decrypt – a family of commands for configuring traffic decryption rules

decrypt rule <name>

Go to the configuration submenu of rule <name>.

ngfw> decrypt rule=['name']> [no] decrypt

Enable (or disable, if no) traffic decryption in accordance with this rule.

ngfw> decrypt rule=['name']> [no] enable

Enable (or disable, if no) the rule.

ngfw> decrypt rule=['name']> [no] service <service-name>

Add <service-name> to the rule (or remove, if no). The service must exist.

ngfw> decrypt rule=['name']> [no] src-zone <zone-name>

Add (or remove, if no) source zone <zone-name> to rule.

ngfw> decrypt rule=['name']> [no] dst-zone <zone-name>

Add (or remove, if no) destination zone <zone-name> to rule.

ngfw> decrypt rule=['name']> src-ip

Go to the source addresses configuration submenu.

ngfw> decrypt rule=['name']> src-ip> [no] host <ipv4-address>

Add a host address to the rule (or remove if no).

ngfw> decrypt rule=['name']> src-ip> [no] object <object-name>

Add <object-name> to the rule (or remove, if no). The object must exist.

ngfw> decrypt rule=['name']> src-ip> [no] range <ip-range>

Add a range of IP addresses to the rule (or remove, if no). A range is specified as two IP addresses separated by the hyphen - character (that is, <ip-range> is <ipv4-address>-<ipv4-address>). In a range, the left address must be less than or equal to the right address.

Example: ngfw> decrypt rule=['name']> src-ip> range 10.10.10.5-10.10.10.10

ngfw> decrypt rule=['name']> src-ip> [no] subnet <ipv4-prefix>

Add a subnet to the rule (or remove if no).

ngfw> decrypt rule=['name']> dst-ip

Go to the destination addresses configuration submenu. The dst-ip commands work in the same way as src-ip commands.

ngfw> decrypt rule=['name']> move <other-name>

Move this rule in the list to the position above rule <other-name>.

ngfw> decrypt rule=['name']> rename <name>

Set new <name> for this rule.

ngfw> show decrypt rule <name>

Show configuration for rule with name <name>. This command outputs data in JSON format.

ngfw> show decrypt rules

Show configurations of all traffic decryption rules.

Example output:

{
  "ngfw-decrypt:rules": {
    "rule": [      {        "id": "00000000-0000-4000-0000-000000000001",
        "decrypt": false,        "name": "default",
        "enable": true      }    ]  }
}

| Prev | Home | Next |