Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

27

{

If the default route is available but the allow-default-route option is not selected, the packet is

rejected no matter which check approach is taken.

{

If the default route is available and the allow-default-route option is selected, URPF operates
depending on the check approach. In strict approach, URPF lets the packet pass if the outgoing

interface of the default route is the receiving interface, and otherwise rejects it. In loose

approach, URPF lets the packet pass directly.

4.

A rejected packet will be filtered by an ACL, if specified. If the packet is permitted by the ACL, it
is forwarded as normal (such packets are displayed in the URPF information as "suppressed

drops"); otherwise, it is discarded.

Configuration procedure

Select Intrusion Detection > URPF Check from the navigation tree to enter the URPF check configuration

page, as shown in

Figure 29

. On this page, select a security zone to view and configure URPF check

settings for the security zone.

Figure 29 URPF check configuration page

Table 11 Configuration items

Item Description

Security Zone

Security zone where the URPF check is to be configured. URPF configuration takes
effect on all the interfaces in the security zone.

IMPORTANT:

URPF configuration takes effect on the packets received by the interfaces in the security

zone only.

Enable URPF

Enable/Disable URPF check.
If this box is not selected, URPF check is disabled and the following parameters are
not configurable.
By default, URPF check is disabled.

Allow Default Route

Allow using the default route for URPF check.

ACL

Reference an ACL.

Type of Check

Set the URPF check type, Strict or Loose.