R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

viii

Password authentication enabled Stelnet client configuration example ························································ 329

Publickey authentication enabled Stelnet client configuration example ························································ 332

SFTP configuration examples ······································································································································ 334

Password authentication enabled SFTP server configuration example ·························································· 334

Publickey authentication enabled SFTP client configuration example ··························································· 336

SCP file transfer with password authentication ········································································································· 339

Network requirements ········································································································································· 340

Configuration procedure ···································································································································· 340

Configuring firewall ················································································································································ 342

Overview ······································································································································································· 342

ACL based packet-filter ······································································································································· 342

ASPF ······································································································································································ 342

Configuring a packet-filter firewall ····························································································································· 345

Packet-filter firewall configuration task list ········································································································ 345

Enabling the firewall function ····························································································································· 345

Configuring the default filtering action of the firewall ····················································································· 345

Configuring packet filtering on an interface ···································································································· 346

Displaying and maintaining a packet-filter firewall ························································································· 347

Packet-filter firewall configuration example ······································································································ 347

Configuring an ASPF ··················································································································································· 349

ASPF configuration task list ································································································································ 349

Configuring an ASPF policy ······························································································································· 349

Applying an ASPF policy to an interface ·········································································································· 350

Configuring port mapping ·································································································································· 350

Displaying ASPF ·················································································································································· 351

ASPF configuration example ······························································································································ 351

Configuring ALG ····················································································································································· 353

ALG process ································································································································································· 353

Enabling ALG ······························································································································································· 354

FTP ALG configuration example ································································································································· 355

SIP/H.323 ALG configuration example ···················································································································· 356

NBT ALG configuration example ······························································································································· 356

Managing sessions ················································································································································· 358

Session management operation ························································································································· 358

Session management functions ·························································································································· 358

Session management task list ····································································································································· 359

Setting session aging times based on protocol state ······················································································· 359

Configuring session aging time based on application layer protocol type ·················································· 360

Configuring early aging for sessions ················································································································ 361

Setting the maximum number of sessions ········································································································· 361

Enabling checksum verification ·························································································································· 361

Specifying the persistent session rule ················································································································ 362

Clearing sessions manually ································································································································ 362

Configuring session logging ······································································································································· 363

Enabling session logging ···································································································································· 363

Setting session logging thresholds ····················································································································· 363

Configuring session log export ·························································································································· 364

Displaying and maintaining session management ··································································································· 365

Configuring connection limits ································································································································· 367