Router(config)#ip inspect udp idle-time 1800 Speci?¬?es the UDP idle
timeout (default is 30
seconds)
Router(config)#no ip inspect alert-off Enables real-time alerts
NOTE: Cisco IOS
Firewall real-time alerts
are off by default (the
command ip inspect
alert-off is active by
default). To enable realtime
alerts, the
no version of the
command is needed;
use the no ip inspect
alert-off command in
global con?¬?guration
mode.
Router(config)#ip inspect name INSPECTION-RULE
tftp timeout 20
Instructs the router to
inspect protocol TFTP with
20-second idle timeout
Router(config)#ip inspect name INSPECTION-RULE
udp timeout 15
Instructs the router to
inspect protocol UDP with
15-second idle timeout
Router(config)#ip inspect name INSPECTION-RULE
tcp timeout 600
Instructs the router to
inspect protocol TCP with
600-second idle timeout
Router(config)#ip inspect name INSPECTION-RULE
ftp timeout 600
Instructs the router to
inspect protocol FTP with
600-second idle timeout
Con?¬?guring an IOS Firewall from the CLI 143
Step 5: Apply the Inspection Rules and the ACL to the Outside Interface
Router(config)#ip inspect name INSPECTION-RULE
http timeout 600
Instructs the router to
inspect protocol HTTP
with 600-second idle
timeout
Router(config)#ip inspect name INSPECTION-RULE
smtp alert on audit-trail on timeout 300
Instructs the router to
inspect protocol SMTP,
turns on alert messages,
turns on the audit trail, and
sets the timeout to 300
seconds
NOTE: For both the
alert and audit-trail
arguments, if there
is no option selected,
alerts or messages will
be generated based
on the setting of the
ip inspect alert-off
command or the ip
inspect audit-trail
command.
Pages:
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130