R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101
ii
Exporting and importing configuration ··············································································································· 51
Configuring service resources ··································································································································· 53
Overview ········································································································································································· 53
Configuring a service resource ····································································································································· 53
Displaying default service resources ··················································································································· 53
Configuring a customized service resource········································································································ 54
Configuring a service group resource ················································································································ 56
Exporting and importing configuration ··············································································································· 57
Configuring time range resources ····························································································································· 59
Overview ········································································································································································· 59
Configuring a time range resource in the Web interface ························································································· 59
Configuring a time range at the CLI ···························································································································· 60
Configuration guidelines ··············································································································································· 61
Interzone policy configuration ·································································································································· 62
Interzone policy overview ············································································································································· 62
Configuring an interzone policy ··································································································································· 63
Configuration task list ··········································································································································· 63
Configuring an interzone policy rule ·················································································································· 63
Configuring an interzone policy group ·············································································································· 68
Displaying packet statistics of an interzone policy ···························································································· 69
Querying policies by IP address ·························································································································· 70
Interzone policy configuration examples ············································································································ 70
Firewall policy configuration wizard ··························································································································· 77
Overview ································································································································································ 77
Configuring a firewall policy ······························································································································· 77
Managing sessions ···················································································································································· 84
Overview ········································································································································································· 84
Session management principle ···························································································································· 84
Session management implementation ················································································································· 84
Configuring session management in the web interface ····························································································· 85
Configuration task list ··········································································································································· 85
Configuring basic session management settings ······························································································· 86
Displaying session table information ··················································································································· 89
Displaying global session statistics ······················································································································ 90
Enabling and disabling session statistics collection ··························································································· 92
Displaying session statistics per IP address ········································································································ 93
Displaying session statistics based on security zone ························································································· 94
Configuring session management at the CLI ··············································································································· 95
Setting session aging times based on protocol states ······················································································· 95
Configuring session aging timers based on application layer protocol types ··············································· 96
Enabling checksum verification ···························································································································· 96
Specifying the persistent session rule ·················································································································· 96
Clearing sessions ··················································································································································· 97
Displaying and maintaining session management ···························································································· 97
Configuration guidelines ··············································································································································· 98
Configuring virtual fragment reassembly ················································································································· 99
Overview ········································································································································································· 99
Configuring virtual fragment reassembly ····················································································································· 99
Virtual fragment reassembly configuration example ································································································ 100
Configuration guidelines ············································································································································· 102