Table of Contents
Advertisement
•
Event Logging - Defines the event threshold for firewall values logged to the Console or Syslog
ip firewall logging
with
alarms down to 7 which cumulatively logs all firewall messages through 0, as follows:
–
Level 0: Emergency
–
Level 1: Alert
–
Level 2: Critical - alarms such as failure to allocate memory during initialization are logged if
system logging is enabled and firewall logging is set to level 2 or higher
–
Level 3: Error - abnormal and deny alarms are logged if system logging is set at MEDIUM
or HIGH and firewall logging is level 3 or higher
–
Level 4: Warning - normal and permit alarms are logged if system logging is set at LOW
and firewall logging is level 4 or higher
–
Level 5: Notice
–
Level 6: Information
–
Level 7: Debug
You can generate fewer firewall alarms by setting a low logging level with the system
command.
To further minimize alarms and overhead for the XSR, configure the firewall alarm level to 0
with the
ip firewall logging
priority, and taking this action avoids generating firewall alarms that are later dropped
anyway by the XSR's system alarm logging mechanism.
•
Authentication - Defines firewall authentication with idle timeout and port range values with
firewall auth
. Also, the
group basis. Authentication entries for users are configured using the AAA commands
aaa user
including
configuring the firewall policy group_name, be sure it matches the AAA group name.
When entering the
Figure 16-13
appears. Be aware that configured usernames and passwords must be less than
32 characters and can include non-alphanumeric characters.
Figure 16-13
Sample Telnet Screen
Please provide username and password.
Username: clarkkent
Password:******
Authenticated.
XSR>,186>Mar 4 22:56:20 10.10.10.20 CLI: User: clarkkent
logged in from address 10.10.10.10.
XSR>
Be aware that a Telnet session left idle for more than one minute is terminated by default. Set
the idle timeout with
. You can set eight severity levels ranging from 0 for emergency
command. This value is independent of the XSR logging
ip firewall policy
password
aaa group
and
,
telnet <address> <port-number>
session-timeout
.
command applies authentication rules on a
aaa policy
aaa client
,
, and
command, the screen shown in
Firewall CLI Commands
logging
ip
. When
XSR User's Guide 16-21
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the Security Router X-PeditionTM and is the answer not in the manual?
Questions and answers