Aspf Apply Policy (Zone Pair View) - H3C MSR Series Command Reference Manual

You can apply an ASPF policy to both the inbound and outbound directions of an interface.
Examples
# Apply ASPF policy 1 to the outbound direction of GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] aspf apply policy 1 outbound
Related commands
aspf policy
display aspf all
display aspf interface

aspf apply policy (zone pair view)

Use aspf apply policy to apply an ASPF policy to a zone pair.
Use undo aspf apply policy to remove an ASPF policy application from a zone pair.
Syntax
aspf apply policy aspf-policy-number
undo aspf apply policy aspf-policy-number
Default
The system applies the predefined ASPF policy to a zone pair when the zone pair is created.
Views
Zone pair view
Predefined user roles
network-admin
Parameters
aspf-policy-number: Specifies an ASPF policy number, in the range of 1 to 256.
Usage guidelines
With the predefined policy, ASPF inspects FTP packets and packets of all transport layer protocols,
but it does not perform ICMP error message check or the TCP SYN packet check.
The predefined ASPF policy cannot be modified. To change the ASPF policy application, define an
ASPF policy and apply it to the zone pair.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Apply an ASPF policy to a zone pair.
<Sysname> system-view
[Sysname] security-zone name trust
[Sysname-security-zone-Trust] import interface gigabitethernet 1/0/1
[Sysname-security-zone-Trust] quit
[Sysname] security-zone name untrust
[Sysname-security-zone-Untrust] import interface gigabitethernet 1/0/2
[Sysname-security-zone-Untrust] quit
[Sysname] zone-pair security source trust destination untrust
809