Security Group on Scalable Chassis

To be part of a Security Gateway, a Security Gateway Module (SGM) must belong to a Security Group.

Note - On Scalable Platforms (ElasticXL, Maestro, and Chassis), you must run the applicable commands in Gaia gClish of the applicable Security Group.

Viewing SGMs in a Security Group on Scalable Chassis

Syntax

asg stat

See asg stat.

Adding SGMs to a Security Group on Scalable Chassis

Best Practice - To add new SGMs to an existing Security Group:

Enable the SMO Image Cloning feature in the Security Group.

This feature automatically clones all the required software packages to the new SGMs.

Run in Gaia gClish on the Security Group:

set cluster configuration image auto-clone state on

show cluster configuration image auto-clone state

Add the new SGMs to the existing Security Group:

add smo security-group <SGM IDs>

Make sure the Security Group is configured correctly (see insights):

insights

To optimize connection distribution among the SGMs, update the Security Group with the correct number of the SGMs.

See Configuring the SGM Range on Scalable Chassis.

Disable the SMO Image Cloning feature in the Security Group.

Run in Gaia gClish on the Security Group:

set cluster configuration image auto-clone state on

show cluster configuration image auto-clone state

Syntax

add smo security-group <SGM IDs>

Parameters

Parameter	Description
`<SGM IDs>`	Applies to Security Group Members as specified by the `<SGM IDs>`. `<SGM IDs>` can be: No `<SGM IDs>` specified, or `all` Applies to all Security Group Members and all Sites One Security Group Member (for example, `1_1`) A comma-separated list of Security Group Members (for example, `1_1,1_4`) A range of Security Group Members (for example, `1_1-1_4`) One Site (`chassis1`, or `chassis2`) The Active Site (`chassis_active`)

Parameter

Description

<SGM IDs>

Applies to Security Group Members as specified by the <SGM IDs>.

<SGM IDs> can be:

No <SGM IDs> specified, or all

Applies to all Security Group Members and all Sites
One Security Group Member (for example, 1_1)
A comma-separated list of Security Group Members (for example, 1_1,1_4)
A range of Security Group Members (for example, 1_1-1_4)
One Site (chassis1, or chassis2)
The Active Site (chassis_active)

Example

[Global] HostName-ch01-01 > add smo security-group 1_1-1_3,2_1-2_3

Deleting SGMs from a Security Group on Scalable Chassis

Syntax

Important - Before you remove an SGM from the Security Gateway, make sure that is it in the DOWN state.

All SGMs that are assigned to the current Security Group and are not part of the new Security Group, must be in the DOWN state.

Otherwise, the command fails.

delete smo security-group <SGM IDs>

Best Practice - After you delete SGMs from an existing Security Group:

Make sure the Security Group is configured correctly (see insights):

insights

To optimize connection distribution among the SGMs, update the Security Group with the correct number of the SGMs.

See Configuring the SGM Range on Scalable Chassis.

Parameters

Parameter	Description
`<SGM IDs>`	Applies to Security Group Members as specified by the `<SGM IDs>`. `<SGM IDs>` can be: No `<SGM IDs>` specified, or `all` Applies to all Security Group Members and all Sites One Security Group Member (for example, `1_1`) A comma-separated list of Security Group Members (for example, `1_1,1_4`) A range of Security Group Members (for example, `1_1-1_4`) One Site (`chassis1`, or `chassis2`) The Active Site (`chassis_active`)

Parameter

Description

<SGM IDs>

Applies to Security Group Members as specified by the <SGM IDs>.

<SGM IDs> can be:

No <SGM IDs> specified, or all

Applies to all Security Group Members and all Sites
One Security Group Member (for example, 1_1)
A comma-separated list of Security Group Members (for example, 1_1,1_4)
A range of Security Group Members (for example, 1_1-1_4)
One Site (chassis1, or chassis2)
The Active Site (chassis_active)

Example

[Global] HostName-ch01-01 > delete smo security-group 1_1-1_3,2_1-2_3