Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
121122123124125126127128129130
121
Network requirements
As shown in Figure 101, Device A (CE) directly connects to Device B (PE). Enable strict URPF check in
Zone B of Device B to allow packets whose source addresses match ACL 2010 to pass. Enable strict URPF
check in Zone A of Device A and allow use of the default route for URPF check.
Figure 101 Network diagram
Configuring Device B
1. Configure the interface IP addresses and security zones they belong to. (Details not shown.)
2. Define ACL 2010 to permit traffic from network 10.1.1.0/24 to pass.
a. From the navigation tree, select Firewall > ACL.
b. Click Add.
c. Enter 2010 in ACL Number as shown in Figure 102.
d. Cli
ck Apply.
Figure 102 Defining ACL 2
010
e. Click corresponding to ACL 2010.
The ACL 2010 rule page appears.
f. Click Add.
The page ACL configuration page appears, as shown in Figure 103.
g. Select Permit in Operation.
h. Select the Source IP Address box, and ty
pe 10.1.1.0 in the field.
i. Enter 0.0.0.255 in Source Wildcard.
j. Click Apply.