Urpf configuration example, Network requirements, Configuring device b – H3C Technologies H3C SecPath F1000-E User Manual
Page 36
28
URPF configuration example
In this configuration example, either Device A or Device B is the SecPath firewall.
Network requirements
As shown in
, Device A directly connects to Device B. Enable strict URPF check in zone B of
Device B to allow packets whose source addresses match ACL 2010 to pass. Enable strict URPF check in
zone A of Device A to allow use of the default route for URPF check.
Figure 30 Network diagram
Configuring Device B
# Configure the interface IP addresses and security zones they belong to. (Details not shown.)
# Define ACL 2010 to permit traffic from network 10.1.1.0/24 to pass.
•
Select Firewall > ACL from the navigation tree, click Add, and then perform the following operations,
as shown in
Figure 31 Defining ACL 2010
•
Enter 2010 in ACL Number.
•
Select Config for Match Order.
•
Click Apply.
•
On the ACL list page, click
corresponding to ACL 2010, click Add, and then perform the
following operations, as shown in
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS