Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
331332333334335336337338339340
4-42
Firewall
Firewall Access Policies
12. Select the Enable IPS for this Policy check box to enable IPS to check
packets on this policy.
13. Optionally, select the Enable logging on this Policy check box.
Note It is not recommended that you enable logging permanently, because
policy logging is processor-intensive. Use policy logging for troubleshoot-
ing and testing only.
14. Click Apply.
15. Click Save. The policy should appear as shown in Figure 4-23.
Figure 4-23. External to DMZ Firewall Access Policy
Scheduled Access Policy
In this example, a policy will be created to permit Internet traffic from the
executive suite in Zone1 during a meeting that occurs every Thursday from
9:00 am to 11:00 am.
To create this policy, follow these steps:
1. Create a single-entry range address object called Exec_Suite with
10.1.1.10-10.1.1.50. (See “Named Objects and Their Uses” on page 4-10 for
instructions.) (This example assumes that the affected users have already
been assigned IP addresses in that range.)
2. Create a schedule object called Thurs_Mtg for Thursdays from 9:00 am
to 11:00 am. (See “Schedule Objects” on page 4-20 for instructions.)
3. Click Firewall > Access Policies > Unicast.
4. From the User Group list, select None.
5. Click Add a Policy.
6. From the Action list, select Permit Traffic.
7. From the From list, select ZONE1.
8. From the To list, select EXTERNAL.
9. From the Service list, select Any Service.
10. From the Source list, select Exec_Suite.
11. From the Destination list, select Any Address.