Configuring urpf – H3C Technologies H3C SecPath F1000-E User Manual
Page 637
2
•
If the default route is available but the allow-default-route option is not selected, the packet is
rejected no matter which check approach is taken.
•
If the default route is available and the allow-default-route option is selected, URPF operates
depending on the check approach. In strict approach, URPF lets the packet pass if the outgoing
interface of the default route is the receiving interface, and otherwise rejects it. In loose approach,
URPF lets the packet pass directly.
4.
A rejected packet will be filtered by an ACL, if specified. If the packet is permitted by the ACL, it
is forwarded as normal (such packets are displayed in the URPF information as "suppressed
drops"); otherwise, it is discarded.
Configuring URPF
Select Intrusion Detection > URPF Check from the navigation tree to enter the URPF check
configuration page, as shown in
. On this page, select a security zone to view and configure
URPF check settings for the security zone.
Figure 2 URPF check configuration page
describes the URPF check configuration items.