Alteon-5208 Default Config

Standalone ADC - Main# c

[Configuration Menu]
sys - System-wide Parameter Menu
port - Port Menu
pmirr - Port Mirroring Menu
bwm - Bandwidth Management Menu
l2 - Layer 2 Menu
l3 - Layer 3 Menu
slb - Server Load Balancing (Layer 4-7) Menu
security - Security Menu
dump - Dump current configuration to script file
ptcfg - Backup current configuration to FTP/TFTP/SCP server
gtcfg - Restore current configuration from FTP/TFTP/SCP server

Standalone ADC - Configuration# dump
Display private keys? [y/n]: n
script start "Alteon Application Switch 5208" 4 /*** DO NOT EDIT THIS LINE!
/ Configuration dump taken 08:19:48 Tue May 29, 2018
/* Configuration last applied at 02:47:15 Sat Feb 24, 2018
/* Configuration last save at 02:50:57 Sat Feb 24, 2018
/* Version 30.0.9.0, Base MAC address 2c:b6:93:2a:21:00
/* To restore SSL Offloading configuration and management HTTPS access,
/* it is recommended to include the private keys in the dump.
/c/sys/mmgmt/net 1
addr 192.168.1.1
mask 255.255.255.0
broad 192.168.1.255
gw 192.168.1.1
ena
/c/sys/mmgmt/net 1/port
speed any
mode any
auto on
/c/sys/access
tnet ena
/c/sys/access/sshd/sshv1 dis
/c/sys/access/sshd/on
/c/slb/accel/compress
on
/c/slb/ssl/certs/key WebManagementCert
/c/slb/ssl/certs/request WebManagementCert
/c/slb/ssl/certs/import request "WebManagementCert" text
-----BEGIN CERTIFICATE REQUEST-----
MIIBazCB1QIBADAsMSowKAYDVQQDDCFEZWZhdWx0X0dlbmVyYXRlZF9BbHRlb25f
QkJJX0NlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALAB/QnMQoQTcm6Q
waluYZduL1riLUG7S8f35R1dS9sxzWR4uJx7PoVnCBRWKgouN7+gy2dbIPOJjba0
WdCPkKr0Pb9LEgMP+TUFk6xUon1pyCZkMNFA8Ka0MEZCIfFyOystGOfX/wpq9E4V
oWVnKjPeNIbaPPFwS0M0aapi2NXfAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQBM
vEBbS5HbW2hKOCDR8Nfta6aC1on4fDO3P4Gu8rP3L7rfRKssZILeVSqbFW1E0J3N
94enc1MjL74pcFz/wixvJZZwrRh9oX975cCFwsEp99Ssg5+NzEnxu2nfjjpklk6X
+j5VJR/tjMWZY/5/CUdLMN/Q71GG5wmwMj5/Lyzckw==
-----END CERTIFICATE REQUEST-----

/c/slb/ssl/certs/srvrcert WebManagementCert
/c/slb/ssl/certs/import srvrcert "WebManagementCert" text
-----BEGIN CERTIFICATE-----
MIICsjCCAhugAwIBAgIEWw19jTANBgkqhkiG9w0BAQQFADAsMSowKAYDVQQDDCFE
ZWZhdWx0X0dlbmVyYXRlZF9BbHRlb25fQkJJX0NlcnQwHhcNMTgwNTI5MTYxOTI1
WhcNMTkwNTI5MTYxOTI1WjAsMSowKAYDVQQDDCFEZWZhdWx0X0dlbmVyYXRlZF9B
bHRlb25fQkJJX0NlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALAB/QnM
QoQTcm6QwaluYZduL1riLUG7S8f35R1dS9sxzWR4uJx7PoVnCBRWKgouN7+gy2db
IPOJjba0WdCPkKr0Pb9LEgMP+TUFk6xUon1pyCZkMNFA8Ka0MEZCIfFyOystGOfX
/wpq9E4VoWVnKjPeNIbaPPFwS0M0aapi2NXfAgMBAAGjgeAwgd0wDwYDVR0TAQH/
BAUwAwEB/zARBglghkgBhvhCAQEEBAMCAkQwMgYJYIZIAYb4QgENBCUWI0FsdGVv
bi9Ob3J0ZWwgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRkhbT2M6IG
tBiXQVEKnd3AidQE1DBXBgNVHSMEUDBOgBRkhbT2M6IGtBiXQVEKnd3AidQE1KEw
pC4wLDEqMCgGA1UEAwwhRGVmYXVsdF9HZW5lcmF0ZWRfQWx0ZW9uX0JCSV9DZXJ0
ggRbDX2NMAsGA1UdDwQEAwIC5DANBgkqhkiG9w0BAQQFAAOBgQA7urUHomEtGYzz
/sAcXLQ8Ktc+jRZn/k2/fug/IhIcNz83mO/M77AV3O9DSCPh+hOkbQFaJ6fWT2jb
/agSen0sJvUtct3IUpPoQjz/DqpJQFt7fNDH/6LmFoQUFr7YL8yZru/s0YYJtDJF
+TRQV994UNSeHoYy6kiAtVbCIXQkDw==
-----END CERTIFICATE-----

