Manualshelf

HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
i
Contents
Configuring ACLs ························································································································································· 1
Overview ············································································································································································ 1
ACL categories ························································································································································· 1
Numbering and naming ACLs ································································································································ 1
Match order ······························································································································································ 1
Rule comments and rule range remarks ················································································································· 2
Rule numbering ························································································································································· 3
Implementing time-based ACL rules ························································································································ 3
Fragments filtering with ACLs ·································································································································· 3
Configuration guidelines ·················································································································································· 4
Configuring the ACL in the Web interface ····················································································································· 4
Recommended IPv4 basic ACL configuration procedure ····················································································· 4
Recommended IPv4 advanced ACL configuration procedure ············································································· 4
Recommended Ethernet frame header ACL configuration procedure ································································ 4
Creating an ACL ······················································································································································· 5
Configuring an IPv4 basic ACL rule ······················································································································· 6
Configuring an IPv4 advanced ACL rule ··············································································································· 7
Configuring an Ethernet frame header ACL rule ·································································································· 9
Configuring ACL acceleration ······························································································································ 11
ACL configuration example ·································································································································· 11
Configuring the ACL at the CLI ····································································································································· 15
Configuration task list ··········································································································································· 15
Configuring a basic ACL ······································································································································ 15
Configuring an advanced ACL ···························································································································· 17
Configuring an Ethernet frame header ACL ······································································································· 19
Copying an ACL ···················································································································································· 20
Enabling ACL acceleration for an IPv4 basic or IPv4 advanced ACL ····························································· 21
Displaying and maintaining ACLs ······················································································································· 21
IPv4 ACL configuration example ························································································································· 22
IPv6 advanced ACL configuration example ······································································································· 22
Configuring security zones ········································································································································ 25
Overview ········································································································································································· 25
Basic concepts ······················································································································································· 25
Zone-based security policy application example ······························································································· 25
Configuring the security zone in the Web interface ·································································································· 26
Recommended configuration procedure ············································································································· 26
Creating a security zone ······································································································································ 27
Adding members to the security zone ················································································································· 28
Security zone configuration example ·················································································································· 29
Configuring the security zone at the CLI ······················································································································ 33
Security zone configuration task list ···················································································································· 33
Configuring a security zone ································································································································· 33
Creating a security zone ······································································································································ 34
Setting the priority of a security zone ················································································································· 34
Enabling the share attribute of a security zone ·································································································· 34
Adding interfaces to a security zone ·················································································································· 35
Creating an interzone instance ···························································································································· 35
Security zone configuration example ·························································································································· 36