Cisco IOS XR Virtual Firewall Configuration Guide, Release 3.7 - Index [Cisco IOS XR Software]

Table Of Contents

A - C - D - E - F - H - I - L - M - N - O - P - R - S - T - U - V - W -

Index

A

accounting

RADIUS server accounting settings, configuring VFC-88

TACACS+ server accounting settings, configuring VFC-85

ACL compilation process out of memory VFC-260

ACLs

implicit deny VFC-97

inbound VFC-105

IPs with NAT VFC-107

maximum entries VFC-97

merged VFC-96

order of entries VFC-96

outbound VFC-105

Admin

context VFC-46

description VFC-46, VFC-48

permissions VFC-48

alert messages VFC-280

application protocol inspection

class map overview VFC-129

DNS VFC-131

FTP VFC-132

HTTP VFC-131

ICMP VFC-133

limitations VFC-128

NAT and PAT support VFC-128

policy map overview VFC-129

RTSP VFC-134

standards VFC-128

supported protocols VFC-128

ARP

inspection check failure VFC-266

attacks

spoofing VFC-265, VFC-266

authentication

local database VFC-63

TACACS+ server accounting settings, configuring VFC-85

C

class map

overview in application protocol inspection process VFC-129

configuration

example VFC-59

file replication failure VFC-270

modified by command VFC-259, VFC-260

content type verification, HTTP message VFC-146

context

Admin VFC-46

configuration file VFC-46

configuration synchronization failure VFC-273

configuring VFC-49

database VFC-46

description VFC-46, VFC-47

diagram VFC-47

displaying information VFC-58

domains VFC-47

moving from one to another VFC-47

overview VFC-45

startup-config VFC-46

state change VFC-273

user role VFC-47

critical messages VFC-280

D

dead-time

RADIUS server setting VFC-71

TACACS+ server setting VFC-76

debugging messages VFC-283

debug logging failure VFC-279

destination NAT VFC-234, VFC-236, VFC-246

DNS

application protocol support VFC-128

inspection oveview VFC-131

DNS packet message VFC-267

domain

description VFC-47

diagram VFC-47

function within a context VFC-47

information, displaying VFC-58

name VFC-47

E

Encap table full VFC-266

error messages VFC-281

F

fault tolerance

See HA

fixups

See application protocol inspection

FT group

context name mismatch VFC-270

peer state change VFC-278

two active devices detected VFC-270

FT interface, peer unreachable VFC-270

FTP

application protocol support VFC-128, VFC-129

inspection overview VFC-132

strict VFC-132

FT track, state change VFC-276

FT track state change VFC-276

H

HA

alternate pings VFC-276, VFC-277

communication failure VFC-272

configuration replication failure VFC-273

context name mismatch VFC-270

context state change VFC-273

data dropped VFC-279

FT track state change VFC-276

heartbeat interval mismatch VFC-275

heartbeats unidirectional VFC-275

initialization failure VFC-271

internal error VFC-272

module VFC-271

peer compatibility VFC-277

peer incompatibility VFC-271

peer reachable VFC-274, VFC-277

peer state change VFC-278

peer unreachable VFC-269, VFC-270, VFC-278

receive error VFC-278

redundancy heartbeat stopped VFC-277

replication failure VFC-270, VFC-272

replication in process VFC-275

state transitions VFC-273

two active devices detected VFC-270

header value string expressions VFC-138, VFC-142

heartbeat

interval mismatch VFC-275

started VFC-277

stopped VFC-269, VFC-276, VFC-277

unidirectional VFC-275

High Availability

See HA

HTTP

application protocol support VFC-129

content type verification match criteria, defining VFC-146

header value string expressions VFC-138, VFC-142

HTTP/1/1 header fields, supported VFC-141

inline match commands in policy map VFC-146

inspection overview VFC-131

internal compliance checks VFC-147

strict HTTP match criteria, defining VFC-147

