beautypg.com

Westermo MR Series User Manual

Page 405

background image

405

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

in the above exam ple, the stateful inspection engine will mark any routes that use PPP 1 as out of
service AND deactivate PPP 1 if no reply is detected within 10 seconds for two packets in a row.

Routes will come back into service when either the specified timeout expires or if there are no
other routes with a higher metric in service.

PPP interfaces will be re-activated when either the routes using them are back in service and there
is a packet to route and the AODI mode parameter is set to “On”.

TCP Example

pass out log break end on ppp 3 proto tcp from any to 192.168.0.1

flags S!Ainspect-state oos 30 t=10 c=2 d=2

pass in

pass out

This rule will specifically trace attempts to open a TCP connection on PPP 3 to the 192.168.0.1 IP
address and if it fails within 10 seconds twice in a row, will cause the PPP 3 interface to be flagged
as out of service (i.e. its metric will be set to 16), for 30 seconds. The optional d=2 entry will also
cause the PPP link to be deactivated. Deactivating the link can be useful in scenarios where renego-
tiating the PPP connection is likely to resolve the problem. Again, if a matching route with a higher
metric has been defined it will be used whilst PPP 3 routes are out of service thus providing a pow-
erful route backup mechanism.

Using [inspect-state] with the Stat Option

15.8.4

The inspect-state option can be used with the stat option. The stat option will cause this fire wall
rule to record statistics associated with this firewall rule. Transaction times, counts and errors are
recorded under the PPP statistics with this option.

Assigning DSCP Values

15.8.5

When using QOS, packet priorities will be determined by the DSCP values in their TOS fields. These
priorities may have already been assigned but if necessary, the router can be configured to assign
them by inserting the appropriate rules in the firewall. This is done by using the dscp command.

For example:

dscp 46 in on eth 0 from 100.100.100.25 to 1.2.3.4 port=4000

would set the DSCP value to 46 for almost any type of packet received on ETH 0 from IP address

100.100.100.25 addressed to 1.2.3.4 on port 4000. This allows you to set the DSCP value for almost
any type of packet.

As a further example:

dscp 46 in on eth 0 proto smtp from any to any

would cause outgoing mail traffic to the same top priority queue (46 is by default a very high prior-
ity code in the DSCP mappings).

This manual is related to the following products:
See also other documents in the category Westermo Equipment: