ESR series service routers.ESR-Series. User manual
Step Description Command Keys
Disable Firewall functions on the
network interface (physical, logical, E1/
Multilink and connected), remote-
access server (l2tp, openvpn, pptp) or
tunnels (gre, ip4ip4, l2tp, lt, pppoe, pptp)
(optional).
esr(config-if-gi)# ip firewall disable
29 Create an interzone interaction rule set.
There is always a security zone named
'self' on the router. If the router itself
acts as a traffic recipient, that is, the
traffic is not transit, then the 'self' zone
is specified as a parameter.
The order of traffic processing for
different zone-pairs is described in the
note.
esr(config)# security zone-pair
<src-zone-name1> <dst-zone-
name2>
<src-zone-name> – up to 12
characters.
<dst-zone-name> – up to 12
characters.
30 Create an interzone interaction rule set. esr(config-zone-pair)# rule <rule-
number>
<rule-number> – 1..10000.
31 Specify rule description (optional). esr(config-zone-rule)# description
<description>
<description> – up to 255
characters..
32 Specify the given rule force. esr(config-zone-rule)# action
<action> [ log ]
<action> – permit/deny/reject/
netflow-sample/sflow-sample
log – activation key for logging
of sessions established
according to the given rule.
33 Set name or number of IP for which the
rule should work (optional).
esr(config-zone-rule)# match [not]
protocol <protocol-type>
<protocol-type> – protocol
type, takes the following
values: esp, icmp, ah, eigrp,
ospf, igmp, ipip, tcp, pim, udp,
vrrp, rdp, l2tp, gre.
When specifying the 'any' value,
the rule will work for any
protocols.
esr(config-zone-rule)# match [not]
protocol-id <protocol-id>
<protocol-id> – IP identification
number, takes values of
[0x00-0xFF].
To Next Page
Loading...