HP VPN Firewall Appliances Access Control Configuration Guide
99
[Firewall-interzone-finance-database-rule-1] rule enable
[Firewall-interzone-finance-database-rule-1] quit
[Firewall-interzone-finance-database] quit
# Create an interzone instance from source zone market to destination zone database, configure
a rule to deny access from the marketing department to the financial database server through HTTP
at any time, and enable the rule.
[Firewall] interzone source market destination database
[Firewall-interzone-market-database] rule deny
[Firewall-interzone-market-database-rule-0] source-ip market
[Firewall-interzone-market-database-rule-0] destination-ip database
[Firewall-interzone-market-database-rule-0] service web
[Firewall-interzone-market-database-rule-0] rule enable
Verifying the configuration
After the configuration is complete, verify the configuration by accessing the Web service of the financial
database server through the browser of a PC in each department.
Interzone policy group configuration example
Network requirements
A company interconnects its departments through Firewall.
Configure the interzone policy group to permit the president office to access the financial database
server at any time, permit the financial department to access the financial database server only during
working hours (from 8:00 to 18:00) on working days, and deny any other department to access the
financial database server at any time.
Figure 84 Network diagram
Configuration procedure
1. Create a time range named work to cover 8:00 to 18:00 on working days.
<Firewall> system-view
[Firewall] time-range work 8:0 to 18:0 working-day