Table of Contents
Advertisement
Command Reference Guide
ip firewall
Use the ip firewall command to enable Internet Protocol version 4 (IPv4) AOS security features, including
IPv4 access control policies (ACPs) and lists (ACLs), network address translation (NAT), and the stateful
inspection firewall. Use the no form of this command to disable the security functionality.
Disabling the AOS IPv4 security features (using the no ip firewall command) does not
affect security configuration. All configuration parameters will remain intact, but no
security data processing will be attempted.
For information regarding the use of open shortest path first (OSPF) with ip firewall
enabled, refer to the Functional Notes for
Regarding the use of Internet key exchange (IKE) negotiation for virtual private network
(VPN) with ip firewall enabled, there can be up to six channel groups with 2 to 8 interfaces
per group. Dynamic protocols are not yet supported (only static). A physical interface can
be a member of only one channel group.
Syntax Description
No subcommands.
Default Values
By default, all AOS IPv4 security features are disabled.
Command History
Release 2.1
Functional Notes
This command enables firewall processing for all interfaces with a configured policy class. Firewall
processing consists of the following functions:
Attack Protection: Detects and discards traffic that matches profiles of known networking exploits or
attacks.
Session Initiation Control: Allows only sessions that match traffic patterns permitted by ACPs to be
initiated through the router.
Ongoing Session Monitoring and Processing: Each session that has been allowed through the router is
monitored for any irregularities that match patterns of known attacks or exploits. This traffic will be
dropped. Also, if NAT is configured, the firewall modifies all traffic associated with the session according to
the translation rules defined in NAT access policies. Finally, if sessions are inactive for a user-specified
amount of time, the session will be closed by the firewall.
Application-Specific Processing: Certain applications need special handling to work correctly in the
presence of a firewall. AOS uses application-level gateways (ALGs) for these applications.
60000CRG0-35E
Command was introduced.
Copyright © 2012 ADTRAN, Inc.
Global Configuration Mode Command Set
router ospf on page
1308.
999
- Quick Links:
- Basic Mode Command Set
Hide quick links:
Advertisement
Table of Contents
