info_i_25x25.png Due to unforeseen weather conditions we are experiencing higher chat wait times. Remember you can also submit a ticket and one of our support representatives will get back to you as soon as possible. We apologize for the inconvenience.

EdgeMAX - crear una regla de Firewall

Para crear una regla de firewall, utilice el set o edición comandos (ambos métodos se describen a continuación). Además, utilizar el comparar , descartar , a , top , copia , y cambiar el nombre de comandos. Crear una regla de firewall utilizando la sintaxis completa:

[email protected]:~$ configure
[edit]
[email protected]# set firewall name TEST default-action drop
[edit]
[email protected]# set firewall name TEST enable-default-log
[edit]
[email protected]# set firewall name TEST rule 10 description “allow icmp”
[edit]
[email protected]# set firewall name TEST rule 10 action accept
[edit]
[email protected]# set firewall name TEST rule 10 protocol icmp
[edit]

Para mostrar cambios no confirmados, utilice el comparar comando:

[email protected]# compare
[edit firewall]
+name TEST {
+	default-action drop
+	enable-default-log
+	rule 10 {
+		action accept
+		description “allow icmp”
+		protocol icmp
+	}
+}
[edit]

Para deshacer los cambios no confirmados, utilizar el descartar comando:

[email protected]# discard
Changes have been discarded
[edit]
[email protected]# compare
No changes between working and active configurations
[edit]

Para crear la misma regla de firewall mientras reduce la cantidad de repetición en la sintaxis completa, utilice el edición comando:

[email protected]# edit firewall name TEST
[edit firewall name TEST]
[email protected]#set default-action drop
[edit firewall name TEST]
[email protected]# set enable-default-log
[edit firewall name TEST]
[email protected]#edit rule 10
[edit firewall name TEST rule 10]

¿Prensa de la ? o ficha clave para mostrar opciones para edita el determinado nivel.

[email protected]# set
action	disable	ipsec	p2p	source	time
description	fragment	limit	protocol	state	
destination	icmp	log	recent	tcp	
[edit firewall name TEST rule 10]
[email protected]# set description “allow icmp”
[edit firewall name TEST rule 10]
[email protected]# set action accept
[edit firewall name TEST rule 10]
[email protected]# set protocol icmp
[edit firewall name TEST rule 10]

Para mostrar cambios en el nivel de edición, utilice el comparar comando:

[email protected]# compare
[edit firewall name TEST rule 10]
+action accept
+description “allow icmp”
+protocol icmp
[edit firewall name TEST rule 10]

Para subir un nivel de edición, utilice el a comando:

[email protected]#up
[edit firewall name TEST]
[email protected]# compare
[edit firewall name TEST]
+default-action drop
+enable-default-log
+rule 10 {
+	action accept
+	description “allow icmp”
+	protocol icmp
+}
[edit firewall name TEST]
[email protected]# up
[edit firewall]
[email protected]# compare
[edit firewall]
+name TEST {
+	default-action drop
+	enable-default-log
+	rule 10 {
+		action accept
+		description “allow icmp”
+		protocol icmp
+	}
+}
[edit firewall]

Para volver al nivel superior de edición, utilice el arriba comando:

[email protected]# top
[edit]
[email protected]# compare
[edit firewall]
+name TEST{
+	default-action drop
+	enable-default-log
+	rule 10 {
+		action accept
+		description “allow icmp”
+		protocol icmp
+	}
+}
[edit]

Para mostrar la regla de firewall existente, utilice el Mostrar firewall comando:

[email protected]# show firewall
name WAN1_LOCAL {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
[edit]

Para crear una nueva regla de firewall de una regla de firewall existente, utilice el copia comandos.

[email protected]# edit firewall
[edit firewall]
[email protected]# copy name WAN1_LOCAL to name WAN2_LOCAL
[edit firewall]
[email protected]# commit
[edit firewall]
[email protected]#top
[edit]
[email protected]#show firewall
name WAN1_LOCAL {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
name WAN2_LOCAL {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
[edit]

Para cambiar el nombre de la nueva regla de firewall, utilice el cambiar el nombre de comandos.

[email protected]# edit firewall
[edit firewall]
[email protected]# rename name W[TAB]
WAN1_LOCAL	WAN2_LOCAL
[edit firewall]
[email protected]# rename name WAN2_LOCAL to name WAN2_IN
[edit firewall]
[email protected]# commit
[edit firewall]
[email protected]#top
[edit]
[email protected]# show firewall name
name WAN1_LOCAL {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
name WAN2_IN {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
[edit]
[email protected]#