3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
318 CHAPTER 18: FIREWALL CONFIGURATION COMMANDS
Description
Use the log enable command to enable ASPF session logging function.
Use the undo log enable command to disable logging function.
By default, session logging function is disabled.
ASPF provides enhanced session logging function, which can log all connections,
including connection time, source address, destination address, port in use and
transmitted bytes number.
Related command: display aspf all, display aspf policy, display aspf session,
display aspf interface.
Example
# Enable ASPF session logging function.
[SecBlade_FW-aspf-policy-1] log enable
port-mapping Syntax
port-mapping application-name port port-number [ acl acl-number ]
undo port-mapping [ application-name port port-number [ acl acl-number ] ]
View
System view
Parameter
application-name: Name of the application protocol, including FTP, HTTP, H323,
SMTP and RTSP.
port-number: Port number, ranging from 0 to 65,535.
acl-number: Number of basic ACL, which is in the range from 2,000 to 2,999.
Description
Use the port-mapping command to establish a mapping from the port to
application layer protocol.
Use the undo port-mapping command to delete the PAM ingress defined by the
user.
PAM supports two mapping mechanisms: general port mapping and host port
mapping based on basic ACL. The former is to establish the mapping relation
between a user-defined port number and an application protocol. For example,
mapping the port 8080 to the HTTP will make all the TCP packets destined to
8080 be regarded as HTTP packets. The latter is to map the self-defined port
number to the application protocol for the packets from some specific hosts. For
example, you can map the TCP packets using the port 8080, which destine to the
hosts residing on the segment 1.1.0.0 to be the HTTP packets. The range of hosts
will be specified by the basic ACL.