. This is accomplished using the association, AcceptCredentialFrom. Associated objects (such as FilterListsor Credential ManagementServices) represent components of the condition that MAY or MAY NOT apply at a given rule evaluation. For example, an AcceptCredentialFrom evaluation is only performed when a credential is available to be evaluated and compared against the list of trusted credential management services. Similarly, a PeerIDPayloadFilterEntry MAY only be evaluated when an ID payload is available for checking. Condition components that do not have applicability at rule evaluation time, MUST be evaluated to TRUE.
MappingStringsstringIPSP Policy Model.IETF|SACondition
UMLPackagePathstringCIM::Policy
Versionstring2.8.0

Class Properties

Inherited Properties

NameData Type
Captionstring
CommonNamestring
CreationClassNamestring
Descriptionstring
ElementNamestring
Generationuint64
InstanceIDstring
PolicyConditionNamestring
PolicyRuleCreationClassNamestring
PolicyRuleNamestring
SystemCreationClassNamestring
SystemNamestring
PolicyKeywordsstring[]

Class Methods