1
Download Avaya BSGx4e CLI Reference Guide
Transcript
Security commands 3 Configuration commands security policy This command defines firewall security policies to accept desired incoming traffic. The firewall is closed by default. Firewall security is based on policies. A policy is created to accept or deny a traffic flow based on the current rule sequence. Security policies are also used to classify traffic for Network Address Translation (NAT) and for layer 3 Quality of Service (QoS) treatment (Guarantee of Service [GoS]). See security alg on page 112. Syntax Parameters config security policy [new|<index>] from [self|eth0|eth1] sip <ip address(es)> dip sport <port(s)> dport <port(s)> proto [udp|tcp|icmp|esp|gre|any] nat <id> qosqg <decimal> seq [begin|end|position] action index from self|eth0|eth1 [self|eth0|eth1] to <ip address(es)> <name> iptos [allow|deny] Specify new to create a new policy. Specify the interface where the packet originated. Specify self for packets originating at the device. to self|eth0|eth1 Specify where the packet is destined. Specify self for packets destined for the device. sip ip address(es) Enter the source IP address or range of IP addresses. dip ip address(es) Enter the destination IP address or range of IP addresses. sport port(s) Enter the source port number or range of port numbers. dport port(s) Enter the destination port number or range of port numbers. proto udp|tcp|icmp|esp|gre|any Enter the protocol specified in the packet. nat id Enter the ID of the NAT policy to be referenced. See security nat policy on page 114.) qosqg name Enter the name of a GoS quality group. See qos group on page 91.) iptos decimal Enter an IP ToS tag value (decimal byte). It has to be used only by GoS policies, that is, only when the qosqg parameter is specified. See qos group on page 91.) seq begin|end|position Enter the position of the new policy within the policy sequence. If Position is specified, it specifies where the policy is inserted in the sequence. An incoming packet can match more than one security policy. Its treatment 116 NN47928-107
