Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 5000 Router Series
2131213221332134213521362137213821392140
3Com Router 5000 Family and Router 6000 Family firewall fragments-inspect 139
Command Reference
firewall fragments-inspect
Purpose Use the firewall fragments-inspect command to enable fragment
inspection switch.
Use the undo firewall fragments-inspect command to disable fragment
inspection switch.
Syntax firewall fragments-inspect
undo firewall fragments-inspect
Parameters None
Default By default, fragment inspection switch is disabled.
Example Enable the fragment inspection switches
[3Com] firewall fragments-inspect
View This command can be used in the following views:
System view
Description This command is the premise of realizing exact match. Only after fragment inspection
switch is enabled, can fragment exact match be implemented. Packet filtering firewall
will record the status of a fragment, and perform the exact matching to advanced
ACL rules according to the information beyond the layer 3 (IP layer).
Packet filtering firewall will consume some system resources for recording the
fragment status. If the exact match mode is not used, you are recommended to
disable this function so as to improve the running efficiency of system and reduce the
system cost.
Only when the fragment packet inspection is enabled, can the exact match really take
effect.
Related Commands display firewall fragments-inspect
firewall packet-filter