Firewall configuration
Digi TransPort User Guide 680
Keeping a route out of service and using recovery with a list of
addresses
This expands on the functionality above, and gives the ability to check connectivity to a range of
addresses using a ping command. It is possible to specify an address list that the recovery
mechanism will ping in turn to see if any respond. This helps ensure that even when one, two, or
three destinations cannot be reached due to an outage on the remote network, the connection
will be made available again if at least one of the addresses in the list responds.
The address lists are created using the following syntax:
#addrs <list-name
> <address1,addre
ss2,address3,addr
ess4>
Address lists can span multiple lines if required, for example:
#addrs <list-name
> <address1,addre
ss2>
#addrs <list-name
> <address3,addre
ss4>
The address list is called using the recovery option pingl. An example firewall rule is:
pass out break end on PPP 1 proto ICMP from 10.1.1.1 to 10.1.2.1 inspect-state oos 60 t=10
c=5 d=10 r=pingl listA ,120,10 rd=3 dt=60
This rule allows pings outbound, and on detecting a communication failure it uses pings to a
address list named listA. The address list named listA could look like this:
#addrs listA 10.1.2.1,10.1.3.1,10.1.4.1,10.1.5.1
#addrs listA 10.1.6.1,10.2.1.1,10.2.2.1
This causes the recovery to ping the range of address shown in the list above.
To Next Page
Loading...
