3Com Router 3000 Ethernet Family
Configuration Guide
Delete the user-configured PAM of a host
The range of hosts in the host-specific PAM is specified using a basic ACL.
6.3.6 Displaying and Debugging ASPF
After the above configuration, execute display command in all views to display the
running of the ASPF configuration, and to verify the effect of the configuration. Execute
debugging command in user view for the debugging of ASPF.
Table 6-16 Display and debug ASPF
Display all ASPF configurations
Display information about the interfaces
where ASPF policies and ACLs are applied
Display the configuration of a specific ASPF
policy
Display sessions currently traced and
inspected by ASPF
Display port mapping information.
Enable ASPF debugging
Disable ASPF debugging
6.3.7 ASPF Configuration Example
I. Network requirements
Configure an ASPF policy on the firewall to detect the FTP and HTTP traffic passing the
firewall. Requirement: If the packet is a returned packet of FTP and HTTP connections
initiated by internal network subscribers, permit it to pass the firewall and enter the
internal network. For other packets, deny them. In addition, this detection policy can
filter out Java Applets in HTTP packets from the server 2.2.2.11. This example can be
applied in the case when local user needs to access remote network service.
Operation
Operation
3Com Corporation
6-15
Chapter 6 Firewall Configuration
Command
undo
application-name port port-number
acl acl-number
Command
display aspf all
display aspf interface
display
aspf
aspf-policy-number
display aspf session [ verbose ]
display
[
application-name
port-number ]
debugging aspf { all | verbose |
events | ftp | h323 | http | rtsp |
session | smtp | tcp | timers | udp }
undo debugging aspf { all | verbose
| events | ftp | h323 | http | rtsp |
session | smtp | tcp | timers | udp }
port-mapping
policy
port-mapping
|
port