Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
919293949596979899100
Following is
how FTP
detection operates since an FTP connection is set up till it is disconnected:
1 Check the IP packet sent from the egress interface to the outside and
acknowledges it is an FTP packet based on TCP.
2 Check the port number, acknowledges it as a control connection to create a TACL
and status table for returned packets.
3 Check the FTP control connection packets, makes FTP instruction resolution, and
updates the status table according to the instructions. If there are data channel
establish instructions, then it the TACL for other data links. It does not detect the
status of data links.
4 A match detection is performed on returned packets according to protocol type
and then ASPF decides if to pass the packets after referring to the status table and
TACL of the protocol.
5 The status table and TACL are cleared along with the deletion of an FTP
connection.
The detection of single-channel application layer protocols, such as SMTP and
HTTP, is rather simple. A TACL is created and cleared together with the connection.
Fundamentals of transport protocol layer detection
Here the transport layer protocol detection refers to TCP/UDP detection. Different
from the application layer protocol detection, the transport layer protocol detects
the packet information of transport layer, such as source address, destination
address and port number. The TCP/UDP detection requires that the packets
returned back to the external interface of ASPF match exactly the packets sent out
it, that is, the source address, destination address and port number are right.
Otherwise, the returned packets will be blocked. Therefore, you cannot establish a
connection for the multi-channel application layer protocols such as FTP and
.H.323, if you just configure TCP detection, but not application layer detection.
Configuring Packet
Filter Firewall
Packet filtering firewall configuration includes:
Enable or Disable Firewall
Set the Default Filtering Mode of Firewall
Enable Packet Filtering Firewall Fragment Detection Switch
Configure High/Low Threshold of Fragment Inspection
Apply ACL on the Interface
Enabling or Disabling
Firewall
Perform the following configuration in system view.
By default, firewall is disabled.
Tab le 84 Enable or disable firewall
Operation Command
Enable firewall firewall packet-filter enable
Disable firewall undo firewall packet-filter enable