R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101
ii
Configuring a service resource ····································································································································· 34
Displaying default service resources ··················································································································· 34
Configuring a customized service resource········································································································ 35
Configuring a service group resource ················································································································ 37
Exporting and importing configuration ··············································································································· 38
Time range resource configuration ··························································································································· 40
Configuring a time range resource in the web interface ··························································································· 40
Configuring and display a time range resource at the CLI ······················································································· 41
Configuration guidelines ··············································································································································· 42
Interzone policy configuration ·································································································································· 43
Interzone policy overview ············································································································································· 43
Configuring an interzone policy ··································································································································· 43
Configuration task list ··········································································································································· 43
Configuring an interzone policy rule ·················································································································· 45
Exporting and Importing Configuration ·············································································································· 47
Changing the priority of a rule ···························································································································· 48
Configuring ACL acceleration ······························································································································ 48
Displaying packet statistics of an interzone policy ···························································································· 49
Interzone policy configuration example ······················································································································ 49
Firewall policy configuration wizard ··························································································································· 51
Overview ································································································································································ 51
Configuring a firewall policy ······························································································································· 51
Session management ················································································································································· 58
Session management overview ···································································································································· 58
Session management principle ···························································································································· 58
Session management implementation ················································································································· 58
Configuring session management in the web interface ····························································································· 59
Configuration task list ··········································································································································· 59
Configuring basic session management settings ······························································································· 60
Displaying session table information ··················································································································· 63
Displaying global session statistics ······················································································································ 64
Enabling/disabling session statistics collection ································································································· 66
Displaying session statistics per IP address ········································································································ 67
Displaying session statistics based on security zone ························································································· 68
Configuring session management in the CLI ··············································································································· 69
Session management configuration task list ······································································································· 69
Setting session aging times based on protocol state ························································································· 69
Configuring session aging times based on application layer protocol type ·················································· 70
Enabling checksum verification ···························································································································· 71
Specifying the persistent session rule ·················································································································· 71
Clearing sessions manually ·································································································································· 72
Configuring session log export ···························································································································· 72
Displaying and maintaining session management ···························································································· 72
Configuration guidelines ··············································································································································· 73
Virtual fragment reassembly ······································································································································ 74
Virtual fragment reassembly overview ························································································································· 74
Configuring virtual fragment reassembly ····················································································································· 74
Virtual fragment reassembly configuration example ·································································································· 75
Configuration guidelines ··············································································································································· 77
ASPF configuration ····················································································································································· 78
ASPF policy overview ···················································································································································· 78
Configuring ASPF ··························································································································································· 78