Using Access Control Lists for Security 311

10To close the Create IP ACE dialog box and save the changes, click Finish.

Creating a TCP or UDP ACE

To create a TCP or UDP ACE:

1In the ACL Setup page of the Create ACL wizard, click New. A list of ACEs appears.

2Select the ACE you want to create.

„To create a TCP ACE, click New TCP ACE. The Create TCP ACE dialog box appears.

„To create a UDP ACE, click New UDP ACE. The Create UDP ACE dialog box appears.

3In the Action list, select Permit to allow access if the conditions in the ACE are matched, or Deny to refuse access if the conditions are matched.

4If you select Permit, in the CoS box, specify a class-of-service level for packets. For information, see step 4 in “Creating an IP ACE” on page 309.

5To enable counting of packets filtered by an ACL, select Enable Hit Count.

6To apply the ACL only to established TCP sessions, select Established Connection.

If you select this option, the ACL is applied only to established TCP sessions and is not applied to new TCP sessions.

7Define the IP attributes (source and destination IP addresses, the TOS, and the precedence). The steps are the same as the steps when configuring an IP ACE. See step 6 on page 309 through step 9 on page 310.

8In the Operator list of the Create TCP ACE or Create UDP ACE dialog box, select one of the following:

„None — No source port is used to filter packets. Go to step 13.

„Less Than — Packets are filtered for all ports whose port numbers are lower than the source port.

„Greater Than — Packets are filtered for all ports whose port numbers are higher than the source port.

„Equal — Packets are filtered for the source port name or number.

„Not Equal — Packets are filtered for all ports except the source port name or number.

Page 311
Image 311
HP Manager Software manual Creating a TCP or UDP ACE