F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

501

502

503

504

505

506

507

508

509

510

Table Of Contents

477

static: Filters static routes.

The following matrix shows the values for the isis process-id option on different firewalls and UTM

devices:

Hardware O

tion com

atible

F1000-A-EI/F1000-S-EI No

F1000-E No

F5000 Yes

Firewall module No

U200-A No

U200-S No

Usage guidelines

If no routing protocol is specified, all outgoing routes are filtered.

To reference an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL

in one of the following ways:

• To deny/permit a route with the specified destination, use rule [ rule-id ] { deny | permit } ip source

sour-addr sour-wildcard.

• To deny/permit a route with the specified destination and mask, use rule [ rule-id ] { deny | permit }

ip source sour-addr sour-wildcard destination dest-addr dest-wildcard.

The source keyword specifies the destination address of a route, and the destination keyword specifies

the subnet mask of the route. (The subnet mask must be valid; otherwise, the configuration is ineffective.)

Examples

# In BGP view, reference ACL 2000 to filter all outgoing routes.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp] filter-policy 2000 export

# In BGP-VPN instance view, reference ACL 2000 to filter all outgoing routes. (The VPN has been

created.)

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp] ipv4-family vpn-instance vpn1

[Sysname-bgp-ipv4-vpn1] filter-policy 2000 export

# Configure ACL 3000 to permit only route 113.0.0.0/16 to pass, and reference ACL 3000 to filter

outgoing routes.

<Sysname> system-view

[Sysname] acl number 3000

[Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.0 0

[Sysname-acl-adv-3000] rule 100 deny ip

[Sysname-acl-adv-3000] quit

[Sysname] bgp 100

[Sysname-bgp] filter-policy 3000 export