Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Firewall Show Commands

XSR CLI Reference Guide 16-133

Example

Thefollowingexampleblocksthehostwhenthesyncpacketsexceed1000packetspersecond:

XSR(config-if<F2>)#ip firewall sync-attack-protect block-host threshold 1000

Firewall Show Commands

show ip firewall config

Sincethefirewallisconfiguredinatwo‐stepprocess,theXSRprovidesameanstoviewtheun‐

committedconfiguration.Thiscommanddisplaysthefirewallconfigurationcombiningexisting

commandswiththoseenteredrecently,whichpermitsaviewofthecompletefirewall

configurationwithmodifications.

Ifnofirewallcommandswereexecuted

sincethelastloa dthentherunningconfigurationwillbe

displayed.

Ifthiscommandisissuedafterthefirewallcommandswereenteredbutbeforeafirewallloadwas

performed,thefollowingtextappears:

Uncommitted Firewall Configuration:

Ifthecommandisissuedafterafirewallloadwasperformed,thefollowingtextappears:

Committed Firewall Configuration:

Syntax

show ip firewall config

Mode

EXEC or Privileged EXEC Mode: XSR> or XSR#

Sample Output

Thefollowingissampleoutputofthecommand:

Firewall configuration

Modified but not loaded: Yes

Ip firewall network dmz 220.150.2.16/28 internal

Ip firewall network private 220.150.2.32/28 internal

!

! Log only critical events

!

ip firewall system event-threshold 3

!

! Policies: between private and dmz

!

Ip firewall policy private dmz HTTP allow

Ip firewall policy dmz private HTTP allow

Ip firewall policy private dmz SMTP allow

previous next