Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
76
7BConfiguring an interzone policy
40B
Feature and hardware compatibility
Hardware IPv6 Interzone
p
olic
y
com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
Firewall module Yes
U200-A Yes
U200-S No
41B
Overview
An interzone policy is a set of policy rules or IPv4 advanced ACLs to implement security control over
packets between a source and a destination security zone. These two zones define an interzone instance.
The interzone policy matches the first packet of a traffic flow against the rules or ACLs. If a match is found,
the device stops the match process and takes the action defined in the rule over the packet and all
subsequent packets of the flow. For more information about the interzone instance and security zone
configuration, see "Configuring security zones."
You can implement an interzone policy through directly configuring interzone policy rules or referencing
IPv4 advanced ACLs, which are mutually exclusive for the same interzone instance.
156BInterzone policy rule
When you configure an interzone policy by directly configuring policy rules for identifying traffic, you
must configure at least one rule.
306BNumbering interzone policy rules
An interzone policy can contain multiple rules. Each rule is uniquely identified by its number. The rule
number can be manually configured or automatically assigned by the system when you create the rule.
When the system automatically assigns a number to a rule, the system assigns the existing maximum rule
number in the interzone policy + 1 to the rule. If the existing maximum rule number in the interzone policy
+ 1 exceeds the upper limit (65534), the system assigns the smallest unused rule number to the rule.
307BMatch order of interzone policy rules
You can also configure interzone policies through configuring interzone policy groups. Interzone policy
groups fall into IPv4 interzone policy groups and IPv6 interzone policy groups. An IPv4 interzone policy
group references one or multiple IPv4 advanced ACLs, and an IPv6 interzone policy group references
one or multiple IPv6 advanced ACLs. The rich match criteria of ACLs greatly enhance the functions of the
interzone policy.