Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
121122123124125126127128129130
125
223BNetwork requirements
As shown in 429HFigure 106, configure strict URPF check for zoneB on Device B to permit packets from
n e t w o r k 10 .1.1. 0 / 24 .
Enable strict URPF check for zoneA on Device A and allow using the default route for URPF check.
Figure 106 Network diagram
224BConfiguration procedure
1. Assign IP addresses for interfaces and add them into security zones. (Details not shown.)
2. Configure Device B:
# Define ACL 2010 to permit traffic from network 10.1.1.0/24 to pass.
<DeviceB> system-view
[DeviceB] acl number 2010
[DeviceB-acl-basic-2010] rule permit source 10.1.1.0 0.0.0.255
[DeviceB-acl-basic-2010] quit
# Enable strict URPF check for security zone zoneB.
[DeviceB] zone name zoneB
[DeviceB-zone-zoneB] ip urpf strict acl 2010
3. Configure Device A:
# Enable strict URPF check for security zone zone A and allow use of the default route for URPF
check.
[DeviceA] zone name zoneA
[DeviceA-zone-zoneA] ip urpf strict allow-default-route