Table of Contents
Advertisement
Command Reference Guide
ip firewall fast-nat-failover
Use the ip firewall fast-nat-failover command to automatically clear all open Internet Protocol version 4
(IPv4) firewall policy sessions when a route table change occurs. This allows the router to immediately
send traffic to the failover interface. Otherwise, the router tries to send traffic from existing sessions out
from the failed IP address until the session times out, resulting in a loss of connectivity. This command
should be configured when destination-specific rules are configured. Destination-specific rules are most
often used in failover and IP load sharing configurations. Refer to the command
name> on page 1058
for more information. Use the no form of this command to disable this feature.
The AOS IPv4 firewall must be enabled (using the command
the stateful inspection firewall to be activated.
Syntax Description
No subcommands.
Default Values
By default, all AOS IPv4 security features are disabled until the IPv4 firewall is enabled. By default, fast
NAT failover is disabled.
Command History
Release 9.3
Functional Notes
In cases where failover takes place between an interface which uses network address translation (NAT)
and an interface which does not use NAT, both ip firewall fast-nat-failover and ip firewall
fast-allow-failover commands must be enabled. Using fast-nat-failover causes the policy session using
NAT to be deleted when the session fails over and the route table changes to indicate a route that does not
use NAT. Using fast-allow-failover causes the policy session to be deleted when the session is an
allowed policy session and the route table changes to indicate a route that uses NAT.
Usage Examples
The following example enables fast-nat-failover:
(config)#ip firewall fast-nat-failover
60000CRG0-35E
Command was introduced.
Copyright © 2012 ADTRAN, Inc.
Global Configuration Mode Command Set
ip policy-class <ipv4 acp
ip firewall on page
999) for
1013
Advertisement
Table of Contents
