R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Item Descri

tion

Source IP Address

Select the Source IP Address check box and type a source IP address and

source wildcard, in dotted decimal notation.

Source Wildcard

Destination IP Address

Select the Destination IP Address check box and type a destination IP

address and destination wildcard, in dotted decimal notation.

Destination Wildcard

VPN Instance

Specify the VPN instance.

If you select None, the rule applies to only non-VPN packets.

Protocol

Select the protocol to be carried over IP.

If you select 1 ICMP, you can configure the ICMP message type and code;

if you select 6 TCP or 17 UDP, you can configure the TCP or UDP specific

items.

ICMP Message

Specify the ICMP message type and code.

These items are available only when you select 1 ICMP from the Protocol

drop-down box.

If you select Others from the ICMP Message drop-down box, type values

in the ICMP Type and ICMP Code fields. Otherwise, the two fields will take

the default values, which cannot be changed.

ICMP Type

ICMP Code

TCP Connection Established

If you select this check box, the rule matches packets used for establishing

and maintaining TCP connections.

This item is available only when you select 6 TCP from the Protocol

drop-down box.

On a firewall, a rule with this item configured matches TCP connection

packets with the ACK or RST flag.

Source

Operator

Select the operators and type the source port numbers and destination

port numbers as required.

These items are available only when you select 6 TCP or 17 UDP from the

Protocol drop-down box.

Different operators have different configuration requirements for the port

number fields:

•

None—The following port number fields cannot be configured.

•

inclusive range—The following port number fields must be configured

to define a port range.

•

Other values—The first port number field must be configured and the

second must not.

Port

Destination

Operator

Port

ToS Specify the ToS preference.

IMPORTANT:

If you configure the IP precedence

or ToS precedence in addition to

the DSCP priority, the DSCP

priority takes effect.

Precedence Specify the IP precedence.

DSCP Specify the DSCP priority.

Return to ACL configuration task list.

Configuring an Ethernet frame header ACL rule

Select Firewall > ACL from the navigation tree. Then, select the Ethernet frame header ACL for which you

want to configure ACL rules from the ACL list in the right pane and click the corresponding icon in the