NAT Configurations
4. To enable the reset-invalid-acks option, enter:
5. To disable the reset-invalid-acks configuration, enter:
Example
The following shows a sample configuration:
host/configure/firewall global> reset-invalid-acks
host/configure/firewall global > show firewall reset-invalid-acks
reset-invalid-acks is enabled
host/configure/firewall global > no reset-invalid-acks
host/configure/firewall global > show firewall reset-invalid-acks
reset-invalid-acks is disabled
Firewall ALG behavior
This section describes firewall ALG behavior.
Default behavior of firewall ALG
With the Secure Router 1000 Series and 3120, firewall ALGs are disabled by default. To use
the typical ALG set, a new cli command (enable-typical) has been added. This command
enables only a specific set of ALGs as follows:
aim, aimudp , ftp , l2tp, msn, pptp, rpc, rtsp554, rtsp7070, smtp, web, ike, tftp Remaining ALGs
(sip, sip-tcp, h323, gatekeeper, msnudp, dns, n2p, pcanywhere, sql, msgtcp, irc, n2pe, ils,
cuseeme, mszone, ils2, nntp) are in the disabled state.
Configuring a typical ALG set
Use the following procedure to configure a typical ALG set.
Procedure steps
1. Enter Configuration Mode.
2. Navigate to the firewall global sub-tree.
3. Disable all ALGs.
4. Enable the typical ALG set.
128
Avaya Secure Router 1000 Series Configuration Guide
reset-invalid-acks
show firewall reset-invalid-acks
configure terminal
firewall global
no enable-all
enable-typical
December 2010