beautypg.com

Configuring an interzone policy rule, Creating an interzone policy rule – H3C Technologies H3C SecPath F1000-E User Manual

Page 594

background image

2

Perform the tasks in

Table 1

to configure an interzone policy.

Table 1 Interzone policy configuration task list

Task Remarks

Configuring an Interzone Policy
Rule

Configuring an Interzone Policy
Group

Required
Use either method.
By default, no interzone policy rules or interzone policy groups are present
in the system.

IMPORTANT:

z

Before configuring an interzone policy group, configure advanced
ACLs by selecting Firewall > ACL.

z

For a pair of source zone and destination zone, follow the same
method to configure an interzone policy.

z

Up to one interzone policy group can be configured for one pair of
source zone and destination zone.

Configuring ACL Acceleration

Optional
Disabled by default.
Necessary only when the ACL contains a large number of interzone policy
rules.

IMPORTANT:

z

A policy using the source MAC address and destination MAC address
for the match criteria does not support ACL acceleration.

z

If you enable ACL acceleration for an interzone policy, and then
modify the policy, the ACL acceleration feature still matches packets
based on the original configurations. Therefore, it is not recommended
to modify an interzone policy after enabling ACL acceleration for it.

z

To enable ACL acceleration for an interzone policy group, enable the
ACL acceleration for the referenced ACLs on the configuration page
you enter by selecting Firewall > ACL.

Displaying Packet Statistics of
an Interzone Policy

Optional
Display the packet statistics of an interzone policy for a pair of source and
destination zones.

Querying Policies by IP Address

Optional
Query interzone policies by source or destination IP address.

IMPORTANT:

Interzone policy groups do not support query by IP address.

Configuring an Interzone Policy Rule

Creating an interzone policy rule

Select Firewall > Security Policy > Interzone Policy from the navigation tree to enter the interzone
policy rule list page, as shown in

Figure 1

. Then click Add to enter the interzone policy rule (that is the

ACL rule) configuration page, as shown in

Figure 2

.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: