F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

133BConfiguring a security zone

To configure a security zone for a VD, create the VD first. For more information about VD, see System

Management and Maintenance Configuration Guide.

134BCreating a security zone

When creating a security zone, you must specify a security zone name and a security zone ID that are

respectively unique on the device. To enter the view of an existing security zone, you can specify the

security zone name, or specify both the security zone name and security zone ID. If you specify both the

security zone name and security zone ID, make sure the two arguments identify the same security zone.

A security zone created in system view belongs to the default VD, and a security zone created in VD

system view belongs to the non-default VD.

To create a security zone:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter VD system

view.

switchto vd vd-name

Required if you want to create a security zone for

a non-default VD.

3. Create a security

zone and enter

security zone view.

zone name zone-name [ id

zone-id ]

Optional.

By default, a non-default VD has no security zones,

and the default VD has five security zones:

Management (ID = 0), Local (ID = 1), Trust (ID = 2),

DMZ (ID = 3), and Untrust (ID = 4).

135BSetting the priority of a security zone

The priority of a security zone indicates the security zone's security level. The greater the priority (the

highest is 100), the higher the security level. Packets that match no interzone policies are allowed to travel

from a higher priority zone (except the management zone) to a lower priority zone, or between two

zones of the same priority, but are forbidden to travel from a lower priority zone to a higher priority zone.

To set the priority of a security zone:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter VD system view.

switchto vd vd-name Required for a security zone of a non-default VD.

3. Enter security zone

view.

zone name zone-name [ id

zone-id ]

N/A

4. Set the priority of the

security zone.

priority priority-value

By default, the priority of a user-defined security

zone is 1, and the priorities of system-predefined

security zones are: 100 for Management, 100 for

Local, 85 for Trust, 50 for DMZ, and 5 for Untrust.