R2511-HP MSR Router Series Security Configuration Guide(V5)
350
Configuring an ASPF
ASPF configuration task list
Task Remarks
Enabling the firewall function Required
Configuring an ASPF policy Required
Applying an ASPF policy to an interface Required
Enabling the session logging function for ASPF Optional
Configuring port mapping Optional
Enabling the firewall function
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enable the IPv4 firewall function.
firewall enable Disabled by default.
Configuring an ASPF policy
Follow these guidelines when you configure an ASPF policy:
• If you enable TCP or UDP inspection without configuring application layer protocol inspection,
some packets might fail to get a response. Therefore, enable application layer protocol inspection
together with TCP/UDP inspection.
• In the case of a Telnet application, you only need to configure TCP inspection.
• The timeout value specified in the detect command takes precedence to that specified in the
aging-time command.
To configure an ASPF policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create an ASPF policy and
enter its view.
aspf-policy aspf-policy-number N/A
3. Set the TCP/UDP session
timeout periods.
aging-time { fin | syn | tcp | udp }
seconds
Optional.
The defaults are as follows:
• 5 seconds for the TCP session
termination delay time.
• 30 seconds for the TCP session
hold time.
• 3600 seconds for TCP session
idle timeout period.
• 30 seconds for UDP session
idle timeout period.