3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

301

302

303

304

305

306

307

308

309

310

310 CHAPTER 18: FIREWALL CONFIGURATION COMMANDS

acl-number1: Number of a basic ACL, in the range of 2000 to 2999. If this

argument is not specified, it indicates that all Java Applets are blocked.

activex-blocking: Indicates that ActiveX is blocked.

acl-number2: Number of a basic ACL, in the range of 2000 to 2999. If this

argument is not specified, it indicates that all ActiveX controls are blocked.

seconds: Protocol idle timeout, in the range of 5 to 43200 seconds. By default, it is

3600 seconds for the application layer protocols and the TCP protocol, and is 30

seconds for the UDP protocol.

Description

Use the detect http command to configure the detection of the HTTP protocol

and the blocking of Java Applet and ActiveX as well.

Use the undo detect http command to cancel the detection.

By default, HTTP is not detected.

Example

# Configure the ASPF policy to detect HTTP and block all ActiveX controls and the

Java Applet from the server at 10.1.1.1.

[SecBlade_FW] acl number 2000

[SecBlade_FW-acl-basic-2000] rule permit source 10.1.1.1 0

[SecBlade_FW-acl-basic-2000] rule deny source any

[SecBlade_FW-acl-basic-2000] quit

[SecBlade_FW] aspf-policy 1

[SecBlade_FW-aspf-policy-1] detect http activex-blocking java-blocking 2000

display aspf all Syntax

display aspf all

View

Any view

Parameter

None

Description

Use the display aspf all command to view the information of all ASPF policies

and sessions.

Example

# View the information of ASPF policy and session.

[SecBlade_FW] display aspf all

[ASPF Policy Configuration]

Policy Number 1:

Log: disable

SYN timeout: 30 s

FIN timeout: 30 s

TCP timeout: 3600 s

UDP timeout: 30 s