/c/slb/ssl
on
/c/slb/accel/caching
on
/c/slb
on
/c/slb/adv
direct ena
vstat ena
submac "ena"
/c/slb/port "1"
client ena
server ena
proxy ena
/c/slb/port "2"
client ena
server ena
proxy ena
/c/slb/port "3"
client ena
server ena
proxy ena
/c/slb/port "4"
client ena
server ena
proxy ena
/c/slb/port "5"
client ena
server ena
proxy ena
/c/slb/port "6"
client ena
server ena
proxy ena
/c/slb/port "7"
client ena
server ena
proxy ena
/c/slb/port "8"
client ena
server ena
proxy ena
/c/slb/port "9"
client ena
server ena
proxy ena
/c/slb/gslb
off
hostlk ena
/c/sys/access/https/cert WebManagementCert
/c/sys/access/https/https e
/
script end /**** DO NOT EDIT THIS LINE!

Standalone ADC - Configuration#

FortiSandbox Shell mode

Then in cli, run 'fnsysctl shell', login with 'fsa_support/Support@FSA1’

cd /drive0/public/clean/20170623/04/2841/3404914715784600920

sandbox-jobs-move -e3404914715784600920.meta

strings 3404914715784600920.meta

tar -czvf kbbank.gz *

cp kbbank.gz /web/static/

https://FSA_IP/static/파일명

reset-bulidno

Please provide me more information as below ;

1. Go to FortiView > File Scan Search and click button of customize. You can see menu of "Job View Setting". Then please enable Column Headers for "Job ID".
2. Please export two type files for FSA as below ;

2-1. CLI of "sandbox-jobs-move -p -j[JOB ID]". It is example as below ;

Step1> # sandbox-jobs-move -p -j3429900306737006651
/Storage/clean/20170710/00/2754/3429900306737006651

Step2> #tar -czvf j3429900306737006651.gz /Storage/clean/20170710/00/2754/3429900306737006651
Step3> #cp j3429900306737006651.gz /web/static/
Step4> On web browser, https://FSA_IP/static/j3429900306737006651.gz

2-2. CLI of " cp /ramdisk/FortiSandboxGUI.db /web/static/"

Step1> On web browser, https://FSA_IP/static/FortiSandboxGUI.db

So, please export 6 job ID files and 1 fortisandboxGUI.db file and attach these files in this case.

[FortiSandbox Clustering Setting]

Step 1 - Configure the master

1. Configure the port IP addresses and gateway address with the following commands:
   set port1-ip 192.168.1.99/24
   set port2-ip 192.168.2.99/24
   set port3-ip 192.168.3.99/24
   set default-gw 192.168.1.1
2. Configure the device as the master node and its cluster fail-over IP for Port1 with the following commands:
   hc-settings -sc -tM -nMasterA -cTestHCsystem -ppassw0rd -iport2
   hc-settings -si -iport1 -a192.168.1.98/24
   See Appendix A - CLI Reference on page 1 for more information about the CLI commands.
3. Review the cluster status with the following command:
   hc-status -l
   Other ports on the device can be used for file inputs.

