Configuring Aspf Detection; Checking The Configuration - Huawei quidway s7700 Configuration Manual
Smart routing switch
Hide thumbs
Also See for quidway s7700:
- Configuration manual (833 pages) ,
- Configuration manual - ethernet (648 pages) ,
- Configuration manual - multicast (551 pages)
Table of Contents
Advertisement
Quidway S7700 Smart Routing Switch
Configuration Guide - SPU
No.
1
2
3
2.7.2 Configuring ASPF Detection
ASPF can detect and filter the FTP, HTTP, SIP, and RTSP packets at the application layer.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
firewall interzone zone-name1 zone-name2
The interzone view is displayed.
Step 3 Run:
detect aspf { all | ftp | http [ activex-blocking | java-blocking ] | rtsp | sip }
ASPF is configured.
Generally, the application-layer protocol packets are exchanged between the two parties in
communication, so the direction does not need to be configured. The SPU automatically checks
the packets in the two directions.
By default, ASPF is not configured in the interzone.
----End
2.7.3 Checking the Configuration
After ASPF is configured, you can view information about ASPF.
Procedure
l
----End
Example
Run the display firewall interzone [ zone-name1 zone-name2 ] command, and you can view
the ASPF information of the interzone, for example:
<Quidway> display firewall interzone
interzone zone2 zone1
firewall enable
Issue 01 (2011-07-15)
Data
Names of the two zones
Type of the application protocol
(Optional) Aging time of the session table for each application layer protocol
Run the display firewall interzone [ zone-name1 zone-name2 ] command to view ASPF
information of the interzone.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 Firewall Configuration
46
Advertisement
Table of Contents
