Cisco Cisco Packet Data Gateway (PDG) Documentation Roadmaps
Personal Stateful Firewall Overview
▀ Supported Features
▄ Cisco ASR 5000 Series Product Overview
OL-22937-01
(stateful checks are not done) and if all is okay, an association is created and the packet is allowed to pass
through.
through.
For any traffic coming after the recovery-timeout:
If any ongoing traffic arrives, it is allowed only if an association was created earlier. Else, it is dropped and reset
is sent.
If any new traffic (3-way handshake) arrives, the usual Stateful Firewall processing is done.
If recovery-timeout value is set to zero, Stateful Firewall flow recovery is not done.
SNMP Thresholding Support
Personal Stateful Firewall allows to configure thresholds to receive notifications for various events that are happening in
the system. Whenever a measured value crosses the specified threshold value at the given time, an alarm is generated.
And, whenever a measured value falls below the specified threshold clear value at the given time, a clear alarm is
generated. The following events are supported for generating and clearing alarms:
the system. Whenever a measured value crosses the specified threshold value at the given time, an alarm is generated.
And, whenever a measured value falls below the specified threshold clear value at the given time, a clear alarm is
generated. The following events are supported for generating and clearing alarms:
Dos-Attacks: When the number of DoS attacks crosses a given value, a threshold is raised, and it is cleared when
the number of DoS attacks falls below a value in a given period of time.
Drop-Packets: When the number of dropped packets crosses a given value, a threshold is raised, and it is cleared
when the number of dropped packets falls below a value in a given period of time.
Deny-Rule: When the number of Deny Rules cross a given value, a threshold is raised, and it is cleared when the
number of Deny Rules falls below a value in a given period of time.
No-Rule: When the number of No Rules cross a given value, a threshold is raised, and it is cleared when the
number of No Rules falls below a value in a given period of time.
Logging Support
Stateful Firewall supports logging of various messages on screen if logging is enabled for firewall. These logs provide
detailed messages at various levels, like critical, error, warning, and debug.
detailed messages at various levels, like critical, error, warning, and debug.
Logging is also supported at rule level, when enabled through rule a message will be logging whenever a packet hits the
rule. This can be turned on/off in a rule.
rule. This can be turned on/off in a rule.
These logs are also sent to a syslog server if configured in the system.