Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
141142143144145146147148149150
137
Figure 115 Adding an ASPF policy
4. Configure the parameters as described in 651HTable 45.
5. Click Apply.
Table 45 Configuration items
Item Descri
p
tion
Source Zone
Select a source/destination zone to which the ASPF policy will be applied.
Dest Zone
Discard ICMP error packets
Set whether to discard ICMP error packets.
If this box is not selected, ICMP error packets are allowed to pass.
Discard non-SYN initial TCP
packets
Set whether to discard initial TCP packets that are not SYN packets.
If this box is not selected, initial TCP packets that are not SYN packets are
allowed to pass.
185BASPF configuration example
355BNetwork requirements
As shown in 652HFigure 116, configure an ASPF policy between zone 1 and zone 2 to discard ICMP error
packets but permit initial TCP packets that are not SYN packets.
Figure 116 Network diagram