HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

Item Descri

tion

Source IP Address

Configure a source address resource for the rule by creating an address resource or

referencing an existing address resource.

• If you select the New IP Address option, specify an IP address and wildcard. After

you apply the configuration, the system automatically creates a subnet address

resource. For example, if you enter 1.1.1.1/0.0.0.255, a subnet address resource

is created with the resource name being 1.1.1.1/0.0.0.255.

• If you select the Source IP Address option, you can choose an existing address

resource from the list or click Multiple to select more. The available address

resources are configured in the page brought up by selecting Resource >

Address. For more information, see "Configuring address resources."

Destination IP Address

Configure a destination address resource for the rule by creating an address

resource or referencing an existing address resource.

• If you select the New IP Address option, specify an IP address and wildcard. After

you apply the configuration, the system automatically creates a subnet address

resource. For example, if you enter 1.1.1.1/0.0.0.255, a subnet address resource

is created with the resource name being 1.1.1.1/0.0.0.255.

• If you select the Destination IP Address option, you can choose an existing

address resource from the list or click Multiple to select more. The available

address resources are configured in the page brought up by selecting Resource >

Address. For more information, see "Configuring address resources."

Service

Select a service resource for the rule.

You can choose one service resource from the list or click Multiple to select more. The

available service resources are configured in the page you enter by selecting

Resource > Service. For more information, see "Configuring service resources."

Filter Action

Select the action to be performed on matching packets:

• Permit—Allows matching packets to pass.

• Deny—Drops matching packets.

Time Range

Select a time range resource for the rule.

Available time range resources are those that have been configured. For more

information about time range resource configuration, see "Configuring time range

resources."

If the selected time range resource includes the current time, the time range is

displayed as "Active" in the list of interzone policy rules. Otherwise, the time range

is displayed as "Inactive."

Content Filtering Policy

Template

Select a policy template for content filtering.

The available policy templates are configured on the page brought up by selecting

Identification > Content Filtering > Policy Template and then clicking Add. For more

information, see Attack Protection Configuration Guide.

NOTE:

The content filtering policy referenced in an interzone policy from another security

zone to the local security zone does not take effect.

Using MAC Address

Select the box to enable MAC address filtering.

With this box selected, the source and destination MAC address can be configured.