H3C SecPath F1800-A Operation Manual page 407
H3c secpath f1800-a firewall
Hide thumbs
Also See for H3C SecPath F1800-A:
- Installation manual (13 pages) ,
- Operation manual (30 pages)
Table of Contents
Advertisement
Operation Manual - Security Defence
H3C SecPath F1800-A Firewall
II. Networking Diagram
Trust
202.101.1.2
Figure 2-5 Networking diagram of ASPF configuration
III. Configuration Procedure
# Configure ASPF detect policy to define the timeout time of FTP and HTTP to 3000 in
seconds.
[SecPath] firewall session aging-time ftp 3000
[SecPath] firewall session aging-time http 3000
# Configure ACL 3101 to deny all TCP and UDP traffic to access the internal network.
[SecPath] acl number 3101
[SecPath-acl-adv-3101] rule deny ip
# Configure ACL 2010 to reject the Java Applets from 2.2.2.11.
[SecPath] acl number 2010
[SecPath-acl-basic-2010] rule deny source 2.2.2.11 0.0.0.0
[SecPath-acl-basic-2010] rule permit source any
# Set the default packet filtering action as permit in the outbound direction between
the trust zone and the untrust zone.
[SecPath] firewall packet-filter default permit interzone trust untrust
direction outbound
# Apply the ACL rule and ASPF policy between the trust zone and the untrust zone.
[SecPath] firewall interzone trust untrust
[SecPath-interzone-trust-untrust] packet-filter 3101 inbound
[SecPath-interzone-trust-untrust] detect ftp
[SecPath-interzone-trust-untrust] detect http
[SecPath-interzone-trust-untrust] detect java-blocking 2010 inbound
SecPath
Ethernet1/0/0
202.101.1.1
6-55
Chapter 2 Security Policy
Untrust
Ethernet2/0/0
2.2.2.1
Server Host
2.2.2.11
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the H3C SecPath F1800-A and is the answer not in the manual?