HP VPN Firewall Appliances Attack Protection Configuration Guide
148
An interzone instance specifies the source zone and destination zone of the packets to be inspected by
a security policy. You can apply different bandwidth management policies to different interzone
instances for more flexible control of the network traffic.
By performing flexible bandwidth controls for applications and limiting non-critical applications,
bandwidth management guarantees bandwidth for mission-critical applications of the user network.
A service is a set of match rules. All network behaviors conforming to the match rules belong to the
service.
A match rule consists of protocol, node, and direction, where protocol indicates the network protocol,
node indicates a certain device or devices in a certain network segment, and direction indicates the
probe direction. The three factors together determine that packets of a certain protocol sent or received
by a specific device (or devices in a specific network segment) match the rule.
The service itself does not manage or control the network. A service can be referenced by a policy in the
system. Then, the policy cooperates with the service to manage and control the network.
In the system, services are organized into a tree with only one root node. Except the root node, any other
service can be appended to another service, with the first service as the child service and the second one
as the father service.
Recommended configuration procedure
Ste
p
Remarks
1. Configuring a protocol
Optional.
Configure a protocol to be used by a service.
By default, system-defined protocols are used for the service.
2. Configuring a service
Optional.
Configure a service to be used by a bandwidth management policy.
By default, system-defined services exist.
3. Configuring bandwidth
management log output
parameters
Optional.
Specify whether to send logs to remote log hosts and whether to send
logs through emails.
By default, logs are not sent to remote log hosts and are not sent
through emails.
4. Creating a bandwidth
management policy
Required.
No bandwidth management policy exists by default.
5. Applying a bandwidth
management policy
Required.
No bandwidth management policy is applied by default.
Configuring a protocol
1. Select Advanced Security Prevention > Bandwidth Management from the navigation tree.
2. Click the Protocol Management tab.
{ Selecting a protocol in the protocol tree, the right part of the page displays the information of
the protocol. You can modify the information of all user-defined protocols and the port number
information of some system-defined protocols.