F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
98
324BEnabling interzone policy acceleration
The following matrix shows the feature and hardware compatibility:
Hardware Interzone
p
olic
y
acceleration com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
Firewall module Yes
U200-A No
U200-S No
Interzone policy acceleration speeds up policy lookup. The acceleration effect increases with the number
of interzone policy rules.
For example, when you use a large interzone policy for a session-based service, such as NAT or ASPF,
you can enable interzone policy acceleration to avoid session timeouts caused by interzone policy
processing delays.
To enable interzone policy acceleration:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Enter VD system view.
switchto vd vd-name Required for a VD.
3. Enter interzone instance
view.
interzone source souce-zone-name
destination destination-zone-name
N/A
4. Enable interzone policy
acceleration.
rule accelerate
By default, interzone policy
acceleration is disabled.
325BMoving an interzone policy rule
The rules in an interzone policy are matched in the order that they are displayed in the output from the
display this command in interzone instance view. To flexibly adjust the match order of rules, you can
move an interzone policy rule as needed.
This feature is supported on the Web interface and is not supported at the CLI.
To move an interzone policy rule:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VD system view.
switchto vd vd-name Required for a VD.
3. Enter interzone instance view.
interzone source souce-zone-name
destination destination-zone-name
N/A
4. Move an interzone policy
rule.
move rule rule-id before
insert-rule-id
N/A