R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
14
Configuring IP performance optimization
Enabling forwarding of directed broadcasts to a
directly connected network
Directed broadcast packets are broadcast on a specific network. In the destination IP address of a
directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.
If a device is allowed to forward directed broadcasts to a directly connected network, hackers may
mount attacks to the network. However, you can enable the feature when using the following functions:
• UDP helper—Converts broadcasts to unicasts and forward them to a specified server.
• Wake on LAN—Forwards directed broadcasts to a host on the remote network.
Configuration procedure
To enable the firewall to forward directed broadcasts:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A
3. Enable the interface to
forward directed broadcasts.
ip forward-broadcast [ acl acl-number ] Disabled by default
NOTE:
• If an ACL is referenced in the ip forward-broadcast command, only packets permitted by the ACL can
be forwarded.
• If you repeatedly execute the ip forward-broadcast command on an interface, only the last executed
command takes effect. If the command executed last does not include the acl
acl-number
, the ACL
configured previously will be removed.
Configuration example
Network requirements
As shown in Figure 10, the host's interface and GigabitEthernet 0/1 of Firewall are on the same network
segment (1.1.1.0/24). Interface GigabitEthernet 0/2 of Firewall and interface GigabitEthernet 0/2 of
Router are on another network segment (2.2.2.0/24). The default gateway of the host is GigabitEthernet
0/1 (IP address 1.1.1.2/24) of Firewall. Configure a static route to the host on Router.
Configure Router to receive directed broadcasts from the host to IP address 2.2.2.255.