Disable, Dpi-profile, Examples – Amer Networks WLO220T CLI User Manual

C O M M A N D D E S C R I P T I O N S

policy

2

60

CLI Reference Guide

• Permits any kind of service.

set policy from trust to untrust any any any permit

disable

set policy [ global ] id pol_num disable

disable

Disables the policy without removing it from the configuration.

dpi-profile

set policy { . . . } permit { . . . } dpi-profile profile-name

dpi-profile

Specifies a group of connection types to which a connection must belong to use this policy.
The profile must have already been constructed before connecting it to a policy.

Examples

The following command creates a policy that restricts connections to those described in the
profile.

set policy from trust to untrust any any any dpi-profile profile1

from ... to

set policy { ... } from zone1 to zone2 src_addr dst_addr svc_name { ... }
[ ... ]

from zone1 to zone2 src_addr dst_addr svc_name

Specifies two zones between which a policy controls traffic.



zone1 is the name of the source security zone.



zone2 is the name of the destination security zone.



src_addr is the name of the source address. Specifying any allows all source IP

addresses.



dst_addr is the name of the destination address. Specifying any allows all destination

IP addresses.



svc_name is the name of the service. Specifying any identifies all available services.

Example

The following command permits HTTP traffic from any address in the Trust zone to any address
in the Untrust zone:

set policy from trust to untrust any any HTTP permit