HTTP/1/1 header fields, supported VFC-141

I

ICMP

application protocol support VFC-129

initialization failure VFC-264

inspection overview VFC-133

memory failure VFC-265

packet denied VFC-264

session established VFC-262

session removed VFC-262

inbound ACLs VFC-105

informational messages VFC-282

initialization failure VFC-271

inline match commands

content type verification for HTTP inspection VFC-146

in Layer 7 HTTP deep packet inspection policy map VFC-146

strict HTTP for HTTP inspection VFC-147

inspection engines

See application protocol inspection

interface

configuration status change VFC-268

configuration status changed VFC-268

line protocol change of state VFC-267

IP

for ACL with NAT VFC-107

IP header option error VFC-267

L

Layer 3 and 4 application protocol inspection, configuring

policy actions VFC-158

LDAP server

directory server overview VFC-64

port, setting VFC-80

timeout, setting VFC-80

virtualization attributes, defining VFC-86, VFC-88, VFC-90

levels

overview VFC-199

severity listing VFC-199

license for user contexts VFC-45, VFC-50

line protocol, status change VFC-267

load balancing

HA data dropped VFC-279

local database authentication VFC-63

log files, logging levels VFC-199

logging

levels VFC-199

message format VFC-199

overview VFC-198

severity levels VFC-199

variables VFC-200

logging out a user VFC-58

M

memory mapping failure VFC-279

merged ACLs VFC-96

messages

format VFC-199

severity levels VFC-199

understanding VFC-199

variables VFC-200

N

NAT

application protocol inspection support VFC-128

destination VFC-234, VFC-236, VFC-246

IPs in ACLs VFC-107

source VFC-233, VFC-234, VFC-235, VFC-237

Network Admin

description VFC-48

permissions VFC-48

Network-Monitor

description VFC-48

permissions VFC-48

notification messages VFC-282

notifications

error messages VFC-191

SNMP VFC-191

virtual context change VFC-191

O

object

association with contexts and domains VFC-47

description VFC-47

order of ACL entries VFC-96

outbound ACLs VFC-105

output locations

SNMP NMS VFC-203

P

peer

alternate pings VFC-276, VFC-277

communication failure VFC-272

heartbeat interval mismatch VFC-275

heartbeats unidirectional VFC-275

incompatibility VFC-271

reachable VFC-274, VFC-277

receive error VFC-278

replication failure VFC-270, VFC-272

replication in process VFC-275

state change VFC-278

unreachable VFC-269, VFC-270, VFC-278

policy map

actions, defining VFC-158

Layer 7 HTTP deep packet inspection, inline match commands VFC-146

overview in application protocol inspection process VFC-129

port

for LDAP server VFC-80

preshared key

RADIUS, setting for VFC-70

TACACS+, setting for VFC-75

processing

ACL compilation process out of memory VFC-260

R

RADIUS server

dead-time setting VFC-71

global preshared key setting VFC-70

number of retransmissions, setting VFC-71

server accounting settings, configuring VFC-88

server overview VFC-64

timeout setting VFC-71

RBAC

description VFC-48

predefined user roles VFC-48

redundancy

See HA

reload

reasons VFC-260

record VFC-260

resource, customizing for contexts VFC-49

resource class

customized VFC-49

default VFC-49

description VFC-49

resources

list of managed VFC-55

usage, monitoring VFC-58

role

predefined VFC-48

role-based access control

See RBAC VFC-48

RTSP

application protocol support VFC-129

inspection overview VFC-134

restrictions VFC-134

rules, maximum in ACL VFC-97

S

Security-Admin

description VFC-48

permissions VFC-48

security context

added to system VFC-269

removed from system VFC-269

severity level messages

Level 1 messages VFC-280

Level 2 messages VFC-280

Level 3 messages VFC-281

Level 4 messages VFC-281

Level 5 messages VFC-282

