H3C Technologies H3C SecPath F1000-E User Manual

4

Item Description

Destination IP Address

Configure a destination address resource for the rule by creating an address
resource or referencing an existing address resource.

•

If you select the New IP Address option, you need to specify an IP address
and wildcard. After you apply the configuration, the system will automatically

create a subnet address resource. For example, if you enter 1.1.1.1/0.0.0.255, a

subnet address resource is created with the resource name being
1.1.1.1/0.0.0.255.

•

If you select the Destination IP Address option, you can choose an existing
address resource from the drop-down list or click Multiple to select more. The

available address resources are configured in the page brought up by selecting
Resource > Address. For more information, see Address Resource
Configuration.

Service

Select a service resource for the rule.
You can choose one service resource from the drop-down list or click Multiple to
select more. The available service resources are configured in the page you enter by
selecting Resource > Service. For more information, see Service Resource

Configuration.

Filter Action

Select the operation to be performed for packets matching the rule.

•

Permit: Allows packets matching the rule to pass.

•

Deny: Drops packets matching the rule.

Time Range

Select a time range resource for the rule.
Available time range resources are those that have been configured.

IMPORTANT:

If the selected time range resource includes the current time, the time range is
displayed as "Active" in the list of interzone policy rules. Otherwise, the time range
is displayed as "Inactive".

Content Filtering Policy
Template

Select a policy template for content filtering.
The available policy templates are configured on the page brought up by selecting
Identification > Content Filtering > Policy Template and then clicking Add.

For more information, see Content Filtering Configuration.

Using MAC Address

Specify whether to enable MAC address filtering.
With this checkbox selected, the source and destination MAC address can be
configured.

Source MAC Address

Destination MAC
Address

Specify the source and destination MAC addresses.

•

Type a new MAC address in the text box. The new MAC address will be a MAC
address resource after you apply your configuration and the MAC address name

is the MAC address.

•

You can also select from the MAC address (group) resource list or click Multiple
to select more MAC addresses (groups). Available MAC address (group)
resources are configured on the page you enter by selecting Resource >
Address. For more information, see Address Resource Configuration.

Enable Syslog

Select this check box to enable logging for packets matching the rule.
You can view the recorded logs by selecting Log Report > Report > Interzone
Policy Log.

IMPORTANT:

To log content filtering events, you need to enable the logging function for the
interzone policy and the referenced content filtering policy.