The following table summarizes the default firewall policy configuration commands:
Click to expand in new window

Firewall-Policy Config Mode Commands

Command Description
acl-logging Enables logging on flow creating traffic
alg Enables an algorithm
clamp Sets a clamp value to limit TCP MSS to inner path-MTU for tunneled packets
dhcp-offer-convert Enables the conversion of broadcast DHCP offers to unicast
dns-snoop Sets the timeout value for DNS entries
firewall Configures the wireless firewall
flow Defines a session flow timeout
ip Configures IP components on this firewall policy
ip-mac Defines an action based on IP-MAC table
ipv6 Configures IPv6 components on this firewall policy
ipv6-mac Defines an action based on IPv6-MAC table
logging Enables enhanced firewall logging
proxy-arp Enables the generation of ARP responses on behalf of another device
proxy-nd Enables the generation of ND responses (for IPv6) on behalf of another device
stateful-packet-inspection-12 Enables stateful packets-inspection in layer 2 firewall
storm-control Defines storm control and logging settings
virtual-defragmentation Enables virtual defragmentation of IPv4 packets
no Negates a command or reverts settings to their default


For more information on common commands (clrscr, commit, help, revert, service, show, write, and exit), see Common Commands.


The input parameter <HOSTNAME>, wherever used in syntaxes across this chapter, cannot include an underscore (_) character. In other words, the name of a device cannot contain an underscore.