Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
77
When an interzone policy references multiple ACLs, packets of the interzone instance are matched
against the ACLs in the order that the ACLs are displayed.
In the Web interface, the ACL first displayed is first matched. Generally, ACLs are displayed in the
order they are configured, and the first configured ACLs are displayed first.
At the CLI, ACLs are matched in the order that they are displayed in the output of the display this
command in interzone instance view.
157BInterzone policy group
To implement interzone policy group configuration, reference one or more existing IPv4 advanced ACLs
in the policy. The rich match criteria of IPv4 advanced ACLs dramatically enhance the functions of the
interzone policy.
In the Web interface, the ACL first displayed is first matched. ACLs are displayed in the order they
are added, and the first added ACLs are displayed first.
At the CLI, ACLs are matched in the order that they are displayed in the output of the display this
command in interzone instance view.
For information about advanced IPv4 ACLs, see "Configuring ACLs."
42B
Configuring the interzone policy rules in the Web
interface
158BConfiguring an interzone policy rule
Before configuring an interzone policy rule, complete the following tasks:
Create security zones to which you will apply an interzone policy (see "Configuring security
zones").
Configure IP address resources and MAC address resources (see "Configuring address resources").
Configure service resources (see "Configuring service resources").
Configure time ranges (see "Configuring time range resources").
Configure content filtering templates (see Attack Protection Configuration Guide).
Complete the following tasks to configure interzone policy rules:
Ste
p
Remarks
1. 607HCreating an interzone policy rule
Required.
By default, no interzone policy rules are present in the system.
2. 608HInserting an interzone policy rule
Optional.
3. 609HReplicating an interzone policy rule
Optional.
4. 610HChanging the priority of a rule Optional.
5. 611HQuerying policies by IP address
Optional.
Query interzone policies by source or destination IP address.
Interzone policy groups do not support query by IP address.