monitor (OPTIONAL) Enter the keyword monitor when the rule is describingthe traffic that you want to monitor and the ACL in which you arecreating the rule is applied to the monitored interface.NOTE: For more information, refer to the Flow-based Monitoringsection in the Port Monitoring chapter of theFTOS ConfigurationGuide.fragments Enter the keyword fragments to use ACLs to control packetfragments.Defaults Not configured.Command Modes CONFIGURATION-STANDARD-ACCESS-LISTCommand History Version 8.3.1.0 Added the keyword dscp.Version 8.2.1.0 Allows ACL control of fragmented packets for IP (Layer 3) ACLs.Version 8.1.1.0 Introduced on the E-Series ExaScale.Version 7.4.1.0 Added support for noncontiguous mask and added the monitoroption.Version 6.5.10 Expanded to include the optional QoS order priority for the ACLentry.UsageInformationThe order option is relevant in the context of the Policy QoS feature only. For moreinformation, refer to the Quality of Service chapter of theFTOS Configuration Guide.When you use the log option, the CP processor logs details about the packets that match.Depending on how many packets match the log entry and at what rate, the CP may becomebusy as it has to log these packets’ details.The monitor option is relevant in the context of flow-based monitoring only. For moreinformation, refer to Port Monitoring.NOTE: When ACL logging and byte counters are configured simultaneously, byte countersmay display an incorrect value. Configure packet counters with logging instead.permit tcpConfigure a filter to pass TCP packets meeting the filter criteria.C-Series, E-Series, S-Series, Z-SeriesSyntax permit tcp {source mask | any | host ip-address} [bit][operator port [port]] {destination mask | any | host ip-address} [bit] [dscp] [operator port [port]] [count [byte] |log] [order] [monitor] [fragments]To remove this filter, you have two choices:• Use the no seq sequence-number command if you know the filter’s sequencenumber.248