HP VPN Firewall Appliances Access Control Configuration Guide
23
department to the database server during working hours, and one rule denies access from other
departments to the database server.
[Firewall] acl ipv6 number 3000
[Firewall-acl6-adv-3000] rule permit ipv6 source 1001:: 16 destination 1000::100 128
[Firewall-acl6-adv-3000] rule permit ipv6 source 1002:: 16 destination 1000::100 128
time-range work
[Firewall-acl6-adv-3000] rule deny ipv6 source any destination 1000::100 128
[Firewall-acl6-adv-3000] quit
# Enable IPv6 firewall, and apply IPv6 advanced ACL 3000 to filter outgoing packets on interface
GigabitEthernet 0/1.
[Firewall] firewall ipv6 enable
[Firewall] interface gigabitethernet 0/1
[Firewall-GigabitEthernet0/1] firewall packet-filter ipv6 3000 outbound
[Firewall-GigabitEthernet0/1] quit
Verifying the configuration
# Ping the database server from a PC in the Financial department during working hours. (All PCs in this
example use Windows XP.)
C:\> ping 1000::100
Pinging 1000::100 with 32 bytes of data:
Reply from 1000::100: time<1ms
Reply from 1000::100: time<1ms
Reply from 1000::100: time<1ms
Reply from 1000::100: time<1ms
Ping statistics for 1000::100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
The output shows that the database server can be pinged.
# Ping the database server from a PC in the Marketing department during working hours.
C:\> ping 1000::100
Pinging 1000::100 with 32 bytes of data:
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
Ping statistics for 1000::100:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
The output shows the database server cannot be pinged.
# Display configuration and match statistics for IPv6 advanced ACL 3000 on the firewall during working
hours.