HP ProCurve 7102dl Reference Manual page 401
Secure router sros command line interface
Hide thumbs
Also See for ProCurve 7102dl:
- Configuration manual (1114 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
SROS Command Line Interface Reference Guide
ip firewall alg [ftp | h323 | h323 timeout | pptp | sip]
Use the ip firewall alg command to enable the application level gateway (ALG) for a particular
application. Use the no form of this command to disable ALG for the application.
Syntax Description
ftp
h323
h323 timeout <value> Optional. Allows the configuration of the timeout for the policy-session that
pptp
sip
Default Values
By default, the ALG for FTP, H323, PPTP, and SIP are enabled.
Functional Notes
Enabling the Application Layer Gateway (ALG) for a specific protocol gives the firewall additional
information about that complex protocol and causes the firewall to perform additional processing for
packets of that protocol. When the ALG is disabled, the firewall treats the complex protocol as any other
simple protocol. The firewall needs no special knowledge to work well with simple protocols.
Warning
Disabling the IP firewall ALG may cause the firewall to block some of the traffic for
the specified protocol.
Session Initiation Protocol (SIP) ALG Information
By default, the SROS SIP ALG is enabled. This ALG allows the firewall to examine the ALL SIP packets it
identifies and maintain knowledge of SIP transmissions on the network based on the SIP header. The SIP
ALG requires the use of the SIP stack and the SIP proxy server in order to properly route SIP calls and
maintain the SIP information. When the SIP ALG is enabled, the SIP stack and SIP proxy server are
automatically enabled. For proper SIP operation, the firewall must also be configured to allow for dynamic
holes for the RTP/RTCP traffic associated with SIP calls between User Agents (UAs). This functionality
must be manually enabled using the ip rtp firewall-traversal command.
To completely disable SIP operation in the SROS, the following commands should be entered: no ip
firewall alg sip, no ip sip, no ip sip proxy, and no ip rtp firewall-traversal. The no ip firewall alg sip
command disables the SIP ALG. The no ip sip command disables the SIP stack and frees all memory
allocated to the stack. The no ip sip proxy command disables the SIP proxy server. This command is not
necessary to disable SIP functionality (because the no ip sip command effectively shuts the proxy server
down by disabling the stack), but should be entered for a cleaner configuration.
5991-2114
Enables the FTP ALG.
Enables the H323 ALG. H.323 is a generic recommendation from the ITU that sets
standards for multimedia communications over networks without guaranteed
Quality of Service (QoS)
controls the H.323 call and specifies the length of time before the H.323 call is
terminated after a timeout.
Enables the PPTP ALG.
Enables the SIP ALG.
© Copyright 2007 Hewlett-Packard Development Company, L.P.
Global Configuration Mode Command Set
399
Advertisement
Chapters
Table of Contents
