Security Firewall Global-State-Policy <Protocol - Brocade Communications Systems 5600 vRouter Configuration Manual

security firewall global-state-policy <protocol>
Configures the global state parameters for firewall.
Syntax
set security firewall global-state-policy { icmp | tcp | udp }
delete security firewall global-state-policy [ icmp | tcp | udp ]
show security firewall global-state-policy
Command Default
If this statement is not configured, the firewall is stateless. In this case, specific rules governing statefulness can be configured
within the rule set.
Parameters
icmp
Enable ICMP state monitoring for firewall.
tcp
Enable TCP state monitoring for firewall.
udp
Enable UDP state monitoring for firewall.
Modes
Configuration mode
Configuration Statement
security {
firewall {
global-state-policy {
icmp
tcp
udp
}
}
}
Usage Guidelines
Setting this configuration node makes the firewall globally stateful. You then define policies for established traffic, related traffic,
and invalid traffic.
When configured to be stateful, the firewall tracks the state of network connections and traffic flows and allows or restricts traffic
based on whether its connection state is known and authorized. For example, when an initiation flow is allowed in one direction,
the stateful firewall automatically allows responder flows in the return direction.
The statefulness policy that is configured applies to all IPv4 and IPv6 traffic destined for, originating from, or traversing the
router. After the firewall is configured to be globally stateful, this setting overrides any state rules configured within rule sets.
50
Firewall Commands
Brocade 5600 vRouter Firewall Configuration Guide
53-1004253-01