Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
121122123124125126127128129130
116
# Create an FTP filtering policy ftp_policy1 and enter its view.
[Firewall] content-filtering ftp-policy ftp_policy1
# Specify the filename filtering entry file2 for FTP upload filename filtering.
[Firewall-contflt-ftp-policy-ftp_policy] upload-filename-filtering filename-entry
file2
[Firewall-contflt-ftp-policy-ftp_policy] quit
# Create a Telnet filtering policy telnet_policy1 and enter its view.
[Firewall] content-filtering telnet-policy telnet_policy1
# Specify the keyword filtering entry kwd2 for Telnet command word filtering.
[Firewall-contflt-telnet-policy-telnet_policy1] command-filtering keyword-entry
kwd2
[Firewall-contflt-telnet-policy-telnet_policy1] quit
4. Configure content filtering policy templates:
# Create a content filtering policy template template1 and enter its view.
[Firewall] content-filtering policy-template template1
# Apply the filtering policies http_policy1, smtp_policy1, ftp_policy1, and telnet_policy1 to the
policy template template1.
[Firewall-contflt-policy-template-template1] http-policy http_policy1
[Firewall-contflt-policy-template-template1] smtp-policy smtp_policy1
[Firewall-contflt-policy-template-template1] ftp-policy ftp_policy1
[Firewall-contflt-policy-template-template1] telnet-policy telnet_policy1
[Firewall-contflt-policy-template-template1] quit
# Create a policy template template2 and enter its view.
[Firewall] content-filtering policy-template template2
# Apply the filtering policies http_policy2, smtp_policy1, ftp_policy1, and telnet_policy1 to the
policy template template2.
[Firewall-contflt-policy-template-template2] http-policy http_policy2
[Firewall-contflt-policy-template-template2] smtp-policy smtp_policy1
[Firewall-contflt-policy-template-template2] ftp-policy ftp_policy1
[Firewall-contflt-policy-template-template2] telnet-policy telnet_policy1
[Firewall-contflt-policy-template-template2] quit
5. Configure an interzone policy that uses the content filtering policy templates:
# Create a subnet object private and specify its subnet 192.168.1.0/24.
[Firewall] object network subnet private
[Firewall-object-network-private] subnet 192.168.1.0 0.0.0.255
[Firewall-object-network-private] quit
# Create an IP address object webserver and specify its IP address 5.5.5.5.
[Firewall] object network host webserver
[Firewall-object-network-webserver] host address 5.5.5.5
[Firewall-object-network-webserver] quit
# Configure an interzone instance for traffic from the Trust zone to the Untrust zone.
[Firewall] interzone source Trust destination Untrust
# Configure an interzone policy rule that uses the content filtering policy template 1 without java
Applet blocking enabled to filter HTTP packets from subnet 192.168.1.0/24 to the web server
5.5.5.5.
[Firewall-interzone-Trust-Untrust] rule permit content-filter template1