F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Command Reference-6PW100
65
Table 11 Command output
Field Descri
p
tion
SERVICE Application layer protocol that is mapped to a port.
PORT Number of the port for the application layer protocol.
ACL Number of the ACL specifying the host range.
TYPE Port mapping type, system predefined or user customized.
Related commands
port-mapping
firewall aspf enable
Use firewall aspf enable to enable ASPF for an interzone instance.
Use undo firewall aspf enable to restore the default.
Syntax
firewall aspf enable [ icmp-error drop | tcp syn-check ]
undo firewall aspf enable [ icmp-error drop | tcp syn-check ]
Default
ASPF inspection is disabled for an interzone instance.
Views
Interzone instance view
Default command level
2: System level
Parameters
icmp-error drop: Drops ICMP error packets.
tcp syn-check: Drops non-SYN first TCP packets.
Examples
# Create an interzone instance, specifying the source zone as zoffice and the destination zone as
zlibrary, and enable ASPF for the interzone instance.
<Sysname> system-view
[Sysname] interzone source zoffice destination zlibrary
[Sysname-interzone-zoffice-zlibrary] firewall aspf enable
Related commands
interzone
port-mapping
Use port-mapping to map a port to an application layer protocol.
Use undo port-mapping to remove a port mapping entry.