HPE Community
WAN Routing
1752749 Members
4861 Online
108789 Solutions
New Discussion юеВ

Re: HP 3 Com device need to block ping,SSH to WAN Port

 
SOLVED
Go to solution
shinepothen
Frequent Advisor

тАО12-20-2018 09:25 PM

тАО12-20-2018 09:25 PM

HP 3 Com device need to block ping,SSH to WAN Port

Hi Team

 

Need your help and suggestion on how can i block ICMP and SSH traffic to my WAN port which is configured with public ip address

Router make and model

H3C Comware Platform Software
Comware Software, Version 5.20, Release 2514P07
Copyright (c) 2004-2015 Hangzhou H3C Tech. Co.

 

 

0 Kudos
5 REPLIES 5
shinepothen
Frequent Advisor

тАО12-25-2018 07:28 PM

тАО12-25-2018 07:28 PM

Re: HP 3 Com device need to block ping,SSH to WAN Port

HI HP Team

 

Please help me in getting my issue fixed, all help and support is appreciated

0 Kudos
Paul Kurtz
HPE Pro

тАО12-25-2018 10:11 PM

тАО12-25-2018 10:11 PM

Re: HP 3 Com device need to block ping,SSH to WAN Port

Hi,

You need to create an Acl then apply it to your WAN interface.

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02659226#page13

Some examples here, you will need an advanced ACL.
I am a HPE Employee
shinepothen
Frequent Advisor

тАО02-27-2019 08:13 PM

тАО02-27-2019 08:13 PM

Re: HP 3 Com device need to block ping,SSH to WAN Port

Thank you Paul for the reply.

I tried to do some acl but the acl rule is not working.

I am new to HP router. it would be helpfull if you can give me an example of the acl commands that i need to enter and attach that acl to the wan interface.

Thank you for all the help and support.

 

 

0 Kudos
Paul Kurtz
HPE Pro

тАО03-01-2019 04:36 AM - edited тАО03-01-2019 04:40 AM

тАО03-01-2019 04:36 AM - edited тАО03-01-2019 04:40 AM

Solution

Re: HP 3 Com device need to block ping,SSH to WAN Port

Hi in the examples from link in my last post something like this i cant test because i have comware 7 MSR2003. use the ? Also see this post for settings http://thenetworkmonkey.blogspot.com/2012/10/hp-msr-firewall-config-example.html  

[DeviceA] system-view

[DeviceA] acl number 3000
[DeviceA-acl-adv-3000] rule deny any destination-port 22
[DeviceA-acl-adv-3000] rule deny any icmp 
[DeviceA-acl-adv-3000] quit
# Enable IPv4 firewall, and apply IPv4 ACL 3000 to filter outgoing packets on interface Ethernet 0/1.
[DeviceA] firewall enable
[DeviceA] interface ethernet 0/1
[DeviceA-Ethernet0/1] firewall packet-filter 3000 inbound
[DeviceA-Ethernet0/1] quit

I am a HPE Employee
shinepothen
Frequent Advisor

тАО03-07-2019 02:12 AM

тАО03-07-2019 02:12 AM

Re: HP 3 Com device need to block ping,SSH to WAN Port

Thank you Paul for providing all the help and support.

The mentioned commands help me a lot in getting the issue fixed.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.