Chapter 20 Application Patrol

20.2.3 Exception Commands for Pre-defined Applications

This table lists the commands for exception rules for application access controls. These commands are used for backward compatible only.

Table 85 app Commands: Exception Rules in Pre-Defined Applications

COMMAND

DESCRIPTION

app protocol_name exception insert rule_number

Creates a new rule at the specified row and enters sub-command

 

mode. See Table 86 on page 166 for the sub-commands.

 

 

app protocol_name exception append

Creates a new rule, appends it to the end of the list, and enters

 

sub-command mode. See Table 86 on page 166 for the sub-

 

commands.

 

 

app protocol_name exception rule_number

Enters sub-command mode for editing the rule at the specified

 

row. See Table 86 on page 166 for the sub-commands.

 

 

app protocol_name exception rule_number

Enters sub-command mode for editing the rule at the specified

or

row. See Table 86 on page 166 for the sub-commands.

app protocol_name exception modify rule_number

 

app protocol_name exception default

Enters sub-command mode for editing the default rule for the

or

application. See Table 86 on page 166 for the sub-commands.

app protocol_name exception modify default

 

app protocol_name exception move rule_number

Moves the specified rule (first index) to the specified location. The

to rule_number

process is (1) remove the specified rule from the table; (2) re-

 

number; (3) insert the rule at the specified location.

 

 

20.2.3.1 Exception Rule Sub-commands

The following table describes the sub-commands for several application patrol exception rule commands. Note that not all rule commands use all the sub-commands listed here.

Table 86 app patrol exception rule Sub-commands

COMMAND

DESCRIPTION

access {forward drop reject}

Specifies the action when traffic matches the rule.

[no] action-block

Blocks use of a specific feature.

{loginmessageaudiovideofile-

 

transfer}

 

[no] activate

Turns on this rule. The no command turns off this rule.

bandwidth {inbound outbound}

Limits inbound or outbound bandwidth, in kilobits per second. 0

<0..1048576>

disables bandwidth management for traffic matching this rule.

[no] bandwidth excess-usage

Enables maximize bandwidth usage to let the traffic matching this

 

policy “borrow” any unused bandwidth on the out-going interface.

 

 

bandwidth priority <1..7>

Set the priority for traffic that matches this rule. The smaller the

 

number, the higher the priority.

 

 

[no] destination profile_name

Adds the specified destination address to the rule.

[no] from zone_name

Specifies the source zone.

[no] inbound-dscp-mark {<0..63> class

This is how the ZyWALL handles the DSCP value of the outgoing

{default dscp_class}}

packets to a connection’s initiator that match this policy.

 

Enter a DSCP value to have the ZyWALL apply that DSCP value. Set

 

this to the class default to have the ZyWALL set the DSCP value to

 

0.

 

 

[no] log [alert]

Creates log entries (and alerts) for traffic that matches the rule. The

 

no command does not create any log entries.

166

 

ZyWALL (ZLD) CLI Reference Guide