EasyManuals Logo
Home>Cisco>Network Router>ASR 5000 Series

Cisco ASR 5000 Series User Manual

Cisco ASR 5000 Series
992 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #917 background imageLoading...
Page #917 background image
How Personal Stateful Firewall Works â–€
Cisco ASR 5000 Series Product Overview â–„
OL-22938-02
How Personal Stateful Firewall Works
This section describes how Personal Stateful Firewall works.
Important: In StarOS 8.x, Stateful Firewall for CDMA and early UMTS releases used rulebase-based
configurations, whereas later UMTS releases used policy-based configurations. In StarOS 9.0, Stateful Firewall for
UMTS and CDMA releases, both use policy-based configurations. For more information, please contact your local
service representative.
Firewall-and-NAT policies are configured in the Firewall-and-NAT Policy Configuration Mode. Each policy contains a
set of access ruledefs and the firewall configurations. Multiple such policies can be configured, however, only one
policy is applied to a subscriber at any point of time.
The policy used for a subscriber can be changed either from the CLI, or by dynamic update of policy name in Diameter
and RADIUS messages.
The Firewall-and-NAT policy to be used for a subscriber can be configured in:
ACS Rulebase: The default Firewall-and-NAT policy configured in the ACS rulebase has the least priority. If
there is no policy configured in the APN/subscriber template, and/or no policy to use is received from the
AAA/OCS, only then the default policy configured in the ACS rulebase is used.
APN/Subscriber Template: The Firewall-and-NAT policy configured in the APN/subscriber template overrides
the default policy configured in the ACS rulebase. To use the default policy configured in the ACS rulebase, in
the APN/subscriber configuration, the command to use the default rulebase policy must be configured.
AAA/OCS: The Firewall-and-NAT policy to be used can come from the AAA server or the OCS. If the policy
comes from the AAA/OCS, it will override the policy configured in the APN/subscriber template and/or the
ACS rulebase.
Important: The Firewall-and-NAT policy received from the AAA and OCS have the same priority. Whichever
comes latest, either from AAA/OCS, is applied.
The Firewall-and-NAT policy to use can be received from RADIUS during authentication.
Disabling Firewall Policy
Important: By default, Stateful Firewall processing for subscribers is disabled.
Stateful Firewall processing is disabled for subscribers in the following cases:
If Stateful Firewall is explicitly disabled in the APN/subscriber template configuration.

Table of Contents

Other manuals for Cisco ASR 5000 Series

Preview: Administration Guide
Administration Guide508 pages
Preview: Thresholding Configuration Guide
Thresholding Configuration Guide163 pages
Preview: Installation Guide
Installation Guide317 pages
Preview: Installation And Administration Guide
Installation And Administration Guide95 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASR 5000 Series and is the answer not in the manual?

Cisco ASR 5000 Series Specifications

General IconGeneral
BrandCisco
ModelASR 5000 Series
CategoryNetwork Router
LanguageEnglish

Related product manuals