Source port number
Destination port number
The device compares the head information against the preset ACL rules and processes (discards or
forwards) the packet based on the comparison result.
An ASPF implements status-based packet filtering, and provides the following functions:
Transport layer protocol inspection (generic TCP and UDP inspection)—ASPF checks a TCP/UDP
packet's source and destination addresses and port numbers to determine whether to permit the
packet to pass through the firewall into the internal network.
Application layer protocol inspection—ASPF checks application layer information for packets, such
as the protocol type and port number, and monitors the application layer protocol status for each
connection. ASPF maintains status information for each connection, and based on status
information, determines whether to permit a packet to pass through the firewall into the internal
network, thus defending the internal network against attacks.
ASPF also supports other security functions, such as port to application mapping, Java blocking, ActiveX
blocking, ICMP error message inspection and first packet inspection for TCP connection.
At the border of a network, an ASPF can work in coordination with a packet-filter firewall to provide the
network with a security policy that is more comprehensive and better meets the actual needs.
ALG processes payload information for application layer packets.
Working with NAT, ALG implements address translation in packet payloads. Working with ASPF, ALG
implements data connection detection and application layer status checking.
Session management is a common feature designed to implement session-based services such as NAT,
ASPF, and intrusion protection. Session management tracks the connection status by inspecting the
transport layer protocol (TCP or UDP) information, and regards packet exchanges at transport layer as
sessions, performing unified status maintenance and management of all connections.
In actual applications, session management works together with ASPF to dynamically determine whether
a packet can pass the firewall and enter the internal network according to connection status, thus
The session management function only implements connection status tracking. It does not block potential
To protect internal network resources (hosts or servers) and correctly allocate system resources on the
device, you can configure connection limit policies to collect statistics and limit the number of connections,
connection establishment rate, and connection bandwidth.
Attack detection and protection
ARP attack protection
Although ARP is easy to implement, it provides no security mechanism and is vulnerable to network
attacks. An attacker can exploit ARP vulnerabilities to attack network devices. HP has provided a