fw up_execute
Description
Executes the offline Unified Policy.
This command only supports:
-
Source IP address, Destination IP address, and objects that contain an IP address
-
Simple services objects (based on destination port, source port, and protocol)
-
Protocol detection
-
Application detection
These are not supported:
-
Implied rules
-
All other objects are not supported (Security Zone, Access Roles, Domain Objects, Updatable Objects, Dynamic Objects, Other/DCERPC service, Content awareness, VPN, Resource, Mobile Access application, Time Objects, and so on)
Syntax
|
|
Parameters
|
Parameter |
Description |
||
|---|---|---|---|
|
No Parameters |
Shows the built-in usage. |
||
|
|
Runs the command in debug mode. Use only if you troubleshoot the command itself.
|
||
|
|
IANA Protocol Number in the Hexadecimal format.
For example:
|
||
|
|
Source IP address. |
||
|
|
Destination IP address. |
||
|
|
Source Port number in the Decimal format. |
||
|
|
Destination Port number in the Decimal format.
|
||
|
|
Protocol detection name. For example:
|
||
|
|
Name of the Application/Category as defined in SmartConsole. You can specify multiple applications. |
Example 1
[Expert@MyGW:0]# fw up_execute src=126.200.49.240 dst=10.1.1.1 ipp=1 Rulebase execution ended successfully. Overall status: ---------------- Active clob mask: 0 Required clob mask: 0 Match status: MATCH Match action: Accept Per Layer: ------------ Layer name: Network Layer id: 0 Match status: MATCH Match action: Accept Matched rule: 2 Possible rules: 2 16777215 [Expert@MyGW:0]# |
Example 2
[Expert@MyGW:0]# fw up_execute src=10.1.1.1 ipp=6 dport=8080 protocol=HTTP application=Facebook application=Opera Rulebase execution ended successfully. Overall status: ---------------- Active clob mask: 0 Required clob mask: 0 Match status: MATCH Match action: Accept Per Layer: ------------ Layer name: Network Layer id: 0 Match status: MATCH Match action: Accept Matched rule: 2 Possible rules: 2 16777215 [Expert@MyGW:0]# |