Section 31.3.7, Section 31.3.8 – Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

same port range as specified in the ”:” argu-
ment is used.

❼ Use the ”[proto ]” to specify if the rule applies to TCP or

UDP. If omitted, the rule applies to both.

❼ The ”passive” parameter specify that this rule is created as inactive.

It will be shown in config but not used. To enable use ”passive” com-
mand, see

section 31.3.11

.

❼ The ”log” parameter enables logging for traffic that matches this port

forwarding rule. Nothing will however be logged if logging is enabled
here but disabled under the common settings. See

section 31.3.12

.

Use ”show port-forward” to show configured port forwarding rules.

Default values Not appliable.

31.3.7

Configure Application Level Gateway (ALG) Helpers

Syntax [no] alg

Context

Firewall Configuration

context

Usage Enable/disable ALG helper for a protocol, e.g., use ”alg ftp” to make

your firewall or NAT gateway handle FTP traffic appropriately.

Use ”no alg ” to remove an enabled ALG helper for the given pro-
tocol, or use ”no alg” to remove all enabled ALG helpers.

Use ”show alg” to show list of protocols for which ALG helpers have been
enabled.

Default values Disabled.

31.3.8

Configure Stateful Packet Inspection

Syntax [no] spi

Context

Firewall Configuration

context

Usage Stateful packet inspection will drop packet that are in an invalid state.

An example of a packet with an ”invalid” state is when a firewall sees a
TCP ”SYN+ACK”, without having seen the preceding TCP ”SYN” in the other
direction.

➞ 2015 Westermo Teleindustri AB

741