Defining the policy application scopes, Defining the, Policy application scopes – H3C Technologies H3C SecBlade IPS Cards User Manual
Page 188: Table 18-6
18-9
Table 18-6 Configuration items of adding a rule
Item
Remarks
Service
Set the service that the rule matches.
On the rule list in the Rule Configuration area, click the
icon of a rule, and a Select
Service page appears. Then you can select a service as required on the page. Different
services are with different colors and indents by level and thus organized into a hierarchical
tree. Level-3 services and lower services are in the same color.
z
In a policy, a service cannot match multiple rules.
z
A rule matches a service through an exact match. When you configure a rule for a child
service and a rule for its father service, the rule for the child service applies.
Enable Status
Set the enable status of the rule.
When a rule is disabled, rule Default is executed for the packets matching the service. If rule
Default is also disabled, the packets matching the service pass the device directly.
Time Table
Action Set
Configure the traffic matching the rule to trigger different actions during different time ranges.
Click the
icon on the Rule page to add a time table-action set association. You can
configure up to six time table-action set associations for a rule.
z
Click the
icon of a rule on the rule list in the Rule Configuration area and an Add
Time Table page appears, where you can create time tables available for selection. The
configuration items of creating a time table are the same as those on the System
Management > Time Table List page. For more information, see Time Table
Management.
z
If multiple time tables overlap in time range, the action set corresponding to the one on
the top is executed.
z
To configure the action sets available for selection, select System Management >
Action Management > Action Sets. With the Rate Limit action set selected, you must
configure the rate limit parameters.
Up Bandwidth
Set the maximum upstream bandwidth for the traffic matching
the service within the specified time range.
Down
Bandwidth
Set the maximum downstream bandwidth for the traffic
matching the service within the specified time range.
Bandwidth Per
Connection
Set the maximum bandwidth for each connection matching the
service within the specified time range.
Connection
Establishment
Rate
Set the maximum number of connections established per
second within the specified time range.
Maximum
Connection
Number
Set the maximum number of connections allowed within the
specified time range.
When you select the Rate
Limit action set, these
configuration items are
configurable, and you
must configure at least
one of Up Bandwidth,
Down Bandwidth, and
Maximum Connection
Number.
Defining the policy application scopes
As shown in
, the scopes where the policy is to be applied are displayed in the Apply Policy
to area. You can modify the parameters displayed in the area.
z
Click Add to add a scope, and the entry will be added to the list, as shown in
. You can
specify the segment and management zone where the policy is to be applied.