No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

The analysis of problem of GPRS firewall fail to add policy which has been led by data configuration isn’t normative

Publication Date:  2012-09-21 Views:  2 Downloads:  0
Issue Description
The firewall E1000 register it is failed when we add the policy ,the frondose mistake information :
HRP_M[JNFW04BHW-acl-firewall-5000]rule 36 per udp source
address-set hwgnnew destination 221.177.46.0 0.0.0.255 destination-port port-set
any The number of SMT leafs in NP have reached maximum!
Alarm Information
None.
Handling Process
The firewall is basea on the NP truss ,because of the particularity of hardware ,when the ACL of 5000 series must appoint destination port ,it won’t support the way of Range .But the ACL of 2000 series firwall and 3000 series can no use to appoint destination port and can use the way of Range to dispensing in NP .
Because the new policy is no need to appoint destination port ,wo can add this policy in the ACL of 3000 series and don’t need to appoint destination port .At this way ,it will satisfy the need of operation .configuration as follows :
[JNFW04BHW]acl 3000
[JNFW04BHW-acl-adv-3000]rule 91 permit udp source address-set hwgnnew
destination address-set tdshqdbd 
According to the configuration ,it will satisfy the need of the live network adding the equipmen of core network interworking
Root Cause
Based on the realization principle of  the ACL of firewall ,the ACL of firewall 5000 series must develop destination port ,this is decided by the firewall based on NP truss.The new rule no need to appoint destination port ,so when we configure the address aggregation ,the configuration rule sa follows :
ip port-set any protocol udp
description "any"
port 0 range 0 65535
When the address aggregation use on the ACL of 5000 series ,it will create 65535 items aggregation of destination port as a result of that firewall 5000 series don’t support the way of Range.
The ACL of firewall 5000 series can support 50000 rules and the port aggregation will create 65535 rules .If it is over the 50000 upper limit,it will fail to dispensing
Suggestions
None.

END