Manualshelf

R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
41424344454647484950
44
Table 21 Interzone policy configuration task list
Task Remarks
Configuring an interzone policy
rule
Required
Create rules for the interzone policy and configure the match criteria and
filter action.
By default, no interzone policy rules are present in the system.
Inserting an Interzone Policy
Rule
Optional
Insert a rule before a specified interzone policy rule for the same zone pair
so that the inserted one is listed before the specified one.
In the interzone policy rule list, click the icon of a rule to enter the page
for configuring an interzone policy rule. For more information about the
configuration items, see Table 22.
Replicating an Interzone Policy
Rule
Optional
Create an interzone policy rule by replicating the settings of an existing ACL
rule.
In the interzone policy rule list, click the icon of an ACL rule to enter the
page for creating an interzone policy rule based on the existing one. The
new rule takes the settings of the existing one as its default settings. You can
make changes as desired. For more information about the configuration
items, see Table 22.
Changing the priority of a rule
Optional
Adjust the priorities (the match order) of the rules for a pair of source zone
and destination zone. The operation is to adjust the order of the rules in the
list.
Configuring ACL acceleration
Optional
Disabled by default
Necessary only when the ACL contains a large number of interzone policy
rules.
IMPORTANT:
A policy using the source MAC address and destination MAC address
for the match criteria does not support ACL acceleration.
If you enable ACL acceleration for an interzone policy and then modify
the policy, the ACL acceleration feature still matches packets based on
the original configurations. Therefore, HP does not recommend you
modify an interzone policy after enabling ACL acceleration for it.
Displaying packet statistics of an
interzone policy
Optional
Display the packet statistics of an interzone policy for a pair of source and
destination zones.
You can also export and import configurations of address resources, service resources, and interzone
policies. For more information, see Exporting and Importing Configuration.