Manualshelf

Reference Guide

ManualsBrandsDell ManualsTVs & monitorsW-620
261262263264265266267268269270
firewall
firewall
{allow-tri-session|amsdu|attack-rate {cp <rate>|ping <number>|session <number>}|broadcast-
filter-arp|cp|bwcontracts-subnet-broadcast|cp-bandwidth-contract|tcp-syn
<number>|bwcontracts-subnet-broadcast |deny-inter-user-bridging |deny-inter-user-
traffic|disable-ftp-server |disable-ftp-server| disable-stateful-h323| disable-stateful-
sccp-processing|disable-stateful-sip-processing |disable-stateful-ua-processing|disable-
stateful-vocera-processing|drop-ip-fragments|
|enable-per-packet-logging |enforce-tcp-handshake|enforce-tcp-sequence|gre-call-id-
processing|imm-fb|local-valid-users|log-icmp-error|prevent-dhcp-exhaustion|prohibit-arp-
spoofing|prohibit-ip-spoofing |prohibit-rst-replay|public-access|session-idle-timeout
<seconds>|session-mirror-destination {ip-address <ipaddr>|session-tunnel-fib|port
<slot>/<port>}
|shape-mcastfirew|voip-wmm-content-enforcement}
Description
This command configures firewall options on the controller.
Syntax
Parameter Description Range Default
allow-tri-session Allows three-way session when performing
destination NAT. This option should be enabled
when the controller is not the default gateway for
wireless clients and the default gateway is behind
the controller. This option is typically used for
captive portal configuration.
disabled
amsdu Aggregated Medium Access Control Service Data
Units (AMSDU) packets are dropped if this option is
enabled.
disabled
attack-rate Sets rates which, if exceeded, can indicate a denial
of service attack.
broadcast-filter-arp If enabled, all broadcast ARP requests are converted
to unicast and sent directly to the client. You can
check the status of this option using the show ap
active and the show datapath tunnel command. If
enabled, the output will display the letter a in the
flags column.
NOTE: This parameter is deprecated. Use the virtual
AP profile to configure this setting.
disabled
bwcontracts-subnet-broadcast Applies bw contracts to local subnet broadcast
traffic.
cp See "firewall cp" on page 268
cp-bandwidth-contract See "firewall cp-bandwidth-contract" on page 270
deny-inter-user-bridging Prevents the forwarding of Layer2 traffic between
wired or wireless users. You can configure user role
disabled
Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide firewall | 263