Chapter 20 Application Patrol

20.2.3.1 Exception Rule Sub-commands

The following table describes the sub-commands for several application patrol exception rule commands. Note that not all rule commands use all the sub-commands listed here.

Table 66 app patrol exception rule Sub-commands

COMMAND

DESCRIPTION

access {forward drop reject}

Specifies the action when traffic matches the rule.

[no] action-block

Blocks use of a specific feature.

{loginmessageaudiovideofile-transfer}

 

[no] activate

Turns on this rule. The no command turns off this

 

rule.

bandwidth {inbound outbound}

Limits inbound or outbound bandwidth, in kilobits

<0..1048576>

per second. 0 disables bandwidth management for

 

traffic matching this rule.

[no] bandwidth excess-usage

Enables maximize bandwidth usage to let the traffic

 

matching this policy “borrow” any unused

 

bandwidth on the out-going interface.

 

 

bandwidth priority <1..7>

Set the priority for traffic that matches this rule. The

 

smaller the number, the higher the priority.

[no] destination address_object

Adds the specified destination address to the rule.

[no] from zone_name

Specifies the source zone.

[no] inbound-dscp-mark {<0..63> class

This is how the NXC handles the DSCP value of

{default dscp_class}}

the outgoing packets to a connection’s initiator that

 

match this policy.

 

Enter a DSCP value to have the NXC apply that

 

DSCP value. Set this to the class default to have

 

the NXC set the DSCP value to 0.

[no] log [alert]

Creates log entries (and alerts) for traffic that

 

matches the rule. The no command does not

 

create any log entries.

[no] outbound-dscp-mark {<0..63> class

This is how the NXC handles the DSCP value of

{default dscp_class}}

the outgoing packets from a connection’s initiator

 

that match this policy.

 

Enter a DSCP value to have the NXC apply that

 

DSCP value. Set this to the class default to have

 

the NXC set the DSCP value to 0.

port <0..65535>

Specifies the destination port. 0 means any.

[no] schedule schedule_name

Adds the specified schedule to the rule.

show

Displays the rule’s configuration

[no] source address_object

Adds the specified source address to the rule.

[no] to zone_name

Specifies the destination zone.

[no] user username

Adds the specified user to the rule.

20.2.4 Other Application Commands

This table lists the commands for other applications in application patrol.

Table 67 app Commands: Other Applications

COMMAND

DESCRIPTION

app other {del forward drop reject}

Specifies the default action for other applications.

 

131

NXC CLI Reference Guide