Cisco Cisco Packet Data Gateway (PDG)
firewall tcp-first-packet-non-syn
This command configures Stateful Firewall action on TCP flows starting with a non-SYN packet.
In release 9.0, this command is deprecated. This configuration is available as the firewall tcp-fsm [
first-packet-non-syn { drop | permit | send-reset } ] command.
first-packet-non-syn { drop | permit | send-reset } ] command.
Important
Product
PSF
Privilege
Security Administrator, Administrator
Command Modes
Exec > ACS Configuration > Firewall-and-NAT Policy Configuration
active-charging service service_name > fw-and-nat policy policy_name
Entering the above command sequence results in the following prompt:
[local]
host_name
(config-fw-and-nat-policy)#
Syntax Description
firewall tcp-first-packet-non-syn { drop | reset }
default firewall tcp-first-packet-non-syn
default firewall tcp-first-packet-non-syn
default
Configures the default setting.
Default: drop
drop
Drops the non-SYN packet.
reset
Sends reset.
Usage Guidelines
Use this command to configure Stateful Firewall action on TCP flows starting with a non-SYN packet.
Examples
For flows starting with a non-SYN packet, the following command specifies Stateful Firewall to drop the
non-SYN packet:
firewall tcp-first-packet-non-syn drop
non-SYN packet:
firewall tcp-first-packet-non-syn drop
Command Line Interface Reference, Modes E - F, StarOS Release 19
1703
Firewall-and-NAT Policy Configuration Mode Commands
firewall tcp-first-packet-non-syn