Firewall Changes
in Release 14.0
This chapter
identifies features and functionality added to, modified for, or
deprecated from 14.0 Firewall software releases.
Topics covered in
this chapter are:
IMPORTANT:
Enhancements to Diameter,
GTPP, and RADIUS in release 14.0 are located in the Accounting Management
Changes chapter.
Enhancements to SNMP
MIB in release 14.0 are located in the SNMP MIB Changes chapter.
Enhancements to Web
Element Manager (WEM) in release 14.0 are located in the Web Element Manager Changes chapter.
Firewall Feature
Changes as of September 28, 2012
This section
provides information on Firewall feature changes in release 14.0.
IMPORTANT:
For more information
regarding features in this section, refer to the Firewall Administration
Guide for this release.
New Firewall Features
This section
identifies new Firewall features available in release 14.0.
Modified Firewall
Features
This section
identifies Firewall features modified in release 14.0. There are
two kinds of modified features: enhancements and behavior changes.
Enhancements are feature changes based on customer change requests.
Behavior changes are feature changes that modify an existing behavior
and may result from software error corrections (bug fixes).
Dynamic Access Rules
The stateful packet
inspection feature allows operators to configure rule definitions (ruledefs)
that take active session information into consideration to permit
or deny incoming or outgoing packets. An access ruledef contains
the criteria for multiple actions that could be taken on packets
matching the rules. These rules specify the protocols, source and
destination hosts, source and destination ports, direction of traffic
parameters for a subscriber session to allow or reject the traffic
flow.
Previous Behavior:
When Gx is enabled, “static-and-dynamic” access-rules behave
as static rules.
New Behavior: When
Gx is enabled, “static-and-dynamic” access-rules
behave as dynamic rules. Access ruledefs can be switched on/off
from PCRF (Gx). Charging ruledef attributes can be used for this
purpose. Access ruledefs that need to be switched on/off
must be configured as “dynamic-only” or “static-and-dynamic” in
Firewall-and-NAT policy. If configured as “dynamic-only”,
the rule will be disabled by default and can be switched on from
PCRF. If configured as “static-and-dynamic”, the
rule will behave as “dynamic-only” for Gx enabled
call and as static rule for non-Gx calls.
Firewall Configuration
Management Changes as of September 28, 2012
This section
provides information on Firewall configuration command changes in
release 14.0.
Firewall Performance
Management Changes as of September 28, 2012
This section
provides information on Firewall performance management changes
in release 14.0.
Firewall Security
Management Changes as of September 28, 2012
This section
provides information on Firewall security management changes in
release 14.0.
Firewall Feature
Changes as of June 29, 2012
This section
provides information on Firewall feature changes in release 14.0.
IMPORTANT:
For more information
regarding features in this section, refer to the Firewall Administration
Guide for this release.
New Firewall Features
This section
identifies new Firewall features available in release 14.0.
Modified Firewall
Features
This section
identifies Firewall features modified in release 14.0. There are
two kinds of modified features: enhancements and behavior changes.
Enhancements are feature changes based on customer change requests.
Behavior changes are feature changes that modify an existing behavior
and may result from software error corrections (bug fixes).
Mid-session Firewall
Policy Update Changes
The Firewall-and-NAT
policy can be updated mid-session provided the policy was enabled during
call setup. In this release, Firewall-and-NAT policy can also be
updated during mid-session rulebase update through Gx and Gy. Mid-session
rulebase update support from RADIUS server and CLI is already present.
Previous Behavior:
Firewall-and-NAT policy was not updated during mid-session rulebase
update through Gx and Gy.
New Behavior: Firewall-and-NAT
policy can be updated during Gx/Gy mid-session rulebase
update if the new rulebase has Firewall-and-NAT policy configured
and the old Firewall-and-NAT policy is configured through old rulebase.
Stateful Packet
Inspection Changes
TCP packets with SYN
Flag set and destination port zero are now dropped like TCP packets with
source port zero are dropped.
Firewall Configuration
Management Changes as of June 29, 2012
This section
provides information on Firewall configuration command changes in
release 14.0.
Firewall Performance
Management Changes as of June 29, 2012
This section
provides information on Firewall performance management changes
in release 14.0.
Firewall Security
Management Changes as of June 29, 2012
This section
provides information on Firewall security management changes in
release 14.0.