TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

331

332

333

334

335

336

337

338

339

340

4-30

Firewall

Firewall Access Policies

4. From the Action list, select Permit Traffic or Deny Traffic.

5. From the From list, select the source zone.

6. From the To list, select the destination zone.

7. Under Matching Criteria, configure the criteria for selecting traffic that is

controlled by this policy. For any of the fields, you can accept the default

values (Any Service or Any Address) or you can configure a specific value:

a. From the Service list, select a service object or service group. To

specify a service that is not on the list:

i. Click Options.

ii. Select Enter custom Protocol/Port.

iii. From the Protocol list, select a protocol.

iv. If you selected TCP or UDP in step iii, for Port(s) fields, type the

port number range. To specify a single port, type the port number

in the first field.

Note If your network runs a well-known service on an alternative port, you might

need to add a port-to-service association to allow ALGs and the IDS/IPS to

function correctly. See “Port Mapping” on page 4-85.

b. For Source, specify the source IP address or addresses for traffic

selected by this policy. Select a previously configured address object

or address group. To specify an address that is not on the list:

i. Click Options.

ii. Select Enter custom IP, IP/mask or Range.

iii. Type the IP address or IP address range in the space provided. Or

use CIDR format to specify the address of a network.

c. For Destination, specify the destination IP address or addresses for

traffic selected by this policy. Select a previously configured address

object or address group. To specify an address that is not on the list:

i. Click Options.

ii. Select Enter custom IP, IP/mask or Range.

iii. Type the IP address or IP address range in the space provided. Or

use CIDR format to specify the address of a network.

Note The source and destination addresses must be in different subnets

between which the TMS zl Module routes. Otherwise, the policy does not

take effect. See “Orphaned Policies” on page 4-27.

d. Optionally, for Source Ports, specify the source port or ports for traffic

selected by this policy. (The destination port is specified in the Service

fields.) To specify a single source port, type the port number in the

first field.