< Home

detect (Intrazone view)

Function

The detect command configures the intrazone ASPF/ALG function.

The undo detect command cancels the above configuration.

Format

detect protocol

detect { activex-blocking | java-blocking } [ acl-number1 ]

detect user-defined acl-number2

detect ipv6 ipv6-protocol

undo detect protocol

undo detect { activex-blocking | java-blocking }

undo detect user-defined

undo detect ipv6 ipv6-protocol

Parameters

Parameter Description Value
protocol Specifies the protocol name supported by IPv4 ASPF/ALG. The value can be dns, ftp, h323, icq, ils, mgcp, mms, msn, netbios, pptp, qq, rsh, rtsp, sccp, sip or sqlnet.
activex-blocking Blocks Activex Applets. -
java-blocking Blocks Java Applets. -
acl-number1 Specifies the number of an ACL. The value is an integer ranging from 2000 to 2999.
user-defined Indicates customization. -
acl-number2 Specifies the number of an ACL. The value is an integer ranging from 2000 to 3999.
ipv6-protocol Specifies one of the protocols supported by IPv6 ASPF/ALG. The value can be ftp, sip or rtsp.

Views

Intrazone view

Default Level

2: Configuration level

Usage Guidelines

The intrazone ASPF/ALG function is disabled by default. Enable ASPF/ALG for a specific protocol as required. Disable ASPF/ALG for protocols that do not require ASPF/ALG.

The SIP ASPF/ALG function configured using the detect sip command takes effect only for UDP-based SIP traffic and TLS-encrypted SIP traffic. For TLS-encrypted SIP traffic, the FW performs SSL decryption before ASPF/ALG processing.

For ASPF/ALG on TCP-based SIP traffic, run the detect [ ipv6 ] sip tcp command.

Example

# Enable the ASPF/ALG function for the FTP protocol in the Trust zone.

<sysname> system-view
[sysname] firewall zone trust
[sysname-zone-trust] detect ftp
Parent Topic: ASPF/ALG Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >