HP VPN Firewall Appliances Attack Protection Configuration Guide
123
f. Click Apply.
Figure 105 Configuring URPF on zoneA
Configuring the URPF at the CLI
Configuring URPF
Perform this task to configure URPF for a security zone.
URPF checks only incoming packets on a zone
Do not configure the allow-default-route keyword for loose URPF check. Otherwise, URPF might fail to
work.
To enable URPF:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Create a security zone
and enter its view.
zone name zone-name [ id
zone-id ]
Optional.
By default, a default VD has five default security
zones. They are Management (numbered 0), Local
(numbered 1), Trust (numbered 2), DMZ
(numbered 3) and Untrust (numbered 4). A
non-default VD has no security zones.
3. Enable URPF check for
the security zone.
ip urpf { loose | strict }
[ allow-default-route ] [ acl
acl-number ]
URPF check is disabled for the security zone by
default.
URPF configuration example
Either Device A or Device B in the configuration example can be used as a firewall.
Network requirements
As shown in Figure 106, configure strict URPF check for zoneB on Device B to permit packets from
n e t w o r k 10 .1.1. 0 / 24 .