3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
Configuring ASPF 105
This task is used to configure waiting timeout value in SYN state and FIN state of
TCP, free timeout value of TCP and UDP session entries. The default timeout time
of syn, fin, tcp and udp are 30s, 5s, 3600s and 30s respectively.
Configuring application layer protocol detection
Perform the following configuration in ASPF policy view.
The application protocol can be ftp, http, h323, smtp, rtsp, and the transport
layer protocol can be tcp or udp.
The default TCP timeout time is 3600 seconds and the default UDP timeout time is
30 seconds.
When the protocol argument is set to http, Java blocking can be configured as
follows.
Configuring generic TCP and UDP protocol detection
Perform the following configuration in ASPF policy view.
The TCP-based default timeout time is 3600 seconds and the UDP-based timeout
time is 30 seconds.
You are recommended to use the application layer detection together with
TCP/UDP detection, for a configuration of TCP/UDP detection without application
layer protocol might cause packet return failures.
n
For Telnet applications, just configure generic TCP detection to implement ASPF
function.
Tab le 93 Configure application layer protocol detection
Operation Command
Configure ASPF detection for application layer
protocol
detect protocol [ aging-time seconds ]
Delete the configured application protocol
detection
undo detect protocol
Tab le 94 Configure Java blocking detection
Operation Command
Configure Java blocking detection
detect http [ java-blocking acl-number ] [
aging-time seconds ]
Delete the configured ASPF detection rule undo detect http
Tab le 95 Configure general TCP and UDP protocol detection
Operation Command
Configure general TCP detection detect tcp [ aging-time seconds ]
Configure general UDP detection detect udp [ aging-time seconds ]
Delete general TCP detection undo detect tcp
Delete general UDP detection undo detect udp