Router1/configure# firewall internet, Router1/configure/firewall internet# exit, Router1# show firewall policy internet – Foundry Networks AR3202-CL User Manual

Security Features

June 2004

© 2004 Foundry Networks, Inc.

15 - 7

Step 11: Configure firewall policies to allow IKE negotiation through untrusted interface
(applicable only if firewall license is also enabled):

Step 12: Configure firewall policies to allow desired services through untrusted interface to
manage the router (applicable only if firewall license is also enabled):

Step 13: Display firewall policies in the internet map (applicable only if firewall license is
enabled):

Router1/configure# firewall internet

Router1/configure/firewall internet# policy 1000 in service ike self

Router1/configure/firewall internet/policy 1000 in# exit

Router1/configure/firewall internet# exit

Router1/configure# firewall internet

Router1/configure/firewall internet# policy 1001 in service snmp self

Router1/configure/firewall internet/policy 1001 in# exit

Router1/configure/firewall internet# policy 1002 in service telnet

self

Router1/configure/firewall internet/policy 1002 in# exit

Router1/configure/firewall internet# policy 1003 in protocol icmp

self

Router1/configure/firewall internet/policy 1003 in# exit

Router1/configure/firewall internet# exit

Router1# show firewall policy internet
Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,
R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging,
E - Policy Enabled, M - Smtp-Filter

Pri Dir Source Addr Destination Addr Sport Dport Proto Action Advanced
--- --- ----------- ---------------- ----------------- ------ --------
1000 in any any ike PERMIT SE
1001 in any any snmp PERMIT SE
1002 in any any telnet PERMIT SE
1003 in any any any any icmp PERMIT SE
1024 out any any any any any PERMIT SE