HP VPN Firewall Appliances Access Control Configuration Guide

Table 3 Configuration items

Item Descri

tion

Rule ID

Select the Rule ID box, and enter a number for the rule.

If you do not specify a rule number, the system automatically assigns one to the rule.

If the rule already exists, the configuration overwrites the old rule.

Operation

Select the operation to be performed for packets matching the rule:

•

Permit—Allows matching packets to pass.

•

Deny—Denies matching packets.

Time Range

Select a time range for the rule.

If you select None, the rule is always effective.

Available time ranges are configured by selecting Resource > Time Range from the

navigation tree.

Non-first Fragments

Only

Select this box to apply the rule to only non-first fragments. If you do not select this box,

the rule applies to all packets (including non-fragment packets and each fragment).

Selecting this box improves the ACL rule matching efficiency.

Logging

Select this box to log matching packets.

A log entry contains the ACL rule number, action on the matching packets, protocol that

IP carries, source/destination address, source/destination port number, and number of

matching packets.

Source IP Address

Select the Source IP Address box, and enter a source IP address and source wildcard,

in dotted decimal notation.

Source Wildcard

VPN Instance

Select a VPN.

If you select None, the rule applies to only non-VPN packets.

Configuring an IPv4 advanced ACL rule

1. Select Firewall > ACL from the navigation tree.

2. Click the icon for an IPv4 advanced ACL to list all existing rules of the ACL.

Figure 5 List of IPv4 advanced ACL rules

3. Click Add to enter the IPv4 advanced ACL rule configuration page.