Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
311312313314315316317318319320
316 CHAPTER 18: FIREWALL CONFIGURATION COMMANDS
Description
Use the firewall aspf command to apply ASPF policy in specified direction to an
interface.
Use the undo firewall aspf command to delete the applied ASPF policy on the
interface.
There are two concepts is ASPF: inbound interface and outbound interface. If the
security gateway connects with both intranet and internet, and uses ASPF to
protect the servers of intranet, the security gateway interface connected with
intranet is regarded as inbound interface and that connected with internet is
regarded as outbound interface.
When ASPF is applied on outbound interface, ASPF will refuse the access of
intranet from internet users, but the returning packets of intranet users accessing
internet can pass the detection of ASPF.
Example
# Configure ASPF firewall function in outbound direction of GigabitEthernet0/0.2.
[SecBlade_FW-GigabitEthernet0/0.2] firewall aspf 1 outbound
firewall session
aging-time
Syntax
firewall session aging-time { fin-rst | fragment | ftp | h323 | http | icmp |
netbios | ras | rtsp | smtp | syn | tcp | telnet | udp } { default | seconds }
View
System view
Parameter
default: Chooses the default timeout values for the protocols.
seconds: Default timeout value for the protocol, in seconds.
The default timeout values for the different protocols are as follows:
fin-rst: 10 seconds
fragment: 5 seconds
ftp: 600 seconds
h323: 600 seconds
http: 240 seconds
icmp: 20 seconds
netbios: 240 seconds
ras: 600 seconds
rtsp: 240 seconds