Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
121122123124125126127128129130
122
220BNetwork requirements
As shown in 424HFigure 101, Device A (CE) directly connects to Device B (PE). Enable strict URPF check in
Zone B of Device B to allow packets whose source addresses match ACL 2010 to pass. Enable strict URPF
check in Zone A of Device A and allow use of the default route for URPF check.
Figure 101 Network diagram
221BConfiguring Device B
1. Configure the interface IP addresses and security zones they belong to. (Details not shown.)
2. Define ACL 2010 to permit traffic from network 10.1.1.0/24 to pass.
a. From the navigation tree, select Firewall > ACL.
b. Click Add.
c. Enter 2010 in ACL Number as shown in 425HFigure 102.
d. Click Apply.
Figure 102 Defining ACL 2010
e. Click corresponding to ACL 2010.
The ACL 2010 rule page appears.
f. Click Add.
The page ACL configuration page appears, as shown in
426HFigure 103.
g. Select Permit in Operation.
h. Select the Source IP Address box, and type 10.1.1.0 in the field.
i. Enter 0.0.0.255 in Source Wildcard.
j. Click Apply.