Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
101102103104105106107108109110
104 CHAPTER 7: FIREWALL CONFIGURATION
Configuring ASPF ASPF configuration includes:
Enable firewall
Configure ACL
Define an ASPF policy
Apply the ASPF policy on specified interfaces
Enabling Firewall This configuration task is the same as the configuration of packet filtering firewall.
Configuring ACL To protect internal network, access control list should be configured on the
security gateway and applied to external interface, permitting the internal hosts
access external network and prohibiting external hosts from accessing internal
network.
Defining an ASPF Policy Define an ASPF policy according to the following steps:
Create an ASPF policy
Configure aging-time value
Configure application layer protocol detection
Configure general TCP or UDP detection
Creating an ASPF policy
Perform the following configuration in system view.
In the table, aspf-policy-number is ASPF policy number, ranging from 1 to 99.
When the command is used to create an ASPF policy, the ASPF policy view is
entered at the same time.
Configuring aging-time value
Perform the following configuration in ASPF policy view.
Tabl e 90 Configure ACL
Operation Command
Configure ACL (in ACL view) rule deny
Apply ACL to external interface (in interface
view)
firewall packet-filter acl-num inbound
Tabl e 91 Create an ASPF policy
Operation Command
Create an ASPF policy aspf-policy aspf-policy-number
Delete the created ASPF policy undo aspf-policy aspf-policy-number
Tabl e 92 Configure aging-time value
Operation Command
Configure aging-time value aging-time { syn | fin | tcp | udp } seconds
Restore the default aging-time value undo aging-time { syn | fin | tcp | udp }