netservice svc-snmp-trap udp 162 netservice svc-netbios-dgm udp 138 netservice svc-dhcp udp 67 68 alg dhcp netservice svc-smb-tcp tcp 445 netservice svc-https tcp 443 netservice svc-ike udp 500 netservice svc-l2tp udp 1701 netservice svc-syslog udp 514 netservice svc-citrix tcp 2598 netservice svc-pptp tcp 1723 netservice svc-ica tcp 1494 netservice svc-telnet tcp 23 netservice svc-sccp tcp 2000 alg sccp netservice svc-sec-papi udp 8209 netservice svc-tftp udp 69 alg tftp netservice svc-kerberos udp 88 netservice svc-sip-tcp tcp 5060 netservice svc-netbios-ssn tcp 139 netservice svc-lpd tcp 515 netservice svc-pop3 tcp 110 netservice svc-adp udp 8200 netservice svc-cfgm-tcp tcp 8211 netservice svc-noe udp 32512 alg noe netservice svc-http-proxy3 tcp 8888 netservice svc-pcoip-tcp tcp 50002 netservice svc-pcoip-udp udp 50002 netservice svc-dns udp 53 alg dns netservice svc-msrpc-tcp tcp 135 139 netservice svc-rtsp tcp 554 alg rtsp netservice vnc tcp 5900 5905 netservice svc-http tcp 80 netservice svc-vocera udp 5002 alg vocera netservice svc-h323-tcp tcp 1720 netservice svc-h323-udp udp 1718 1719 netservice svc-nterm tcp 1026 1028 netservice svc-sip-udp udp 5060 netservice svc-http-proxy2 tcp 8080 netservice svc-noe-oxo udp 5000 alg noe netservice svc-papi udp 8211 netservice svc-ftp tcp 21 alg ftp netservice svc-natt udp 4500 netservice svc-svp 119 alg svp netservice svc-microsoft-ds tcp 445 netservice svc-gre 47 netservice svc-smtp tcp 25 netservice web tcp list "80 443" netservice svc-smb-udp udp 445 netservice svc-sips tcp 5061 alg sips netservice svc-netbios-ns udp 137 netservice svc-esp 50 netservice svc-ipp-tcp tcp 631 netservice svc-bootp udp 67 69 netservice svc-snmp udp 161 netservice svc-v6-dhcp udp 546 547 netservice svc-icmp 1 netservice svc-ntp udp 123 netservice svc-msrpc-udp udp 135 139 netservice svc-ssh tcp 22 netservice svc-ipp-udp udp 631 netservice svc-http-proxy1 tcp 3128 netservice svc-v6-icmp 58 netservice svc-vmware-rdp tcp 3389 ! netdestination6 ipv6-reserved-range invert network 2000::/3 ! time-range night-hours periodic weekday 18:01 to 23:59 weekday 00:00 to 07:59 ! time-range weekend periodic weekend 00:00 to 23:59 ! time-range working-hours periodic weekday 08:00 to 18:00 ! ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit ! ip access-list session control any any svc-papi permit any any svc-sec-papi permit user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-cfgm-tcp permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit any any svc-natt permit ! ip access-list session v6-icmp-acl ipv6 any any svc-v6-icmp permit ! ip access-list session validuser network 169.254.0.0 255.255.0.0 any any deny network 224.0.0.0 240.0.0.0 any any deny host 255.255.255.255 any any deny network 127.0.0.0 255.0.0.0 any any deny network 240.0.0.0 240.0.0.0 any any deny any any any permit ! ip access-list session vocera-acl any any svc-vocera permit queue high ! ip access-list session v6-https-acl ipv6 any any svc-https permit ! ip access-list session vmware-acl any any svc-vmware-rdp permit queue high tos 46 dot1p-priority 6 any any svc-pcoip-tcp permit queue high tos 46 dot1p-priority 6 any any svc-pcoip-udp permit queue high tos 46 dot1p-priority 6 ! ip access-list session v6-control ipv6 any any svc-papi permit ipv6 any any svc-sec-papi permit ipv6 user any udp 547 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-dns permit ipv6 any any svc-cfgm-tcp permit ipv6 any any svc-adp permit ipv6 any any svc-tftp permit ipv6 any any svc-dhcp permit ipv6 any any svc-natt permit ! ip access-list session icmp-acl any any svc-icmp permit ! ip access-list session captiveportal user alias controller svc-https dst-nat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 ! ip access-list session v6-dhcp-acl ipv6 any any svc-v6-dhcp permit ! ip access-list session allowall any any any permit ! ip access-list session v6-dns-acl ipv6 any any svc-dns permit ! ip access-list session lync-acl any any svc-sips permit queue high any any any permit ! ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high ! ip access-list session https-acl any any svc-https permit ! ip access-list session dns-acl any any svc-dns permit ! ip access-list session ra-guard ipv6 user any icmpv6 rtr-adv deny ! ip access-list session citrix-acl any any svc-citrix permit queue high tos 46 dot1p-priority 6 any any svc-ica permit queue high tos 46 dot1p-priority 6 ! ip access-list session allow-printservices any any svc-lpd permit any any svc-ipp-tcp permit any any svc-ipp-udp permit ! ip access-list session logon-control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit any network 169.254.0.0 255.255.0.0 any deny any network 240.0.0.0 240.0.0.0 any deny ! ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ! ip access-list session srcnat user any any src-nat ! ip access-list session skinny-acl any any svc-sccp permit queue high ! ip access-list session tftp-acl any any svc-tftp permit ! ip access-list session v6-allowall ! ! ip access-list session cplogout user alias controller svc-https dst-nat 8081 ! ip access-list session captiveportal6 ipv6 user alias controller6 svc-https captive ipv6 user any svc-http captive ipv6 user any svc-https captive ipv6 user any svc-http-proxy1 captive ipv6 user any svc-http-proxy2 captive ipv6 user any svc-http-proxy3 captive ! ip access-list session dhcp-acl any any svc-dhcp permit ! ip access-list session http-acl any any svc-http permit ! ip access-list session v6-http-acl ipv6 any any svc-http permit ! ip access-list session rt-src-nat any any any route src-nat ! ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit any host 224.0.0.251 udp 5353 permit ! ip access-list session dynamic-session-acl any any any src-nat pool dynamic-srcnat ! ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-snmp-trap permit user any svc-ntp permit user alias controller svc-ftp permit ! ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ! ip access-list session noe-acl any any svc-noe permit queue high ! ip access-list session 9to5 any any any deny time-range working-hours ! ip access-list session v6-ap-acl ipv6 any any svc-gre permit ipv6 any any svc-syslog permit ipv6 any user svc-snmp permit ipv6 user any svc-snmp-trap permit ipv6 user any svc-ntp permit ipv6 user alias controller6 svc-ftp permit ! ip access-list session vpn any any any src-nat pool dynamic-srcnat ! ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high ! ip access-list session v6-logon-control ipv6 user any udp 68 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-v6-dhcp permit ipv6 any any svc-dns permit