Level 6 messages VFC-282

Level 7 messages VFC-283

overview VFC-200

severity levels

alerts VFC-280

critical VFC-280

debugging VFC-283

errors VFC-281

informational VFC-282

notifications VFC-282

overview VFC-199, VFC-200

warning VFC-281

SNMP

daemon initialization failure VFC-261

memory allocation failure VFC-261

Shadow Table error VFC-268

source NAT VFC-233, VFC-234, VFC-235, VFC-237

spoofing attack VFC-265, VFC-266

SSH

version VFC-37

subsystems VFC-199

system message logging

format VFC-199

overview VFC-198

severity levels VFC-199

understanding VFC-199

variables VFC-200

T

TACACS+ server

accounting settings, configuring VFC-85

Cisco Secure Access Control Server (ACS) VFC-85

dead-time setting VFC-76

global preshared key setting VFC-75

server authentication settings, configuring VFC-85

server overview VFC-64

timeout setting VFC-76

TCP

connection slot creation VFC-263

connection slot termination VFC-263

TCP connection failure VFC-272

U

UDP

connection slot creation VFC-262, VFC-263

connection slot deletion VFC-262, VFC-263

DNS packet VFC-267

port numbers and key words VFC-102

URL

regular expressions VFC-140

URL, host access record VFC-264

user

displaying information VFC-58

session, clearing VFC-58

user role

predefined VFC-48

within a context VFC-47

V

variables

fields VFC-200

in messages VFC-200

virtualization

configuring VFC-49

example configuration VFC-59

overview VFC-45

W

warning messages VFC-281

	Cisco IOS XR Virtual Firewall Configuration Guide, Release 3.7
	Index
Cisco IOS XR Virtual Firewall Configuration Guide, Release 3.7 Preface Configuring Virtual Firewalls on the Multiservice Blade Configuring the Management Interface on the Virtual Firewall Configuring Virtualization on the Virtual Firewall Configuring Authentication and Accounting Services on the Virtual Firewall Configuring Security Access Control Lists on the Virtual Firewall Configuring Application Protocol Inspection on the Virtual Firewall Configuring High Availability on the Virtual Firewall Configuring SNMP on the Virtual Firewall Configuring an XML Interface on the Virtual Firewall Configuring System Message Logging on the Virtual Firewall Managing the Virtual Firewall Software Configuring VRF-Aware Service Infrastructure for the Virtual Firewall Configuring TCP/IP Normalization and IP Reassembly Parameters on the Virtual Firewall Configuring Network Address Translation on the Virtual Firewall Using the Command-Line Interface on the Virtual Firewall Virtual Firewall System Error Messages Index	Download this chapter Index Download the complete book Cisco IOS XR Virtual Firewall Configuration Guide (PDF - 4 MB) Table Of Contents A - C - D - E - F - H - I - L - M - N - O - P - R - S - T - U - V - W - Index A accounting RADIUS server accounting settings, configuring VFC-88 TACACS+ server accounting settings, configuring VFC-85 ACL compilation process out of memory VFC-260 ACLs implicit deny VFC-97 inbound VFC-105 IPs with NAT VFC-107 maximum entries VFC-97 merged VFC-96 order of entries VFC-96 outbound VFC-105 Admin context VFC-46 description VFC-46, VFC-48 permissions VFC-48 alert messages VFC-280 application protocol inspection class map overview VFC-129 DNS VFC-131 FTP VFC-132 HTTP VFC-131 ICMP VFC-133 limitations VFC-128 NAT and PAT support VFC-128 policy map overview VFC-129 RTSP VFC-134 standards VFC-128 supported protocols VFC-128 ARP inspection check failure VFC-266 attacks spoofing VFC-265, VFC-266 authentication local database VFC-63 TACACS+ server accounting settings, configuring VFC-85 C class map overview in application protocol inspection process VFC-129 configuration example VFC-59 file replication failure VFC-270 modified by command VFC-259, VFC-260 