Chapter 27 Firewall
UAG CLI Reference Guide
154
27.2.1 Firewall Sub-Commands
The following table describes the sub-commands for several firewall commands.
27.2.2 Firewall Command Examples
These are IPv4 firewall configuration examples.
Table 88 firewall Sub-commands
COMMAND DESCRIPTION
action {allow|deny|reject} Sets the action the UAG takes when packets match this
rule.
[no] activate Enables a firewall rule. The no command disables the
firewall rule.
[no] ctmatch {dnat | snat} Use dnat to block packets sent from a computer on the
UAG’s WAN network from being forwarded to an internal
network according to a virtual server rule.
Use snat to block packets sent from a computer on the
UAG’s internal network from being forwarded to the WAN
network according to a 1:1 NAT or Many 1:1 NAT rule.
The no command forwards the matched packets.
[no] description description Sets a descriptive name (up to 60 printable ASCII
characters) for a firewall rule. The no command removes
the descriptive name from the rule.
[no] destinationip address_object Sets the destination IP address. The no command resets
the destination IP address(es) to the default (any). any
means all IP addresses.
[no] from zone_object Sets the zone on which the packets are received. The no
command removes the zone on which the packets are
received and resets it to the default (any) meaning all
interfaces or VPN tunnels.
[no] log [alert] Sets the UAG to create a log (and optionally an alert) when
packets match this rule. The no command sets the UAG not
to create a log or alert when packets match this rule.
[no] schedule schedule_object Sets the schedule that the rule uses. The no command
removes the schedule settings from the rule.
[no] service service_name Sets the service to which the rule applies. The no command
resets the service settings to the default (any). any means
all services.
[no] sourceip address_object Sets the source IP address(es). The no command resets
the source IP address(es) to the default (any). any
means
all IP addresses.
[no] sourceport {tcp|udp} {eq <1..65535>|range
<1..65535> <1..65535>}
Sets the source port for a firewall rule. The no command
removes the source port from the rule.
[no] to {zone_object|Device} Sets the zone to which the packets are sent. The
no
command removes the zone to which the packets are sent
and resets it to the default (any). any means all interfaces
or VPN tunnels.
[no] user user_name Sets a user-aware firewall rule. The rule is activated only
when the specified user logs into the system. The
no
command resets the user name to the default (any). any
means all users.
To Next Page
Loading...
