Configuring Pbar; Configuring Application Groups - HP VSR1000 Security Configuration Manual
Virtual services router
Hide thumbs
Also See for VSR1000:
- Configuration manual (463 pages) ,
- High availability configuration manual (91 pages) ,
- Layer 2 - wan access command reference (50 pages)
Table of Contents
Advertisement
You can add application protocols with the same properties to one application group, or copy
application protocols from one application group to another.
If a packet is recognized as the packet of an application protocol in an application group, the packet is
considered to be the packet of the application group. Features such as QoS and ASPF can handle
packets belonging to the same group in bulk.
The following types of application groups are available:
•
Pre-defined—The pre-defined application groups exist on the device by default, and you cannot
modify or delete these application groups. To display the pre-defined application groups, use the
display app-group pre-defined command.
User-defined—The user-defined application groups are manually created, and you can modify or
•
delete these application groups. To display the user-defined application groups, use the display
app-group user-defined command.
Configuring PBAR
Step
1.
Enter system view.
2.
Configure a port
mapping.
Configuring application groups
The device supports up to 65535 applications groups, and each application group contains up to 65535
user-defined application protocols.
To configure an application group:
Step
1.
Enter system view.
Command
system-view
•
Configure a general port mapping:
port-mapping application application-name
port port-number [ protocol protocol-name ]
•
Configure an ACL-based host-port mapping:
port-mapping application application-name
port port-number [ protocol protocol-name ]
acl [ ipv6 ] acl-number
•
Configure a subnet-based host-port mapping:
port-mapping application application-name
port port-number [ protocol protocol-name ]
subnet { ip ipv4-address { mask-length |
mask } | ipv6 ipv6-address prefix-length }
•
Configure an IP address-based host-port
mapping:
port-mapping application application-name
port port-number [ protocol protocol-name ]
host { ip | ipv6 } start-ip-address
[ end-ip-address ]
Command
system-view
297
Remarks
N/A
By default, all application
protocols map with well-known
ports.
You can configure these
commands together.
The priority of these port
mappings for a single packet
ranges from IP address-based,
subnet-based, ACL-based
host-port mappings to general
port mapping in a descending
order. A port mapping with
specified transport layer
protocol has higher priority
than that without.
If the specified application
protocol does not exist, the
system first creates the protocol.
Remarks
N/A
- Quick Links:
- Configuring the Device as an Ssh...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
