Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

101

102

103

104

105

106

107

108

109

110

ProCurve Secure Access 700wl Series Management and Configuration Guide 4-49

Configuring Rights

* To allow DNS or SMB you must include both DNS filters or all three SMB filters in your Access Policy.

If these filters are not sufficient to meet your needs, you can create your own. See “Creating or Editing

an Allowed Traffic Filter” on page 4-68 for instructions.

The Redirected Traffic Tab

Redirected Traffic filters are traffic filters that identify packets sent from a client that should be

redirected to a new destination. Some Redirected Traffic filters may simply forward the packet to an

alternate destination that performs the same function as the original destination—for example, a DNS

server request could be redirected to the enterprise DNS server rather than the one that was originally

specified. Redirected Traffic filters can also be used to prevent traffic from reaching a prohibited

destination—in this case, the filter may redirect the request to the 700wl Series system Stop page, or

other alternate destination as appropriate.

If you creating a new Access Policy, the Redirected Traffic Filters are initially displayed in alphabetical

order.

If you are editing an Access Policy, the Redirected Traffic filters that have been selected for this Access

Policy are displayed at the top of the list, in precedence order as specified for the filter. The filters that

have not been selected for this Access Policy are at the bottom of the list.

To select Redirected Traffic filters to include in this Access Policy, select the

Redirected Traffic tab, as

shown in Figure 4-26. Then select the filters you want to include, reordering them if necessary to create

the proper precedence relationships among the selected filters.

Note that if the filter you select is one of a DNS or WINS filter pair, you must also include the

corresponding Allowed Traffic member of the pair in your Access Policy, to allow traffic to pass to the

destination of the redirect.

Internal rights UI Allows access to the Rights Manager pages via the Access

Controller defined in @INTERNAL@ (by default 42.0.0.1)

IP Fragments Allows subsequent packet fragments for packets that exceed the

maximum packet size (1500 bytes)

Kerberos Allows packets on UDP port 88 to be forwarded

Outside World Allows packets to be forwarded anywhere except the network

defined in @INTRANET@ (the Access Control Server’s subnet)

Ping Allows PING requests

SMB UDP 137* Allows the user to access to the netbios UDP port 137

SMB UDP 138* Allows the user to access to the netbios UDP port 138

SMB TCP 139* Allows the user to access to the netbios TCP port 139

Table 4-18. Predefined Allowed Traffic Filters (Continued)

Allowed Traffic Filter Description