Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Firewall Feature Set Commands

16-116 Configuring Security

Syntax of the “no” Form

ThenoformsetseitherthetimeoutorAuthporttoitsdefaultvalue:

no ip firewall auth {timeout # | port #}

Defaults

•Timeout:1800seconds

• Authenticationport:3000

Mode

Globalconfiguration:XSR(config)#

Example

ThefollowingexampleresetstheICMPidletimeout:

XSR(config)#ip firewall icmp timeout 3000

ip firewall disable/enable

WhenissuedinGlobalmode,thiscommandisa“masterswitch”whichactivatesordeactivates

thefirewallsystem‐wide.Youcanalsousethiscommandasa“localswitch”inInterface

configurationmode,enablingordisablingthefirewallonaperinterfacebasis.Thecommand

behavesseparatelyandinteractivelyatGlobal

andInterfacemodesasfollows:

•Thesystem‐levelfirewallisdisabledbydefault.

•Theinterface‐levelfirewallisenabledbydefaultunlessexplicitlydisabled.

•Ifthefirewallisenabled,packetinspectionwilloccuronallinterfacesthathavethefirewall

enabledattheinterfacelevel.

•Aparticularinterfacemaybeenabledbut

subsequentlydisablingthefirewallglobally

overridesallenabledinterfaces.

•Ifyouenablethefirewallglobally,allinterfaceswillbeenableduntilyousubsequentlydisable

aparticularinterface.

•

Enabledisplaysinrunning-config,butnotdisable.

•Evenifyouhavenotconfiguredthefirewall,entering ip firewall enablewillturnon

packetinspection.

Syntax

ip firewall {disable | enable}

port #

TCPportonwhichthefirewallauthenticatorwilllisten.Range:1024to65535.

Note: TCP traffic (e.g., Telnet) passed first through a firewall-disabled interface destined to a

firewall-enabled will be dropped regardless of policy.

previous next