Install guide
Software Version 2.7.5 63
Software Version 2.7.5
C613-10454-00 REV A
Firewall Enhancements
Software Version 2.7.5 includes the following enhancements to the firewall:
■ Increased Number of Firewall Policy Rules
■ SIP Application Layer Gateway Diagnostic Tools
■ UDP Port Timeout
This section describes each enhancement, then the new and modified
commands in Command Reference Updates.
Increased Number of Firewall Policy Rules
Software Version 2.7.5 enables you to associate up to 699 rules with each
interface in a firewall policy. To associate rules with a firewall policy, use the
existing command:
add firewall policy=policy-name rule=rule-id
action={allow|deny|nat|nonat} interface=interface
protocol={protocol|all|egp|gre|icmp|ospf|sa|tcp|udp}
[other-options...]
Command Changes
There are no command changes for this enhancement.
SIP Application Layer Gateway Diagnostic Tools
Debugging With Software Version 2.7.5, the command syntax for specifying SIP
Application Layer Gateway (ALG) debugging has changed, and you can
debug traffic to and from particular IP addresses. To enable SIP ALG
debugging, use the command:
enable firewall policy[=policy-name] debug=sipalg
[debugmode={all|errorcode|message|parsing|trace}]
[ip=ipadd[-ipadd]]
To disable SIP ALG debugging, use the command:
disable firewall policy[=policy-name] debug=sipalg
[debugmode={all|errorcode|message|parsing|trace}]
[ip=ipadd[-ipadd]]
To see the debugging settings, use the command:
show firewall policy[=policy-name]
Logging Software Version 2.7.5 enables the firewall to create SIP ALG log messages for a
wide variety of actions, ranging from normal operation to error conditions. To
collect log messages, first configure the logging module. Then enable the
firewall to create SIP ALG log messages, by using the command:
enable firewall policy[=policy-name] log=sipalg
[other-options...]
To disable SIP ALG logging, use the command:
disable firewall policy[=policy-name] log=sipalg
[other-options...]