R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
19
• If the default route is available but the allow-default-route option is not selected, the packet is
rejected no matter which check approach is taken.
• If the default route is available and the allow-default-route option is selected, URPF operates
depending on the check approach. In strict approach, URPF lets the packet pass if the outgoing
interface of the default route is the receiving interface, and otherwise rejects it. In loose approach,
URPF lets the packet pass directly.
If ACL check is configured, a packet failed to pass URPF check will be filtered by the specified ACL. If the
packet passes the ACL, it is forwarded normally; otherwise, it is discarded.
Configuring URPF
Select Intrusion Detection > URPF Check from the navigation tree to enter the URPF check configuration
page, as shown in Figure 16. On this page, selec
t a security zone to view and configure URPF check
settings for the security zone.
Figure 16 URPF check configuration page
Table 11 URPF check configuration items
Item Descri
p
tion
Security Zone Security zone where the URPF check is to be configured.
Enable URPF
Enable/disable URPF check.
If this checkbox is not selected, URPF check is disabled and the following parameters
are not configurable.
By default, URPF check is disabled.
Allow Default Route Allow using the default route for URPF check.
ACL Reference an ACL.
Type of Check Set the URPF check type, Strict or Loose.