Command Reference Guide

140 ● firewall fragments-inspect {high | low} 3Com Router 5000 Family and Router 6000 Family

Command Reference

firewall fragments-inspect {high | low}

Purpose Use the firewall fragments-inspect { high | low } command to

configure the high and low thresholds of records for fragment inspection.

Use the undo firewall fragments-inspect { high | low } command to

restore the default high and low thresholds.

Syntax firewall fragments-inspect { high | low } { default | number }

undo firewall fragments-inspect { high | low }

Parameters high number

Specifies the high threshold of the fragment status

records. Valid values are 100 to 10000.

low number

Specifies the low threshold of the fragment status

records. Valid values are 100 to 10000.

default

Default number of fragment status records. The

default high threshold of the fragment status records is

2000 and the default low threshold of the fragment

status records is 1500.

Example Configure the high threshold for fragment packet inspection to 3000 and configure

the low threshold to the default value.

[3Com] firewall fragments-inspect high 3000

[3Com] firewall fragments-inspect low default

View This command can be used in the following views:

■ System view

Description If fragment inspection switch is enabled and exact match filtering is applied, the

executing efficiency of the packet filtering will be slightly reduced. As the number of

matching entries increases, efficiency is reduced. Therefore, the (high and low)

thresholds should be set. When the number of fragment status records reaches the

high threshold, those status entries first reserved will be deleted until the number of

records is below the low threshold.

The low threshold must be no greater than the high threshold.

Related Commands ■ display firewall-statistics

■ firewall packet-filter