Configuring the Firewall Filter for Any Family Type (NSM Procedure)

You can specify any to filter packets based upon protocol-independent fields.

To configure firewall filter in NSM:

In the NSM navigation tree, select Device Manager > Devices.
Click the Device Tree tab, and then double-click the device to select it.
Click the Configuration tab. In the configuration tree, expand Firewall > Family > Any.
Add or modify settings as specified in Table 214.
Click one:
- OK—Saves the changes.
- Cancel—Cancels the modifications.

Table 214: Firewall Filter Configuration Details

Task	Your Action
Configure firewall filters for protocol-independent match conditions.	Expand Any. In the Comment box, enter the comment for Any. Click Filter next to Any. Click Add new entry next to Filter. In the name box, enter the name that identifies the filter. In the Comment box, enter the comment for the filter. Expand Filter. Click Term next to Filter. Click Add new entry next to Term. Expand Term. In the Name box, enter the name that identifies the term. In the Comment box, enter the comment for the term. Expand From. From the listed protocol-independent match conditions, select the filters defined for the any family type. The protocol-independent match conditions are Forwarding Class, Interface, Interface Set, Loss Priority, and Packet Length. Expand Then. In the Comment box, enter the comment for then. In the Count box, enter the number of packets. From the Loss Priority list, set the packet loss priority (PLP) to low, medium-low, medium-high, or high. In the Forwarding Class box, enter the packet forwarding class name. Click Accept next to Then. Select one of the following: Accept—To accept a packet. Discard—To discard a packet silently, without sending an ICMP message. Next—To evaluate the next term in the firewall filter. Click Policer next to Then. Select one of the following: policer—To configure a new policer for each filter and select the policer name. three-color-policer—To configure a tricolor marking policer. Expand Three Color Policer. Click Single Rate next to Three Color Policer. Select one of the following: single-rate—if the named tricolor policer is a single-rate policer. two-rate—if the named tricolor policer is a two-rate policer.

Task

Your Action

Configure firewall filters for protocol-independent match conditions.

Expand Any.
In the Comment box, enter the comment for Any.
Click Filter next to Any.
Click Add new entry next to Filter.
In the name box, enter the name that identifies the filter.
In the Comment box, enter the comment for the filter.
Expand Filter.
Click Term next to Filter.
Click Add new entry next to Term.
Expand Term.
In the Name box, enter the name that identifies the term.
In the Comment box, enter the comment for the term.
Expand From.
From the listed protocol-independent match conditions, select the filters defined for the any family type.
The protocol-independent match conditions are Forwarding Class, Interface, Interface Set, Loss Priority, and Packet Length.
Expand Then.
In the Comment box, enter the comment for then.
In the Count box, enter the number of packets.
From the Loss Priority list, set the packet loss priority (PLP) to low, medium-low, medium-high, or high.
In the Forwarding Class box, enter the packet forwarding class name.
Click Accept next to Then.
Select one of the following:
- Accept—To accept a packet.
- Discard—To discard a packet silently, without sending an ICMP message.
- Next—To evaluate the next term in the firewall filter.
Click Policer next to Then.
Select one of the following:
- policer—To configure a new policer for each filter and select the policer name.
- three-color-policer—To configure a tricolor marking policer.
  1. Expand Three Color Policer.
  2. Click Single Rate next to Three Color Policer.
  3. Select one of the following:
    - single-rate—if the named tricolor policer is a single-rate policer.
    - two-rate—if the named tricolor policer is a two-rate policer.

Configuring the Firewall Filter for Any Family Type (NSM Procedure)

Related Documentation