Step 2 - Configure the primary slave

1. Configure the port IP addresses and gateway address with the following commands:
   set port1-ip 192.168.1.100/24
   set port2-ip 192.168.2.100/24
   set port3-ip 192.168.3.100/24
   set default-gw 192.168.1.1
2. Configure the device as the primary slave node with the following commands:
   hc-settings -s -tP -nPslaveB -iport2
   hc-settings -l
   hc-slave -a -s192.168.2.99 -ppassw0rd
3. Review the cluster status with the following command:
   hc-status -l

Step 3 - Configure the normal slave

1. Configure the port IP addresses and gateway address with the following commands:
   set port1-ip 192.168.1.101/24
   set port2-ip 192.168.2.101/24
   set port3-ip 192.168.3.101/24
   set default-gw 192.168.1.1
2. Configure the device as a slave node with the following commands:
   hc-settings -s -tR -nSlaveC -iport2
   hc-settings -l
   hc-slave -a -s192.168.2.99 -ppassw0rd
3. Review the cluster status with the following command:
   hc-status -l

ASF (Buffered) Email Attachment Content-Disposition 1000byte & (Unbuffered) Yahoo MSG

hc2-1 (config) # show run
##

Running database "initial"

Generated at 2019/06/19 05:51:13 +0900

Software version on which this output was taken: GigaVUE-OS 5.4.00 98411 2018-07-24 02:03:59

Hostname: hc2-1

##

Note: If you are not an admin user some command invocations may be omitted

because you do not have permissions to see them.

##

##

Network interface configuration

##
interface eth0
create
no dhcp
ip address 192.168.44.71 /24
no shutdown
no zeroconf
exit

##

Routing configuration

##
ip default-gateway 192.168.44.1 eth0

##

Other IP configuration

##
hostname hc2-1
ip domain-list learn.local
ip name-server 192.168.44.4

##

Other IPv6 configuration

##
no ipv6 enable

##

Logging configuration

##
logging 192.168.44.60
logging 192.168.44.60 trap warning

##

Local user account configuration

##
username admin password 7 $1$o0F.tl2T$BR6jW4rLWr1rN/oJ7kkb1.

##

AAA remote server configuration

##

ldap bind-password ****

radius-server key ****

tacacs-server key ****

##

Chassis level configurations

##
chassis box-id 1 serial-num CD607 type hc2 gdp disable

##

Card level configurations

##
card slot 1/1 product-code 132-00BD
card slot 1/2 product-code 132-00B3
card slot 1/3 product-code 132-00BE
card slot 1/4 product-code 132-00BQ
card slot 1/5 product-code 132-00AT
card slot 1/cc1 product-code 132-00AN

