Cisco Cisco Packet Data Gateway (PDG)
Firewall-and-NAT Policy Configuration Mode Commands
firewall ip-reassembly-failure ▀
Command Line Interface Reference, StarOS Release 17 ▄
5067
firewall ip-reassembly-failure
This command configures Stateful Firewall action on IPv4/IPv6 packets involved in IP Reassembly Failure scenarios.
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration > Firewall-and-NAT Policy Configuration
active-charging service service_name > fw-and-nat policy policy_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-fw-and-nat-policy)#
Syntax
firewall ip-reassembly-failure { drop | permit }
default firewall ip-reassembly-failure
default
Configures the default setting.
Default:
Default:
permit
drop
Drops IPv4/IPv6 packets involved in IP reassembly failure scenarios.
permit
Permits IPv4/IPv6 packets involved in IP reassembly failure scenarios.
Usage
Use this command to configure Stateful Firewall action on IPv4/IPv6 packets involved in IP reassembly
failure scenarios such as missing fragments, overlapping offset, etc.
For NAT-only calls, packets involved in IP reassembly failure scenarios are dropped.
failure scenarios such as missing fragments, overlapping offset, etc.
For NAT-only calls, packets involved in IP reassembly failure scenarios are dropped.
Example
The following command specifies to drop IPv4/IPv6 packets involved in IP reassembly failure scenarios:
firewall ip-reassembly-failure drop