asg_excp_conf

This command is supported only on these:

  • ElasticXL Cluster

  • Maestro Security Group

  • Scalable Chassis Security Group

Note - You must run this command in the Expert mode.

Description

You can configure the Security Group to forward specific inbound connections to the SMO Security Group Member.

Important:

  • This command supports only IPv4 connections.

  • This command does not support local outgoing connections that the Security Group initiates.

  • In VSNext / Traditional VSX mode, you must run this command in the context of the applicable Virtual Gateway / Legacy Virtual System.

  • This command supports a maximum of 15 exceptions

    (in the Traditional VSX mode, this limit is global for all Virtual Systems).

  • These exceptions are saved in the $FWDIR/tmp/tmp_exception_entries.txt file

    (IPv4 addresses are converted to a special format).

Syntax

asg_excp_conf

      clear

      del <ID>

      get

      set <Type> <Source IP Address> <Source Port> <Destination IP Address> <Destination Port>

Parameters

Parameter

Description

No Parameters

Shows the built-in help.

clear

Deletes all exception entries.

del <ID>

Deletes the specified exception entry.

Use the "get" parameter to see the IDs.

ID numbers start from 0 (zero).

get

Shows all exception entries and their IDs.

set <Parameters>

Configures a new exception entry.

Notes:

  • This command does not support wildcard characters (* or ?) or the word "any".

    You must always configure the exact values of the connection 4-tuple.

  • The order of these arguments is predefined (for example, "<src_ip>" is always the second argument).

The "<Type>" parameter configures the match condition - which connection parameters the Security Group must consider.

Although you configure all connection parameters, the Security Group uses only specific parameters determined by the "<Type>" value.

The exception type is one of these values:

  • 1 - Matches the inbound connection by the Source IP address

  • 2 - Matches the inbound connection by the Destination IP address

  • 3 - Matches the inbound connection by the Source port

  • 4 - Matches the inbound connection by the Destination port

  • 5 - Matches the inbound connection by the Source IP address + Destination IP address

  • 6 - Matches the inbound connection by the Source IP address + Source port

  • 7 - Matches the inbound connection by the Source IP address + Destination port

  • 8 - Matches the inbound connection by the Destination IP address + Source port

  • 9 - Matches the inbound connection by the Destination IP address + Destination port

  • 10 - Matches the inbound connection by the Source port + Destination port

  • 11 - Matches the inbound connection by the Source IP address + Destination IP address + Source port

  • 12 - Matches the inbound connection by the Source IP address + Destination IP address + Destination port

  • 13 - Matches the inbound connection by the Source IP address + Source port + Destination port

  • 14 - Matches the inbound connection by the destination IP address + Source port + Destination port

  • 15 - Matches the inbound connection by the Source IP address + Destination IP address + Source port + Destination port

Examples

[Expert@SG-s01-01:0] asg_excp_conf set 2 192.168.20.30 40000 172.16.40.50 80
1_01:
Exception entry added successfuly.
1_02:
Exception entry added successfuly.
1_03:
Exception entry added successfuly.
1_04:
Exception entry added successfuly.
2_01:
Exception entry added successfuly.
2_02:
Exception entry added successfuly.
2_03:
Exception entry added successfuly.
2_04:
Exception entry added successfuly.
[Expert@SG-s01-01:0]
 
