R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Item Descri

tion

Subnet Address

Specify a subnet address resource to be added to the zone.

You can specify one subnet address resource by selecting a subnet address

resource from the drop-down list; or you can specify multiple subnet address

resources in this way: Click Multiple, select the target subnet address resource from

the Available Subnet Address list in the pop-up window, click

to add the

select subnet address resource to the Current Subnet Address list, and then click

Apply.

You can configure the available subnet address resources from Resource >

Address > IP Address. For more information, see the chapter “Address resource

configuration.”

IMPORTANT:

• One subnet address resource can be added to one zone, and each zone can

contain up to 32 subnet address resources.

• The address range in a subnet address resource added to a zone must be

continuous (for example, 4.0.0.0/0.0.0.255 is valid; while

4.0.0.0/0.255.0.255 and 4.0.0.0/255.255.0.0 are not valid).

• If a subnet address resource has been added to a zone, its address resources,

for example, 4.0.0.0/0.0.0.255 and 4.0.0.1/0.0.0.255 cannot be added to

any zone.

• If you modify a subnet address resource that has been added to a zone so that

the above conditions cannot be satisfied, the system automatically removes the

subnet address resource from the zone.

Interface

The interfaces that have been added to a zone are in the selected status, and the

interfaces that can be added but have not been added to a zone are in the

non-selected status.

VLAN

When you add Layer 2 Ethernet interfaces, you must specify the range of the

VLANs to be added to the zone. The VLANs must belong to the virtual device to

which the zone belongs and have not been added to other zones.

Return to Zone configuration task list.

Zone configuration example

Network requirements

• A company uses Firewall as the network border firewall device to connect the internal network and

the Internet and to provide WWW and FTP services to the external network. You need to perform

some basic configurations for the zones of the firewall to prepare for the configurations of the

security policies.

• The internal network is a trust network and can access the server and the external network. You can

deploy the internal network in the Trust zone with a higher priority and connect the interface

GigabitEthernet 0/0 on Firewall to the external network.

• The external network is an untrusted network, and you need to use strict security rules to control

access from the external network to the internal network and the server. You can deploy the external

network in the Untrust zone with a lower priority and connect the interface GigabitEthernet 0/2 on

Firewall to the external network.