R3166-R3206-HP High-End Firewalls Attack Protection Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

HP High-End Firewalls

ttack Protection Command Reference

Part number:

5998-2640

Software version: F1000-E/Firewall module: R3166

F5000-A5: R3206

Document version: 6PW101-20120706

Summary of content (26 pages)

PAGE 1
HP High-End Firewalls Attack Protection Command Reference Part number: 5998-2640 Software version: F1000-E/Firewall module: R3166 F5000-A5: R3206 Document version: 6PW101-20120706
PAGE 2
Legal and notice information © Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
PAGE 3
Contents ARP attack defense configuration commands ············································································································ 1 ARP automatic scanning and fixed ARP configuration commands ·············································································· 1 arp fixup ···································································································································································· 1 arp scan ·······················
PAGE 4
ARP attack defense configuration commands ARP automatic scanning and fixed ARP configuration commands arp fixup Syntax arp fixup View System view Default Level 2: System level Parameters None Description Use the arp fixup command to change dynamic ARP entries into static ARP entries. Note the following: • The static ARP entries changed from dynamic ARP entries have the same attributes as the static ARP entries manually configured.
PAGE 5
arp scan Syntax arp scan [ start-ip-address to end-ip-address ] View Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view, VLAN interface view Default Level 2: System level Parameters start-ip-address: Start IP address of the scanning range. end-ip-address: End IP address of the scanning range. The end IP address must be higher than or equal to the start IP address. Description Use the arp scan command to enable ARP automatic scanning.
PAGE 6
Web filtering configuration commands NOTE: The file name conventions in this document are as follows: • Full file name: File path plus file name, a case-insensitive string of 1 to 135 characters excluding the end character. • File name: File name without file path, a case-insensitive string of 1 to 91 characters excluding the end character.
PAGE 7
2 0 .vbs Table 1 Output description Field Description SN Serial number Match-Times Number of times that a suffix keyword is matched Keywords ActiveX blocking suffix keyword # Display detailed ActiveX blocking information. display firewall http activex-blocking verbose ActiveX blocking is enabled. No ACL group has been configured. There are 5 packet(s) being filtered. There are 0 packet(s) being passed.
PAGE 8
display firewall http java-blocking all SN Match-Times Keywords ---------------------------------------------1 10 .CLASS 2 0 .JAR 3 0 .java Table 2 Output description Field Description SN Serial number Match-Times Number of times that the suffix keyword has been matched Keywords Java blocking suffix keyword # Display detailed information about Java blocking. display firewall http java-blocking verbose Java blocking is enabled. No ACL group has been configured.
PAGE 9
# Display URL address filtering information about a specified filtering entry. display firewall http url-filter host item ^webfilter$ The HTTP request packet including "^webfilter$" had been matched for 10 times. # Display URL address filtering information about all filtering entries.
PAGE 10
verbose: Specifies detailed information. Description Use the display firewall http url-filter parameter command to display information about URL parameter filtering. If no parameters are specified, the command displays brief information about URL parameter filtering. Examples # Display brief information about URL parameter filtering. display firewall http url-filter parameter URL-filter parameter is enabled. # Display URL parameter filtering information about a specified keyword.
PAGE 11
firewall http activex-blocking acl Syntax firewall http activex-blocking acl acl-number undo firewall http activex-blocking acl View System view Default level 2: System level Parameters acl-number: ACL number, in the range 2000 to 3999. Description Use the firewall http activex-blocking acl command to specify an ACL for ActiveX blocking. Use the undo firewall http activex-blocking acl command to cancel the configuration. By default, no ACL is specified for ActiveX blocking.
PAGE 12
Description Use the firewall http activex-blocking enable command to enable the ActiveX blocking function and add the default blocking keyword ‘.ocx’ to the ActiveX blocking suffix list. Use the undo firewall http activex-blocking enable command to disable the ActiveX blocking function. By default, the ActiveX blocking function is disabled. Related commands: display firewall http activex-blocking. Examples # Enable the ActiveX blocking function.
