configure

add a service

Use configure terminal firewall service-group add-service to add a service to a service group. In

to a service

this example, DNS service is added to the service group named ‘group1’:

group

 

 

hostname# conf t firewall service-group add-service group1 dns-udp

 

 

 

conf t firewall virtual-server

 

The configure terminal firewall virtual-servercommand configures a virtual server or servers that

 

will redirect traffic to a physical server on the LAN.

 

remove < all-services service > public-ip <external ip >

 

removes a virtual server.

 

update < all-services service > public-ip < external ip > internal-ip ip

 

[pat < disable port >]

 

updates or creates a virtual server.

 

 

 

Using conf t firewall virtual-server

create a

Use configure terminal firewall virtual-server update to create a virtual server. In this example, an

virtual server

HTTP virtual server is created and assigned to 192.168.1.1 port 90. The server accesses the external

 

virtual interface with port address translation (PAT):

 

hostname# conf t firewall virtual-server update http public-ip external

 

internal-ip 192.168.1.1 pat 90

create a NAT

Use configure terminal zone virtual-server update to create a one-to-one NAT mapping. In this

mapping

example, a 1-to-1 NAT mapping of 192.168.1.2 to 10.245.230.44 is created:

 

hostname# conf t firewall virtual-server update all-service public-ip 10.245.230.44

 

internal-ip 192.168.1.2

 

 

 

conf t high-availability

 

The configure terminal high-availabilitycommand configures High Availability. High Availability

 

supports stateless failover for up to two redundant devices.

 

disable

 

disables high availability on the device.

 

enable

 

enables high availability on the device.

 

heartbeat poll-timer wait-interval retry-count

 

sets the values for the poll timer, wait interval in milliseconds, and retry count for the

 

heartbeat ping.

X Family CLI Reference V 2.5.1

49