dynamic_objects

Description

Manages dynamic objects and their applicable ranges of IP addresses on the Security Gateway / Cluster Members / Scalable Platform Security Group.

Important:

You can run this command only in the Expert mode.
In a Cluster, you must configure all the Cluster Members in the same way.
On Scalable Platforms, you must connect to the applicable Security Group.

Workflow

Step	Instructions
1	In SmartConsole: Configure the applicable dynamic object. Install the Access Control Policy on the Security Gateway / ClusterXL object.
2	On the Security Gateway / each Cluster Member / Security Group, run the "`dynamic_objects`" command to: Create the applicable dynamic object with the same name. Assign the applicable ranges of IP address to the new dynamic object.

Step

Instructions

In SmartConsole:

Configure the applicable dynamic object.
Install the Access Control Policy on the Security Gateway / ClusterXL object.

On the Security Gateway / each Cluster Member / Security Group, run the "dynamic_objects" command to:

Create the applicable dynamic object with the same name.
Assign the applicable ranges of IP address to the new dynamic object.

General syntax on a Security Gateway / Cluster Member in the Expert mode

dynamic_objects <Parameters>

General syntax on a Scalable Platform Security Group in the Expert mode

g_all dynamic_objects <Parameters>

Syntax for specific commands

To show the built-in help:

dynamic_objects -h

To show all configured dynamic objects and their ranges of IP addresses:

dynamic_objects -l

To create a new dynamic object (and assign a range of IP addresses to it):

dynamic_objects -n <Object Name> [-r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>] -a]

To add a new a range of IP addresses to the specific existing dynamic object:

dynamic_objects -o <Object Name> -r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>] -a

To delete a range of IP addresses from the specific existing dynamic object:

dynamic_objects -o <Object Name> -r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>] -d

To update the specific existing dynamic object (and assign a different range of IP addresses to it):

dynamic_objects -u <Object Name> [-r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>]]

To compare the configured dynamic objects and objects configured in SmartConsole:

dynamic_objects -c

To delete the specific existing dynamic object (and all ranges of IP addresses assigned to it):

dynamic_objects -do <Object Name>

To delete all the existing dynamic objects (and all ranges of IP addresses assigned to them):

dynamic_objects -e

Parameters

Parameter

Description

-h

Show the built-in help.

<Object Name>

Specifies the name of the object:

As configured in SmartConsole
As configured with the "dynamic_objects -n <object name>" command

-a

Adds the specified ranges of IP addresses to the specified dynamic object.

-c

Compare all the dynamic objects between these two databases on the Security Cluster:

The local database with dynamic objects:

$FWDIR/database/dynamic_objects.db
The local copy of the Management Server database with all relevant objects:

$FWDIR/conf/objects.C

-cfo_show

Shows a list of IP addresses for all Generic Data Center (Custom Feed) objects.

-d

Deletes range of IP addresses from the specified dynamic object.

-do <Name of Domain>

Deletes the specified dynamic object (and all ranges of IP addresses assigned to it).

-e

Deletes all configured dynamic objects from the dynamic objects database ($FWDIR/database/dynamic_objects.db).

-efo_show

Shows a list of IP addresses for all Network Feed objects.

This parameter does not show Domains.

-efo <Name of Network Feed>

Shows a list of Domains and IP ranges related to the specified Network Feed object.

-f <Path to File>

Loads the "dynamic_objects" commands from the specified file.

The parameter "-f" supports only these parameters in the same command:

-a
-d
-do
-n
-o
-r
-u

-ip <IP Address>

Lists all objects containing the specified IPv4 or IPv6 address.

-l

Lists the dynamic objects configured in the dynamic objects database ($FWDIR/database/dynamic_objects.db).

-lo <Object Name>

Shows the specified dynamic object.

-n <Object Name>

Creates a new dynamic object.

-o <Object Name>

Specifies the dynamic object.

-policy <IP Address or Domain Name>

Shows all dynamically-updated objects used in the policy which are associated with the specified IP address or Domain name.

-r <FromIP1> <ToIP2> ... [<FromIPx> <ToIPy>]

Specifies the ranges of IP addresses in the format of pairs:

<From_IP_Address> <To_IP_Address>

For example, to specify two ranges, from 192.168.2.30 to 192.168.2.40 and from 192.168.2.50 to 192.168.2.60, enter these four IP addresses:

192.168.2.30 192.168.2.40 192.168.2.50 192.168.2.60

-u <Object Name>

Updates the specified dynamic object.

If you specify a range of IP addresses, then the new range replaces all current ranges that are currently assigned to this dynamic object.

-uo <Object Name>

Shows a list of IP addresses and Domains related to the specified Updatable object.

Example 1 - Create a new dynamic object named "bigserver" and assign to it the range of IP addresses 192.168.2.30-192.168.2.40

Run either these two commands:

dynamic_objects -n bigserver

dynamic_objects -o bigserver -r 192.168.2.30 192.168.2.40 -a

Or this single command:

dynamic_objects -n bigserver -r 192.168.2.20 192.168.2.40 -a

Example 2 - Update the ranges of IP addresses assigned to the dynamic object named "bigserver" from the current range to the new range 192.168.2.60-192.168.2.80

dynamic_objects -u bigserver -r 192.168.2.60 192.168.2.80