Security Group

To be part of a Security Gateway, a Security Gateway Module (SGM) must belong to a Security Group.

Note - You must run the applicable commands in Gaia gClish of the applicable Security Group.

Viewing SGMs in a Security Group

Syntax

show smo security-group

Adding SGMs to a Security Group

Best Practice - To add new SGMs to an existing Security Group:

Enable the SMO Image Cloning feature in the Security Group.

This feature automatically clones all the required software packages to the new SGMs.

Run in Gaia gClish on the Security Group:

set smo image auto-clone state on

show smo image auto-clone state

Add the new SGMs to the existing Security Group:

add smo security-group <SGM IDs>

Make sure the Security Group is configured correctly (run the command exactly as it appears below):

show smo verifiers print name Security_Group

To optimize connection distribution among the SGMs, update the Security Group with the correct number of the SGMs.

See Configuring the SGM Range.

Disable the SMO Image Cloning feature in the Security Group.

Run in Gaia gClish on the Security Group:

set smo image auto-clone state off

show smo image auto-clone state

Syntax

add smo security-group <SGM IDs>

Parameters

Parameter	Description
`<SGM IDs>`	Applies to Security Group Members as specified by the `<SGM IDs>`. `<SGM IDs>` can be: No `<SGM IDs>` specified, or `all` Applies to all Security Group Members and all Chassis One Security Group Member (for example, `1_1`)

Parameter

Description

<SGM IDs>

Applies to Security Group Members as specified by the <SGM IDs>.

<SGM IDs> can be:

No <SGM IDs> specified, or all

Applies to all Security Group Members and all Chassis
One Security Group Member (for example, 1_1)

Example

[Global] HostName-ch01-01 > add smo security-group 1_1-1_3,2_1-2_3

Deleting SGMs from a Security Group

Syntax

Important - Before you remove an SGM from the Security Gateway, make sure that is it in the DOWN state.

All SGMs that are assigned to the current Security Group and are not part of the new Security Group, must be in the DOWN state.

Otherwise, the command fails.

delete smo security-group <SGM IDs>

Best Practice - After you delete SGMs from an existing Security Group:

Make sure the Security Group is configured correctly (run the command exactly as it appears below):

show smo verifiers print name Security_Group

To optimize connection distribution among the SGMs, update the Security Group with the correct number of the SGMs.

See Configuring the SGM Range.

Parameters

Parameter	Description
`<SGM IDs>`	Applies to Security Group Members as specified by the `<SGM IDs>`. `<SGM IDs>` can be: No `<SGM IDs>` specified, or `all` Applies to all Security Group Members and all Chassis One Security Group Member (for example, `1_1`)

Parameter

Description

<SGM IDs>

Applies to Security Group Members as specified by the <SGM IDs>.

<SGM IDs> can be:

No <SGM IDs> specified, or all

Applies to all Security Group Members and all Chassis
One Security Group Member (for example, 1_1)

Example

[Global] HostName-ch01-01 > delete smo security-group 1_1-1_3,2_1-2_3