Filter Configuration
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
737
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
SAMPLE EXAMPLES OF CONFIGURING FILTERS ON OMNIACCESS 5740 USG
EXAMPLE 1:
If GigabitEthernet3/0 is the interface positioned to be the outside gateway, the
configuration shown below allows traffic initiated from inside and corresponding
response coming from outside. It also denies all traffic initiated from outside.
match-list m1
ip any any
ip filter f1
10 match m1 deny
ip filter f2
10 match m1 permit
interface GigabitEthernet3/0
ip filter in f1
ip filter out f2
E
XAMPLE 2:
In the above example, consider a case where filter f2 is configured as stateless.
ip filter f2
10 match m1 permit
default deny
stateless
Now, the return traffic will be dropped. For example, HTTP requests from internal
network matches m1 in f2, they will be passed to external network. But the HTTP
response coming back will be blocked by filter "f1" since previously allowed traffic
is stateless (non-reflexive).
E
XAMPLE 3:
If you need to give access from the network 192.168.1.0/24 to 192.168.2.0/24 for
FTP traffic, the CLI would be as follows:
match-list m1
tcp prefix 192.168.1.0/24 prefix 192.168.2.0/24 type ftp
ip filter f1
10 match m1 permit
default deny
To Next Page
Loading...
Need help?
General
