Step Description Command Keys
16 Enable application-level session
tracking for certain protocols (optional).
esr(config)# ip firewall sessions
tracking
<PROTOCOL> - application-
level protocol [ftp, h323, pptp,
netbios-ns, tftp] sessions of
which should be tracked.
<OBJECT-GROUP-SERVICE> –
sip session TCP/UDP ports’
profile name, set by the string
of up to 31 characters. If a
group is not specified, sip
sessions monitoring will be
performed for 5060 port.
Instead of a certain protocol
you can use the “all” key that
enables application-level
session tracking for all
available protocols.
By default - disabled for all
protocols.
17 Determine the lifetime of UDP session
in “connection is confirmed” state after
which it is considered to be outdated
(optional).
esr(config)# ip firewall sessions
udp-assured-timeout <TIME>
<TIME> – lifetime of UDP
session in “connection is
confirmed” state, takes values
in seconds [1..8553600].
Default value: 180 seconds.
18 Determine the lifetime of UDP session
in 'connection is not confirmed' state
after which it is considered to be
outdated.
esr(config)# ip firewall sessions
udp-wait-timeout <TIME>
<TIME> – lifetime of UDP
session in “connection is not
confirmed” state, takes values
in seconds [1..8553600].
Default value: 30 seconds.
19 Create IP addresses lists which will be
used during filtration.
esr(config)# object-group network
<obj-group-name>
<obj-group-name> – up to 31
characters.
20 Specify IP addresses list description
(optional).
esr(config-object-group-network)#
description <description>
<description> – profile
description, set by the string of
up to 255 characters.
21 Add necessary IPv4/IPv6 addresses to
the list.
esr(config-object-group-network)#
ip prefix <ADDR/LEN>
<ADDR/LEN> – subnet, defined
as AAA.BBB.CCC.DDD/EE
where each part AAA-DDD
takes values of [0..255] and EE
takes values of [1..32].
To Next Page
Loading...
Need help?
General
