To configure a security profile policy for a 7705 SAR

Purpose

A security profile policy is used to configure fragmentation, application assurance, and UDP/TCP timers. A security profile policy dictates if fragmented packets are allowed in the network or if the fragmented packets should be discarded. You can configure the timers for different states of a UDP/TCP connection. For example, in a TCP three way hand shake, each state can have its own timer. If the connection does not change state within the allowed time, the connection is closed. Idle timers time out when there are no packets on the session for the period of the configured idle timer. Strict timers time out after the session's last transition state, i.e. the timer starts and counts down from the time that the session was created. The strict timer never renews if a packet arrives on the session.

Steps
 

Choose Policies→Security from the NFM-P main menu. The Security Policies form opens.


Click Create and choose Security Profile, or choose an existing security profile policy and click Properties. The Security Profile, Global Policy (Create|Edit) form opens with the General tab displayed.


Configure the required general parameters.


Configure the Allow Fragments parameter.


Configure the Application Layer Gateway parameter.


Enable the Application Assurance Inspection checkbox, if required.

The Application Assurance parameters appear in the Application Assurance panel when you enable the Application Assurance Inspection checkbox.


Configure the ICMP parameters in the ICMP Timeouts panel.


Configure the required parameters in the TCP Timeouts, UDP Timeouts, and Other Timeouts panels.


Select a policer group policy in the Fwd Policer Group panel and the Rev Policer Group panel, if required.


10 

Configure the required parameters in the Application Assurance panel.

You must enable the IP Options Inspection checkbox in the Application Assurance panel in order for the IP Options parameter to appear.


11 

Click OK to save the policy and close the form, or click Apply to save the policy. See To release and distribute a policy to release and distribute the policy to NEs.

End of steps