HP 8/20q HP StorageWorks 8/20q and SN6000 Fibre Channel Switch Enterprise Fabr - Page 104
Security policies
View all HP 8/20q manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 104 highlights
Security policies A security policy defines the following parameters: • Connection source and destination • Data traffic direction: inbound or outbound • Protocols for which to protect data traffic • Security protocols; Authentication Header (AH) or Encapsulating Security Payload (ESP) • Level of protection: IP Security, discard, or none Policies can define security for host-to-host, host-to-gateway, and gateway-to-gateway connections; one policy for each direction. For example, to secure the connection between two hosts, you need two policies: one for outbound traffic from the source to the destination, and another for inbound traffic to the source from the destination. You can specify sources and destinations by IP addresses (version 4 or 6) or DNS host names. If a host name resolves to more than one IP address, the switch creates the necessary policies and associations. You can recognize these dynamic policies and associations because their names begin with DynamicSP_ and DynamicSA_ respectively. You can apply IP security to all communication between two systems, or to select protocols, such as ICMP, TCP, or UDP. Furthermore, instead of applying IP security, you can choose to discard all inbound or outbound traffic, or allow all traffic without encryption. Both the AH and ESP security protocols provide source authentication, ensure data integrity, and protect against replay. To create a policy, click Add on the Security Policy Database side of the Create IPsec Configuration dialog box. This opens the Create IPsec Security Policy dialog box (Figure 58). Table 17 describes the fields in the Create IP Security Policy dialog box. Figure 58 Create IP Security Policy dialog box Table 17 Create IP Security Policy dialog box fields Field Description Name Name of policy Description Description of policy Source Address Source port number (1-65535) Source Prefix Length Length of prefix in source address 104 Managing Switches