Cisco Cisco Packet Data Gateway (PDG)
Firewall-and-NAT Policy Configuration Mode Commands
firewall tcp-fsm ▀
Command Line Interface Reference, StarOS Release 18 ▄
5127
firewall tcp-fsm
This command enables/disables Stateful Firewall’s TCP Finite State Machine (FSM).
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration > Firewall-and-NAT Policy Configuration
active-charging service service_name > fw-and-nat policy policy_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-fw-and-nat-policy)#
Syntax
firewall tcp-fsm [ first-packet-non-syn { drop | permit | send-reset } ]
{ default | no } firewall tcp-fsm
default
Configures the default setting.
Default:
Default:
drop
no
Disables Stateful Firewall’s TCP FSM.
first-packet-non-syn { drop | permit | send-reset }
Specifies Stateful Firewall action on TCP flows starting with a non-SYN packet:
drop
: Specifies to drop the packet.
permit
: Specifies to permit the packet.
send-reset
: Specifies to drop the packet and send TCP RST.
Default:
drop
Usage
Use this command to enable/disable Stateful Firewall’s TCP FSM checks. When Stateful Firewall and TCP
FSM are enabled, state of the TCP session is checked to decide whether to forward TCP packets.
FSM are enabled, state of the TCP session is checked to decide whether to forward TCP packets.
Example
The following command enables TCP FSM, and configures action to take on TCP flows starting with a non-
SYN packet to drop the packet:
SYN packet to drop the packet:
firewall tcp-fsm first-packet-non-syn drop