Command Reference Guide
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 4 Firewall Configuration Commands
3Com Corporation
4-10
Parameter
protocol: Name of the protocol supported by ASPF. It can be an application layer
protocol of ftp, http, h323, smtp, or rtsp, or a transport layer protocol of tcp or udp.
seconds: Configures the idle timeout time of the protocol, ranging from 5 to 43200
seconds. The default TCP-based timeout time is 3600 seconds, and the default
UDP-based timeout time is 30 seconds.
java-blocking: Configures to block the Java Applets to specified network segment
packets, valid only when the protocol is HTTP.
acl-number: Basic ACL number, ranging from 2000 to 2999.
Description
Use the detect command to specify ASPF policy for application layer protocols.
Use the undo detect command to cancel the configuration.
When the protocol is HTTP, Java blocking is permitted.
If both application layer protocol specific detection and generic TCP/UDP-based
detection are configured, the former has priority.
ASPF uses the timeout mechanism to manage session state information of protocols
so that it can decide when to stop managing the state information of a session or delete
a session that cannot be set up normally. The timeout time setting is a global setting
applicable to all sessions; it can protect system resources against malicious
occupation.
Related command: display aspf all, display aspf policy, display aspf session and
display aspf interface.
Example
# Configure to specify an ASPF policy for HTTP protocol with policy number 1. At the
same time, permit Java blocking and set ACL2000 to make ASPF able to filter Java
Applets from destination server 10.1.1.1.
[3Com] acl number 2000
[3Com-acl-basic-2000] rule deny source 10.1.1.1 0
[3Com-acl-basic-2000] rule permit any
[3Com-acl-basic-2000] quit
[3Com] aspf-policy 1
[3Com-aspf-policy-1] detect http java-blocking 2000
4.2.5 display aspf all
Syntax
display aspf all