H3C Technologies H3C SecPath F1000-E User Manual

Page 77

Item Description

Service

Select a service resource for the rule.
You can select one service resource from the list or click Multiple to select more. The

available service resources are configured in the page you enter by selecting
Resource > Service. For more information, see "Service resource configuration."

Filter Action

Select the operation to be performed for packets matching the rule.

•

Permit: Allows packets matching the rule to pass.

•

Deny: Drops packets matching the rule.

Time Range

Select a time range resource for the rule.
Available time range resources are those that have been configured. For more
information about time range resource configuration, see "Time range resource

configuration."

IMPORTANT:

If the selected time range resource includes the current time, the time range is displayed

as "Active" in the list of interzone policy rules. Otherwise, the time range is displayed
as "Inactive".

Content Filtering Policy
Template

Select a policy template for content filtering.
The available policy templates are configured on the page brought up by selecting

Identification > Content Filtering > Policy Template and then clicking Add. For more
information, see Attack Protection Configuration Guide.

Using MAC Address

Specify whether to enable MAC address filtering.
With this box selected, the source and destination MAC address can be configured.

Source MAC Address

Specify the source and destination MAC addresses.

•

Type a new MAC address in the field. The new MAC address will be a MAC

address resource after you apply your configuration and the MAC address name

is the MAC address.

•

You can also select from the MAC address (group) resource list or click Multiple to

select more MAC addresses (groups). Available MAC address (group) resources

are configured on the page you enter by selecting Resource > Address. For more

information, see "Address resource configuration."

Destination MAC
Address

Enable Syslog

Select this box to enable logging for packets matching the rule.
You can view the interzone policy logs by selecting Log Report > Report > Interzone
Policy Log, or click the

icon of an interzone policy rule in

Figure 64

to view logs

for traffic that matches this interzone policy rule.

IMPORTANT:

To log content filtering events, enable the logging function for the interzone policy and

the referenced content filtering policy.

Enable the rule

Select this box to enable the rule.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS