beautypg.com

Westermo MR Series User Manual

Page 409

background image

409

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

Now the interface will be set to OOS for 60 seconds after 5 consecutive failures. After the 60 sec-
onds elapses, the recovery procedure will be initiated. In this example the recovery will consist of
TCP con nection attempts executed at 2 minute intervals. The interface will remain OOS until the
recovery pro cedure completes successfully. The destination IP address in this case will be 10.1.2.1.

To override the default socket connection time, it is possible to specify an additional recovery
option. For example:

pass out break end on PPP 2 proto TCP from 10.1.1.1 to 10.1.2.1

port=telnet flags S!A inspect-state oos 60 t=10 c=5 d=10

r=tcp,120,10

Now, 10 seconds is allowed for each recovery attempt. If the socket connects within that time, the
recovery is successful, else the recovery is unsuccessful.

There is also an option {rd=x} to disconnect the interface after a recovery attempt completes. This
option can be used to deactivate the interface after a recovery failure, success, or either. “x” is a bit-
mask indicating the cases where the interface should be deactivated. Bit 0 is used to deactivate the
interface after a recovery failure. Bit one is used to deactivate the interface after a recovery success,

i.e.

rd=1 – means deactivate after a recovery failure

rd=2 – means deactivate after a recovery success

rd=3 – means deactivate after either recovery success or recovery failure

Extending our firewall rule to include this option gives:

pass out break end on PPP 2 proto TCP from 10.1.1.1 to 10.1.2.1

port=telnet flags S!A inspect-state oos 60 t=10 c=5 d=10

r=tcp,120,10 rd=3

Now the interface will be deactivated after a recovery success or failure.

If the {rd=x} option is not used, the interface will remain up until its inactivity timer expires, or it is
deactivated by some other means.

The {dt=secs} option may be used to indicate that the interface is to remain OOS when it is
discon nected, and that it should be reactivated some time after it last disconnected. Recovery pro-
cedures will take place after the interface connects.

Extending our firewall rule to include this option gives:

pass out break end on PPP 2 proto TCP from 10.1.1.1 to 10.1.2.1

port=telnet flags S!A inspect-state oos 60 t=10 c=5 d=10

r=tcp,120,10 rd=3 dt=60

Now the interface will be reconnected 60 seconds after it disconnects and recovery procedures
will start after the interface connects. This option would normally be used with the {rd=x} option
so that recovery has control over when the interface connects and disconnects.

Keeping a route out of service and using recovery with a list of addresses
This expands on the functionality above and gives the ability to check connectivity to a range of
addresses using a ping. It is possible to specify an address list that the recovery mechanism will ping
in turn to see if any respond. This will help ensure that even when 1 or maybe 2 or 3 destinations
cant be reached due to an outage on the remote network, the connection will be made available
again if at least one of the addresses in the list responds.

The address lists are created using the following syntax:

#addrs

Address lists can span multiple lines if required, for example:

#addrs

#addrs

The address list is called using the recovery option pingl. An example firewall rule would be:

pass out break end on PPP 1 proto ICMP from 10.1.1.1 to 10.1.2.1

inspect-state oos60 t=10 c=5 d=10 r=pingl listA ,120,10 rd=3 dt=60

This rule would allow pings outbound and on detecting a communication failure it will use pings to

This manual is related to the following products: