Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8108fl Redundant Switch Fabric Module
121122123124125126127128129130
Transparent Firewall Configuration Example 129
Transparent Firewall
Configuration
Example
Network requirements
The Firewall module operates in transparent mode. The module allows the hosts in
the trust zone to access resources in the DMZ zone and untrust zone using ACLs
on the basis of MAC addresses. The Firewall module also prevents host PC_B in
the untrust zone from sending all packets using black lists. The MAC address of
PC_A is 000f-1f7e-fec5, and the IP address of PC_B is 172.16.0.50/24.
Tab le 119 Display and debug transparent firewall
Operation Command
Display the current firewall
mode
display firewall mode
Display statistics on Ethernet
frame filtering
display firewall ethernet-frame-filter { all | interface
interface-type interface-number }
Display transparent firewall
configuration
display firewall transparent-mode config
Display the MAC address table
on the transparent firewall
display firewall transparent-mode address-table [
interface interface-type interface-number | mac
mac-address ]
Display traffic on the
transparent firewall
display firewall transparent-mode traffic [ interface
interface-type interface-number ]
Enable debugging for Ethernet
frame filtering
debugging firewall eff [ interface interface-type
interface-number ]
Enable debugging for Ethernet
frame forwarding
debugging firewall transparent-mode eth-forwarding [
interface interface-type interface-number ]
Enable debugging for IP packet
forwarding
debugging firewall transparent-mode ip-forwarding
Clear Ethernet frame filtering
information
reset firewall ethernet-frame-filter { all | interface
interface-type interface-number }
Clear MAC address table
reset firewall transparent-mode address-table [
interface interface-type interface-number ]
Clear traffic statistics on the
transparent firewall
reset firewall transparent-mode traffic [ interface
interface-type interface-number ]