R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101
43
Interzone policy configuration
NOTE:
The firewalls support interzone policy configuration only in web interface.
Interzone policy overview
Interzone policies, based on ACLs, are used for identification of traffic between zones. An interzone
policy references one ACL for a pair of source zone and destination zone. This ACL contains a group of
ACL rules, each of which permits or denies packets matching the match criteria.
Interzone policies can reference address resources and service resources to define the packet match
criteria and reference time range resources to specify the effective time ranges of the rules.
As shown in Figure 39, the r
ules for a pair of source zone and destination zone are listed in match order.
A rule listed earlier has a higher priority and is matched earlier.
By default, the rules are matched in the order they are created.
NOTE:
The number of an ACL referenced in an interzone policy is assigned automatically by the system. When
you create the first rule for two zones, the system will automatically create an ACL for interzone policy and
assign it an ACL number that is one more than the last assigned ACL number, startin
g
from 6000. If you
remove all rules of the interzone policy, the system will automatically remove the ACL.
Interzone policies support the ACL acceleration feature, which can speed the matching process of the last
rule of an ACL with a large number of rules, improving the forwarding performance and connection
setup performance of the device
Configuring an interzone policy
Configuration task list
NOTE:
Before configuring an Interzone policy, be sure to configure the zones. For more information, see the
chapter "Zone configuration."
Perform the tasks in Table 21 to configure an interzone policy.