HP VPN Firewall Appliances Access Control Configuration Guide
93
Ste
p
Command
Remarks
4. Enter interzone policy
rule view.
rule [ rule-id ] { deny | permit }
[ content-filter policy-template-name
| logging | time-range
time-range-name ] *
N/A
5. Reference a source IP
object in the interzone
policy rule.
source-ip sour-ip-obj-name
By default, no source IP object is
referenced in an interzone policy rule.
NOTE:
The source IP object can be
any_address.
6. Reference a
destination IP object in
the interzone policy
rule.
destination-ip dest-ip-obj-name
By default, no destination IP object is
referenced in an interzone policy rule.
NOTE:
The destination IP object can be
any_address.
7. Reference a service
object in the interzone
policy rule.
service service-obj-name
By default, no service object is
referenced in an interzone policy rule.
NOTE:
The service object can be any_service.
8. Reference a source
MAC object in the
interzone policy rule.
source-mac sour-mac-obj-name
Optional.
By default, no source MAC object is
referenced in an interzone policy rule.
NOTE:
The source MAC object can be
any_mac.
9. Reference a
destination MAC
object in the interzone
policy rule.
destination-mac dest-mac-obj-name
Optional.
By default, no destination MAC object is
referenced in an interzone policy rule.
NOTE:
The destination MAC object can be
any_mac.
The following matrix shows the referencing a source/destination MAC object feature and hardware
compatibility:
Hardware Com
p
atibilit
y
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
F5000-S/F5000-C Yes
VPN firewall modules Yes
20-Gbps VPN firewall modules No