HP VPN Firewall Appliances Attack Protection Configuration Guide
147
Item Descri
p
tion
Source IP List
Add the source IP addresses to be matched by the content monitoring policy.
You can add up to ten host addresses or network segment addresses.
Destination IP List
Add the destination IP addresses to be matched by the content monitoring policy.
You can add up to ten host addresses or network segment addresses.
Excluded IP List
Add IP addresses to be excluded from the source or destination IP list of the content
monitoring policy. The content monitoring policy does not match excluded IP
addresses.
You can add up to ten host addresses or network segment addresses that are
included on the source or destination IP list.
Bandwidth management
Feature and hardware compatibility
Hardware Bandwidth mana
g
ement com
p
atibilit
y
F1000-A-EI/F1000-E-SI/F1000-S-AI No
F1000-C-G/F1000-S-G/F1000-A-G No
F1000-E No
F1000-S-EI No
F100-C-G/F100-S-G Yes
F100-M-G/F100-A-G/F100-E-G Yes
F5000-A5 No
F5000-S/F5000-C No
Firewall modules No
U200-A/U200-M/U200-CA Yes
U200-S/U200-CS/U200-CM Yes
Overview
Network traffic can be divided into multiple types of services, such as the email service and VoIP service.
Bandwidth management refers to performing different management and control behaviors for different
service types. Bandwidth management includes two major components: service and service-specific
control behavior.
A service is system-defined or user-defined. All services are organized into a tree, which is called a
service tree. A node of the service tree represents a service.
The device determines the service type of a received packet by its application protocol and IP address,
and then performs the corresponding action for the packet according to the user-defined rule for the
service.