To view the different roles of the mgmt-user:
(host) #show mgmt-role
Understanding Global Firewall Parameters
Table 89 describes optional firewall parameters you can set on the switch for IPv4 traffic. To set these options
in the WebUI, navigate to the Configuration > Advanced Services > Stateful Firewall > Global Setting
page and select or enter values in the IPv4 column. To set these options in the CLI, use the firewall
configuration commands.
See IPv6 Support on page 130 for information about configuring firewall parameters for IPv6 traffic.
Parameter Description
Monitor Ping Attack (per 30
seconds)
Number of ICMP pings per 30 second, which if exceeded, can indicate a
denial of service attack. Valid range is 1-16384 pings per 30 seconds.
Recommended value is 120 seconds.
Default: No default
Monitor TCP SYN Attack rate
(per 30 seconds)
Number of TCP SYN messages per 30 second, which if exceeded, can
indicate a denial of service attack. Valid range is 1-16384 pings per 30
seconds.
Recommended value is 960 seconds.
Default: No default
Monitor IP Session Attack (per
30 seconds)
Number of TCP or UDP connection requests per 30 second, which if
exceeded, can indicate a denial of service attack. Valid range is 1-16384
requests per 30 seconds.
Recommended value is 960 seconds.
Default: No default
Monitor/Police ARP Attack (non
Gratuitous ARP) rate (per 30
seconds)
Number of ARP packets (other than Gratuitous ARP packets) per 30
seconds, which if exceeded, can indicate a denial of service attack. Valid
range is 1-16384 packets per 30 seconds.
Recommended value is 960 packets.
Default: No default
NOTE: Blacklisting of wired clients is not supported.
Monitor/Police CP Attack rate
(per 30 seconds)
Rate of misbehaving user’s traffic, which if exceeded, can indicate a
denial or service attack.
Recommended value is 3000 frames per 30 seconds.
Default: No default
Monitor/Police Gratuitous ARP
Attack rate (per 30 seconds)
Number of Gratuitous ARP packets per 30 seconds, which if exceeded,
can indicate denial of service attack. Valid range is 1-16384 packets per
30 seconds.
Recommended value is 50 packets.
Default: 50 packets
NOTE: Blacklisting of wired clients is not supported.
Deny Inter User Bridging Prevents the forwarding of Layer-2 traffic between wired or wireless
users. You can configure user role policies that prevent Layer-3 traffic
between users or networks but this does not block Layer-2 traffic. This
option can be used to prevent traffic, such as Appletalk or IPX, from being
forwarded.
Default: Disabled
Table 89: IPv4 Firewall Parameters
AOS-W 6.5.3.x | User Guide Roles and Policies | 393
To Next Page
Loading...