Has A Different Acp - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual

Applying Access Control to Router Interfaces
Using ACPs to Control Access to Router Interfaces
5-44
Inbound Interface Has an ACP; Outbound Interface Does
Not Have an ACP
When you assign an ACP to an interface, the Secure Router OS firewall uses
that ACP to filter inbound traffic—traffic arriving on the interface. Only traffic
allowed by the ACP is forwarded to another interface to become outbound
traffic that is sent on to its destination. (See Figure 5-12.)
Interface with
an ACP
Figure 5-12. ACP Applied to the Inbound Interface Filters Incoming Traffic
Because the traffic is forwarded through the second interface, the ProCurve
Secure Router does not check that interface for ACPs. It does not matter that
an ACP has not been assigned to the interface that will handle the outbound
traffic.
For example, you might configure an ACP for the Ethernet 0/1 interface, but
you might not configure one for the PPP interface. If a packet is received on
the Ethernet 0/1 interface, the ProCurve Secure Router checks the ACP
assigned to the Ethernet 0/1 interface. If the packet is allowed, the ProCurve
Secure Router sends the packet to the PPP interface, and the packet is then
forwarded to the next hop en route to its destination.
Inbound Interface Has an ACP; Outbound Interface

Has a Different ACP

If both the inbound and outbound interfaces have been assigned ACPs, the
ProCurve Secure Router applies only the ACP assigned to the inbound inter-
face. In this case, the ACP configured on the outbound interface does not
affect the traffic.
For example, suppose you assign the Inside ACP to the Ethernet 0/1
interface and the Outside ACP to the PPP 1 interface. When traffic arrives
on the Ethernet 0/1 interface, the Secure Router OS firewall will use the
Inside ACP to filter the traffic. The Outside ACP will not affect traffic flow.
(See Figure 5-13.)
Router
Interface without
an ACP
Traffic
allowed by ACP