Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config firewall address

Configure IPv4 addresses.

config firewall address

Description: Configure IPv4 addresses.

edit <name>

set uuid {uuid}

set subnet {ipv4-classnet-any}

set type [ipmask|iprange|...]

set sub-type [sdn|clearpass-spt|...]

set clearpass-spt [unknown|healthy|...]

set start-mac {mac-address}

set end-mac {mac-address}

set start-ip {ipv4-address-any}

set end-ip {ipv4-address-any}

set fqdn {string}

set country {string}

set wildcard-fqdn {string}

set cache-ttl {integer}

set wildcard {ipv4-classnet-any}

set sdn {string}

set fsso-group <name1>, <name2>, ...

set interface {string}

set tenant {string}

set organization {string}

set epg-name {string}

set subnet-name {string}

set sdn-tag {string}

set policy-group {string}

set comment {var-string}

set visibility [enable|disable]

set associated-interface {string}

set color {integer}

set filter {var-string}

set sdn-addr-type [private|public|...]

set obj-id {var-string}

config list

Description: IP address list.

edit <ip>

next

end

config tagging

Description: Config object tagging.

edit <name>

set category {string}

set tags <name1>, <name2>, ...

next

end

set allow-routing [enable|disable]

next

end

config firewall address

Parameter

Description

Type

Size

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

subnet

IP address and subnet mask of address.

ipv4-classnet-any

Not Specified

type

Type of address.

option

-

 

Option

Description

ipmask

Standard IPv4 address with subnet mask.

iprange

Range of IPv4 addresses between two specified addresses (inclusive).

fqdn

Fully Qualified Domain Name address.

geography

IP addresses from a specified country.

wildcard

Standard IPv4 using a wildcard subnet mask.

dynamic

Dynamic address object.

interface-subnet

IP and subnet of interface.

mac

Range of MAC addresses.

sub-type

Sub-type of address.

option

-

 

Option

Description

sdn

SDN address.

clearpass-spt

ClearPass SPT (System Posture Token) address.

fsso

FSSO address.

clearpass-spt

SPT (System Posture Token) value.

option

-

 

Option

Description

unknown

UNKNOWN.

healthy

HEALTHY.

quarantine

QUARANTINE.

checkup

CHECKUP.

transient

TRANSIENT.

infected

INFECTED.

start-mac

First MAC address in the range.

mac-address

Not Specified

end-mac

Last MAC address in the range.

mac-address

Not Specified

start-ip

First IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

end-ip

Final IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

fqdn

Fully Qualified Domain Name address.

string

Not Specified

country

IP addresses associated to a specific country.

string

Not Specified

wildcard-fqdn

Fully Qualified Domain Name with wildcard characters.

string

Not Specified

cache-ttl

Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds.

integer

Minimum value: 0 Maximum value: 86400

wildcard

IP address and wildcard netmask.

ipv4-classnet-any

Not Specified

sdn

SDN.

string

Not Specified

fsso-group <name>

FSSO group(s).

FSSO group name.

string

Maximum length: 511

interface

Name of interface whose IP address is to be used.

string

Not Specified

tenant

Tenant.

string

Not Specified

organization

Organization domain name (Syntax: organization/domain).

string

Not Specified

epg-name

Endpoint group name.

string

Not Specified

subnet-name

Subnet name.

string

Not Specified

sdn-tag

SDN Tag.

string

Not Specified

policy-group

Policy group name.

string

Not Specified

comment

Comment.

var-string

Not Specified

visibility

Enable/disable address visibility in the GUI.

option

-

 

Option

Description

enable

Show in address4 selection.

disable

Hide from address4 selection.

associated-interface

Network interface associated with address.

string

Not Specified

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

filter

Match criteria filter.

var-string

Not Specified

sdn-addr-type

Type of addresses to collect.

option

-

 

Option

Description

private

Collect private addresses only.

public

Collect public addresses only.

all

Collect both public and private addresses.

obj-id

Object ID for NSX.

var-string

Not Specified

allow-routing

Enable/disable use of this address in the static route configuration.

option

-

 

Option

Description

enable

Enable use of this address in the static route configuration.

disable

Disable use of this address in the static route configuration.

config tagging

Parameter

Description

Type

Size

category

Tag category.

string

Not Specified

tags <name>

Tags.

