HP VPN Firewall Appliances Getting Started Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

The management IP address configured on the device for the firewall module must be the same as the

management IP address configured on the firewall module.

To configure the management IP address of the firewall module on the device:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Configure a

management IP address

for the firewall module.

• In standalone mode:

oap management-ip ip-address slot

slot-number

• In IRF mode:

oap management-ip ip-address chassis

chassis-number slot slot-number

By default, the device is not

configured with the

management IP address of the

firewall module.

Configuring the ACSEI protocol

ACSEI is an HP-proprietary protocol. It provides a method for exchanging information between ACFP

clients and ACFP server so that the ACFP server and clients can cooperate to run a service.

As a supporting protocol of ACFP, ACSEI also has two entities: server and client.

• The ACSEI server is integrated into the software system (Comware) of the network device.

• The ACSEI client is integrated into the software system (Comware) of the firewall module.

NOTE:

The collaborating IDS (Intrusion Detection System) cards or IDS devices serve as the ACFP clients which

run applications of other vendors and support the IPS (Intrusion Prevention System)/IDS services.

ACSEI mainly provides the following functions:

• Registration and deregistration of an ACSEI client to the ACSEI server.

• ID assignment. The ACSEI server assigns IDs to ACSEI clients to distinguish between them.

• Mutual monitoring and awareness between an ACSEI client and the ACSEI server.

• Information interaction between the ACSEI server and ACSEI clients, including clock

synchronization.

• Control of the ACSEI clients on the ACSEI server. For example, you can close or restart an ACSEI

client on the ACSEI server.

An ACSEI server can register multiple ACSEI clients.

ACSEI timers

An ACSEI server uses two timers, the clock synchronization timer and the monitoring timer:

• The clock synchronization timer is used to periodically trigger the ACSEI server to send clock

synchronization advertisements to ACSEI clients. You can set this timer through command lines.

• The monitoring timer is used to periodically trigger the ACSEI server to send monitoring requests to

ACSEI clients. You can set this timer through command lines.

An ACSEI client starts two timers, the registration timer and the monitoring timer:

• The registration timer is used to periodically trigger the ACSEI client to multicast registration requests

(with the multicast MAC address being 010F-E200-0021). You cannot set this timer.