Cisco Cisco Packet Data Interworking Function (PDIF)
PSF Changes in Release 16
▀ PSF Enhancements for 16.0
▄ Release Change Reference, StarOS Release 16
312
PSF Enhancements for 16.0
This section identifies all of the Firewall enhancements included in this release:
Feature Changes - new or modified features or behavior changes. For details, refer to the PSF Administration Guide
for this release.
for this release.
Command Changes - changes to any of the CLI command syntax. For details, refer to the Command Line Interface
Reference for this release.
Reference for this release.
Performance Indicator Changes - new, modified, and deprecated bulk statistics, disconnect reasons, counters and/or
fields in new or modified schema and/or show command output. For details, refer to the Statistics and Counters
Reference for this release.
fields in new or modified schema and/or show command output. For details, refer to the Statistics and Counters
Reference for this release.
CSCtl88372 - SFW: feature parity of the PSFW between uplink and downlink
Applicable Products: GGSN, HA, IPSG, PDSN, P-GW
Feature Changes
Firewall Uplink Protection
The Firewall Uplink protection feature provides security to ISP servers from mobile space devices. In addition to
protecting mobiles from Internet vulnerabilities, it is imperative to protect ISP servers from the mobile space originated
traffic. Feature Parity of Firewall is aimed at porting all Downlink protection features to support Uplink servers as well.
No separate license is required to enable this feature.
protecting mobiles from Internet vulnerabilities, it is imperative to protect ISP servers from the mobile space originated
traffic. Feature Parity of Firewall is aimed at porting all Downlink protection features to support Uplink servers as well.
No separate license is required to enable this feature.
The following features will be ported to support Uplink protection.
IP Options check
Jolt attack detection
Teardrop attack detection
Winnuke attack detection
Ping of Death attack detection
TCP Sequence number and ACK Number checks
MIME Flood attack detection
TCP RST message threshold
UDP - ICMP Destination Unreachable message threshold
ICMP - ICMP Destination Unreachable message threshold
For uplink protection, no additional statistics are added. All the existing statistics will be pegged properly with uplink
protection enabled. Uplink Flooding detection, Uplink Port-scan detection and Uplink IP-sweep protection will be
enabled separately in Global ACS Service Configuration mode.
protection enabled. Uplink Flooding detection, Uplink Port-scan detection and Uplink IP-sweep protection will be
enabled separately in Global ACS Service Configuration mode.
Command Changes
firewall protect-servers