dynamic_objects
Description
Manages dynamic objects and their applicable ranges of IP addresses on the Security Gateway.
Important - In cluster, you must configure all the Cluster Members in the same way.
Workflow
Step
|
Description
|
1
|
In SmartConsole:
- Define the applicable dynamic object.
- Install the Access Control Policy on the Security Gateway.
|
2
|
On the Security Gateway (with the dynamic_objects command):
- Create the applicable dynamic object with the same name
- Assign the applicable ranges of IP address to the new dynamic object.
|
Syntax
- To show all configured dynamic objects and their ranges of IP addresses:
- To create a new dynamic object (and assign a range of IP addresses to it):
dynamic_objects -n <object_name> [-r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>] -a]
|
- To add a new a range of IP addresses to the specific existing dynamic object:
dynamic_objects -o <object_name> -r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>] -a
|
- To delete a range of IP addresses from the specific existing dynamic object:
dynamic_objects -o <object_name> -r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>] -d
|
- To update the specific existing dynamic object (and assign a different range of IP addresses to it):
dynamic_objects -u <object_name> [-r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>]]
|
- To compare the configured dynamic objects and objects configured in SmartConsole:
- To delete the specific existing dynamic object (and all ranges of IP addresses assigned to it):
dynamic_objects -do <object_name>
|
- To delete all the existing dynamic objects (and all ranges of IP addresses assigned to them):
Parameters
Parameter
|
Description
|
<object_name>
|
Specifies the name of the object:
- As defined in SmartConsole
- As defined with the
dynamic_objects -n <object name> command
|
-r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>]
|
Specifies the ranges of IP addresses in the format of pairs:
"From_IP_Address To_IP_Address"
For example, to specify two ranges, from 192.168.2.30 to 192.168.2.40 and from 192.168.2.50 to 192.168.2.60, enter these four IP addresses:
192.168.2.30 192.168.2.40 192.168.2.50 192.168.2.60
|
-a
|
Adds the specified ranges of IP addresses to the specified dynamic object.
|
-c
|
Compare the dynamic objects in the dynamic objects database ($FWDIR/database/dynamic_objects.db) and in the $FWDIR/conf/objects.C file.
|
-d
|
Deletes range of IP addresses from the dynamic object.
|
-do
|
Deletes the specified dynamic object.
|
-e
|
Deletes all configured dynamic objects from the dynamic objects database ($FWDIR/database/dynamic_objects.db).
|
-l
|
Lists the configured dynamic objects in the dynamic objects database ($FWDIR/database/dynamic_objects.db).
|
-n
|
Creates a new dynamic object.
|
-u
|
Updates the specified dynamic object.
If you specify a range of IP addresses, then the new range replaces all current ranges that are currently assigned to this dynamic object.
|
Example - Create a new dynamic object named "bigserver" and assign to it the range of IP addresses 192.168.2.30-192.168.2.40
Run these commands:
dynamic_objects -n bigserver
dynamic_objects -o bigserver -r 192.168.2.30 192.168.2.40 -a
|
Or run this one command:
dynamic_objects -n bigserver -r 192.168.2.20 192.168.2.40 -a
|
Example - Update the ranges of IP addresses assigned to the dynamic object named "bigserver" from the current range to the new range 192.168.2.60-192.168.2.80
dynamic_objects -u bigserver -r 192.168.2.60 192.168.2.80
|
