config firewall local-in-policy
Configure user defined IPv4 local-in policies.
config firewall local-in-policy Description: Configure user defined IPv4 local-in policies. edit <policyid> set action [accept|deny] set comments {var-string} set dstaddr <name1>, <name2>, ... set dstaddr-negate [enable|disable] set ha-mgmt-intf-only [enable|disable] set internet-service-src [enable|disable] set internet-service-src-custom <name1>, <name2>, ... set internet-service-src-custom-group <name1>, <name2>, ... set internet-service-src-group <name1>, <name2>, ... set internet-service-src-name <name1>, <name2>, ... set internet-service-src-negate [enable|disable] set intf <name1>, <name2>, ... set schedule {string} set service <name1>, <name2>, ... set service-negate [enable|disable] set srcaddr <name1>, <name2>, ... set srcaddr-negate [enable|disable] set status [enable|disable] set uuid {uuid} set virtual-patch [enable|disable] next end
config firewall local-in-policy
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
action |
Action performed on traffic matching the policy. |
option |
- |
deny |
||||||
|
|
|||||||||
comments |
Comment. |
var-string |
Maximum length: 1023 |
|
||||||
dstaddr |
Destination address object from available options. Address name. |
string |
Maximum length: 79 |
|
||||||
dstaddr-negate |
When enabled dstaddr specifies what the destination address must NOT be. |
option |
- |
disable |
||||||
|
|
|||||||||
ha-mgmt-intf-only |
Enable/disable dedicating the HA management interface only for local-in policy. |
option |
- |
disable |
||||||
|
|
|||||||||
internet-service-src |
Enable/disable use of Internet Services in source for this local-in policy. If enabled, source address is not used. |
option |
- |
disable |
||||||
|
|
|||||||||
internet-service-src-custom |
Custom Internet Service source name. Custom Internet Service name. |
string |
Maximum length: 79 |
|
||||||
internet-service-src-custom-group |
Custom Internet Service source group name. Custom Internet Service group name. |
string |
Maximum length: 79 |
|
||||||
internet-service-src-group |
Internet Service source group name. Internet Service group name. |
string |
Maximum length: 79 |
|
||||||
internet-service-src-name |
Internet Service source name. Internet Service name. |
string |
Maximum length: 79 |
|
||||||
internet-service-src-negate |
When enabled internet-service-src specifies what the service must NOT be. |
option |
- |
disable |
||||||
|
|
|||||||||
intf |
Incoming interface name from available options. Address name. |
string |
Maximum length: 79 |
|
||||||
policyid |
User defined local in policy ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||
schedule |
Schedule object from available options. |
string |
Maximum length: 35 |
|
||||||
service |
Service object from available options. Service name. |
string |
Maximum length: 79 |
|
||||||
service-negate |
When enabled service specifies what the service must NOT be. |
option |
- |
disable |
||||||
|
|
|||||||||
srcaddr |
Source address object from available options. Address name. |
string |
Maximum length: 79 |
|
||||||
srcaddr-negate |
When enabled srcaddr specifies what the source address must NOT be. |
option |
- |
disable |
||||||
|
|
|||||||||
status |
Enable/disable this local-in policy. |
option |
- |
enable |
||||||
|
|
|||||||||
uuid |
Universally Unique Identifier (UUID; automatically assigned but can be manually reset). |
uuid |
Not Specified |
00000000-0000-0000-0000-000000000000 |
||||||
virtual-patch |
Enable/disable virtual patching. |
option |
- |
disable |
||||||
|
|