Port Variables
Port variables represent TCP and UDP ports you can use in the Source Port and Destination Port header fields in intrusion rules that you enable in an intrusion policy. Port variables differ from port objects and port object groups in that port variables are specific to intrusion rules. You can create port objects for protocols other than TCP and UDP, and you can use port objects in various places in the system’s web interface, including port variables, access control policies, network discovery rules, and event searches.
You can use port variables in the intrusion rule Source Port and Destination Port header fields to restrict packet inspection to packets originating from or destined to specific TCP or UDP ports.
When you use variables in these fields, the variable set you link to the intrusion policy associated with an access control rule or policy determines the values for these variables in the network traffic where you deploy the access control policy.
You can add any combination of the following port configurations to a variable:
-
any combination of port variables and port objects that you select from the list of available ports
Note that the list of available ports does not display port object groups, and you cannot add these to variables.
-
individual port objects that you add from the New Variable or Edit Variable page, and can then add to your variable and to other existing and future variables
Only TCP and UDP ports, including the value
any
for either type, are valid variable values. If you use the new or edit variables page to add a valid port object that is not a valid variable value, the object is added to the system but is not displayed in the list of available objects. When you use the object manager to edit a port object that is used in a variable, you can only change its value to a valid variable value. -
single, literal port values and port ranges
You must separate port ranges with a dash (-). Port ranges indicated with a colon (:) are supported for backward compatibility, but you cannot use a colon in port variables that you create.
You can list multiple literal port values and ranges by adding each individually in any combination.
Note the following points when adding or editing port variables:
-
The default value for included ports in any variable you add is the word
any
, which indicates any port or port range. The default value for excluded ports isnone
, which indicates no ports.TipTo create a variable with the value
any
, name and save the variable without adding a specific value. -
You cannot logically exclude the value
any
which, if excluded, would indicate no ports. For example, you cannot save a variable set when you add a variable with the valueany
to the list of excluded ports. -
Adding ports to the excluded list negates the specified ports and port ranges. That is, you can match any port with the exception of the excluded ports or port ranges.
-
Excluded values must resolve to a subset of included values. For example, you cannot include the port range 10-50 and exclude port 60.