ESR series service routers.ESR-Series. User manual
Enable protection against land, syn-flood, ICMP flood attacks:
esr(config)# ip firewall screen dos-defense land
esr(config)# ip firewall screen dos-defense syn-flood 100 src-dst
esr(config)# ip firewall screen dos-defense icmp-threshold 100
Configure logging of detected attacks:
esr(config)# firewall logging screen dos-defense land
esr(config)# firewall logging screen dos-defense syn-flood
esr(config)# firewall logging screen dos-defense icmp-threshold
Configure SNMP server to which the traps will be sent:
esr(config)# snmp-server
esr(config)# snmp-server host 192.168.0.10
esr(config)# snmp-server enable traps screen land
esr(config)# snmp-server enable traps screen syn-flood
esr(config)# snmp-server enable traps screen icmp-threshold
To view the statistics on recorded network attacks, use the following command:
esr# show ip firewall screen counters
13.4 Firewall configuration
Firewall is a package of hardware or software tools that allows for control and filtering of transmitted network
packets in accordance with the defined rules.
13.4.1 Configuration algorithm
Step Description Command Keys
1 Create security zones. esr(config)# security zone <zone-
name1>
esr(config)# security zone <zone-
name2>
<zone-name> – up to 12
characters.
Names all, any and self are
reserved.
2 Specify a security zone description. esr(config-zone)# description
<description>
<description> – up to 255
characters..
3 Specify VRF instance, in which the
given security zone will operate
(optional).
esr(config- zone)# ip vrf
forwarding <VRF>
<VRF> – VRF name, set by the
string of up to 31 characters.
4 Enable session counters for NAT and
Firewall (optional, may reduce the
performance).
esr(config)# ip firewall sessions
counters
To Next Page
Loading...
Need help?
General
