Configuring an acl in the web interface, Configuration task list, Creating an acl – H3C Technologies H3C SecPath F1000-E User Manual
Page 14
4
For example, when you use a large ACL for a session-based service, such as NAT or ASPF, you can
enable ACL acceleration to avoid session timeouts caused by ACL processing delays.
Enable ACL acceleration in an ACL after you have finished editing ACL rules. ACL acceleration always
uses ACL criteria that have been set before it is enabled for rule matching. It does not synchronize with
any subsequent match criterion changes.
Configuring an ACL in the Web interface
Configuration task list
Table 2 ACL configuration task list
Task Remarks
Required
The category of the created ACL depends on the ACL number that
you specify.
Required
Complete one of the three tasks according to the ACL category.
IMPORTANT:
•
Within an ACL, the permit or deny statement of each rule must
be unique. If the ACL rule you are creating or editing has the
same deny or permit statement as another rule in the ACL, your
creation or editing attempt will fail.
•
You can edit ACL rules only when the match order is config.
Configuring an advance ACL rule
Configuring an Ethernet frame header
ACL rule
Optional
Necessary only when the ACL contains a large number of ACL
rules.
IMPORTANT:
•
Only IPv4 basic ACLs and IPv4 advanced ACLs support ACL
acceleration.
•
ACL acceleration is not available for ACLs that contain a
non-contiguous wildcard mask, for example, 0.255.0.255.
•
After you modify an IPv4 ACL with ACL acceleration enabled,
disable and re-enable ACL acceleration to guarantee correct
rule matching.
Creating an ACL
After you select Firewall > ACL from the navigation tree, all existing ACLs will be displayed in the right
pane, as shown in
. Click Add to enter the ACL configuration page, as shown in
.