Manualshelf

R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
391392393394395396397398399400
382
Figure 194 Network diagram for source address based PBR
2. Configuration considerations
To meet these requirements, make the following configurations:
Configure node 5 of the policy to send the inbound packets matching ACL 3101 to 10.120.1.2.
Configure node 10 of the policy not to process the inbound packets matching ACL 3102.
Then packets received from GigabitEthernet 0/1 match against the if-match clauses of node 5 and node
10 in turn. If a packet matches the node specified with the permit match mode, the corresponding apply
clause is executed; if a packet matches the node specified with the deny match mode, it is not processed
by PBR.
3. Configuration procedure
a. Specify the default filtering action as denying packets to pass the firewall (omitted).
b. Defining the ACLs (omitted).
c. Configure policy aaa.
# Add node 5 to policy aaa.
Select Network > Routing Management > Policy Routing from the navigation tree to enter the
default policy configuration page. Then click Add.
Type aaa as the policy name and 5 as node index, and set the mode to permit.
Type 3101 as the number of the ACL for matching TCP packets.
Click Show Advanced.
Select 10.120.1.2 as the next hop.
Click Apply.