##

Port level configurations

##
port 1/1/x1 type network
port 1/1/x1 params admin enable
port 1/1/x2 type network
port 1/1/x2 params admin enable
port 1/1/x3 type network
port 1/1/x3 params admin enable
port 1/1/x4 type network
port 1/1/x4 params admin enable
port 1/1/x5 type tool
port 1/1/x5 params admin enable
port 1/1/x6 type tool
port 1/1/x6 params admin enable
port 1/1/x7 type tool
port 1/1/x7 params admin enable
port 1/1/x8 type tool
port 1/1/x8 params admin enable
port 1/1/x9 type tool
port 1/1/x9 params admin enable
port 1/1/x10 type network
port 1/1/x10 params admin enable
port 1/1/x11 type network
port 1/1/x11 params admin enable
port 1/1/x12 type network
port 1/1/x12 params admin enable
port 1/1/x13 type network
port 1/1/x13 params admin enable discovery all gdp enable
port 1/1/x14 type network
port 1/1/x14 params admin enable discovery all gdp enable
port 1/1/x15 type tool
port 1/1/x15 alias CEM-WebTool
port 1/1/x15 params admin enable
port 1/1/x16 type tool
port 1/1/x16 params admin enable
port 1/1/x17 type tool
port 1/1/x17 params admin enable
port 1/1/x18 type tool
port 1/1/x18 params admin enable
port 1/1/x19 type tool
port 1/1/x19 params admin enable
port 1/1/x20 type network
port 1/1/x20 params admin enable
port 1/1/x21 type network
port 1/1/x21 params admin enable
port 1/1/x22 type network
port 1/1/x22 params admin enable
port 1/1/x23 type network
port 1/1/x23 params admin enable
port 1/1/x24 type network
port 1/1/x24 params admin enable
port 1/2/g1 type network
port 1/2/g1 params taptx passive
port 1/2/g2 type network
port 1/2/g2 params taptx passive
port 1/2/g3 type network
port 1/2/g3 params taptx passive
port 1/2/g4 type network
port 1/2/g4 params taptx passive
port 1/2/g5 type network
port 1/2/g5 params taptx passive
port 1/2/g6 type network
port 1/2/g6 params taptx passive
port 1/2/g7 type network
port 1/2/g7 params taptx passive
port 1/2/g8 type network
port 1/2/g8 params taptx passive
port 1/2/g9 type network
port 1/2/g9 params taptx passive
port 1/2/g10 type network
port 1/2/g10 params taptx passive
port 1/2/g11 type network
port 1/2/g11 params taptx passive
port 1/2/g12 type network
port 1/2/g12 params taptx passive
port 1/2/g13 type network
port 1/2/g13 params taptx passive
port 1/2/g14 type network
port 1/2/g14 params taptx passive
port 1/2/g15 type network
port 1/2/g15 params taptx passive
port 1/2/g16 type network
port 1/2/g16 params taptx passive
port 1/2/g17 type network
port 1/2/g17 params taptx passive
port 1/2/g18 type network
port 1/2/g18 params taptx passive
port 1/2/g19 type network
port 1/2/g19 params taptx passive
port 1/2/g20 type network
port 1/2/g20 params taptx passive
port 1/2/g21 type network
port 1/2/g21 params taptx passive
port 1/2/g22 type network
port 1/2/g22 params taptx passive
port 1/2/g23 type network
port 1/2/g23 params taptx passive
port 1/2/g24 type network
port 1/2/g24 params taptx passive
port 1/3/q1 type network
port 1/3/q2 type network
port 1/3/q3 type network
port 1/3/q4 type network
port 1/3/q5 type network
port 1/3/q6 type network
port 1/4/x1 type network
port 1/4/x2 type network
port 1/4/x3 type network
port 1/4/x4 type network
port 1/4/x5 type network
port 1/4/x6 type network
port 1/4/x7 type network
port 1/4/x8 type network
port 1/4/x9 type network
port 1/4/x10 type network
port 1/4/x11 type network
port 1/4/x12 type network
port 1/4/x13 type network
port 1/4/x14 type network
port 1/4/x15 type network
port 1/4/x16 type network
port 1/4/x17 type inline-net
port 1/4/x18 type inline-net
port 1/4/x19 type inline-net
port 1/4/x20 type inline-net
port 1/4/x21 type inline-net
port 1/4/x22 type inline-net
port 1/4/x23 type inline-net
port 1/4/x24 type inline-net

##

Gigastream hash configurations

##
gigastream advanced-hash slot 1/cc1 default

##

SAPF configurations

##
apps asf alias sessions-20p-2
bi-directional enable
buffer enable
buffer-count-before-match 20
packet-count disable
protocol tcp
sess-field add ipv4-5tuple outer
timeout 15
exit
apps asf alias sessions-unbuffered-2
bi-directional enable
buffer disable
buffer-count-before-match 3
packet-count disable
protocol tcp
sess-field add ipv4-protocol outer
sess-field add ipv4-src outer
timeout 15
exit

