R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101
378
• permit: Specifies the match mode of a policy node as permit. If a packet satisfies all the if-match
clauses on the policy node, the apply clause is executed. If not, the packet will go to the next policy
node.
• deny: Specifies the match mode of a policy node as deny. When a packet satisfies all the if-match
clauses on the policy node, the packet will be rejected and will not go to the next policy node.
A packet satisfying the match criteria on a node will not go to other nodes. If the packet does not satisfy
the match criteria of any node of the policy, the packet cannot pass the policy and will be forwarded
through the routing table.
PBR classification
PBR involves local PBR and interface PBR.
• Local PBR applies to locally generated packets only.
• Interface PBR applies to packets forwarded through the interface only.
To meet general forwarding and security requirements, interface PBR is used in most cases.
Configuring PBR in the web interface
Complete these tasks to configure PBR:
Task Remarks
Creating a policy
Required
Create a policy and configure the policy node.
By default, no policy or policy node is created.
Applying a policy
Enabling
local PBR
Optional
Only one policy can be referenced when local PBR is enabled.
Local PBR is not configured by default.
IMPORTANT:
Unless otherwise required, HP does not recommend enabling local
PBR.
Enabling
interface PBR
Required
Only one policy can be referenced when PBR is enabled on an
interface.
Interface PBR is not configured by default.
Creating a policy
Select Network > Routing Management > Policy Routing from the navigation tree to enter the default
policy configuration page, as shown in Figure 190. C
lick Add to enter the policy configuration page, as
shown in Figure 191.