Using Acps To Control Access To Router Interfaces; Enable The Firewall - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual

Using ACPs to Control Access to Router
Interfaces
By themselves, ACLs have some limitations: you can assign only one ACL to
each interface to control inbound traffic and one ACL to control outbound
traffic. In addition, the Secure Router OS can use the ACL only to permit or
discard traffic.
ACPs provide more flexibility than ACLs in enforcing your company's security
guidelines. For example, ACPs allow you to apply multiple ACLs to an inter-
face, and they allow you to NAT traffic.
To provide this flexibility, the ACP must take over some of the tasks that are
typically associated with ACLs. For example, when you assign an ACL directly
to an interface, the ACL both selects traffic and determines the action taken
on this traffic. When you use an ACP, however, the ACL only selects traffic.
The ACP takes over the role of determining which action is taken on the
selected traffic. Dividing up the tasks in this way allows you to configure a
single ACP in which the Secure Router OS firewall takes various actions on
multiple types of traffic.
Configuring ACPs involves four steps:
1. Enable the Secure Router OS firewall (if it is not already enabled).
2. Configure at least one ACL.
3. Configure an ACP.
4. Apply the ACP to an interface.

Enable the Firewall

To use ACPs to filter traffic entering router interfaces, you must first enable
the Secure Router OS firewall. Unless the firewall is enabled, any ACPs you
apply to router interfaces will not take effect. From the global configuration
mode context, enter:
ProCurve(config)# ip firewall
Applying Access Control to Router Interfaces

Using ACPs to Control Access to Router Interfaces

5-25