F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100
71
multi-channel application layer protocols like FTP and H.323, the deployment of TCP detection without
application layer detection will lead to failure of establishing a data connection.
32B
Configuring an IPv6 packet-filter firewall
IPv6 packet-filter firewall can be configured only at the CLI.
The following matrix shows the feature and hardware compatibility:
Hardware Feature com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
Firewall module Yes
U200-A Yes
U200-S No
89BIPv6 packet-filter firewall configuration task list
Task Remarks
337H
Enabling the IPv6 firewall function Required.
338H
Configuring the default filtering action of the IPv6 firewall Optional.
339H
Configuring packet filtering on an interface Required.
90BEnabling the IPv6 firewall function
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Enable the IPv6 firewall function.
firewall ipv6 enable Disabled by default.
91BConfiguring the default filtering action of the IPv6 firewall
The default filtering action configuration is used for the firewall to determine whether to permit a data
packet to pass or deny the packet when there is no appropriate criterion for judgment.
To configure the default filtering action of the IPv6 firewall:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Specify the default filtering
action of the firewall.
firewall ipv6 default { deny |
permit }
Optional.
permit (permit packets to pass the
firewall) by default.