Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
No.
1
2
3
2.7.2 Configuring ASPF Detection
ASPF can detect and filter FTP, HTTP, SIP, and RTSP packets at the application layer.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
firewall interzone zone-name1 zone-name2
The interzone view is displayed.
Step 3 Run:
detect aspf { all | ftp | http [ activex-blocking | java-blocking ] | rtsp | sip }
ASPF is configured.
Generally, the application-layer protocol packets are exchanged between the two parties in
communication, so the direction does not need to be configured. The SPU automatically checks
the packets in both directions.
By default, ASPF is not configured in the interzone.
----End
2.7.3 Checking the Configuration
After ASPF is configured, you can view information about ASPF.
Procedure
l
----End
Example
Run the display firewall interzone [ zone-name1 zone-name2 ] command to view the ASPF
information of the interzone.
<Quidway> display firewall interzone
interzone zone2 zone1
firewall enable
Issue 01 (2012-03-15)
Data
Names of the two zones
Type of the application protocol
(Optional) Aging time of the session table for each application layer protocol
Run the display firewall interzone [ zone-name1 zone-name2 ] command to view ASPF
information of the interzone.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 Firewall Configuration
46
Advertisement
Table of Contents
