Manualshelf

HP VPN Firewall Appliances Attack Protection Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
64
Related commands
port-mapping
firewall aspf enable
Use firewall aspf enable to enable ASPF for an interzone instance.
Use undo firewall aspf enable to restore the default.
Syntax
firewall aspf enable [ icmp-error drop | tcp syn-check ]
undo firewall aspf enable [ icmp-error drop | tcp syn-check ]
Default
ASPF inspection is disabled for an interzone instance.
Views
Interzone instance view
Default command level
2: System level
Parameters
icmp-error drop: Drops ICMP error packets.
tcp syn-check: Drops non-SYN first TCP packets.
Examples
# Create an interzone instance, specifying the source zone as zoffice and the destination zone as
zlibrary, and enable ASPF for the interzone instance.
<Sysname> system-view
[Sysname] interzone source zoffice destination zlibrary
[Sysname-interzone-zoffice-zlibrary] firewall aspf enable
Related commands
interzone
port-mapping
Use port-mapping to map a port to an application layer protocol.
Use undo port-mapping to remove a port mapping entry.
Syntax
port-mapping application-name port port-number [ acl acl-number ]
undo port-mapping [ application-name port port-number [ acl acl-number ] ]
Default
There is no mapping between the port and the application layer.
Views
System view, VD view