Firewall-and-NAT Action Configuration Mode Commands

Firewall-and-NAT Action Configuration Mode Commands
 
The Firewall-and-NAT Action Configuration Mode enables configuring Stateful Firewall (FW) and Network Address Translation (NAT) actions.
note_smallImportant: This configuration mode is only available in release 11.0 and later releases. This configuration mode must be used to configure Action-based Stateful Firewall and NAT features.
note_smallImportant: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
end
Exits the current configuration mode and returns to the Exec mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
end
Usage
Use this command to return to the Exec mode.
exit
Exits the current mode and returns to the parent configuration mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
exit
Usage
Use this command to return to the parent configuration mode.
flow check-point
This command checkpoints all the flows matching the Firewall-and NAT action.
Product
NAT
Privilege
Security Administrator, Administrator
Syntax
flow check-point [ data-usage data_usage [ and | or ] | time-duration duration [ and | or ] ]
{ default | no } flow check-point
default
Configures the default Firewall action.
no
Deletes the Firewall action configuration.
data-usage data_usage
Specifies the data usage in bytes.
data_usage must be an integer from 1 through 4294967295.
The maximum limit for data-usage is 4 GB.
time-duration duration
Specifies the time duration in seconds.
duration must be an integer from 1 through 86400.
The maximum limit for time-duration is 24 hours.
and | or
This option allows to configure only data-usage or time-duration, or a combination of data-usage and time-duration.
Usage
Use this command to enable/disable the check-pointing of NATed flows and control the type of flows need to be check pointed based on specified criteria. Check pointing is done only for TCP and UDP flows.
Example
The following command configures Stateful Firewall to drop packets with data-usage 5000:
flow check-point data-usage 5000
 
 
Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883