Cisco Cisco Packet Data Interworking Function (PDIF)
PSF Changes in Release 16
PSF Enhancements for 16.0 ▀
Release Change Reference, StarOS Release 16 ▄
313
This command is configured to protect ISP servers from mobile space devices.
configure
active-charging service acs_name
firewall protect-servers { all | host-pool } policy policy_name
{ default | no } firewall protect-servers
end
Notes:
Uplink protection can be enabled or disabled based on the server IP of the packet.
Performance Indicator Changes
show active-charging firewall dos-protection
This command is new and can be configured to display statistics of the IP Sweep server list involved in IP Sweep
attacks.
attacks.
show active-charging firewall dos-protection ip-sweep server-list { all | instance
instance_num } [ | { grep grep_options | more } ]
instance_num } [ | { grep grep_options | more } ]
CSCub35955 - ICSR Support for Dynamic Firewall Access Rules
Applicable Products: GGSN, HA, IPSG, PDSN, P-GW
Feature Changes
ICSR Support for Dynamic Firewall Access Rules
In this release, ICSR recovery is supported for dynamic Firewall access rules. Firewall access rules can be enabled
either statically or dynamically. Firewall access rules can be dynamically activated or deactivated from the Gx server.
This feature currently works only for default bearers and not for dedicated bearers.
either statically or dynamically. Firewall access rules can be dynamically activated or deactivated from the Gx server.
This feature currently works only for default bearers and not for dedicated bearers.
The following attributes are used to activate or deactivate Firewall access rules from the Gx server:
Charging-Rule-Install
Charging-Rule-Remove
Previous Behavior: Firewall access rules enabled dynamically by PCRF were checkpointed only for standalone
recovery. ICSR checkpointing was not done for dynamically enabled access rules. After ICSR switchover, the
dynamically enabled Firewall rule will be disabled.
recovery. ICSR checkpointing was not done for dynamically enabled access rules. After ICSR switchover, the
dynamically enabled Firewall rule will be disabled.
New Behavior: In this release, after ICSR switchover, the Firewall access rules will be enabled dynamically from the
Gx server.
Gx server.