HP VPN Firewall Appliances Access Control Configuration Guide

Task Command

Remarks

Clear statistics for one or all IPv4

basic, IPv4 advanced, and

Ethernet frame header ACLs.

reset acl counter { acl-number | all | name

acl-name }

Available in user view.

Clear statistics for one or all IPv6

basic and advanced ACLs.

reset acl ipv6 counter { acl6-number | all |

name acl6-name }

Available in user view.

IPv4 ACL configuration example

IPv4 ACLs are usually used together with NAT. For IPv4 configuration examples, see NAT and ALG

Configuration Guide.

IPv6 advanced ACL configuration example

Network requirements

A company interconnects its departments through a firewall. Configure an ACL to do the following:

• Permit access from the President's office at any time to the financial database server.

• Permit access from the financial department to the database server only during working hours (from

8:00 to 18:00) on working days.

• Deny access from any other department to the database server.

Figure 16 Network diagram

Configuration procedure

# Create a periodic time range from 8:00 to 18:00 on working days.

<Firewall> system-view

[Firewall] time-range work 8:0 to 18:0 working-day

# Create an IPv6 advanced ACL numbered 3000 and configure three rules in the ACL. One rule permits

access from the President's office to the database server, one rule permits access from the Financial

President's office

1001::/16

Financial department

1002::/16

Marketing department

1003::/16

Firewall

GE0/1

Eth1/4GE0/2

GE0/3

Financial database server

1000::100/16