No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>


To have a better experience, please upgrade your IE browser.


Interworking between SACG and TSM ACL 3099 can’t be compiled directly to customize the interworking policy of TSM

Publication Date:  2012-09-17 Views:  438 Downloads:  0
Issue Description
When the version V100T003 of USG5300 do the interworking with TSM, if we hope to open the right of some PC, we can connect to the back region without the authentication of TSM Agent, and follow the way in the version V100T003 of USG5300, to compile the list of ACL 3099 directly, But when we input the ACL 3099 under the system view, the system clew “command fault”.
[USG5360]acl 3099
% Wrong parameter found at '^' position.
Alarm Information
Handling Process
If we want to give the rights to pc and and the pc in the network segment from to, we can configure as below:

[USG5360]policy right-manager
[USG5360-policy-rightmanager]policy 1
[USG5360-policy-rightmanager-1]policy source 0
[USG5360-policy-rightmanager-1]policy source 0
[USG5360-policy-rightmanager-1]policy source range
[USG5360-policy-rightmanager-1]action permit
[USG5360-policy-rightmanager]policy 1 enable
Info: The policy is enabled.

And then with the commands below to verifier:

[USG5360-policy-rightmanager]dis policy right-manager
policy right-manager
policy 1 (2 times matched)
action permit
policy source 0
policy source 0
policy source range
policy destination any
Root Cause
In the version V100T003 of USG5300, the method to edit the ACL 3099 directly is ameliorated.
We can enter into the TSM interworking policy view with the command policy right-manager, and add some policy customized.
With that command to enter into the TSM interworking policy view, we can configure 1000 TSM interworking policy at most by the command policy policy-id. In the ACL 2099, the rules from 0 to 999 are the TSM interworking policy with the ID from 0 to 999.
Notification: can’t use the display acl 3099 to consult this rule.