HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

131

132

133

134

135

136

137

138

139

140

2-57

Managing TMS zl Firewalls

Configuring Firewalls

b. Use the Action drop-down list to select whether traffic between the

selected zones is permitted or denied.

c. Use the From drop-down list to select the source zone of packets that

will be governed by the policy. The policy will be applied only to

packets containing both the source and destination zones.

d. Use the To drop-down list to select the destination zone of traffic that

will be governed by the policy. The policy will be applied only to

packets containing both the source and destination zones.

e. To apply the policy to traffic based on the service (its default port)

identified in packets, use the Service drop-down list to select the

service. Select Any Service if you do not want to select packets based

on the service it uses.

f. Optionally, further describe the service:

– Select Enter Custom Protocol/Port from the Service Options drop-

down list.

– Select the service from the left Service drop-down list.

– To the right of the selected service, type the beginning and ending

ports on the selected device that will be used for the service. To

enter a single port, type the port number in both the beginning

and ending fields.

g. To apply the policy to traffic based on the source IP address identified

in packets, select Enter IP, IP/mask, or IP-Range from the Source Options

drop-down list and type the pre-configured address object, IP address

or range in the Source field.

Use a hyphen to separate the beginning and ending IP addresses in a

range. Multiple non-sequential IP addresses are not allowed.

Use the IP/Mask field to specify an IP subnet (e.g., 1.1.1.0/24, 1.1.1.0/

255.255.255.0)

h. To apply the policy to traffic based on the destination IP address

identified in packets, select Enter IP, IP/mask, or IP-Range from the

Destination Options drop-down list and type the IP address or range in

the Destination field.

Use a hyphen to separate the beginning and ending IP addresses in a

range. Multiple non-sequential IP addresses are not allowed.

Use the IP/Mask field to specify an IP subnet (e.g., 1.1.1.0/24, 1.1.1.0/

255.255.255.0)

i. Optionally, in the Source Ports fields, type the port or port range to

include along with the source address or IP configuration.

The asterisk indicates that this is an optional field.

j. To start enforcing the policy, check the Enable this Policy check box.