No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

SACG Interworks With the TSM, Redefinition of the TSM Interworking Policy by Directly Editing the ACL 3099 Fails

Publication Date:  2012-07-23 Views:  39 Downloads:  0
Issue Description
To grant several hosts the permission for the post-authentication domains without TSM Agent authentication on USG5300 V100R003 interworking with the TSM, a user enters the acl 3099 command in the system view to directly edit the ACL 3099. This command works on USG5300 V100R002, but an error message is displayed upon this command on USG5300 V100R003.
[USG5360]acl 3099
             ^
% Wrong parameter found at '^' position.
Alarm Information
None.
Handling Process
To allow the host at 1.1.1.1, host at 1.1.1.20, and hosts on the network segment 2.2.2.1 to 2.2.2.10 to access post-authentication domains without being authenticated by the TSM agent, run the following commands:
 
[USG5360]policy right-manager
[USG5360-policy-rightmanager]policy 1
[USG5360-policy-rightmanager-1]policy source 1.1.1.1 0
[USG5360-policy-rightmanager-1]policy source 1.1.1.20 0
[USG5360-policy-rightmanager-1]policy source range 2.2.2.1 2.2.2.10 
[USG5360-policy-rightmanager-1]action permit
[USG5360-policy-rightmanager-1]quit
[USG5360-policy-rightmanager]policy 1 enable
 Info: The policy is enabled.
 
Then run the following commands to check whether the previous commands are executed successfully:
 
[USG5360-policy-rightmanager]dis policy right-manager
policy right-manager
 policy 1 (2 times matched)
 action permit
 policy source 1.1.1.1 0
 policy source 1.1.1.20 0
 policy source range 2.2.2.1 2.2.2.10 
 policy destination any
 
Note: By running the display acl 3099 command, a user cannot query the rule.
Root Cause
On USG5300 V100R003, the way of directly editing the ACL3099 does not work anymore.
Instead, users can enter the TSM interworking view by running the policy right-manager command and define relevant policies.
In the TSM interworking view, a user can configure a maximum of 1000 TSM interworking policies by running the policy policy-id command. TSM interworking policies whose IDs range from 0 to 999 occupies rule 0 to rule 999 in ACL 3099.
Suggestions
None.

END