content type verification, HTTP message VFC-146 context Admin VFC-46 configuration file VFC-46 configuration synchronization failure VFC-273 configuring VFC-49 database VFC-46 description VFC-46, VFC-47 diagram VFC-47 displaying information VFC-58 domains VFC-47 moving from one to another VFC-47 overview VFC-45 startup-config VFC-46 state change VFC-273 user role VFC-47 critical messages VFC-280 D dead-time RADIUS server setting VFC-71 TACACS+ server setting VFC-76 debugging messages VFC-283 debug logging failure VFC-279 destination NAT VFC-234, VFC-236, VFC-246 DNS application protocol support VFC-128 inspection oveview VFC-131 DNS packet message VFC-267 domain description VFC-47 diagram VFC-47 function within a context VFC-47 information, displaying VFC-58 name VFC-47 E Encap table full VFC-266 error messages VFC-281 F fault tolerance See HA fixups See application protocol inspection FT group context name mismatch VFC-270 peer state change VFC-278 two active devices detected VFC-270 FT interface, peer unreachable VFC-270 FTP application protocol support VFC-128, VFC-129 inspection overview VFC-132 strict VFC-132 FT track, state change VFC-276 FT track state change VFC-276 H HA alternate pings VFC-276, VFC-277 communication failure VFC-272 configuration replication failure VFC-273 context name mismatch VFC-270 context state change VFC-273 data dropped VFC-279 FT track state change VFC-276 heartbeat interval mismatch VFC-275 heartbeats unidirectional VFC-275 initialization failure VFC-271 internal error VFC-272 module VFC-271 peer compatibility VFC-277 peer incompatibility VFC-271 peer reachable VFC-274, VFC-277 peer state change VFC-278 peer unreachable VFC-269, VFC-270, VFC-278 receive error VFC-278 redundancy heartbeat stopped VFC-277 replication failure VFC-270, VFC-272 replication in process VFC-275 state transitions VFC-273 two active devices detected VFC-270 header value string expressions VFC-138, VFC-142 heartbeat interval mismatch VFC-275 started VFC-277 stopped VFC-269, VFC-276, VFC-277 unidirectional VFC-275 High Availability See HA HTTP application protocol support VFC-129 content type verification match criteria, defining VFC-146 header value string expressions VFC-138, VFC-142 HTTP/1/1 header fields, supported VFC-141 inline match commands in policy map VFC-146 inspection overview VFC-131 internal compliance checks VFC-147 strict HTTP match criteria, defining VFC-147 HTTP/1/1 header fields, supported VFC-141 I ICMP application protocol support VFC-129 initialization failure VFC-264 inspection overview VFC-133 memory failure VFC-265 packet denied VFC-264 session established VFC-262 session removed VFC-262 inbound ACLs VFC-105 informational messages VFC-282 initialization failure VFC-271 inline match commands content type verification for HTTP inspection VFC-146 in Layer 7 HTTP deep packet inspection policy map VFC-146 strict HTTP for HTTP inspection VFC-147 inspection engines See application protocol inspection interface configuration status change VFC-268 configuration status changed VFC-268 line protocol change of state VFC-267 IP for ACL with NAT VFC-107 IP header option error VFC-267 L Layer 3 and 4 application protocol inspection, configuring policy actions VFC-158 LDAP server directory server overview VFC-64 port, setting VFC-80 timeout, setting VFC-80 virtualization attributes, defining VFC-86, VFC-88, VFC-90 levels overview VFC-199 severity listing VFC-199 license for user contexts VFC-45, VFC-50 line protocol, status change VFC-267 load balancing HA data dropped VFC-279 local database authentication VFC-63 log files, logging levels VFC-199 logging levels VFC-199 message format VFC-199 overview VFC-198 severity levels VFC-199 variables VFC-200 logging out a