Manualshelf

HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
101102103104105106107108109110
94
Enabling an interzone policy rule
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VD system view.
switchto vd vd-name Required for a VD.
3. Enter interzone instance
view.
interzone source source-zone-name
destination destination-zone-name
N/A
4. Enter interzone policy
rule view.
rule [ rule-id ] { deny | permit }
[ content-filter policy-template-name |
logging | time-range time-range-name ] *
N/A
5. Enable the interzone
policy rule.
rule enable
By default, an interzone policy
rule is disabled.
Enabling interzone policy acceleration
Interzone policy acceleration speeds up policy lookup. The acceleration effect increases with the number
of interzone policy rules.
For example, when you use a large interzone policy for a session-based service, such as NAT or ASPF,
you can enable interzone policy acceleration to avoid session timeouts caused by interzone policy
processing delays.
To enable interzone policy acceleration:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VD system view.
switchto vd vd-name Required for a VD.
3. Enter interzone instance
view.
interzone source source-zone-name
destination destination-zone-name
N/A
4. Enable interzone policy
acceleration.
rule accelerate
By default, interzone policy
acceleration is disabled.
Moving an interzone policy rule
The rules in an interzone policy are matched in the order that they are displayed in the output from the
display this command in interzone instance view. To flexibly adjust the match order of rules, you can
move an interzone policy rule as needed.
This feature is supported on the Web interface and is not supported at the CLI.
To move an interzone policy rule:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VD system view.
switchto vd vd-name Required for a VD.
3. Enter interzone instance view.
interzone source source-zone-name
destination destination-zone-name
N/A
4. Move an interzone policy
rule.
move rule rule-id before insert-rule-id N/A