##

Gsgroup configurations

##
gsgroup alias GS51 port-list 1/5/e1

##

Gs params configurations

##
gsparams gsgroup GS51
cpu utilization type total rising 80
dedup-action drop
dedup-ip-tclass include
dedup-ip-tos include
dedup-tcp-seq include
dedup-timer 50000
dedup-vlan ignore
eng-watchdog-timer 60
erspan3-timestamp format none
flow-mask disable
flow-sampling-rate 5
flow-sampling-timeout 1
flow-sampling-type device-ip
generic-session-timeout 5
gtp-control-sample enable
gtp-flow timeout 48
gtp-persistence disable
gtp-persistence file-age-timeout 30
gtp-persistence interval 10
gtp-persistence restart-age-time 30
ip-frag forward enable
ip-frag frag-timeout 10
ip-frag head-session-timeout 30
lb failover disable
lb failover-thres lt-bw 80
lb failover-thres lt-pkt-rate 1000
lb replicate-gtp-c disable
lb use-link-spd-wt disable
resource buffer-asf 2
resource cpu overload-threshold 90
resource hsm-ssl buffer disable
resource hsm-ssl packet-buffer 1000
resource packet-buffer overload-threshold 80
resource xpkt-pmatch num-flows 0
sip-media timeout 30
sip-session timeout 30
sip-tcp-idle-timeout 20
ssl-decrypt decrypt-fail-action drop
ssl-decrypt enable
ssl-decrypt hsm-pkcs11 dynamic-object enable
ssl-decrypt hsm-pkcs11 load-sharing enable
ssl-decrypt hsm-timeout 1000
ssl-decrypt key-cache-timeout 10800
ssl-decrypt non-ssl-traffic drop
ssl-decrypt pending-session-timeout 60
ssl-decrypt session-timeout 300
ssl-decrypt tcp-syn-timeout 20
ssl-decrypt ticket-cache-timeout 10800
tunnel-arp-timeout 600
tunnel-health-check action pass
tunnel-health-check disable
tunnel-health-check dstport 54321
tunnel-health-check interval 600
tunnel-health-check protocol icmp
tunnel-health-check rcvport 54321
tunnel-health-check retries 5
tunnel-health-check roundtriptime 1
tunnel-health-check srcport 54321
tunnel-ndp-timeout 600
xpkt-pmatch disable
exit

##

Gsop configurations

##
gsop alias ASF-buffered-2 apf set asf sessions-20p-2 port-list GS51
gsop alias ASF-unbuffered-2 apf set asf sessions-unbuffered-2 port-list GS51

##

Vport configurations

##
vport alias vp51-2 gsgroup GS51
vport alias vp51-2 failover-action vport-bypass

##

Inline-network configurations

##
inline-network alias default_inline_net_1_4_1
pair net-a 1/4/x17 and net-b 1/4/x18
physical-bypass enable
traffic-path bypass
exit
inline-network alias default_inline_net_1_4_2
pair net-a 1/4/x19 and net-b 1/4/x20
physical-bypass enable
traffic-path bypass
exit
inline-network alias default_inline_net_1_4_3
pair net-a 1/4/x21 and net-b 1/4/x22
physical-bypass enable
traffic-path bypass
exit
inline-network alias default_inline_net_1_4_4
pair net-a 1/4/x23 and net-b 1/4/x24
physical-bypass enable
traffic-path bypass
exit

##

Traffic map connection configurations

##
map alias map-email-2
type firstLevel byRule
roles replace admin to owner_roles
rule add pass portdst 25 bidir
to vp51-2
from 1/1/x11
exit
map alias map-IPv4-2
type firstLevel byRule
roles replace admin to owner_roles
rule add pass ipver 4
to vp51-2
from 1/1/x11
exit
map alias email-attachments-2
type secondLevel byRule
roles replace admin to owner_roles
use gsop ASF-buffered-2
gsrule add pass pmatch string Content-Disposition 0..1000
to 1/1/x15
from vp51-2
exit
map alias yahooMsg-2
type secondLevel byRule
roles replace admin to owner_roles
use gsop ASF-unbuffered-2
gsrule add pass pmatch string ymsg}ypns}yahoo 34..1000
to 1/1/x17
from vp51-2
exit
map-scollector alias vp51-collector-2
roles replace admin to owner_roles
from vp51-2
collector 1/1/x16
exit

##

Notifications

##

notifications target ip 192.168.44.60 port 5672 non-secure username admin password **

