security firewall global-state-policy <protocol>
Configures the global state parameters for firewall.
If this statement is not configured, the firewall is stateless. In this case, specific rules governing statefulness can be configured within the rule set.
- icmp
- Enable ICMP state monitoring for firewall.
- tcp
- Enable TCP state monitoring for firewall.
- udp
- Enable UDP state monitoring for firewall.
Configuration mode
security {
firewall {
global-state-policy {
icmp
tcp
udp
}
}
}
Use this command to configure a global statefulness policy for traffic associated with established connections and traffic related to these connections.
Setting this configuration node makes the firewall globally stateful.
When configured to be stateful, the firewall tracks the state of network connections and traffic flows and allows or restricts traffic based on whether its connection state is known and authorized. For example, when an initiation flow is allowed in one direction, the stateful firewall automatically allows responder flows in the return direction.
The statefulness policy that is configured applies to all IPv4 and IPv6 traffic, traversing the interface that the rule set is attached to. After the firewall is configured to be globally stateful, this setting overrides any state rules configured within rule sets.
Use the set form of this command to configure a global statefulness policy for firewall.
Use the delete form of this command to delete a global statefulness policy for firewall.
Use the show form of this command to display a global statefulness policy for firewall.