[Expert@SG-s01-01:0] asg_excp_conf get
1_01:
------------------------------------------------------ Exceptions table: ------------------------------------------------------
0 : Exception Type 2 , Source IP: 192.168.20.30  , Source Port: 40000 , Destination IP: 172.16.40.50    Destination Port     80
1 : Exception Type 4 , Source IP: 192.168.20.30  , Source Port: 50000 , Destination IP: 172.16.40.50    Destination Port   8080
-------------------------------------------------------------------------------------------------------------------------------
1_02:
------------------------------------------------------ Exceptions table: ------------------------------------------------------
0 : Exception Type 2 , Source IP: 192.168.20.30  , Source Port: 40000 , Destination IP: 172.16.40.50    Destination Port     80
1 : Exception Type 4 , Source IP: 192.168.20.30  , Source Port: 50000 , Destination IP: 172.16.40.50    Destination Port   8080
-------------------------------------------------------------------------------------------------------------------------------
1_03:
------------------------------------------------------ Exceptions table: ------------------------------------------------------
0 : Exception Type 2 , Source IP: 192.168.20.30  , Source Port: 40000 , Destination IP: 172.16.40.50    Destination Port     80
1 : Exception Type 4 , Source IP: 192.168.20.30  , Source Port: 50000 , Destination IP: 172.16.40.50    Destination Port   8080
-------------------------------------------------------------------------------------------------------------------------------
1_04:
------------------------------------------------------ Exceptions table: ------------------------------------------------------
0 : Exception Type 2 , Source IP: 192.168.20.30  , Source Port: 40000 , Destination IP: 172.16.40.50    Destination Port     80
1 : Exception Type 4 , Source IP: 192.168.20.30  , Source Port: 50000 , Destination IP: 172.16.40.50    Destination Port   8080
-------------------------------------------------------------------------------------------------------------------------------
2_01:
------------------------------------------------------ Exceptions table: ------------------------------------------------------
0 : Exception Type 2 , Source IP: 192.168.20.30  , Source Port: 40000 , Destination IP: 172.16.40.50    Destination Port     80
1 : Exception Type 4 , Source IP: 192.168.20.30  , Source Port: 50000 , Destination IP: 172.16.40.50    Destination Port   8080
-------------------------------------------------------------------------------------------------------------------------------
2_02:
------------------------------------------------------ Exceptions table: ------------------------------------------------------
0 : Exception Type 2 , Source IP: 192.168.20.30  , Source Port: 40000 , Destination IP: 172.16.40.50    Destination Port     80
1 : Exception Type 4 , Source IP: 192.168.20.30  , Source Port: 50000 , Destination IP: 172.16.40.50    Destination Port   8080
-------------------------------------------------------------------------------------------------------------------------------
2_03:
------------------------------------------------------ Exceptions table: ------------------------------------------------------
0 : Exception Type 2 , Source IP: 192.168.20.30  , Source Port: 40000 , Destination IP: 172.16.40.50    Destination Port     80
1 : Exception Type 4 , Source IP: 192.168.20.30  , Source Port: 50000 , Destination IP: 172.16.40.50    Destination Port   8080
-------------------------------------------------------------------------------------------------------------------------------
2_04:
------------------------------------------------------ Exceptions table: ------------------------------------------------------
0 : Exception Type 2 , Source IP: 192.168.20.30  , Source Port: 40000 , Destination IP: 172.16.40.50    Destination Port     80
1 : Exception Type 4 , Source IP: 192.168.20.30  , Source Port: 50000 , Destination IP: 172.16.40.50    Destination Port   8080
-------------------------------------------------------------------------------------------------------------------------------
[Expert@SG-s01-01:0]
 
[Expert@SG-s01-01:0]# asg_excp_conf del 0
1_01:
Exception ID 0 deleted
1_02:
Exception ID 0 deleted
1_03:
Exception ID 0 deleted
1_04:
Exception ID 0 deleted
2_01:
Exception ID 0 deleted
2_02:
Exception ID 0 deleted
2_03:
Exception ID 0 deleted
2_04:
Exception ID 0 deleted
[Expert@SG-s01-01:0]
 
[Expert@SG-s01-01:0] asg_excp_conf clear
1_01:
Exception table cleared
1_02:
Exception table cleared
1_03:
Exception table cleared
1_04:
Exception table cleared
2_01:
Exception table cleared
2_02:
Exception table cleared
2_03:
Exception table cleared
2_04:
Exception table cleared
[Expert@SG-s01-01:0]