Zte ZXR10 ZSR V2 Series Product Description page 41
Hide thumbs
Also See for ZXR10 ZSR V2 Series:
- Configuration manual (313 pages) ,
- Configuration manual (system management (192 pages) ,
- Hardware installation manual (67 pages)
Table of Contents
Advertisement
to decide which session is allowed to be built. Only the packets that related to the
permitted sessions can be forwarded. At the same time, according to the TCP/UDP
session, the stateful firewall analyzes the status of the packet application layer, and filters
the packets which do not match the status of the existing application layer. Combining
the advantages of the packet filtration firewall and proxy firewall, the stateful firewall is
not only fast, but also safe.
SFW (Stateful Firewall) is message filtration based upon the application layer, in other
words, it is a status-based message filtration. As this service can inspect the protocol
sessions which try to pass through the firewall in the application layer by maintaining the
session status, checking the protocol and port number of the session messages, it stops
the messages which do not match the rules from passing through the firewall. For all
connections, the status of each connection maintained by the SFW is used to decide if
the packet is allowed to pass the firewall dynamically. At the same time, the SFW can
monitor the service of different application layer protocols.
3.7.4.4
Black list
Blacklist is a filtration method based upon the source VPN and the source IP address of
the message. As the matching domain is much simpler than the ACL, the blacklist can
implement rapid message filtration. Therefore, it can effectively shield the messages sent
from some particular IP addresses. At the same time, user's static blacklist and the
firewall-based dynamic blacklist are supported.
In addition to the blacklist made by the user statically, some particular IP addresses
which are found implementing IP scanning attacks or port scanning attacks will be put
into the blacklist actively. If the blacklist has been activated, all the messages coming
from this IP address in a certain period will be filtered. The user can configure the aging
time of both static and dynamic blacklists. Completely ignoring the ACL rules, the firewall
discard all the packets in the blacklist.
Users can export the blacklist to files. Also, the blacklist can be configured by importing
the data on files.
ZTE Confidential & Proprietary
ZXR10 ZSR V2 Series Router Product Description
39
- Quick Links:
- Ipsec Vpn
- Technical Specifications
Hide quick links:
Advertisement
Table of Contents
