Allied-Telesis AT-iMG624A Router Manual PDF (Setup & Configuration Guide)

Page 391 / 998 Scroll up to view Page 386 - 390

Security command reference

Security

4-89

iMG/RG Software Reference Manual (IPNetwork Functions)

Example

--> security set trigger t3 secondaryendport 1933

See also

SECURITY SET TRIGGER SECONDARYSTARTPORT

4.2.7.1.32 SECURITY SET TRIGGER SECONDARYSTARTPORT

Syntax

SECURITY POLICY <name> SET TRIGGER SECONDARYSTARTPORT <portnumber>

Description

This command sets the start of the secondary port number range for an existing trigger.

It allows you to restrict the ports that a trigger will open, however, this is not usually nec-

essary.

Options

The following table gives the range of values for each option that can be specified with

this command and a Default Value (if applicable).

Example

--> security set trigger t3 secondarystartport 1923

See also

SECURITY SET TRIGGER SECONDARYENDPORT

4.2.7.1.33 SECURITY SET TRIGGER SESSIONCHAINING

Syntax

SECURITY SET TRIGGER <name> SESSIONCHAINING {ENABLE | DISABLE}

Description

This command determines whether a triggering protocol can be chained. If session chain-

ing is enabled, TCP dynamic sessions also become triggering sessions, which allows multi-

level session triggering.

Options

The following table gives the range of values for each option that can be specified with

this command and a Default Value (if applicable).

portnumber

Sets the end of the trigger’s secondary port range.

65535

Option

Description

Default Value

name

An existing trigger. To display trigger names, use the

security list triggers command.

N/A

port

Sets the start of the trigger’s secondary port range.

1024

Option

Description

Default Value

name

An existing trigger. To display trigger names, use the secu-

rity list triggers command.

N/A

enable

Enables TCP session chaining on an existing trigger.

Disable

Option

Description

Default Value

Page 392 / 998

Security

Security command reference

iMG/RG Software Reference Manual (IPNetwork Functions)

4-90

Example

--> security set trigger t4 sessionnchaining enable

See also

security set trigger UDPsessionchaining

4.2.7.1.34 SECURITY SET TRIGGER UDPSESSIONCHAINING

Syntax

SECURITY SET TRIGGER <name> UDPSESSIONCHAINING {ENABLE |

DISABLE}

Description

You must set the SECURITY SET TRIGGER SESSIONCHAINING ENABLE command in

order for this command to become effective.

If UDP session chaining is enabled, both UDP and TCP dynamic sessions also become

triggering sessions, which allows multi-level session triggering.

Note:

This CLI command is case-sensitive. You must type the command attributes exactly as they appear in

the

Example section

. If you do not use the same case-sensitive syntax, the command fails and the CLI

displays a syntax error message.

Options

The following table gives the range of values for each option that can be specified with

this command and a Default Value (if applicable).

Example

--> security set trigger t3 UDPsessionchaining enable

See also

SECURITY SET TRIGGER SESSIONCHAINING

4.2.7.1.35 SECURITY SHOW TRIGGER

Syntax

SECURITY SHOW TRIGGER <name>

disable

Disables all session chaining (TCP and UDP) on an existing

trigger.

Option

Description

Default Value

name

An existing trigger. To display trigger names, use the secu-

rity list triggers command.

N/A

enable

Enables UDP sessionchaining on an existing trigger. TCP

and UDP session chaining is allowed if the security set trig-

ger sessionchaining command is enabled.

Disable

disable

Disables UDP session chaining on an existing trigger. TCP

session chaining is allowed if the security set trigger ses-

sionchaining command is enabled.

Option

Description

Default Value

Page 393 / 998

Security command reference

Security

4-91

iMG/RG Software Reference Manual (IPNetwork Functions)

Description

This command displays information about a single trigger that was added to the

Security

module using the security add trigger command. The following trigger information is dis-

played:

•

Trigger name

•

Transport type (TCP or UDP)

•

Start of the port range

•

End of the port range

•

Multiple host permission (true/false)

•

Maximum activity interval (in milliseconds)

•

Session chaining permission (true/false)

•

Session chaining on UDP permission (true/false)

•

Binary address replacement permission (true/false)

•

Address translation type (UDP, TCP, none or both)

Options

The following table gives the range of values for each option that can be specified with

this command and a Default Value (if applicable).

