'fw sam_policy' and 'fw6 sam

'fw sam_policy' and 'fw6 sam_policy'

Description

Manages the Suspicious Activity Policy editor that lets you work with these types of rules:

Also, see these commands:

Notes:

You can run these commands interchangeably: 'fw sam_policy' and 'fw samp'.
Security Gateway stores the SAM Policy rules in the $FWDIR/database/sam_policy.db file.
The SAM Policy management file is $FWDIR/database/sam_policy.mng.
You can run these commands in Gaia Clish, or Expert mode.

Important:

Configuration you make with these commands, survives reboot.
VSX Gateway does not support Suspicious Activity Policy configured in SmartView Monitor. See sk79700.
The SAM Policy rules consume some CPU resources on Security Gateway. We recommend to set an expiration that gives you time to investigate, but does not affect performance. The best practice is to keep only the SAM Policy rules that you need. If you confirm that an activity is risky, edit the Security Policy, educate users, or otherwise handle the risk.
On VSX Gateway, first go to the context of an applicable Virtual System.
In Gaia Clish, run: set virtual-system <VSID>

In Expert mode, run: vsenv <VSID>
In Cluster, you must configure the SecureXL in the same way on all the Cluster Members.

Syntax for IPv4

fw [-d] sam_policy

add <options>

batch

del <options>

get <options>

fw [-d] samp

add <options>

batch

del <options>

get <options>

Syntax for IPv6

fw6 [-d] sam_policy

add <options>

batch

del <options>

get <options>

fw6 [-d] samp

add <options>

batch

del <options>

get <options>

Parameters

Parameter	Description
`-d`	Runs the command in debug mode. Use only if you troubleshoot the command itself.
`add <`options`>`	Adds one Rate Limiting rule one at a time.
`batch`	Adds or deletes many Rate Limiting rules at a time.
`del <`options`>`	Deletes one configured Rate Limiting rule one at a time.
`get <`options`>`	Shows all the configured Rate Limiting rules.