Enterasys Networks XSR CLI Router User Manual


  Open as PDF
of 684
 
Firewall Feature Set Commands
16-126 Configuring Security
Syntax of the “no” Form
ThenoformofthiscommandsetsthedefaultRPCtimeoutvalue:
no ip firewall rpc timeout
Default
5seconds
Mode
Globalconfiguration:XSR(config)#
Example
ThefollowingexampleresetstheMicrosoftRPCidletimeoutintervalto10minutes:
XSR(config)#ip firewall rpc microsoft-rpc timeout 6000
ip firewall service
Thiscommanddefinesaserviceobjectwhichreflectsanapplication,itstransportprotocol(TCPor
UDP),protocoltypeandportnumberranges.TheXSRsupportsanumberofpredefinedservices
whichcanbeviewedwith
show ip firewall user-services.Servicescanbedirectlycitedin
policyobjectsoryoucanaddyourownservice.IntrinsicservicesANY_TCPandANY_UDPare
availableforallTCPorUDPports.
Aserviceiscomprisedofasourceanddestinationportrange,andprotocol.Forflexibility,port
rangescanbespecifiedusingqualifiers
suchaseq,ltandgtwhicharealsoavailablefor
configuringaccesslists.
Anameforanyfirewallobjectmustusethesealphanumericcharactersonly:
A‐Z(upperorlower
case),
0‐9,-(dash),or _(underscore).Also,allfirewallobjectnamesarecasesensitive.
Syntax
ip firewall service name <source-port-range> <dest-port-range> <protocol>
ip firewall service name {eq <0-65535> | gt <0-65535> | lt <0-65535> | range <0-
65535> <0-65535>} {eq <0-65535> | gt
<0-65535> | lt <0-65535> | range <0-65535> <0-
65535>}{tcp | udp}
Note: The show ip firewall service command displays pre-defined services.
name
Nameoftheprotocol,nottoexceed16characters.
eq
Portrangeequalsnumberspecified.
gt
Portrangeisstrictlygreaterthanthenumberspecified,andlessthanor
equalto65535.
lt
Portrangeisstrictlylessthanthenumberspecified.
range
Explicitportrangewiththestartandendrangesspecified:<065535>
tcp or udp protocol
Transportprotocol.Theprotocolvalueiscasesensitive.
 previous next