HPE Community
WAN Routing
1820057 Members
3072 Online
109608 Solutions
New Discussion

Re: HP 3 Com device need to block ping,SSH to WAN Port

 
SOLVED
Go to solution
shinepothen
Frequent Advisor

‎12-20-2018 09:25 PM

‎12-20-2018 09:25 PM

HP 3 Com device need to block ping,SSH to WAN Port

Hi Team

 

Need your help and suggestion on how can i block ICMP and SSH traffic to my WAN port which is configured with public ip address

Router make and model

H3C Comware Platform Software
Comware Software, Version 5.20, Release 2514P07
Copyright (c) 2004-2015 Hangzhou H3C Tech. Co.

 

 

0 Kudos
5 REPLIES 5
shinepothen
Frequent Advisor

‎12-25-2018 07:28 PM

‎12-25-2018 07:28 PM

Re: HP 3 Com device need to block ping,SSH to WAN Port

HI HP Team

 

Please help me in getting my issue fixed, all help and support is appreciated

0 Kudos
Paul Kurtz
HPE Pro

‎12-25-2018 10:11 PM

‎12-25-2018 10:11 PM

Re: HP 3 Com device need to block ping,SSH to WAN Port

Hi,

You need to create an Acl then apply it to your WAN interface.

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02659226#page13

Some examples here, you will need an advanced ACL.
I am a HPE Employee
shinepothen
Frequent Advisor

‎02-27-2019 08:13 PM

‎02-27-2019 08:13 PM

Re: HP 3 Com device need to block ping,SSH to WAN Port

Thank you Paul for the reply.

I tried to do some acl but the acl rule is not working.

I am new to HP router. it would be helpfull if you can give me an example of the acl commands that i need to enter and attach that acl to the wan interface.

Thank you for all the help and support.

 

 

0 Kudos
Paul Kurtz
HPE Pro

‎03-01-2019 04:36 AM - edited ‎03-01-2019 04:40 AM

‎03-01-2019 04:36 AM - edited ‎03-01-2019 04:40 AM

Solution

Re: HP 3 Com device need to block ping,SSH to WAN Port

Hi in the examples from link in my last post something like this i cant test because i have comware 7 MSR2003. use the ? Also see this post for settings http://thenetworkmonkey.blogspot.com/2012/10/hp-msr-firewall-config-example.html  

[DeviceA] system-view

[DeviceA] acl number 3000
[DeviceA-acl-adv-3000] rule deny any destination-port 22
[DeviceA-acl-adv-3000] rule deny any icmp 
[DeviceA-acl-adv-3000] quit
# Enable IPv4 firewall, and apply IPv4 ACL 3000 to filter outgoing packets on interface Ethernet 0/1.
[DeviceA] firewall enable
[DeviceA] interface ethernet 0/1
[DeviceA-Ethernet0/1] firewall packet-filter 3000 inbound
[DeviceA-Ethernet0/1] quit

I am a HPE Employee
shinepothen
Frequent Advisor

‎03-07-2019 02:12 AM

‎03-07-2019 02:12 AM

Re: HP 3 Com device need to block ping,SSH to WAN Port

Thank you Paul for providing all the help and support.

The mentioned commands help me a lot in getting the issue fixed.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.