Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8108fl Redundant Switch Fabric Module
301302303304305306307308309310
ASPF Configuration Commands 309
undo detect protocol
View
ASPF policy view
Parameter
protocol: Name of the protocol supported by ASPF. It can be an application layer
protocol of ftp, http, h323, smtp, or rtsp, or a transport layer protocol of tcp or
udp.
seconds: Configures the idle timeout time of the protocol, ranging from 5 to
43200 seconds. The default TCP-based timeout time is 3600 seconds, and the
default UDP-based timeout time is 30 seconds.
Description
Use the detect command to specify ASPF policy for application layer protocols.
Use the undo detect command to cancel the configuration.
When the protocol is HTTP, Java Applet blocking and Active X control blocking are
permitted.
If both application layer protocol specific detection and generic TCP/UDP-based
detection are configured, the former has priority.
ASPF uses the timeout mechanism to manage session state information of
protocols so that it can decide when to stop managing the state information of a
session or delete a session that cannot be set up normally. The timeout time
setting is a global setting applicable to all sessions; it can protect system resources
against malicious occupation.
Related command: display aspf all, display aspf policy, display aspf session
and display aspf interface.
Example
# Configure to specify an ASPF policy for FTP protocol with policy number 1.
[SecBlade_FW] acl number 1
[SecBlade_FW-aspf-policy-1] detect ftp
detect http Syntax
detect http [ java-blocking [ acl-number1 ] | activex-blocking [ acl-number2 ]
]* [ aging-time seconds ]
undo detect http [ java-blocking | activex-blocking ]*
View
ASPF policy view
Parameter
java-blocking: Indicates that Java Applet is blocked.