Aspf configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

Page 114

Advertising

104

Figure 103 Adding an ASPF policy

Configure the parameters as described in

Table 41

Click Apply.

Table 41 Configuration items

Item Description

Source Zone

Select a source/destination zone to which the ASPF policy will be
applied.

Dest Zone

Discard ICMP error packets

Set whether to discard ICMP error packets.
If this box is not selected, ICMP error packets are allowed to pass.

Discard non-SYN initial TCP packets

Set whether to discard initial TCP packets that are not SYN packets.
If this box is not selected, initial TCP packets that are not SYN packets
are allowed to pass.

ASPF configuration example

Network requirements

As shown in

Figure 104

, configure an ASPF policy between zone 1 and zone 2 to discard ICMP error

packets but permit initial TCP packets that are not SYN packets.

Figure 104 Network diagram

Advertising

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands

Popular manuals