Filter
Top Products
Configuring Rights
Table 4-18. Predefined Allowed Traffic Filters
Allowed Traffic Filter Description
Internal rights UI Allows access to the Rights Manager pages via the Access
Controller defined in @INTERNAL@ (by default 42.0.0.1)
IP Fragments Allows subsequent packet fragments for packets that exceed the
maximum packet size (1500 bytes)
Kerberos Allows packets on UDP port 88 to be forwarded
Outside World Allows packets to be forwarded anywhere except the network
defined in @INTRANET@ (the Access Control Server‘s subnet)
Ping Allows PING requests
SMB UDP 137* Allows the user to access to the netbios UDP port 137
SMB UDP 138* Allows the user to access to the netbios UDP port 138
SMB TCP 139* Allows the user to access to the netbios TCP port 139
* To allow DNS or SMB you must include both DNS filters or all three SMB filters in your Access Policy.
If these filters are not sufficient to meet your needs, you can create your own. See “Creating or Editing an
Allowed Traffic Filter” on page 4-64 for instructions.
The Redirected Traffic Tab
Redirected Traffic filters are traffic filters that identify packets sent from a client that should be redirected
to a new destination. Some Redirected Traffic filters may simply forward the packet to an alternate
destination that performs the same function as the original destination—for example, a DNS server
request could be redirected to the enterprise DNS server rather than the one that was originally specified.
Redirected Traffic filters can also be used to prevent traffic from reaching a prohibited destination—in this
case, the filter may redirect the request to the 700wl Series system Stop page, or other alternate
destination as appropriate.
If you creating a new Access Policy, the Redirected Traffic Filters are initially displayed in alphabetical
order.
If you are editing an Access Policy, the Redirected Traffic filters that have been selected for this Access
Policy are displayed at the top of the list, in precedence order as specified for the filter. The filters that
have not been selected for this Access Policy are at the bottom of the list.
To select Redirected Traffic filters to include in this Access Policy, select the
Redirected Traffic tab, as
shown in Figure 4-26. Then select the filters you want to include, reordering them if necessary to create
the proper precedence relationships among the selected filters.
Note that if the filter you select is one of a DNS or WINS filter pair, you must also include the
corresponding Allowed Traffic member of the pair in your Access Policy, to allow traffic to pass to the
destination of the redirect.
4-52 HP ProCurve Secure Access 700wl Series Management and Configuration Guide