Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
101102103104105106107108109110
106 CHAPTER 7: FIREWALL CONFIGURATION
Applying ASPF Policy on
Specified Interface
The interface stream detection will take effect only after applying the pre-defined
ASPF policy on the external interface.
Perform the following configuration in interface view.
The consecutive initiated packets and the returned ones should be pass the same
interface as the preservation and maintenance of the application layer protocol
status are both implemented at the interface.
Setting the Session
Timeout Values
Perform the following configuration in system view.
Refer to the Command Manual for default values of various protocols.
Configuring a Port
Mapping Entry
Configuring a port mapping entry
Perform the following configuration in system view.
The range of hosts in the host-specific PAM is specified using a basic ACL.
Displaying and
Debugging ASPF
After the above configuration, execute display command in all views to display
the running of the ASPF configuration, and to verify the effect of the
configuration. Execute debugging command in user view for the debugging of
ASPF.
Tabl e 96 Apply ASPF policy on specified interface
Operation Command
Configure ASPF detection policy in specified
interface
firewall aspf aspf-policy-number { inbound |
outbound }
Delete the ASPF detection policy applied in
the interface
undo firewall aspf aspf-policy-number {
inbound | outbound }
Tabl e 97 Set the session timeout values
Operation Command
Restore the default session timeout
values of all firewall protocols.
firewall session aging-time default
Set the session timeout values for
different protocols.
firewall session aging-time { fin-rst | fragment | ftp |
h323 | http | icmp | netbios | ras | rtsp | smtp | syn |
tcp | telnet | udp } { default | seconds }
Tabl e 98 Configure PAM
Operation Command
Configure the generic PAM function.
port-mapping application-name port
port-number
Delete the user-configured generic PAM.
undo port-mapping application-name port
port-number
Configure PAM for a host.
port-mapping application-name port
port-number acl acl-number
Delete the user-configured PAM of a host
undo port-mapping application-name port
port-number acl acl-number