SACG Interworks With the TSM, Redefinition of the TSM Interworking Policy by Directly Editing the ACL 3099 Fails
Publication Date: 2012-07-23Views: 93Downloads: 0
To grant several hosts the permission for the post-authentication domains without TSM Agent authentication on USG5300 V100R003 interworking with the TSM, a user enters the acl 3099 command in the system view to directly edit the ACL 3099. This command works on USG5300 V100R002, but an error message is displayed upon this command on USG5300 V100R003. [USG5360]acl 3099 ^ % Wrong parameter found at '^' position.
To allow the host at 126.96.36.199, host at 188.8.131.52, and hosts on the network segment 184.108.40.206 to 220.127.116.11 to access post-authentication domains without being authenticated by the TSM agent, run the following commands:
[USG5360]policy right-manager [USG5360-policy-rightmanager]policy 1 [USG5360-policy-rightmanager-1]policy source 18.104.22.168 0 [USG5360-policy-rightmanager-1]policy source 22.214.171.124 0 [USG5360-policy-rightmanager-1]policy source range 126.96.36.199 188.8.131.52 [USG5360-policy-rightmanager-1]action permit [USG5360-policy-rightmanager-1]quit [USG5360-policy-rightmanager]policy 1 enable Info: The policy is enabled.
Then run the following commands to check whether the previous commands are executed successfully:
[USG5360-policy-rightmanager]dis policy right-manager policy right-manager policy 1 (2 times matched) action permit policy source 184.108.40.206 0 policy source 220.127.116.11 0 policy source range 18.104.22.168 22.214.171.124 policy destination any
Note: By running the display acl 3099 command, a user cannot query the rule.
On USG5300 V100R003, the way of directly editing the ACL3099 does not work anymore.
Instead, users can enter the TSM interworking view by running the policy right-manager command and define relevant policies.
In the TSM interworking view, a user can configure a maximum of 1000 TSM interworking policies by running the policypolicy-id command. TSM interworking policies whose IDs range from 0 to 999 occupies rule 0 to rule 999 in ACL 3099.