Example

--> security show trigger t2

Security Trigger: t2

Transport Type: tcp

Starting port number: 1000

Ending port number: 1000

Allow multiple hosts: false

Max activity interval: 30000

Session chaining: false

Session chaining on UDP: false

Binary address replacement: false

Address translation type: none

See also

SECURITY LIST TRIGGERS

Option

Description

Default Value

name

An existing trigger. To display trigger names, use the

security list triggers command.

N/A

Page 394 / 998

Security

Security command reference

iMG/RG Software Reference Manual (IPNetwork Functions)

4-92

4.2.7.1.36 SECURITY SET SESSIONTIMEOUT

Syntax

security set session tiemout {esp | icmp | other | tcpclose

| tcpestb | tcpinit | udp} <duration>

Description

This command enables user to configure a time out period after which any session may

timeout.

Options

The following table gives the range of values for each option that can be specified with

this command and a Default Value (if applicable).

Example

--> security set session timeout icmp 20

4.2.7.1.37 SECURITY ADD WAITINGSESSION

Syntax

SECURITY ADD WAITINGSESSION <name> <interface>

<local_real_ip> <tranport_type> <local_mapping_port>

<local_real_port> [<idle_timeout> {enabled | disabled}

COMMENT <comment> REMOTEIP <remoteip>]

Description

This command adds a waitingsession to the security module. Waiting sessions are a sort

of “presessions” which are created so that the security modules know about the

expected traffic.

A waiting session must at least have specific local and mapping IP addresses defined. The

other parameters (IP addresses, protocol, port numbers) may be specified as wildcards.

However, the more parameters specified, the more secure the waiting session.

Options

The following table gives the range of values for each option that can be specified with

this command and a Default Value (if applicable).

Option

Description

Default Value

duration

Time period configured by user for session time out..

N/A

Option

Description

Default Value

name

Name of the waitingsession

N/A

interface

Specify the external/dmz interface over which traffic

is expected

N/A

local_real_ip

Specify the IP address of the local host which is

expecting this traffic

N/A

transport_type

Specify the transport type for the traffic eg. TCP/

UDP

N/A

Page 395 / 998

Security command reference

Security

4-93

iMG/RG Software Reference Manual (IPNetwork Functions)

Example

--> security add waitingsession yahoo-video wan 192.168.0.1 17 500 5000 60 enabled

comment yahoouser wants video remoteip 172.26.4.1

4.2.7.1.38 SECURITY DELETE WAITINGSESSION

Syntax

SECURITY DELETE WAITINGSESSION <name>

Description

This command deletes the waitingsession added to a security module.

Options

The following table gives the range of values for each option that can be specified with

this command and a Default Value (if applicable).

Example

--> security delete waitingsession yahoo-video

4.2.7.1.39 SECURITY SET WAITINGSESSION

Syntax

SECURITY SET WAITINGSESSION <name> <local_real_port><duration>

(ENABLED |DISAB

Description

This command sets various attributes of the waitingsession.

local_mapping_port

Specify the TCP/UDP port on local host which this

traffic is to be re-directed to

N/A

local_real_port

Specify the TCP/UDP port on which the traffic

reaches the router

N/A

idle_timeout

Optionally specify the time-out after which not to

expect this traffic

N/A

enabled

Specify whether the waiting-session should be

enabled

N/A

disabled

Specify whether the waiting-session should be dis-

abled

N/A

comment

Optionally provide a comment for this traffic

N/A

remoteip

Optionally specify the IP address of the remote host

from which the traffic is expected

N/A

Option

Description

Default Value

name

Name of the waitingsession

N/A

Option

Description

Default Value

Rate

Popular Allied-Telesis Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share