To grant several hosts the permission for the post-authentication domains without TSM Agent authentication on USG5300 V100R003 interworking with the TSM, a user enters the acl 3099 command in the system view to directly edit the ACL 3099. This command works on USG5300 V100R002, but an error message is displayed upon this command on USG5300 V100R003. [USG5360]acl 3099 ^ % Wrong parameter found at '^' position.
To allow the host at 188.8.131.52, host at 184.108.40.206, and hosts on the network segment 220.127.116.11 to 18.104.22.168 to access post-authentication domains without being authenticated by the TSM agent, run the following commands:
[USG5360]policy right-manager [USG5360-policy-rightmanager]policy 1 [USG5360-policy-rightmanager-1]policy source 22.214.171.124 0 [USG5360-policy-rightmanager-1]policy source 126.96.36.199 0 [USG5360-policy-rightmanager-1]policy source range 188.8.131.52 184.108.40.206 [USG5360-policy-rightmanager-1]action permit [USG5360-policy-rightmanager-1]quit [USG5360-policy-rightmanager]policy 1 enable Info: The policy is enabled.
Then run the following commands to check whether the previous commands are executed successfully:
[USG5360-policy-rightmanager]dis policy right-manager policy right-manager policy 1 (2 times matched) action permit policy source 220.127.116.11 0 policy source 18.104.22.168 0 policy source range 22.214.171.124 126.96.36.199 policy destination any
Note: By running the display acl 3099 command, a user cannot query the rule.
On USG5300 V100R003, the way of directly editing the ACL3099 does not work anymore.
Instead, users can enter the TSM interworking view by running the policy right-manager command and define relevant policies.
In the TSM interworking view, a user can configure a maximum of 1000 TSM interworking policies by running the policypolicy-id command. TSM interworking policies whose IDs range from 0 to 999 occupies rule 0 to rule 999 in ACL 3099.