Time Object
Time objects are specified using a 24-hour clock in 5-minute increments. You use time objects to set a policy's time-of-day, day-of-week, and the like in time-based rules. For instance, you can allow telnet, but only during regular business hours, or after hours, or outside certain hours.
The policy rule default setting is ANY time, which applies the rule at all times. You can set a few time-based policy rules that reference the same set of hours, or you can specify the hours covered for a particular day or range of days, such as Monday to Friday, 9 a.m. to 5 p.m., local time.
Time is always interpreted as the Screen's time zone, which requires that you either have Screen-specific time definitions to coordinate traffic between the Screens in different time zones, or have distinctly named time objects and Screen-specific rules.
Note -
Although you can define many time objects, only 31 distinct time objects can be in actual use on any given Screen. You cannot modify the time object named * in any way; it represents 24 hours a day, 7 day a week. It is the same as if no time object is used. It is not included in the limit of 31 time objects.
For example, Los Angeles (LA) and New York (NY) have a three-hour difference. Suppose each site is protected by a Screen. If you only want the two sites to communicate when they are both within "regular" hours (that is, 8 a.m. to 5 p.m.), then NY is available to communicate to LA between 11 am and 5 p.m., and LA is available to communicate to NY between 8 a.m. and 2 p.m.
A downside to this is that during hours that do not overlap, one of the two Screens allows traffic through while the other does not. So, early in the morning the NY Screen allows traffic through, but it is blocked by the LA Screen. Similarly, in the afternoon, the LA Screen is blocked by the NY Screen.
Case 1: Screen-Specific Time Objects
|
Name |
Screen |
Value |
|---|---|---|
|
regular |
NY |
MONDAY { 11:00 17:00 } TUESDAY { 11:00 17:00 } ... |
|
regular |
LA |
MONDAY { 08:00 14:00 } TUESDAY { 08:00 14:00 } ... |
Set the rules by typing:
telnet LA NY TIME regular ALLOW telnet NY LA TIME regular ALLOW |
These rules apply to both Screen, although the definition of regular is different for each Screen
Case 2: Distinctly Named Time Objects
|
Name |
Value |
|---|---|
|
ny-business |
MONDAY { 11:00 17:00 } TUESDAY { 11:00 17:00 } ... |
|
la-business |
MONDAY { 08:00 14:00 } TUESDAY { 08:00 14:00 } ... |
Set the rules by typing:
SCREEN LA telnet LA NY TIME la-business ALLOW SCREEN LA telnet NY LA TIME la-business ALLOW SCREEN NY telnet LA NY TIME ny-business ALLOW SCREEN NY telnet NY LA TIME ny-business ALLOW |
- © 2010, Oracle Corporation and/or its affiliates