Configuring an ASPF > Configuring an ASPF policy

Configuring an ASPF policy

Follow these guidelines when you configure an ASPF policy:

If you enable TCP or UDP inspection without configuring application layer protocol inspection, some packets might fail to get a response. Therefore, enable application layer protocol inspection together with TCP/UDP inspection.
In the case of a Telnet application, you only need to configure TCP inspection.
The timeout value specified in the detect command takes precedence to that specified in the aging-time command.

To configure an ASPF policy:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Create an ASPF policy and enter its view.	aspf-policy aspf-policy-number	N/A
3. Set the TCP/UDP session timeout periods.	aging-time { fin \| syn \| tcp \| udp } seconds	Optional. The defaults are as follows: 5 seconds for the TCP session termination delay time. 30 seconds for the TCP session hold time. 3600 seconds for TCP session idle timeout period. 30 seconds for UDP session idle timeout period.
4. Configure ASPF inspection for application layer and transport layer protocols.	detect protocol [ java-blocking acl-number ] [ aging-time seconds ]	Optional. The default timeouts are as follows: 3600 seconds for application layer protocols. 3600 seconds for TCP; and 30 seconds for UDP.

prev	up	next
Enabling the firewall function	home	Applying an ASPF policy to an interface

© Copyright 2016 Hewlett Packard Enterprise Development LP