HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

101

102

103

104

105

106

107

108

109

110

[Firewall-object-network-president] quit

# Create a subnet address object named finance, and add subnet IP address 192.168.2.0/24 to

the object.

[Firewall] object network subnet finance

[Firewall-object-network-finance] subnet 192.168.2.0 0.0.0.255

[Firewall-object-network-finance] quit

# Create a subnet address object named market, and add subnet IP address 192.168.3.0/24 to

the object.

[Firewall] object network subnet market

[Firewall-object-network-market] subnet 192.168.3.0 0.0.0.255

[Firewall-object-network-market] quit

# Create a subnet address object named database, and add subnet IP address 192.168.0.0/24

to the object.

[Firewall] object network subnet database

[Firewall-object-network-database] subnet 192.168.0.0 0.0.0.255

[Firewall-object-network-database] quit

# Create a service object named web, and add the HTTP protocol (whose protocol number is 80)

to the object.

[Firewall] object service web

[Firewall-obj-service-web] service 80

[Firewall-obj-service-web] quit

4. Configure interzone policy rules:

# Create an interzone instance from source zone president to destination zone database,

configure a rule to permit the access from the president office to the financial database server

through HTTP at any time, and enable the rule.

[Firewall] interzone source president destination database

[Firewall-interzone-president-database] rule permit

[Firewall-interzone-president-database-rule-0] source-ip president

[Firewall-interzone-president-database-rule-0] destination-ip database

[Firewall-interzone-president-database-rule-0] service web

[Firewall-interzone-president-database-rule-0] rule enable

[Firewall-interzone-president-database-rule-0] quit

[Firewall-interzone-president-database] quit

# Create an interzone instance from source zone finance to destination zone database, configure

a rule to permit access from the financial department to the financial database server through HTTP

only during working hours, and enable the rule.

[Firewall] interzone source finance destination database

[Firewall-interzone-finance-database] rule permit time-range work

[Firewall-interzone-finance-database-rule-0] source-ip finance

[Firewall-interzone-finance-database-rule-0] destination-ip database

[Firewall-interzone-finance-database-rule-0] service web

[Firewall-interzone-finance-database-rule-0] rule enable

[Firewall-interzone-finance-database-rule-0] quit

[Firewall-interzone-finance-database] rule deny

[Firewall-interzone-finance-database-rule-1] source-ip finance

[Firewall-interzone-finance-database-rule-1] destination-ip database

[Firewall-interzone-finance-database-rule-1] service web