asg_policy

This command is supported only on these:

  • ElasticXL Cluster

  • Maestro Security Group

  • Scalable Chassis Security Group

Notes:

  • You must run the "asg_policy" command in the Expert mode.

  • You can run the "asg policy" command in Gaia gClish or in the Expert mode.

Description

Shows the security policy status.

Controls the installed security policy.

Syntax

Run the "asg_policy" command or the "asg policy" command.

asg_policy -h

asg policy -h

cpha_policy -h

asg policy [-a]

      verify

      verify_amw

      unload [{--ip_forward |--disable_pnotes}]}

Parameters

Parameter

Description

-h

Shows the built-in help.

-a

Includes the Security Group Members that are in the "DOWN" state.

verify

Verifies that the same Access Control policy is installed on all Security Group Members.

verify_amw

Verifies that the same Threat Prevention policy is installed on all Security Group Members.

unload

Warning - Do not use this command.

For security reasons, your Security Group must always have a policy installed.

Unloads the current security policy from all Security Group Members.

  • --ip_forward

    Enables the IP Forwarding in the Linux kernel.

    Warning - This allows all traffic to pass through the Security Group without any inspection.

  • --disable_pnotes

    Configures the corresponding Critical Devices not to report their state as "problem".

Examples

[Expert@SG-s01-01:0]# asg policy verify

+----------------------------------------------------------------------+
|Policy Verification                                                   |
+-------+-------------------+---------------+-----------------+--------+
|Member |Policy Name        |Policy Date    |Policy Signature |Status  |
+-------+-------------------+---------------+-----------------+--------+
|1_01   |Standard           |15Oct24 10:35  |21b8f0ef7        |Success |
|2_01   |Standard           |15Oct24 10:35  |21b8f0ef7        |Success |
+-------+-------------------+---------------+-----------------+--------+


+------------------------------------------------------------------------------+
|Summary                                                                       |
+------------------------------------------------------------------------------+
|Policy Verification completed successfully                                    |
+------------------------------------------------------------------------------+
[Expert@SG-s01-01:0]#
 
[Expert@SG-s01-01:0]# asg policy verify_amw

+------------------------------------------------------+
|AMW Policy Verification                               |
+-------+-------------------+-----------------+--------+
|Member |Policy Name        |Policy Signature |Status  |
+-------+-------------------+-----------------+--------+
|1_01   |Standard           |bd49c351c        |Success |
|2_01   |Standard           |bd49c351c        |Success |
+-------+-------------------+-----------------+--------+


+------------------------------------------------------------------------------+
|Summary                                                                       |
+------------------------------------------------------------------------------+
|AMW Policy Verification completed successfully                                |
+------------------------------------------------------------------------------+

[Expert@SG-s01-01:0]#