user VFC-58 M memory mapping failure VFC-279 merged ACLs VFC-96 messages format VFC-199 severity levels VFC-199 understanding VFC-199 variables VFC-200 N NAT application protocol inspection support VFC-128 destination VFC-234, VFC-236, VFC-246 IPs in ACLs VFC-107 source VFC-233, VFC-234, VFC-235, VFC-237 Network Admin description VFC-48 permissions VFC-48 Network-Monitor description VFC-48 permissions VFC-48 notification messages VFC-282 notifications error messages VFC-191 SNMP VFC-191 virtual context change VFC-191 O object association with contexts and domains VFC-47 description VFC-47 order of ACL entries VFC-96 outbound ACLs VFC-105 output locations SNMP NMS VFC-203 P peer alternate pings VFC-276, VFC-277 communication failure VFC-272 heartbeat interval mismatch VFC-275 heartbeats unidirectional VFC-275 incompatibility VFC-271 reachable VFC-274, VFC-277 receive error VFC-278 replication failure VFC-270, VFC-272 replication in process VFC-275 state change VFC-278 unreachable VFC-269, VFC-270, VFC-278 policy map actions, defining VFC-158 Layer 7 HTTP deep packet inspection, inline match commands VFC-146 overview in application protocol inspection process VFC-129 port for LDAP server VFC-80 preshared key RADIUS, setting for VFC-70 TACACS+, setting for VFC-75 processing ACL compilation process out of memory VFC-260 R RADIUS server dead-time setting VFC-71 global preshared key setting VFC-70 number of retransmissions, setting VFC-71 server accounting settings, configuring VFC-88 server overview VFC-64 timeout setting VFC-71 RBAC description VFC-48 predefined user roles VFC-48 redundancy See HA reload reasons VFC-260 record VFC-260 resource, customizing for contexts VFC-49 resource class customized VFC-49 default VFC-49 description VFC-49 resources list of managed VFC-55 usage, monitoring VFC-58 role predefined VFC-48 role-based access control See RBAC VFC-48 RTSP application protocol support VFC-129 inspection overview VFC-134 restrictions VFC-134 rules, maximum in ACL VFC-97 S Security-Admin description VFC-48 permissions VFC-48 security context added to system VFC-269 removed from system VFC-269 severity level messages Level 1 messages VFC-280 Level 2 messages VFC-280 Level 3 messages VFC-281 Level 4 messages VFC-281 Level 5 messages VFC-282 Level 6 messages VFC-282 Level 7 messages VFC-283 overview VFC-200 severity levels alerts VFC-280 critical VFC-280 debugging VFC-283 errors VFC-281 informational VFC-282 notifications VFC-282 overview VFC-199, VFC-200 warning VFC-281 SNMP daemon initialization failure VFC-261 memory allocation failure VFC-261 Shadow Table error VFC-268 source NAT VFC-233, VFC-234, VFC-235, VFC-237 spoofing attack VFC-265, VFC-266 SSH version VFC-37 subsystems VFC-199 system message logging format VFC-199 overview VFC-198 severity levels VFC-199 understanding VFC-199 variables VFC-200 T TACACS+ server accounting settings, configuring VFC-85 Cisco Secure Access Control Server (ACS) VFC-85 dead-time setting VFC-76 global preshared key setting VFC-75 server authentication settings, configuring VFC-85 server overview VFC-64 timeout setting VFC-76 TCP connection slot creation VFC-263 connection slot termination VFC-263 TCP connection failure VFC-272 U UDP connection slot creation VFC-262, VFC-263 connection slot deletion VFC-262, VFC-263 DNS packet VFC-267 port numbers and key words VFC-102 URL regular expressions VFC-140 URL, host access record VFC-264 user displaying information VFC-58 session, clearing VFC-58 user role predefined VFC-48 within a context VFC-47 V variables fields VFC-200 in messages VFC-200 virtualization configuring VFC-49 example configuration VFC-59 overview VFC-45 W warning messages VFC-281
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.