ACE stands for Application Control Engine and it consist of ACL entries that define the network traffic profile.
Each ACL entry contains several criterias: the source address, the destination address, the protocol, and protocol-specific parameters such as ports and so on. The entry permits or denies network traffic (inbound and outbound) from and to the parts of your network specified in the entry.
There are two matches for each permit because there are two parameters: source IP address and destination IP address.
