Filter Policies
7705 SAR OS Router Configuration Guide 307
Configuring a NAT Security Profile
To configure NAT, you must first:
• configure a NAT security profile and policy in the config>security context
→ in the config>security>profile context, specify the timeouts for the
tcp/udp/icmp protocols. This step is optional. If you do not configure the profile,
a default profile is assigned.
→ in the config>security>policy context, configure a NAT security
policy, and specify the match criteria and the action to be applied to a packet if a
match is found
• then configure a NAT zone and apply the policy ID to the zone
To configure a NAT security profile, you must create the profile ID. Once created, the profile
ID is referenced when you set up a NAT policy.
CLI Syntax: config>security# profile profile-id [create]
description description-string
name profile-name
timeouts
icmp-request days hours minutes seconds
tcp-established days hours minutes seconds
tcp-syn days hours minutes seconds
tcp-time-wait days hours minutes seconds
tcp-transitory days hours minutes seconds
udp days hours minutes seconds
udp-dns days hours minutes seconds
udp-initial days hours minutes seconds
The following example displays a profile configuration.
Example: config>security# begin
config>security# session-high-wmark 90
config>security# session-low-wmark 70
config>security# profile 2 create
config>security>profile# name "default"
config>security>profile# description "session timer
check"
config>security>profile# timeouts
config>security>profile>timeouts# icmp-request seconds
59
config>security>profile>timeouts# tcp-time-wait minutes
1
config>security>profile>timeouts# exit
config>security>profile# exit
config>security# commit
To Next Page
Loading...
