HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

Item Descri

tion

Source IP Address

Select the Source IP Address box, and enter a source IP address and source

wildcard, in dotted decimal notation.

Source Wildcard

Destination IP Address

Select the Destination IP Address box, and enter a destination IP address and

destination wildcard, in dotted decimal notation.

Destination Wildcard

VPN Instance

Specify the VPN.

If you select None, the rule applies to only non-VPN packets.

Protocol

Select the protocol to be carried over by IP.

If you select 1 ICMP, you can configure the ICMP message type and code.

If you select 6 TCP or 17 UDP, you can configure the TCP or UDP specific items.

ICMP Message These items are available only when you select 1 ICMP from the Protocol list.

Specify the ICMP message type and code when you select 1 ICMP from the

Protocol list.

If you select Others from the ICMP Message list, you must enter values in the

ICMP Type and ICMP Code fields. Otherwise, the two fields will take the default

values, which cannot be changed.

ICMP Type

ICMP Code

TCP Connection Established

This item is available only when you select 6 TCP from the Protocol list.

If you select this box, the rule matches packets used for establishing and

maintaining TCP connections.

A rule with this item configured matches TCP connection packets with the ACK

or RST flag.

Source

Operator

These items are available only when you select 6 TCP or 17 UDP from the

Protocol list.

Select the operators, and enter the source port numbers and destination port

numbers, as required.

Different operators have different configuration requirements for the port

number fields:

•

None—The following port number fields cannot be configured.

•

inclusive range—The following port number fields must be configured to

define a port range.

•

Other values—The first port number field must be configured and the second

must not.

Port

Destination

Operator

Port

ToS Specify the ToS preference.

If you configure the IP precedence or

ToS precedence and the DSCP

priority, the DSCP priority takes effect.

Precedence Specify the IP precedence.

DSCP Specify the DSCP priority.

Configuring an Ethernet frame header ACL rule

1. Select Firewall > ACL from the navigation tree.

2. Click the icon for an Ethernet frame header ACL to list all existing rules of the ACL.