Enabling The Firewall Function; Configuring An Aspf Policy; Applying An Aspf Policy To An Interface - HPE FlexNetwork MSR Series Comware 5 Security Configuration Manual

Enabling the firewall function

Step
1. Enter system view.
2. Enable the IPv4 firewall function.

Configuring an ASPF policy

Follow these guidelines when you configure an ASPF policy:
•
If you enable TCP or UDP inspection without configuring application layer protocol inspection,
some packets might fail to get a response. Therefore, enable application layer protocol
inspection together with TCP/UDP inspection.
•
In the case of a Telnet application, you only need to configure TCP inspection.
•
The timeout value specified in the detect command takes precedence to that specified in the
aging-time command.
To configure an ASPF policy:
Step
1. Enter system view.
2. Create an ASPF policy and
enter its view.
3. Set the TCP/UDP session
timeout periods.
4. Configure ASPF inspection
for application layer and
transport layer protocols.

Applying an ASPF policy to an interface

The following matrix shows the feature and hardware compatibility:
Hardware
MSR900
MSR93X
Command
system-view
firewall enable
Command
system-view
aspf-policy aspf-policy-number
aging-time { fin | syn | tcp | udp }
seconds
detect protocol [ java-blocking
acl-number ] [ aging-time
seconds ]
Feature compatibility
Yes
Yes
344
Remarks
N/A
Disabled by default.
Remarks
N/A
N/A
Optional.
The defaults are as follows:
•
5 seconds for the TCP
session termination delay
time.
•
30 seconds for the TCP
session hold time.
•
3600 seconds for TCP
session idle timeout period.
•
30 seconds for UDP session
idle timeout period.
Optional.
The default timeouts are as
follows:
•
3600 seconds for application
layer protocols.
•
3600 seconds for TCP; and
30 seconds for UDP.