Cisco Cisco Packet Data Gateway (PDG)
firewall ip-reassembly-failure
This command configures Stateful Firewall action on IPv4/IPv6 packets involved in IP Reassembly Failure
scenarios.
scenarios.
Product
PSF
Privilege
Security Administrator, Administrator
Command Modes
Exec > ACS Configuration > Firewall-and-NAT Policy Configuration
active-charging service service_name > fw-and-nat policy policy_name
Entering the above command sequence results in the following prompt:
[local]
host_name
(config-fw-and-nat-policy)#
Syntax Description
firewall ip-reassembly-failure { drop | permit }
default firewall ip-reassembly-failure
default firewall ip-reassembly-failure
default
Configures the default setting.
Default: permit
drop
Drops IPv4/IPv6 packets involved in IP reassembly failure scenarios.
permit
Permits IPv4/IPv6 packets involved in IP reassembly failure scenarios.
Usage Guidelines
Use this command to configure Stateful Firewall action on IPv4/IPv6 packets involved in IP reassembly failure
scenarios such as missing fragments, overlapping offset, etc.
scenarios such as missing fragments, overlapping offset, etc.
For NAT-only calls, packets involved in IP reassembly failure scenarios are dropped.
Examples
The following command specifies to drop IPv4/IPv6 packets involved in IP reassembly failure scenarios:
firewall ip-reassembly-failure drop
firewall ip-reassembly-failure drop
Command Line Interface Reference, Modes E - F, StarOS Release 19
1694
Firewall-and-NAT Policy Configuration Mode Commands
firewall ip-reassembly-failure