F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Configure an IPv6 advanced ACL rule as described in 561HTable 8.

5. Click Apply.

Table 8 Configuration items

Item Descri

tion

Rule ID

Select the Rule ID box, and enter a number for the rule.

If you do not specify the rule number, the system assigns one automatically.

If the rule already exists, the configuration overwrites the old rule.

Operation

Select the action to be performed on packets matching the rule:

• Permit—Allows matching packets to pass.

• Deny—Denies matching packets.

Time Range Select a time range for the rule.

Logging

Select this box to log matching IPv6 packets.

A log entry contains the ACL rule number, action on the matching packets, protocol

over the IP, source/destination IPv6 address, source/destination port number, and

number of matching packets.

Source IP Address

Select the Source IP Address box, and enter a source IPv6 address and source prefix.

Source Prefix

Destination IP

Address

Select the Destination IP Address box, and enter a destination IPv6 address and

destination prefix.

Source Prefix

Protocol Select the protocol to be carried over by IPv6.

ICMPv6 Message These items are available only when you select 1 ICMP from the Protocol list.

Specify the ICMPv6 message type and code when you select 58 ICMPv6 from the

Protocol list.

If you select Others from the ICMPv6 Message list, you must enter values in the ICMPv6

Type and ICMPv6 Code fields. Otherwise, the two fields will take the default values,

which cannot be changed.

ICMPv6 Type

ICMPv6 Code

Sour

Operation These items are available only when you select 6 TCP or 17 UDP from the Protocol list.

Select the operators, and enter the source port numbers and destination port numbers,

as required.

Different operators have different configuration requirements for the port number fields:

• None—The following port number fields cannot be configured.

• inclusive range—The following port number fields must be configured to define a

port range.

• Other values—The first port number field must be configured and the second must

not.

Port

Desti

natio

Operation

Port

117BACL configuration example

263BNetwork requirements

As shown in 562HFigure 15, Host A connects to Firewall through GigabitEthernet 0/1.

Configure an ACL to do the following:

• Allow Host A to access Firewall using HTTP.