Tag name.

string

Maximum length: 79

config firewall address

Configure IPv4 addresses.

config firewall address

Description: Configure IPv4 addresses.

edit <name>

set uuid {uuid}

set subnet {ipv4-classnet-any}

set type [ipmask|iprange|...]

set sub-type [sdn|clearpass-spt|...]

set clearpass-spt [unknown|healthy|...]

set start-mac {mac-address}

set end-mac {mac-address}

set start-ip {ipv4-address-any}

set end-ip {ipv4-address-any}

set fqdn {string}

set country {string}

set wildcard-fqdn {string}

set cache-ttl {integer}

set wildcard {ipv4-classnet-any}

set sdn {string}

set fsso-group <name1>, <name2>, ...

set interface {string}

set tenant {string}

set organization {string}

set epg-name {string}

set subnet-name {string}

set sdn-tag {string}

set policy-group {string}

set comment {var-string}

set visibility [enable|disable]

set associated-interface {string}

set color {integer}

set filter {var-string}

set sdn-addr-type [private|public|...]

set obj-id {var-string}

config list

Description: IP address list.

edit <ip>

next

end

config tagging

Description: Config object tagging.

edit <name>

set category {string}

set tags <name1>, <name2>, ...

next

end

set allow-routing [enable|disable]

next

end

config firewall address

Parameter

Description

Type

Size

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

subnet

IP address and subnet mask of address.

ipv4-classnet-any

Not Specified

type

Type of address.

option

-

 

Option

Description

ipmask

Standard IPv4 address with subnet mask.

iprange

Range of IPv4 addresses between two specified addresses (inclusive).

fqdn

Fully Qualified Domain Name address.

geography

IP addresses from a specified country.

wildcard

Standard IPv4 using a wildcard subnet mask.

dynamic

Dynamic address object.

interface-subnet

IP and subnet of interface.

mac

Range of MAC addresses.

sub-type

Sub-type of address.

option

-

 

Option

Description

sdn

SDN address.

clearpass-spt

ClearPass SPT (System Posture Token) address.

fsso

FSSO address.

clearpass-spt

SPT (System Posture Token) value.

option

-

 

Option

Description

unknown

UNKNOWN.

healthy

HEALTHY.

quarantine

QUARANTINE.

checkup

CHECKUP.

transient

TRANSIENT.

infected

INFECTED.

start-mac

First MAC address in the range.

mac-address

Not Specified

end-mac

Last MAC address in the range.

mac-address

Not Specified

start-ip

First IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

end-ip

Final IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

fqdn

Fully Qualified Domain Name address.

string

Not Specified

country

IP addresses associated to a specific country.

string

Not Specified

wildcard-fqdn

Fully Qualified Domain Name with wildcard characters.

string

Not Specified

cache-ttl

Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds.

integer

Minimum value: 0 Maximum value: 86400

wildcard

IP address and wildcard netmask.

ipv4-classnet-any

Not Specified

sdn

SDN.

string

Not Specified

fsso-group <name>

FSSO group(s).

FSSO group name.

string

Maximum length: 511

interface

Name of interface whose IP address is to be used.

string

Not Specified

tenant

Tenant.

string

Not Specified

organization

Organization domain name (Syntax: organization/domain).

string

Not Specified

epg-name

Endpoint group name.

string

Not Specified

subnet-name

Subnet name.

string

Not Specified

sdn-tag

SDN Tag.

string

Not Specified

policy-group

Policy group name.

string

Not Specified

comment

Comment.

var-string

Not Specified

visibility

Enable/disable address visibility in the GUI.

option

-

 

Option

Description

enable

Show in address4 selection.

disable

Hide from address4 selection.

associated-interface

Network interface associated with address.

string

Not Specified

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

filter

Match criteria filter.

var-string

Not Specified

sdn-addr-type

Type of addresses to collect.

option

-

 

Option

Description

private

Collect private addresses only.

public

Collect public addresses only.

all

Collect both public and private addresses.

obj-id

Object ID for NSX.

var-string

Not Specified

allow-routing

Enable/disable use of this address in the static route configuration.

option

-

 

Option

Description

enable

Enable use of this address in the static route configuration.

disable

Disable use of this address in the static route configuration.

config tagging

Parameter

Description

Type

Size

category

Tag category.

string

Not Specified

tags <name>

Tags.

Tag name.

string

Maximum length: 79