Customized-service Rule Based ALG Configuration
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
795
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
TO CREATE A CUSTOMIZED SERVICE ALG RULE
EXAMPLE
The following example shows that if the packet is intended for the server with
address 20.1.1.1 comes to port 100, then the service is recognized as FTP and
the ALG is invoked accordingly. The standard port invocation of ALG is also active
here.
ALU(config)# match-list m1
ALU(config-match-list-m1)# tcp any host 20.1.1.1 service 100
ALU(config-customized-service)# match all m1 service ftp
The following example shows that if the packet is intended for service SIP
(standard port 5060), no ALG will be invoked:
ALU(config)# match-list m-sip
ALU(config-match-list-m-sip)# udp any any service sip
ALU(config-customized-service)# match m-sip service none
T
O MODIFY PRIORITY OF AN EXISTING ALG RULE
EXAMPLE
The following example shows how to change the priority of a rule;
ALU(config-customized-service)# change 10 1
Command (in Customized Service
Mode)
Description
[<1-65535>] match [any|all]
<match-list name>... service
{<service-name>|alcatel-tftp
|dns|ftp|none|rpc|rtsp|sip
[pinhole]|tftp}
This command creates a rule for
mapping ALG action for a well known
service to a non-standard port or disable
a well known service on its well known
port.
The range for the rule number is 1-
65535. This rule number signifies the
priority of a rule. By default, the
numbering pattern for rule number is the
next multiple of ten to the highest existing
rule number.
Command (in Customized Service
Mode)
Description
change {<1-65535> <1-65535>} Use this command to change the priority
of a specific ALG rule configured.
To Next Page
Loading...
Need help?
General
