Configuring An Aspf; Aspf Configuration Task List - HPE FlexNetwork MSR Series Comware 5 Security Configuration Manual

[Router] firewall enable
# Create advanced ACL 3001.
[Router] acl number 3001
# Configure rules to permit specific hosts to access external networks and permit internal servers to
access external networks.
[Router-acl-adv-3001] rule permit ip source 129.1.1.1 0
[Router-acl-adv-3001] rule permit ip source 129.1.1.2 0
[Router-acl-adv-3001] rule permit ip source 129.1.1.3 0
[Router-acl-adv-3001] rule permit ip source 129.1.1.4 0
# Configure a rule to prohibit all IP packets from passing the firewall.
[Router-acl-adv-3001] rule deny ip
[Router-acl-adv-3001] quit
# Create advanced ACL 3002.
[Router] acl number 3002
# Configure a rule to allow a specific external user to access internal servers.
[Router-acl-adv-3002] rule permit tcp source 20.3.3.3 0 destination 129.1.1.0 0.0.0.255
# Configure a rule to permit specific data (only packets of which the port number is greater than 1024)
to get access to the internal network.
[Router-acl-adv-3002] rule permit tcp destination 20.1.1.1 0 destination-port gt 1024
[Router-acl-adv-3002] rule deny ip
[Router-acl-adv-3002] quit
# Apply ACL 3001 to packets that come in through Ethernet 1/1.
[Router] interface ethernet 1/1
[Router-Ethernet1/1] firewall packet-filter 3001 inbound
# Apply ACL 3002 to packets that come in through Serial 2/0.
[Router-Ethernet1/1] quit
[Router] interface serial 2/0
[Router-Serial2/0] firewall packet-filter 3002 inbound

Configuring an ASPF

ASPF configuration task list

Task
Enabling the firewall function
Configuring an ASPF policy
Applying an ASPF policy to an interface
Enabling the session logging function for ASPF
Configuring port mapping
Remarks
Required
Required
Required
Optional
Optional
343