Foundry Networks AR3201 User Manual

Foundry AR-Series Router User Guide

15 - 42

© 2004 Foundry Networks, Inc.

June 2004

NOTE: The address range in this command typically matches the address range configured in the 
dynamic IKE policy (see Step 4).

Router1# show firewall policy internet detail

Policy with Priority 1000 is enabled, Direction is inbound

Action permit, Traffic is self

Logging is disable

Source Address is any, Dest Address is any

Source Port is any, Service Name is ike

Schedule is disabled, Ftp-Filter is disabled

Smtp-Filter is disabled, Http-Filter is disabled

Rpc-Filter is disabled, Nat is disabled

Bytes In 0, Bytes Out 0

Policy with Priority 1024 is enabled, Direction is outbound

Action permit, Traffic is self

Logging is disable

Source Address is any, Dest Address is any

Source Port is any, Dest Port is any, any

Schedule is disabled, Ftp-Filter is disabled

Smtp-Filter is disabled, Http-Filter is disabled

Rpc-Filter is disabled, Nat is disabled

Bytes In 0, Bytes Out 0

Router1/configure# firewall corp

Router1/configure/firewall corp# policy 1000 in address 20.1.1.100 

20.1.1.150 10.0.1.0 24

Router1/configure/firewall corp/policy 1000 in# exit

Router1# show firewall policy corp
Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,
          R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging,
          E - Policy Enabled, M - Smtp-Filter

Pri  Dir Source Addr        Destination Addr   Sport Dport Proto Action Advanced
---  --- -----------        ----------------   ----------------- ------ --------
1000 in  20.1.1.100         10.0.1.0/24        any   any   any   PERMIT E
         20.1.1.150
1022 out any                any                any   any   any   PERMIT SE
1023 in  any                any                any   any   any   PERMIT SE
1024 out any                any                any   any   any   PERMIT E