809You can apply an ASPF policy to both the inbound and outbound directions of an interface.Examples# Apply ASPF policy 1 to the outbound direction of GigabitEthernet 1/0/1. system-view[Sysname] interface gigabitethernet 1/0/1[Sysname-GigabitEthernet1/0/1] aspf apply policy 1 outboundRelated commandsaspf policydisplay aspf alldisplay aspf interfaceaspf apply policy (zone pair view)Use aspf apply policy to apply an ASPF policy to a zone pair.Use undo aspf apply policy to remove an ASPF policy application from a zone pair.Syntaxaspf apply policy aspf-policy-numberundo aspf apply policy aspf-policy-numberDefaultThe system applies the predefined ASPF policy to a zone pair when the zone pair is created.ViewsZone pair viewPredefined user rolesnetwork-adminParametersaspf-policy-number: Specifies an ASPF policy number, in the range of 1 to 256.Usage guidelinesWith the predefined policy, ASPF inspects FTP packets and packets of all transport layer protocols,but it does not perform ICMP error message check or the TCP SYN packet check.The predefined ASPF policy cannot be modified. To change the ASPF policy application, define anASPF policy and apply it to the zone pair.If you execute this command multiple times, the most recent configuration takes effect.Examples# Apply an ASPF policy to a zone pair. system-view[Sysname] security-zone name trust[Sysname-security-zone-Trust] import interface gigabitethernet 1/0/1[Sysname-security-zone-Trust] quit[Sysname] security-zone name untrust[Sysname-security-zone-Untrust] import interface gigabitethernet 1/0/2[Sysname-security-zone-Untrust] quit[Sysname] zone-pair security source trust destination untrust