R3303-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG Router

Configuring firewall ················································································································································ 440

Overview ······································································································································································· 440

ACL based packet-filter ······································································································································· 440

ASPF ······································································································································································ 440

Configuring a packet-filter firewall ····························································································································· 443

Packet-filter firewall configuration task list ········································································································ 443

Enabling the firewall function ····························································································································· 443

Configuring the default filtering action of the firewall ····················································································· 443

Configuring packet filtering on an interface ···································································································· 444

Displaying and maintaining a packet-filter firewall ························································································· 445

Packet-filter firewall configuration example ······································································································ 445

Configuring an ASPF ··················································································································································· 447

ASPF configuration task list ································································································································ 447

Configuring an ASPF policy ······························································································································· 447

Applying an ASPF policy to an interface ·········································································································· 448

Configuring port mapping ·································································································································· 448

Displaying ASPF ·················································································································································· 449

ASPF configuration example ······························································································································ 449

Configuring ALG ····················································································································································· 451

ALG process ································································································································································· 451

Enabling ALG ······························································································································································· 453

FTP ALG configuration example ································································································································· 453

SIP/H.323 ALG configuration example ···················································································································· 454

NBT ALG configuration example ······························································································································· 454

Managing sessions ················································································································································· 456

Session management operation ························································································································· 456

Session management functions ·························································································································· 456

Session management task list ····································································································································· 457

Setting session aging times based on protocol state ······················································································· 457

Configuring session aging time based on application layer protocol type ·················································· 458

Configuring early aging for sessions ················································································································ 459

Setting the maximum number of sessions ········································································································· 459

Enabling checksum verification ·························································································································· 459

Specifying the persistent session rule ················································································································ 460

Clearing sessions manually ································································································································ 460

Configuring session logging ······································································································································· 461

Enabling session logging ···································································································································· 461

Setting session logging thresholds ····················································································································· 461

Configuring session log export ·························································································································· 462

Displaying and maintaining session management ··································································································· 462

Configuring connection limits ································································································································· 464

Connection limit configuration task list ······················································································································ 464

Creating a connection limit policy ····························································································································· 464

Configuring the connection limit policy ····················································································································· 464

Applying the connection limit policy ·························································································································· 465

Displaying and maintaining connection limiting ······································································································ 465

Connection limit configuration example ···················································································································· 465

Network requirements ········································································································································· 465

Configuration procedure ···································································································································· 466

Verifying the configuration ································································································································· 466