F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
25
Hardware ACL
acceleration com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
Firewall module Yes
U200-A No
U200-S No
CAUTION:
• ACL acceleration is not available for ACLs that contain a non-contiguous wildcard mask.
• After you modify an ACL with ACL acceleration enabled, disable and re-enable ACL acceleration to
ensure correct rule matching.
ACL acceleration speeds up ACL lookup. The acceleration effect increases with the number of ACL rules.
ACL acceleration uses memory. To achieve the best trade-off between memory and ACL processing
performance, HP recommends enabling ACL acceleration for large ACLs, for example, ACLs containing
more than 50 rules.
For example, when you use a large ACL for a session-based service, such as NAT or ASPF, you can
enable ACL acceleration to avoid session timeouts caused by ACL processing delays.
Enable ACL acceleration in an ACL after you have finished editing ACL rules. ACL acceleration always
uses ACL criteria that have been set before it is enabled for rule matching. It does not synchronize with
any subsequent match criterion changes.
To enable ACL acceleration for an IPv4 basic or IPv4 advanced ACL:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable ACL
acceleration for an
IPv4 basic or IPv4
advanced ACL.
acl accelerate number
acl-number
By default, the function is disabled.
The ACL must exist.
Only IPv4 basic ACLs and advanced ACLs support
ACL acceleration.
124BDisplaying and maintaining ACLs
Task Command
Remarks
Display configuration and match
statistics for IPv4 basic, IPv4
advanced, and Ethernet frame
header ACLs.
display acl { acl-number | all | name
acl-name } [ | { begin | exclude | include }
regular-expression ]
Available in any view.