HP VPN Firewall Appliances Access Control Configuration Guide
4
Configuration guidelines
When you configure an ACL, follow these guidelines:
• You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
• You can only modify the existing rules of an ACL that uses the rule order of config. When you
modify a rule of such an ACL, you may choose to change just some of the settings, in which case
the other settings remain the same.
Configuring the ACL in the Web interface
Recommended IPv4 basic ACL configuration procedure
IPv4 basic ACLs match packets based only on source IP addresses.
Complete the following tasks to configure an IPv4 basic ACL:
Task Remarks
1. Create an IPv4 basic ACL.
Required.
For more information, see "Creating an ACL".
2. Configuring an IPv4 basic ACL rule.
Required.
Recommended IPv4 advanced ACL configuration procedure
IPv4 advanced ACLs match packets based on source IP addresses, destination IP addresses, packet
priorities, protocol numbers, and other protocol header information, such as TCP/UDP source and
destination port numbers, TCP flags, ICMP message types, and ICMP message codes.
Compared to IPv4 basic ACLs, IPv4 advanced ACLs allow more flexible and accurate filtering.
Complete the following tasks to configure an IPv4 advanced ACL:
Task Remarks
1. Create an IPv4 advanced ACL.
Required.
For more information, see "Creating an ACL".
2. Configuring an IPv4 advanced ACL rule.
Required.
Recommended Ethernet frame header ACL configuration
procedure
Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol
header fields, such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type.