HP mt21 Administrator Guide 9 - Page 46

config/system/policy, Description, Read / Write, Parameters, Important

Get HP mt21 PDF manuals and user guides View all HP mt21 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 46 highlights

Administrator Guide for Thin Clients | HP Velocity config/system/policy Description Global policy filters allow administrators to filter and optimize application flows on the basis of port number, destination IP address, or both. When multiple policy filters are configured, they are evaluated in a predefined order. The /proc/net/hp-velocity/config/system/policy file specifies the following global port and IP parameters (Table 22 on page 42): • BlacklistIpAddresses: The destination IP addresses of application flows that HP Velocity will not protect, but will instead pass on transparently. • WhitelistIpAddresses: The destination IP addresses of application flows that HP Velocity will protect. • BlacklistTcpPorts, BlacklistUdpPorts: The TCP/UDP port numbers whose application flows HP Velocity will not protect, but will instead pass on transparently. • WhitelistTcpPorts, WhitelistUdpPorts: The TCP/UDP ports whose application flows HP Velocity will protect when the following criteria are met: - The destination IP address for the application flow is not included in the IP Blacklist filter (blackIPAddressFilters). - The destination IP address for the application flow is included in IP Whitelist filter (whiteIPAddressFilters). Important: When the Whitelist IP filter is configured, HP Velocity will protect an application flow only if its destination IP address matches an address included in this filter. Note: If the Whitelist filter includes subnet destination IP addresses, the IP Blacklist filter can be used to filter IP addresses in that subnet whose application flows HP Velocity will not protect. Read / Write • Read: Enter the following to query the configuration parameters: cat /proc/net/hp-velocity/config/system/policy • Write: Any single value using a string with the format = . Parameters Table 22: /config/policy parameters Parameter Default Evaluation order BlacklistIpAddresses 255.255.255.255/32 1 WhitelistIpAddresses All IP addresses 2 WhitelistTcpPorts, WhitelistUdpPorts All ports 3 BlacklistTcpPorts, BlacklistUdpPorts TCP: 21 53 67-68 123 137-139 161 500 1194 2869 4 3702 4500 5355 5357 9100 17500 UDP: 21 53 67-68 123 137-139 161 500 546-547 631 1194 1900 2869 3702 4500 5353 5355 5357 9100 17500 42966 Note: Use the CIDR format for IP addresses. To enter multiple IP addresses or port numbers, use a space-separated list; for example, 192.168.1.0/24 145.76.53.3/32 or 80 1750 1751. 42

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
42
Administrator Guide for Thin Clients
|
HP Velocity
config/system/policy
Description
Global policy filters allow administrators to filter and optimize application flows on the basis of port number, destination
IP address, or both. When multiple policy filters are configured, they are evaluated in a predefined order.
The
/proc/net/hp-velocity/config/system/policy
file specifies the following global port and IP
parameters (
Table 22 on page 42
):
BlacklistIpAddresses: The destination IP addresses of application flows that HP Velocity will not protect, but will instead
pass on transparently.
WhitelistIpAddresses: The destination IP addresses of application flows that HP Velocity will protect.
BlacklistTcpPorts, BlacklistUdpPorts: The TCP/UDP port numbers whose application flows HP Velocity will not protect,
but will instead pass on transparently.
WhitelistTcpPorts, WhitelistUdpPorts: The TCP/UDP ports whose application flows HP Velocity will protect when the
following criteria are met:
-
The destination IP address for the application flow is not included in the IP Blacklist filter (blackIPAddressFilters).
-
The destination IP address for the application flow is included in IP Whitelist filter (whiteIPAddressFilters).
Important:
When the Whitelist IP filter is configured, HP Velocity will protect an application flow only if its destination IP
address matches an address included in this filter.
Note:
If the Whitelist filter includes subnet destination IP addresses, the IP Blacklist filter can be used to filter IP addresses
in that subnet whose application flows HP Velocity will not protect.
Read / Write
Read: Enter the following to query the configuration parameters:
cat /proc/net/hp-velocity/config/system/policy
Write: Any single value using a string with the format
<parameter> = <value>
.
Parameters
Table 22: /config/policy parameters
Note:
Use the CIDR format for IP addresses. To enter multiple IP addresses or port numbers, use a space-separated list;
for example, 192.168.1.0/24 145.76.53.3/32 or 80 1750 1751.
Parameter
Default
Evaluation order
BlacklistIpAddresses
255.255.255.255/32
1
WhitelistIpAddresses
All IP addresses
2
WhitelistTcpPorts, WhitelistUdpPorts
All ports
3
BlacklistTcpPorts, BlacklistUdpPorts
TCP: 21 53 67-68 123 137-139 161 500 1194 2869
3702 4500 5355 5357 9100 17500
4
UDP: 21 53 67-68 123 137-139 161 500 546-547
631 1194 1900 2869 3702 4500 5353 5355 5357
9100 17500 42966