Configure the ASPF firewall on an AR router

The application specific packet filter (ASPF) firewall can detect and filter FTP, HTTP, SIP, and RTSP packets on the application layer.
The ASPF firewall filters packets on the application layer based on status. This firewall can detect application layer session information that attempts to pass the firewall, and prevent packets that do not match rules from passing the firewall.
After the ActiveX Blocking is configured, the ASPF will block the ActiveX that is transmitted over HTTP, preventing users from installing insecure or malicious controls. After the Java Blocking is configured, the ASPF will block requests that are sent in order to obtain programs containing the Java Applet from web pages.
In the system view:
1. Run the firewall interzone zone-name1 zone-name2 command to access the interzone view.
2. In V200R006 and earlier versions, run the detect aspf { all | ftp | http [ activex-blocking | java-blocking ] | rtsp | sip } command to configure the ASPF firewall.
In V200R007, run the detect aspf { ftp | rtsp | sip } command to configure the ASPF firewall.
Most of the application layer protocols have bidirectional interaction processes. Therefore, during ASPF configuration, ignore directions, and the router automatically checks the status of inbound and outbound packets.
By default, the ASPF firewall is not configured for the interzone.
3. Check the configuration result.
Run the display firewall interzone [ zone-name1 zone-name2 ] command to query ASPF information about the interzone.

Scroll to top