Install guide

ManualsBrandsAllied Telesis ManualsSwitchAT-8824

Software Version 2.7.4 11

Software Version 2.7.4

C613-10444-00 REV A

add firewall policy rule

Syntax ADD FIREwall POLIcy=policy-name RUle=rule-id

ACtion={ALLOw|DENY|NAT|NONat} INTerface=interface

PROTocol={protocol|ALL|EGP|GRE|ICmp|OSPF|SA|TCP|UDP}

[AFTer=hh:mm] [BEFore=hh:mm]

[DAYs={MON|TUE|WED|THU|FRI|SAT|SUN|WEEKDAY|

WEEKEND}[,...]] [ENCapsulation={NONE|IPSec}]

[GBLIP=ipadd] [GBLPort={ALL|port[-port]|service-name}]

[GBLRemoteip=ipadd

[-ipadd]] [IP=ipadd[-ipadd]]

[LISt={list-name|RADius}]

[NATType={DOuble|ENHanced|NApt|REVerse|STAndard}]

[NATMask=ipadd] [POrt={ALL|port[-port]|service-name}]

[REMoteip=ipadd[-ipadd]] [SOurceport={ALL|port[-port]}]

[TTL=hh:mm]

Description of changes With Software Version 2.7.4 you can add up to 1200 rules to each firewall

policy.

A new option, napt, has been added to the nattype parameter. The nattype

parameter may only be used when action=nat. NAPT translates the address

and port of packets sent to and from private side devices. Therefore it

translates source address and port for outbound traffic and destination address

and port for inbound traffic (see Table 4 on page 6). The private side address

and port are specified with the ip and port parameters. The public side address

and port are specified with the gblip and gblport parameters.

enable firewall policy debug

Syntax ENAble FIREwall POLIcy[=policy-name]

DEBug={ALL|ARP|HTTP|PACKET|PKT|PROCESS|PROXY|SMTP|

RADius|TCP|UPNP|ERRORcode|MESSage|PARSing|SIPAlg|TRAce}

Description of changes This command enables the display of information that may help with

diagnosing and fixing firewall behaviour. New debugging modes have been

added for the SIP ALG. Debugging is disabled by default.

Table 5: New debugging options for SIP ALG

Option Result

ERRORcode Translates internal SIP ALG error codes into meaningful messages,

displaying any errors encountered during processing.

MESSage Translates each SIP message that is passed to the SIP ALG and displays its

contents line by line. The contents of a SIP message include a SIP header

and may include a Session Description Protocol (SDP) message body. Each

message is displayed first in its unmodified state as it arrives for

processing by the SIP ALG, then in its modified state after processing.

PARSing Displays the steps the firewall takes during the parsing of a SIP message

(header and body) while they are occurring. This includes showing how

the message is modified to facilitate communication across the firewall.

SIPalg Enables errorcode, message, and parsing debugging.

TRAce Displays the names of all the functions that the SIP ALG calls when it

processes a SIP message