##

SNMP configuration

##
no snmp-server host 192.168.44.60 disable
snmp-server host 192.168.44.60 traps port 162 version 2c public

##

X.509 certificates configuration

##
#

Certificate name system-self-signed, ID 16a1327fbd87a1006edb042febc21e03f011810a

(public-cert config omitted since private-key config is hidden)

ASF (Buffered) Email Attachment Content-Disposition 1000byte + (unbuffered) Yahoo Msg

##

Web configuration

##

web proxy auth basic password ****

##

Time/NTP configuration

##
clock timezone Asia Southeast Seoul

##

Flat Panel Display configuration

##

lcd password ****

##

E-mail configuration

##

email auth password ****

email autosupport auth password ****

##

Miscellaneous other settings

##
internal set modify - /gv/notf/config/chassis/C7823 value string C7823
internal set modify - /gv/notf/config/chassis/C8B76 value string C8B76
hc2-1 (config) #

SRX 설정 방법 (CLI)

설정 확인(operation 모드)
show configuration | display set | match “찾을 문자 또는 숫자”

어드레스 추가(configure 모드)

set security zones security-zone untrust address-book address 222_231_7_233 222.231.7.233/32
set security zones security-zone trust address-book address 2_2_2_2 2.2.2.2/32

어드레스 그룹 추가(configure 모드)

set security zones security-zone untrust address-book address-set 222_231_7_233/222_231_7_234 address 222_231_7_233
set security zones security-zone untrust address-book address-set 222_231_7_233/222_231_7_234 address 218_50_1_87

어드레스 그룹 삭제(해당 그룹에서 특정 IP만 제거)

delete security zones security-zone untrust address-book address-set 1_1_1_1/2_2_2_2 address 1_1_1_1

스케줄 추가(configure 모드)

set schedulers scheduler 2014_07_31_23_59 start-date 2012-08-24.00:00 stop-date 2014-07-31.23:59

서비스 추가

#set applications application tcp_3659 term tcp_3659 protocol tcp
#set applications application tcp_3659 term tcp_3659 source-port 1024-65535
#set applications application tcp_3659 term tcp_3659 destination-port 3659-3659

서비스 그룹 추가

#set applications application-set ping_tcp_3659 application junos-ping
#set applications application-set ping_tcp_3659 application tcp_3659

정책 추가(configure 모드)

set security policies from-zone untrust to-zone trust policy 120824001 match source-address 61_110_18_122
set security policies from-zone untrust to-zone trust policy 120824001 match destination-address 121_254_132_198
set security policies from-zone untrust to-zone trust policy 120824001 match application http_8080
set security policies from-zone untrust to-zone trust policy 120824001 then permit
set security policies from-zone untrust to-zone trust policy 120824001 then log session-close
set security policies from-zone untrust to-zone trust policy 120824001 scheduler-name 2014_07_31_23_59

우선순위 변경(configure 모드)

insert security policies from-zone untrust to-zone trust policy 130115001 before policy 706 (인바운드))

정책 우선순위 확인(operation 모드)

show security policies from-zone untrust to-zone trust
show security policies from-zone trust to-zone untrust

정책 리스트 확인

op policy.xml

Source NAT 추가 (configure 모드)

set security nat source rule-set rs_1 to zone untrust --> 초기생성 시 적용
set security nat source rule-set rs_1 rule rule_14 match source-address 172.30.148.0/24
set security nat source rule-set rs_1 rule rule_14 then source-nat pool pool_14
set security nat source pool pool_14 address 117.52.15.148/32

