Network Attack Prevention Configuration
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
769
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
SAMPLE FIREWALL POLICY CONFIGURATIONS ON OMNIACCESS 5740 USG
EXAMPLE 1
As the default setting, detection of all stateless attacks with logging is applied at
the ingress path of all interfaces. To be exact, the following is the default setting
for a brand new box out of factory:
match-list everything
ip any any
firewall
attack a1
default stateless
policy p1
match everything attack a1 reset
interface GigabitEthernet3/0
firewall policy in p1
E
XAMPLE 2
This example checks traffic from outside-zone to inside-zone for attacks defined in
“d1”. If found, TCP RST will be sent to both source and destination for TCP traffic.
Packets will be dropped for non-TCP traffic.
list outside-zone interface GigabitEthernet3/0
list inside-zone interface GigabitEthernet3/1
match-list m1
tcp list outside-zone list inside-zone type ftp
firewall
attack d1
default
policy p1
match m1 attack d1 drop
interface GigabitEthernet3/0
firewall policy in p1
To Next Page
Loading...
