Configuring interzone ASPF for detecting well-known protocols through the CLI on the USG6000

The USG6000 series supports configuring interzone ASPF through the CLI.
When the packets of the multi-channel protocol require forwarding, you need to configure ASPF in interzones. The same command is available to both the ASPF function and the NAT ALG function. Therefore, if the ASPF function is already configured in interzones, no extra configuration is required.
You can run the detect command in interzones to enable both functions.
For example, enable the ASPF function for the FTP protocol in the interzone between the Trust zone and the Untrust zone.
system-view
[sysname] firewall interzone trust untrust
[sysname-interzone-trust-untrust] detect ftp
For details, see the USG6000 series product documentation.

Scroll to top