dynamic_objects

Description

Manages dynamic objects and their applicable ranges of IP addresses on the Security Gateway.

Important - In a Cluster, you must configure all the Cluster Members in the same way.

Workflow

Step

Instructions

1

In SmartConsole:

  1. Define the applicable dynamic object.

  2. Install the Access Control Policy on the Security Gateway.

2

On the Security Gateway, run the dynamic_objects command to:

  1. Create the applicable dynamic object with the same name

  2. Assign the applicable ranges of IP address to the new dynamic object.

Syntax

  • To show all configured dynamic objects and their ranges of IP addresses:

    dynamic_objects -l

  • To create a new dynamic object (and assign a range of IP addresses to it):

    dynamic_objects -n <object_name> [-r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>] -a]

  • To add a new a range of IP addresses to the specific existing dynamic object:

    dynamic_objects -o <object_name> -r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>] -a

  • To delete a range of IP addresses from the specific existing dynamic object:

    dynamic_objects -o <object_name> -r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>] -d

  • To update the specific existing dynamic object (and assign a different range of IP addresses to it):

    dynamic_objects -u <object_name> [-r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>]]

  • To compare the configured dynamic objects and objects configured in SmartConsole:

    dynamic_objects -c

  • To delete the specific existing dynamic object (and all ranges of IP addresses assigned to it):

    dynamic_objects -do <object_name>

  • To delete all the existing dynamic objects (and all ranges of IP addresses assigned to them):

    dynamic_objects -e

Parameters

Parameter

Description

<object_name>

Specifies the name of the object:

  • As defined in SmartConsole

  • As defined with the "dynamic_objects -n <object name>" command

-r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>]

Specifies the ranges of IP addresses in the format of pairs:

<From_IP_Address> <To_IP_Address>

For example, to specify two ranges, from 192.168.2.30 to 192.168.2.40 and from 192.168.2.50 to 192.168.2.60, enter these four IP addresses:

192.168.2.30 192.168.2.40 192.168.2.50 192.168.2.60

-a

Adds the specified ranges of IP addresses to the specified dynamic object.

-c

Compare the dynamic objects in the dynamic objects database ($FWDIR/database/dynamic_objects.db) and in the $FWDIR/conf/objects.C file.

-d

Deletes range of IP addresses from the dynamic object.

-do

Deletes the specified dynamic object.

-e

Deletes all configured dynamic objects from the dynamic objects database ($FWDIR/database/dynamic_objects.db).

-l

Lists the configured dynamic objects in the dynamic objects database ($FWDIR/database/dynamic_objects.db).

-n

Creates a new dynamic object.

-u

Updates the specified dynamic object.

If you specify a range of IP addresses, then the new range replaces all current ranges that are currently assigned to this dynamic object.

Example 1 - Create a new dynamic object named "bigserver" and assign to it the range of IP addresses 192.168.2.30-192.168.2.40

Run either these two commands:

dynamic_objects -n bigserver

dynamic_objects -o bigserver -r 192.168.2.30 192.168.2.40 -a

Or this single command:

dynamic_objects -n bigserver -r 192.168.2.20 192.168.2.40 -a

Example 2 - Update the ranges of IP addresses assigned to the dynamic object named "bigserver" from the current range to the new range 192.168.2.60-192.168.2.80

dynamic_objects -u bigserver -r 192.168.2.60 192.168.2.80