Manualshelf

R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-G Router
11121314151617181920
ix
Configuring firewall ················································································································································ 437
Overview ······································································································································································· 437
ACL based packet-filter ······································································································································· 437
ASPF ······································································································································································ 437
Configuring a packet-filter firewall ····························································································································· 440
Packet-filter firewall configuration task list ········································································································ 440
Enabling the firewall function ····························································································································· 440
Configuring the default filtering action of the firewall ····················································································· 440
Configuring packet filtering on an interface ···································································································· 441
Displaying and maintaining a packet-filter firewall ························································································· 442
Packet-filter firewall configuration example ······································································································ 442
Configuring an ASPF ··················································································································································· 444
ASPF configuration task list ································································································································ 444
Enabling the firewall function ····························································································································· 444
Configuring an ASPF policy ······························································································································· 444
Applying an ASPF policy to an interface ·········································································································· 445
Configuring port mapping ·································································································································· 445
Displaying ASPF ·················································································································································· 446
ASPF configuration example ······························································································································ 446
Configuring ALG ····················································································································································· 448
ALG process ································································································································································· 448
Enabling ALG ······························································································································································· 450
FTP ALG configuration example ································································································································· 450
SIP/H.323 ALG configuration example ···················································································································· 451
NBT ALG configuration example ······························································································································· 451
Managing sessions ················································································································································· 453
Overview ······································································································································································· 453
Session management principle ·························································································································· 453
Session management functions ·························································································································· 453
Session management task list ····································································································································· 454
Setting session aging times based on protocol state ······················································································· 454
Configuring session aging time based on application layer protocol type ·················································· 455
Configuring early aging for sessions ················································································································ 456
Setting the maximum number of sessions ········································································································· 456
Enabling checksum verification ·························································································································· 456
Specifying the persistent session rule ················································································································ 457
Clearing sessions manually ································································································································ 457
Configuring session logging ······································································································································· 458
Enabling session logging ···································································································································· 458
Setting session logging thresholds ····················································································································· 458
Configuring session log export ·························································································································· 459
Displaying and maintaining session management ··································································································· 459
Configuring connection limits ································································································································· 461
Overview ······································································································································································· 461
Connection limit configuration task list ······················································································································ 461
Creating a connection limit policy ····························································································································· 461
Configuring the connection limit policy ····················································································································· 461
Applying the connection limit policy ·························································································································· 462
Displaying and maintaining connection limiting ······································································································ 462
Connection limit configuration example ···················································································································· 462
Network requirements ········································································································································· 462
Configuration procedure ···································································································································· 463
Verifying the configuration ································································································································· 463