Destination NAT 추가 (configure 모드)

set security nat destination rule-set dnat_1 from zone untrust
set security nat destination rule-set dnat_1 rule dnat_rule_1 match destination-address 123.123.123.123/32
set security nat destination rule-set dnat_1 rule dnat_rule_1 then destination-nat pool dpool_1
set security nat destination pool dpool_1 address 192.168.10.50/32

dnat port(포트 포워딩)

set security nat destination pool dpool_1 address 192.168.10.50/32
set security nat destination pool dpool_1 address port 80
set security nat destination rule-set dnat_1 from zone untrust
set security nat destination rule-set dnat_1 rule dnat_rule_1 match destination-address 123.123.123.123/32
set security nat destination rule-set dnat_1 rule dnat_rule_1 match destination-port 33890
set security nat destination rule-set dnat_1 rule dnat_rule_1 then destination-nat pool dpool_1

routing 추가 (configure 모드)

set routing-options static route 172.30.148.0/24 next-hop 172.16.20.113

session 확인

show security flow session source-prefix
show security flow session destination-prefix 출발지IP

• show | compare 로 추가되는 설정 확인 후, commit check로 정상적으로 들어가는지 확인 후 commit 적용 필요~!!!!
  #show | compare
  #commit check
  #commit
  #exit

Gigamon Policy (Active Visibility)

gigamon-0200fd (config policy alias test3) # condition add ?
< condition > Add a condition to the policy
GsCpuUtilHigh
GsCpuUtilLow
GsHbStatusDown
GsHbStatusUp
GsPktBufThHigh
GsPktBufThLow
GsPktDropRateHigh
GsPktDropRateLow
GsRxPktErrorHigh
GsRxPktErrorLow
GsRxPktRateHigh
GsRxPktRateLow
InlineToolDown
InlineToolReady
InlineToolUp
PortDown
PortRxBufferHigh
PortRxBufferLow
PortRxDiscardsHigh
PortRxDiscardsLow
PortRxDropsHigh
PortRxDropsLow
PortRxErrorsHigh
PortRxErrorsLow
PortRxUtilHigh
PortRxUtilLow
PortTxBufferHigh
PortTxBufferLow
PortTxDiscardsHigh
PortTxDiscardsLow
PortTxDropsHigh
PortTxDropsLow
PortTxErrorsHigh
PortTxErrorsLow
PortTxUtilHigh
PortTxUtilLow
PortUp
TimeFriday
TimeMonday
TimeOfDay
TimeSaturday
TimeSunday
TimeThursday
TimeTuesday
TimeWednesday
TimeWeekday
TimeWeekend

gigamon-0200fd (config policy alias test3) # action add ?
< action > Add an action to the policy.
FlexInlineOOBAdd
FlexInlineOOBDelete
InlineNetTrafficPath
InlineToolDisable
InlineToolEnable
InlineToolRecover
MapDisable
MapEnable
MapGsRuleAdd
MapGsRuleDelete
MapRuleAdd
MapRuleDelete
PhysicalByPassDisable
PhysicalByPassEnable
PolicyDisable
PolicyEnable
PortDisable
PortEnable
PortFilterAdd
PortFilterDelete
PortFilterDeleteAll
WriteMemory

Controlled GigaStream Configuration

To configure a controlled tool GigaStream, specify hash size and hash bucket ID, using the prefix mode. Refer to the following example:

Step

Description

Command

1. Configure ports using type tool for controlled GigaStream.

(config) # port 1/3/q4..q6 type tool

2. Configure a controlled GigaStream. This uses the prefix mode to configure all parameters.

(config) # gigastream alias stream2
(config gigastream alias stream2) # hash-size 12
(config gigastream alias stream2) # hash-bucket-id 1..3 port 1/3/q4..q6
(config gigastream alias stream2) # comment “controlled gigastream”
(config gigastream alias stream2) # exit
(config) #

3. Display the configuration for this example.

(config) # show gigastream

IP Tunnel Receiving End Configuration

port 1/1/x1 type network

port 1/1/x5 type tool

gsgroup alias GS51 port-list 1/5/e1

tunneled-port 1/1/x1 ip 192.168.51.80/24 gateway 192.168.51.1 mtu 9600 port-list GS51

gsop alias Remote2HQtunnel tunnel-recap type grip portdst 8001 port-list GS51

map alias FieldCallCtrDB

# comment "Field Call Center database traffic received at HQ"
# use gsop Remote2HQTunnel
# rule add pass ipsrc 172.16.10.88
# from 1/1/x1
# to 1/1/x5
# exit