User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000

361

362

363

364

365

366

367

368

369

370

XSR User’s Guide 333

Chapter 13 Firewall CLI Commands

Configuring Security on the XSR

 Load - Installs the completed firewall configuration in the XSR’s

inspection engine with

ip firewall load. This command avoids

conflicts with existing sessions by clearing them. But, before doing so

you can perform a trial load to verify settings or configure

incrementally and check for errors between loads. You can view

modified settings before loading with

show ip firewall config.

Also, the delay load option schedules a load and

show ip firewall

general

displays an outstanding delay and when it will run. Be

aware that you must copy the

running-config to startup-config

file to save any changes. Commands entered at the CLI are not in the

configuration until the

load command is invoked, so if you omit a

load and save the

running- to startup-config file, the commands

you entered will not display. Several other

show commands display

various objects that are in effect, that is, those that have been loaded

(refer to the following bullet).

CAUTION

Performing a load requires that you re-establish all TCP connections

including Telnet sessions and PKI links to the Certificate Authority. Also,

firewall configuration changes are blocked during a load delay.

 Display Commands - A host of firewall

show commands are available

to display firewall attributes for each firewall configuration

command. Also,

show ip firewall config displays the as yet un-

committed configuration,

show ip firewall sessions displays

dynamic TCP, UDP and ICMP session data, and

show ip firewall

general

displays summary system firewall statistics such as the

status of the firewall, protected and unprotected interfaces, sessions

counters, and number of DoS attacks.

 Event Logging - Defines the event threshold for firewall values logged

to the Console or Syslog with

ip firewall logging. You can set

eight severity levels ranging from 0 for emergency alarms down to 7

which cumulatively logs all firewall messages through 0, as follows:

– Level 0: Emergency

– Level 1: Alert

– Level 2: Critical - alarms such as failure to allocate memory during

initializiation are logged if system logging is enabled and firewall

logging is set to level 2 or higher