R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Item Descri

tion

Time Range

Select a time range for the rule.

If you select None, the rule will always be effective.

Available time ranges are configured by selecting Security > Time Range from

the navigation tree.

Non-first Fragments Only

Select this check box to apply the rule to only non-first fragments. If you do no

select this check box, the rule applies to all fragments and non-fragments.

Logging

Select this check box to log matching IPv4 packets.

A log entry contains the ACL rule number, action on the matching packets,

protocol over the IP, source/destination address, source/destination port

number, and number of matching packets.

Source IP Address

Select the Source IP Address check box and type a source IP address and source

wildcard, in dotted decimal notation.

Source Wildcard

Destination IP Address

Select the Destination IP Address check box and type a destination IP address

and destination wildcard, in dotted decimal notation.

Destination Wildcard

VPN Instance

Specify the VPN.

If you select None, the rule applies to only non-VPN packets.

The LB module does not support this configuration item.

Protocol

Select the protocol to be carried over by IP.

If you select 1 ICMP, you can configure the ICMP message type and code. If you

select 6 TCP or 17 UDP, you can configure the TCP or UDP specific items.

ICMP Message Specify the ICMP message type and code.

These items are available only when you select 1 ICMP from the Protocol

drop-down box.

If you select Others from the ICMP Message drop-down box, you need to type

values in the ICMP Type and ICMP Code fields. Otherwise, the two fields take the

default values, which cannot be changed.

ICMP Type

ICMP Code

TCP Connection Established

If you select this check box, the rule matches packets used for establishing and

maintaining TCP connections.

This item is available only when you select 6 TCP from the Protocol drop-down

box.

A rule with this item configured matches TCP connection packets with the ACK

or RST flag.

Source

Operator

Select the operators and type the source port numbers and destination port

numbers as required.

These items are available only when you select 6 TCP or 17 UDP from the

Protocol drop-down box.

Different operators have different configuration requirements for the port

number fields:

• None: The following port number fields cannot be configured.

• inclusive range: The following port number fields must be configured to

define a port range.

• Other values: The first port number field must be configured and the second

must not.

Port

Destination

Operator

Port