Aspf configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual
Page 114
104
Figure 103 Adding an ASPF policy
4.
Configure the parameters as described in
.
5.
Click Apply.
Table 41 Configuration items
Item Description
Source Zone
Select a source/destination zone to which the ASPF policy will be
applied.
Dest Zone
Discard ICMP error packets
Set whether to discard ICMP error packets.
If this box is not selected, ICMP error packets are allowed to pass.
Discard non-SYN initial TCP packets
Set whether to discard initial TCP packets that are not SYN packets.
If this box is not selected, initial TCP packets that are not SYN packets
are allowed to pass.
ASPF configuration example
Network requirements
As shown in
, configure an ASPF policy between zone 1 and zone 2 to discard ICMP error
packets but permit initial TCP packets that are not SYN packets.
Figure 104 Network diagram
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS