Step 1 Format security firewall ipv4 add_rule lan_wan inbound Mode security
Step 2 Format service_name {default_services <default service name> | {custom_services <custom service name>}
action {ALWAYS_BLOCK | ALWAYS_ALLOW |
BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 | Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK {schedule {Schedule1 | Schedule2 | Schedule3}}}
send_to_lan_server {SINGLE_ADDRESS {send_to_lan_server_start_ip
<ipaddress>} | ADDRESS_RANGE {send_to_lan_server_start_ip
<ipaddress>} {send_to_lan_server_end_ip <ipaddress>}}
translate_to_port_number enable {N | Y {translate_to_port_number port <number>}}
wan_destination_ip_address {WAN | OTHERS
{wan_destination_ip_address_start <ipaddress>} | RANGE {wan_destination_ip_address_start <ipaddress>}
{wan_destination_ip_address_end <ipaddress>}}
lan_user {address_wise {ANY | SINGLE_ADDRESS {lan_user_start_ip
<ipaddress>} | ADDRESS_RANGE {lan_user_start_ip <ipaddress>}
{lan_user_end_ip <ipaddress>}} | group_wise <group name>}
wan_user {ANY | SINGLE_ADDRESS {wan_user_start_ip <ipaddress>}
| ADDRESS_RANGE {wan_user_start_ip <ipaddress>}
{wan_user_end_ip <ipaddress>}}
log {NEVER | ALWAYS}
bandwidth_profile <profile name>
Mode security-config [firewall-ipv4-lan-wan-inbound]
Keyword (might consist of two separate words)
Associated Keyword to Select or Parameter to Type
Description
Service name, action, and schedule service_name
default_services
ANY, AIM, BGP, BOOTP_CLIENT, BOOTP_SERVER, CU-SEEME:UDP, CU-SEEME:TCP, DNS:UDP, DNS:TCP, FINGER, FTP, HTTP, HTTPS, ICMP-TYPE-3, ICMP-TYPE-4, ICMP-TYPE-5, ICMP-TYPE-6, ICMP-TYPE-7, ICMP-TYPE-8, ICMP-TYPE-9, ICMP-TYPE-10, ICMP-TYPE-11, ICMP-TYPE-13, ICQ, IMAP2, IMAP3, IRC, NEWS, NFS, NNTP, PING, POP3, PPTP, RCMD, REAL-AUDIO, REXEC, RLOGIN, RTELNET, RTSP:TCP, RTSP:UDP, SFTP, SMTP, SNMP:TCP, SNMP:UDP, SNMP-TRAPS:TCP,
SNMP-TRAPS:UDP, SQL-NET, SSH:TCP, SSH:UDP, STRMWORKS, TACACS, TELNET, TFTP, RIP, IKE, SHTTPD, IPSEC-UDP-ENCAP, IDENT, VDOLIVE, SSH, SIP-TCP, or SIP-UDP
The default service and protocol to which the firewall rule applies.
service_name custom_services
custom service name The custom service that you have configured with the security services add command.
action ALWAYS_BLOCK, ALWAYS_ALLOW, BLOCK_BY_SCHEDULE_ELSE_ALLOW, or ALLOW_BY_SCHEDULE_ELSE_BLOCK
The type of action to be enforced by the rule.
schedule Schedule1, Schedule2, or Schedule3
The schedule, if any, that is applicable to the rule.
LAN server addresses, port number translation, and WAN destination addresses send_to_lan_server ANY, SINGLE_ADDRESS, or
ADDRESS_RANGE
The type of LAN address.
send_to_lan_server_start_ip ipaddress There are two options:
• The IP address if the send_to_lan_server keyword is to SINGLE_ADDRESS.
• The start IP address if the send_to_lan_server keyword is set to ADDRESS_RANGE.
send_to_lan_server_end_ip ipaddress The end IP address if the
send_to_lan_server keyword is set to ADDRESS_RANGE.
translate_to_port_number
number The port number (integer) if port forwarding is enabled. Valid numbers are 0 through 65535.
wan_destination_ip_address WAN, OTHERS, or RANGE The type of destination WAN address for an inbound rule:
• WAN. The default IP address of the WAN (broadband) interface.
• OTHERS. Another public IP address, which you need to configure by issuing the
wan_destination_ip_address_start
keyword and specifying an IPv4 address.
• RANGE. A range of public IP addresses, which you need to configure by issuing the
wan_destination_ip_address_start
and
wan_destination_ip_address_end
keywords and specifying IPv4 addresses.
wan_destination_ip_address_start ipaddress There are two options:
• The IP address if the
wan_destination_ip_address keyword is set to OTHERS.
• The start IP address if the wan_destination_ip_address keyword is set to RANGE.
wan_destination_ip_address_end ipaddress The end IP address if the wan_destination_ip_address keyword is set to RANGE.
LAN user addresses or LAN group and WAN user addresses lan_user address_wise ANY, SINGLE_ADDRESS, or
ADDRESS_RANGE
The type of LAN address.
For an inbound rule, this option is available only when the WAN mode is Classical Routing.
lan_user_start_ip ipaddress There are two options:
• The IP address if the lan_user address_wise keywords are set to SINGLE_ADDRESS.
• The start IP address if the lan_user address_wise keywords are set to
ADDRESS_RANGE.
Keyword (might consist of two separate words)
Associated Keyword to Select or Parameter to Type
Description
Command example:
FVS318N> security firewall ipv4 add_rule lan_wan inbound
security-config[firewall-ipv4-lan-wan-inbound]> service_name default_services HTTP security-config[firewall-ipv4-lan-wan-inbound]> action ALWAYS_ALLOW
security-config[firewall-ipv4-lan-wan-inbound]> send_to_lan_server SINGLE_ADDRESS
Related show command: show security firewall ipv4 setup lan_wan
lan_user_end_ip ipaddress The end IP address if the lan_user address_wise keywords are set to
ADDRESS_RANGE.
lan_user group_wise group name The name of the LAN group. The group name is either a default name (Group1, Group2, Group3, and so on) or a custom name that you specified with the net lan lan_groups edit <row id> <new group name> command.
For an inbound rule, this option is available only when the WAN mode is Classical Routing.
wan_user ANY, SINGLE_ADDRESS, or
ADDRESS_RANGE
The type of WAN address.
wan_user_start_ip ipaddress There are two options:
• The IP address if the wan_user keyword is set to
SINGLE_ADDRESS.
• The start IP address if the wan_user keyword is set to ADDRESS_RANGE.
wan_user_end_ip ipaddress The end IP address if the wan_user keyword is set to ADDRESS_RANGE.
Logging and bandwidth profile
log NEVER or ALWAYS Enables or disables logging.
bandwidth_profile profile name The profile that you have configured with the security bandwidth profile add command.
Keyword (might consist of two separate words)
Associated Keyword to Select or Parameter to Type
Description