No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

The Tme-based ACL Policy of the USG Fails Due to Improper Time Range Configuration

Publication Date:  2012-07-16  |   Views:  473  |   Downloads:  0  |   Author:  Liumin001  |   Document ID:  EKB1000000384


Issue Description

A user configures the time range, associates the time range with the ACL, and applies the ACL policy to interzones. The policy is ineffective during the time range. The configuration is as follows:
acl number 3001
 rule 110 deny ip source time-range downtime
 rule 111 deny ip source time-range downtime
 time-range downtime 23:00 to tomorrow 05:00 Thu Wed Tue Mon Sun
firewall interzone trust untrust
 packet-filter 3000 inbound
 packet-filter 3001 outbound

Alarm Information


Handling Process

Divide the time range policy as follows.
 time-range downtime 23:00 to 23:59 Thu Wed Tue Mon Sun
 time-range downtime 00:00 to 05:00 Thu Wed Tue Mon Sun
Perform a test, and observe the result. The fault is rectified.

Root Cause

The time range configuration is improper.


If the parameter tomorrow is added to the time-range command, only one week day parameter can be added to the command.
Suggestion: R&D engineers are advised to pose limitation on week day parameters added to the time-range command with the parameter tomorrow.