Manualshelf

Reference Guide

ManualsBrandsAvaya ManualsBusiness Services GatewayAvaya BSGx4e CLI
111112113114115116117118119120
Security commands 3 Configuration commands
116 NN47928-107
security policy
This command defines firewall security policies to accept desired incoming
traffic. The firewall is closed by default.
Firewall security is based on policies. A policy is created to accept or deny a
traffic flow based on the current rule sequence.
Security policies are also used to classify traffic for Network Address
Translation (NAT) and for layer 3 Quality of Service (QoS) treatment
(Guarantee of Service [GoS]). See security alg on page 112
.
Syntax config security policy [new|<index>] from [self|eth0|eth1] to
[self|eth0|eth1] sip <ip address(es)> dip <ip address(es)>
sport <port(s)> dport <port(s)> proto
[udp|tcp|icmp|esp|gre|any] nat <id> qosqg <name> iptos
<decimal> seq [begin|end|position] action [allow|deny]
Parameters
index Specify new to create a new policy.
from self|eth0|eth1
Specify the interface where the packet
originated. Specify self for packets originating
at the device.
to self|eth0|eth1 Specify where the packet is destined. Specify
self for packets destined for the device.
sip ip address(es) Enter the source IP address or range of IP
addresses.
dip ip address(es) Enter the destination IP address or range of IP
addresses.
sport port(s) Enter the source port number or range of port
numbers.
dport port(s) Enter the destination port number or range of
port numbers.
proto udp|tcp|icmp|esp|gre|any
Enter the protocol specified in the packet.
nat id Enter the ID of the NAT policy to be referenced.
See security nat policy on page 114
.)
qosqg name Enter the name of a GoS quality group. See qos
group on page 91.)
iptos decimal Enter an IP ToS tag value (decimal byte). It has
to be used only by GoS policies, that is, only
when the qosqg parameter is specified. See qos
group on page 91.)
seq begin|end|position
Enter the position of the new policy within the
policy sequence. If Position is specified, it
specifies where the policy is inserted in the
sequence. An incoming packet can match more
than one security policy. Its treatment