Cisco Cisco Packet Data Gateway (PDG)
firewall tcp-fsm
This command enables/disables Stateful Firewall's TCP Finite State Machine (FSM).
Product
PSF
Privilege
Security Administrator, Administrator
Command Modes
Exec > ACS Configuration > Firewall-and-NAT Policy Configuration
active-charging service service_name > fw-and-nat policy policy_name
Entering the above command sequence results in the following prompt:
[local]
host_name
(config-fw-and-nat-policy)#
Syntax Description
firewall tcp-fsm [ first-packet-non-syn { drop | permit | send-reset } ]
{ default | no } firewall tcp-fsm
{ default | no } firewall tcp-fsm
default
Configures the default setting.
Default: drop
no
Disables Stateful Firewall's TCP FSM.
first-packet-non-syn { drop | permit | send-reset }
Specifies Stateful Firewall action on TCP flows starting with a non-SYN packet:
• drop: Specifies to drop the packet.
• permit: Specifies to permit the packet.
• send-reset: Specifies to drop the packet and send TCP RST.
Default: drop
Usage Guidelines
Use this command to enable/disable Stateful Firewall's TCP FSM checks. When Stateful Firewall and TCP
FSM are enabled, state of the TCP session is checked to decide whether to forward TCP packets.
FSM are enabled, state of the TCP session is checked to decide whether to forward TCP packets.
Command Line Interface Reference, Modes E - F, StarOS Release 19
1704
Firewall-and-NAT Policy Configuration Mode Commands
firewall tcp-fsm