344
Enabling the firewall function
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable the IPv4 firewall function.
firewall enable
Disabled by default.
Configuring an ASPF policy
Follow these guidelines when you configure an ASPF policy:
• If you enable TCP or UDP inspection without configuring application layer protocol inspection,
some packets might fail to get a response. Therefore, enable application layer protocol
inspection together with TCP/UDP inspection.
• In the case of a Telnet application, you only need to configure TCP inspection.
• The timeout value specified in the detect command takes precedence to that specified in the
aging-time command.
To configure an ASPF policy:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create an ASPF policy and
enter its view.
aspf-policy
aspf-policy-number N/A
3. Set the TCP/UDP session
timeout periods.
aging-time
{
fin
|
syn
|
tcp
|
udp
}
seconds
Optional.
The defaults are as follows:
• 5 seconds for the TCP
session termination delay
time.
• 30 seconds for the TCP
session hold time.
• 3600 seconds for TCP
session idle timeout period.
• 30 seconds for UDP session
idle timeout period.
4. Configure ASPF inspection
for application layer and
transport layer protocols.
detect
protocol [
java-blocking
acl-number ] [
aging-time
seconds ]
Optional.
The default timeouts are as
follows:
• 3600 seconds for application
layer protocols.
• 3600 seconds for TCP; and
30 seconds for UDP.
Applying an ASPF policy to an interface
The following matrix shows the feature and hardware compatibility:
Hardware Feature compatibility
MSR900 Yes
MSR93X Yes
To Next Page
Loading...
Need help?
General
