Residential firewalls are provisioned in three steps.
A firewall domain is created in the router or VPRN where the firewall is connected to an unsafe network, such as the Internet. In this domain, a list of prefixes specify which prefixes are subject to firewall rules.
A firewall policy is created that specifies operational rules for the firewall and which domain should be used.
The firewall policy is linked to an ESM subscriber using the subscriber profile.
Node# /configure service vprn 4 firewall
Node>config>service>vprn>firewall# info
----------------------------------------------
domain "domain_4" nat-group 1 create
prefix 2001:DB8::/32 create
exit
no shutdown
exit
----------------------------------------------
Node# /configure service nat
Node>config>service>nat# info
----------------------------------------------
firewall-policy "firewall_4" create
description "IPv6 Firewall policy for VPRN 4"
domain router 4 name "domain_4"
filtering address-and-port-dependent
exit
----------------------------------------------
Node# /configure subscriber-mgmt
Node>config>subscr-mgmt# info
----------------------------------------------
sub-profile "profile_1" create
firewall-policy "firewall_4"
exit
----------------------------------------------