Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices System Management and Maintenance Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
14
3BOptimizing IP performance
Optimization IP performance can be configured only at the CLI.
This chapter describes multiple features for IP performance optimization.
28B
Enabling receiving and forwarding of directed
broadcasts to a directly connected network
A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address
of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all
ones.
If a device is allowed to forward directed broadcasts to a directly connected network, hackers can
exploit this vulnerability to attack the target network. However, this feature must be enabled for the wake
on LAN function to forward directed broadcasts for waking up a specific host.
143BEnabling receiving of directed broadcasts to a directly
connected network
If a device does not support this feature, the device can receive directed broadcasts by default.
If a device is enabled to receive directed broadcasts, the device determines whether to forward them
according to the configuration on the outgoing interface.
A device that has been disabled from receiving directed broadcasts can still receive broadcast packets
destined for specific UDP ports, which, for example, are configured to be forwarded by UDP helper.
To enable the device to receive directed broadcasts:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable the device to receive
directed broadcasts.
ip forward-broadcast Disabled by default.
144BEnabling forwarding of directed broadcasts to a directly
connected network
Follow these guidelines when you enable the device to forward directed broadcasts:
If an ACL is referenced in the ip forward-broadcast command, only packets permitted by the ACL
can be forwarded.
If you repeatedly execute the ip forward-broadcast command on an interface, only the last
executed command takes effect. If the command executed last does not include acl acl-number, the
ACL configured previously is removed.