Manualshelf

Install guide

ManualsBrandsAllied Telesis ManualsComputer equipmentRapier 16Fi-FX
61626364656667686970
70 Firewall Enhancements Release Note
Software Version 2.9.1
C613-10486-00 REV C
The firewall Group of the Allied Telesis Enterprise MIB ({ enterprises(1)
alliedTelesis(207) mibObject(8) brouterMib(4) atRouter(4) modules(4) 77 }),
now includes firewallSessionsStatistics ({ firewall 2 }). This is a collection of
objects for monitoring firewall sessions:
totalNumberOfSessions ({ firewallSessionsStatistics 1 }) is the total number
of sessions going through the firewall. It is the sum of the number of
sessions on all individual nodes.
numberOfSessionsPerNodeCountingStatus ({ firewallSessionsStatistics 2 })
is the status of counting the number of sessions per node - enabled(1) or
disabled(2).
numberOfSessionsPerNodeTable ({ firewallSessionsStatistics 3 }) is a table
of nodes and number of sessions per node, indexed by IP address. It
contains the following objects:
nodeIpAddress, the IP address of a node that has firewall limit rules
attached and is being monitored.
numberOfSessionsPerNode, the number of active sessions created by
the corresponding node.
Command Changes
The following table summarises the new and modified commands:
Dynamic Renumbering of Firewall Rules
This Software Version dynamically renumbers firewall rules, so that you can
easily insert a new rule between two consecutive ones. For example, you can
now insert a new rule 2 on a policy with rules numbered 1, 2, 3, 7. The new rule
takes position 2 in the rule list, while the existing rule 2, and the rest of the rules
with numbers greater than 2, are renumbered and shuffled down the rule list
until a gap in the numbering scheme is found. The new rule list is numbered 1,
2, 3, 4, 7.
Note that the second instance of a particular rule number keeps that number,
not the first instance. This means that if you add a sequence of rules where two
rules have the same number, the first of these rules may become significantly
lower on the list. For example, if a configuration script has these rule numbers
in this sequence:
add firewall policy=policy-name rule=1
add firewall policy=policy-name rule=3
add firewall policy=policy-name rule=3
add firewall policy=policy-name rule=4
add firewall policy=policy-name rule=5
then the first instance of rule 3 is eventually renumbered until it becomes rule
6. This occurs because the second rule 3 becomes rule 3 and renumbers the first
rule 3 to rule 4. Then the second rule 4 renumbers it to rule 5, and the second
rule 5 renumbers it to rule 6. The new list of rule numbers is 1, 3, 4, 5, 6.
Command Change
disable firewall sessionreport New command
enable firewall sessionreport New command
show firewall New SNMP Session Report field