Configuring Global State Policies - Brocade Communications Systems 5600 vRouter Configuration Manual
Hide thumbs
Also See for 5600 vRouter:
- Configuration manual (187 pages) ,
- Reference manual (124 pages) ,
- Quick start manual (48 pages)
Table of Contents
Advertisement
The following example shows how to configure a rule in the TEST1 firewall rule set. Rule 1 accepts stateful traffic flows and flows related
to existing connections for all protocols.
To configure per-rule set state rules, perform the following steps in configuration mode.
TABLE 10 Creating a per-rule set state rule
Step
Create the configuration node for the TEST1 rule set and
give a description for the rule set.
Create a state rule.
Commit the configuration.
Show the firewall configuration.
Configuring global state policies
You can change behavior to be globally stateful by setting a global state policy with
page 50. When state policies are defined, state rules for return traffic of that type need not be explicitly mentioned within the rule sets.
The global state policy that is configured applies to all IPv4 and IPv6 traffic destined for, originating from, or traversing the router. Note
that after the firewall is configured to be globally stateful, this setting overrides any state rules configured within the rule set.
The following example shows how to configure the firewall globally to allow all return traffic.
This behavior is the same as that configured in the TEST1 rule set in
is applied globally instead of being restricted to the one rule set.
To configure this global stateful behavior, perform the following steps in configuration mode.
TABLE 11 Setting a global state policy
Step
Configure global state policy.
Commit the configuration.
Show the state policy configuration.
30
Command
vyatta@R1# set security firewall name TEST1 description
"Filter traffic statefully"
vyatta@R1# set security firewall name TEST1 rule 1 action
accept
vyatta@R1# set security firewall name TEST1 rule 1 state
enable
vyatta@R1# commit
vyatta@R1# show security firewall name TEST1
description "Filter traffic statefully"
rule 1 {
action accept
state enable
}
Configuring stateful behavior per rule set
Command
vyatta@R1# set security firewall global-state-
policy icmp
vyatta@R1# set security firewall global-state-
policy tcp
vyatta@R1# set security firewall global-state-
policy udp
vyatta@R1# commit
vyatta@R1# show security firewall global-state-
policy
security {
security firewall global-state-policy <protocol>
Brocade 5600 vRouter Firewall Configuration Guide
Configuration Examples
on
on page 29, except that it
53-1004253-01
Advertisement
Table of Contents
