AT-TLS rules
A TTLSRule statement consists of a set of conditions that are compared against the connection being checked. When a match is found, policy lookup stops and the connection is assigned the actions associated with the rule. The rule conditions are:
- LocalAddr - Local IP address or addresses
- RemoteAddr - Remote IP address or addresses
- LocalPortRange - Local port or ports
- RemotePortRange - Remote port or ports
- Jobname - Job name of the owning application or wildcard job name
- Userid - User ID of the owning process or wildcard user ID
- Direction - Inbound if applied to a passive socket (established by accept), Outbound if applied to an active socket (established by connect), or Both
Direction and at least one other condition must be specified. Other rule considerations include:
- If a condition is not specified, that condition is not considered when comparing the rule and the connection for a match.
- Multiple values can be specified for the IP address and port conditions, either directly in the condition or as a referenced group.
- IPv6 addresses are valid in all environments.
Each TTLSRule statement can also have a priority. Priority values can be integers in the range 1 - 2000000000, with 2000000000 being the highest priority. When assigning priorities, you should skip some values to allow for future rule insertion between existing rules. Policy Agent orders rules in alphabetical order within priority.
Tip: If connections can map to more than one rule, always
use priority and leave priority space between rules.