PAGE 13
View System view Default level 2: System level Parameters acl-number: ACL number, in the range 2000 to 3999. Description Use the firewall http java-blocking acl command to specify an ACL for Java blocking. Use the undo firewall http java-blocking acl command to cancel the configuration. By default, no ACL is specified for Java blocking. After the command takes effect, all Web requests containing any suffix keywords in the Java blocking suffix list will be processed according to the specified ACL.
PAGE 14
Examples # Enable the Java blocking function. system-view [Sysname] firewall http java-blocking enable firewall http java-blocking suffix Syntax firewall http java-blocking suffix keywords undo firewall http java-blocking suffix keywords View System view Default level 2: System level Parameters keywords: Blocking suffix keyword, a case-insensitive string of 1 to 9 characters. It must start with a dot “.” and consists of characters 0 to 9, a to z, and A to Z.
PAGE 15
Parameters acl-number: ACL number, in the range 2000 to 3999. Description Use the firewall http url-filter host acl command to specify an ACL for URL address filtering. Use the undo firewall http url-filter host acl command to cancel the configuration. By default, no ACL is specified for URL address filtering. With the command configured, all Web requests using IP addresses will be processed according to the specified ACL.
PAGE 16
system-view [Sysname] firewall http url-filter host default permit firewall http url-filter host enable Syntax firewall http url-filter host enable undo firewall http url-filter host enable View System view Default level 2: System level Parameters None Description Use the firewall http url-filter host enable command to enable the URL address filtering function. Use the undo firewall http url-filter host enable command to disable the URL address filtering function.
PAGE 17
This configuration takes effect only after the URL address filtering function is enabled. Related commands: firewall http url-filter host enable, display firewall http url-filter host. Examples # Configure to permit Web requests using IP addresses for access to websites.
PAGE 18
Description Use the firewall http url-filter host save command to save the URL address filtering entries to a specified file in text format. Examples # Save all the URL address filtering entries into a file.
PAGE 19
standalone webfilter like www.webfilter.com; it does not match website addresses like www.webfilter-site.com. • A filtering entry with neither “^” at the beginning nor “$” at the end indicates a fuzzy match, and matches website addresses containing the keyword. • If “*” is present at the beginning of a filtering entry, it must be present in the format like *.xxx, where xxx represents a keyword, for example, *.com or *.webfilter.com. • A filtering entry with only numerals is invalid.
PAGE 20
Table 7 Meanings of wildcards Wildcard Meaning Usage guidelines ^ Matches parameters starting with the keyword It can be present once at the beginning of a filtering entry. $ Matches parameters ending with the keyword It can be present once at the end of a filtering entry. & Stands for one valid character It can be present multiple times at any position of a filtering entry, consecutively or inconsecutively, and cannot be used next to “*”.
PAGE 21
Description Use the firewall http url-filter parameter enable command to enable the URL parameter filtering function. Use the undo firewall http url-filter parameter enable command to disable the URL parameter filtering function. By default, the URL parameter filtering function is disabled. Related commands: display firewall http url-filter parameter. Examples # Enable the URL parameter filtering function.
PAGE 22
Parameters file-name: Name of the file for storing the parameter filtering entries. The name must contain the file path. Description Use the firewall http url-filter parameter save command to save all the parameter filtering entries (including the default ones) into a specified file. Examples # Save all the parameter filtering entries into a file.
PAGE 23
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
PAGE 24
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
PAGE 25
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents a firewall chassis or a firewall module. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device.
PAGE 26
Index ADFRSW firewall http url-filter host default,12 A firewall http url-filter host enable,13 arp fixup,1 firewall http url-filter host ip-address,13 arp scan,2 firewall http url-filter host load,14 D firewall http url-filter host save,14 display firewall http activex-blocking,3 firewall http url-filter host url-address,15 display firewall http java-blocking,4 firewall http url-filter parameter,16 display firewall http url-filter host,5 firewall http url-filter parameter enable,17 display f