Creating a zone policy

To create a zone policy that performs zone-specific actions on selected packets, enter the policy zone policy-name command from the global configuration context.

Context: Global configuration

Syntax:

[no] policy zonepolicy-name

Defines the name of a service policy and enters the policy configuration context, where policy-name is a text string (64 characters maximum). This name should not be the same as a zone name.

A zone policy consists of one or more actions that are configured for specific zones.

No action is performed on packets sent to or from ports in the BYPASS zone. By default, ports are assigned to the BYPASS zone unless you explicitly assign them to a different zone.

To configure the actions that you want to execute on ports associated with a zone, enter one or more class commands from the policy configuration context.

Context: Policy configuration

Syntax:

[no] [seq-number] class zonesource zone name destination zone name action intercept unidirectional

Defines the source and destination zones for packets that must be intercepted and forwarded to the ONE application.

seq-number

(Optional) Sequentially orders the class-action statements in a policy configuration. Actions are executed on matching packets in numerical order.

source zone name

Defines the source zone for packets that must be intercepted and forwarded to the ONE application.

destination zone name

Defines the destination zone for packets that must be intercepted and forwarded to the ONE application.

action intercept unidirectional

Defines the action as intercept and the flow of traffic as unidirectional (one-way).

Default: Class-action statements are numbered in increments of 10, starting at 10.

The configured actions are executed on packets that arrive on the ports associated with the source zone and are destined for ports associated with the destination zone.

You cannot configure intercept rules for the BYPASS zone class. As such, traffic to and from the BYPASS zone cannot be intercepted.

Enter the exit command to exit the policy configuration context.
To display a policy configuration, enter the show policy policy-name command.

To edit a policy configuration, re-enter the policy context (policy command) and modify class-action statements.

Forwarding zone traffic

In the following policy configuration, traffic being sent from the internal zone to the external zone is intercepted, so that it can be forwarded to an application that is running on an HP AllianceONE Extended Services zl Module.

HP Switch(config)#: class zone internal
HP Switch(config-class)#: port-list a10-a24
HP Switch(config-class)#: exit
HP Switch(config)#: class zone external
HP Switch(config-class)#: port-list a1-a4
HP Switch(config-class)#: exit
HP Switch(config)#: policy zone Firewall
HP Switch(policy-config)#: class zone internal external action intercept unidirectional
HP Switch(policy-config)#: exit

prev	up	next
Zone class configuration examples	home	Modifying zones and policies

`seq-number`	(Optional) Sequentially orders the class-action statements in a policy configuration. Actions are executed on matching packets in numerical order.
`source zone name`	Defines the source zone for packets that must be intercepted and forwarded to the ONE application.
`destination zone name`	Defines the destination zone for packets that must be intercepted and forwarded to the ONE application.
`action intercept unidirectional`	Defines the action as intercept and the flow of traffic as unidirectional (one-way).