No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU
Knowledge Base

The Tme-based ACL Policy of the USG Fails Due to Improper Time Range Configuration

Publication Date:  2012-07-16  |   Views:  473  |   Downloads:  0  |   Author:  Liumin001  |   Document ID:  EKB1000000384

Contents
Issue Description Alarm Information Handling Process Root Cause Suggestions

Issue Description

A user configures the time range, associates the time range with the ACL, and applies the ACL policy to interzones. The policy is ineffective during the time range. The configuration is as follows:
acl number 3001
 rule 110 deny ip source 58.194.0.0 0.0.255.255 time-range downtime
 rule 111 deny ip source 172.16.141.0 0.0.0.255 time-range downtime
……
 time-range downtime 23:00 to tomorrow 05:00 Thu Wed Tue Mon Sun
……
firewall interzone trust untrust
 packet-filter 3000 inbound
 packet-filter 3001 outbound

Alarm Information

None.

Handling Process

Divide the time range policy as follows.
 time-range downtime 23:00 to 23:59 Thu Wed Tue Mon Sun
 time-range downtime 00:00 to 05:00 Thu Wed Tue Mon Sun
Perform a test, and observe the result. The fault is rectified.

Root Cause

The time range configuration is improper.

Suggestions

If the parameter tomorrow is added to the time-range command, only one week day parameter can be added to the command.
Suggestion: R&D engineers are advised to pose limitation on week day parameters added to the time-range command with the parameter tomorrow.
Feedback
Related resources
Documentation Software Download Bulletins Tools
Related searches
By Author
Help us to improve
Write an article
Enterprise APP

Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.