HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

121

122

123

124

125

126

127

128

129

130

115

[Firewall-object-network-private] quit

# Create an IP address object webserver and specify its IP address 5.5.5.5.

[Firewall] object network host webserver

[Firewall-object-network-webserver] host address 5.5.5.5

[Firewall-object-network-webserver] quit

# Configure an interzone instance for traffic from the Trust zone to the Untrust zone.

[Firewall] interzone source Trust destination Untrust

# Configure an interzone policy rule that uses the content filtering policy template 1 without java

Applet blocking enabled to filter HTTP packets from subnet 192.168.1.0/24 to the web server

5.5.5.5.

[Firewall-interzone-Trust-Untrust] rule permit content-filter template1

[Firewall-interzone-Trust-Untrust-rule-0] source-ip private

[Firewall-interzone-Trust-Untrust-rule-0] destination-ip webserver

[Firewall-interzone-Trust-Untrust-rule-0] service any_service

[Firewall-interzone-Trust-Untrust-rule-0] rule enable

[Firewall-interzone-Trust-Untrust-rule-0] quit

# Configure another interzone policy rule that uses the content filtering policy template 2 with java

Applet blocking enabled to filter HTTP packets from subnet 192.168.1.0/24 to external networks.

[Firewall-interzone-Trust-Untrust] rule permit content-filter template2

[Firewall-interzone-Trust-Untrust-rule-1] source-ip private

[Firewall-interzone-Trust-Untrust-rule-1] destination-ip any_address

[Firewall-interzone-Trust-Untrust-rule-1] service any_service

[Firewall-interzone-Trust-Untrust-rule-1] rule enable

[Firewall-interzone-Trust-Untrust-rule-1] quit

[Firewall-interzone-Trust-Untrust] quit

Verifying the configuration

After the proceeding configurations, LAN users cannot receive HTTP responses that carry keyword abc,

send java applet requests to web servers except to server 5.5.5.5, send emails with .exe attachments,

upload files named abc through FTP, or execute Telnet command reboot.

Use the following command to display statistics:

<Firewall> display content-filtering statistics

Content-filtering statistics:

Item Dropped packets

HTTP URL hostname filtering 0

HTTP URL IP blocking 0

HTTP URL parameter blocking 0

HTTP header filtering 0

HTTP body filtering 3

HTTP ActiveX control blocking 0

HTTP Java blocking 2

SMTP sender filtering 0

SMTP receiver filtering 0

SMTP subject filtering 0

SMTP body filtering 0

SMTP illegal command blocking 0

SMTP oversize email blocking 0

SMTP attachment name filtering 8