F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

121

122

123

124

125

126

127

128

129

130

122

portal free-rule

Use portal free-rule to configure a portal-free rule and specify the source filtering condition, destination

filtering condition, or both.

Use undo portal free-rule to remove a specific portal-free rule or all portal-free rules.

Syntax

portal free-rule rule-number { destination { any | ip { ip-address mask { mask-length | mask } | any } |

source { any | [ interface interface-type interface-number | ip { ip-address mask { mask-length | mask }

| any } | mac mac-address | vlan vlan-id ] * } } *

undo portal free-rule { rule-number | all }

Views

System view

Default command level

2: System level

Parameters

rule-number: Number for the portal-free rule. The value ranges from 0 to 15.

any: Imposes no limitation on the previous keyword.

ip ip-address: Specifies an IP address for the portal-free rule.

mask { mask-length | mask }: Specifies a mask or mask length for the IP address. The mask argument is

a subnet mask in dotted decimal notation. The mask-length argument is a subnet mask length, an integer

in the range of 0 to 32.

interface interface-type interface-number: Specifies a source interface.

mac mac-address: Specifies a source MAC address in the format H-H-H.

vlan vlan-id: Specifies a source VLAN ID.

all: Specifies all portal-free rules.

Usage guidelines

If you specify both a source IPv4 address and a source MAC address in a portal-free rule, the IP address

must be a host address with a 32-bit mask. Otherwise, the specified MAC address does not take effect.

If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the VLAN.

Otherwise, the rule does not take effect.

If you specify both a source port number and a destination port number for a portal-free rule, the source

and destination port numbers must belong to the same transport layer protocol.

You cannot configure a portal-free rule to have the same filtering criteria as that of an existing one. When

attempted, the system prompts that the rule already exists.

No matter whether portal authentication is enabled on an interface, you can only add or remove a

portal-free rule, rather than modifying it.

A Layer 2 interface in an aggregation group cannot be specified as the source interface of a portal-free

rule, and the source interface of a portal-free rule cannot be added to an aggregation group.