设为首页收藏本站
开启辅助访问

Cisco Cisco Secure Firewall Threat Defense 命令参考

 您所在的位置:网站首页 enabled与disabled Cisco Cisco Secure Firewall Threat Defense 命令参考

Cisco Cisco Secure Firewall Threat Defense 命令参考

2023-04-10 05:43| 来源: 网络整理| 查看: 265

Examples

以下是 show access-list 命令的输出示例,显示了使用 设备管理器 (本地或“on box”管理器时)为访问控制策略生成的高级访问列表。这些备注是系统生成的,可帮助您了解访问控制条目 (ACE)。请注意,备注为您提供相关规则的名称;根据规则生成的 ACE 如下。这些备注在下面的示例中突出显示。

> show access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) alert-interval 300 access-list NGFW_ONBOX_ACL; 50 elements; name hash: 0xf5cc3f88 access-list NGFW_ONBOX_ACL line 1 remark rule-id 268435458: ACCESS POLICY: NGFW_Access_Policy access-list NGFW_ONBOX_ACL line 2 remark rule-id 268435458: L5 RULE: Inside_Inside_Rule access-list NGFW_ONBOX_ACL line 3 advanced trust ip ifc inside1_2 any ifc inside1_3 any rule-id 268435458 event-log both (hitcnt=0) 0x2c7f5801 access-list NGFW_ONBOX_ACL line 4 advanced trust ip ifc inside1_2 any ifc inside1_4 any rule-id 268435458 event-log both (hitcnt=0) 0xf170c15b access-list NGFW_ONBOX_ACL line 5 advanced trust ip ifc inside1_2 any ifc inside1_5 any rule-id 268435458 event-log both (hitcnt=0) 0xce627c77 access-list NGFW_ONBOX_ACL line 6 advanced trust ip ifc inside1_2 any ifc inside1_6 any rule-id 268435458 event-log both (hitcnt=0) 0xe37dcdd2 access-list NGFW_ONBOX_ACL line 7 advanced trust ip ifc inside1_2 any ifc inside1_7 any rule-id 268435458 event-log both (hitcnt=0) 0x65347856 access-list NGFW_ONBOX_ACL line 8 advanced trust ip ifc inside1_2 any ifc inside1_8 any rule-id 268435458 event-log both (hitcnt=0) 0x6d622775 access-list NGFW_ONBOX_ACL line 9 advanced trust ip ifc inside1_3 any ifc inside1_2 any rule-id 268435458 event-log both (hitcnt=0) 0xc1579ed7 access-list NGFW_ONBOX_ACL line 10 advanced trust ip ifc inside1_3 any ifc inside1_4 any rule-id 268435458 event-log both (hitcnt=0) 0x40968b8f access-list NGFW_ONBOX_ACL line 11 advanced trust ip ifc inside1_3 any ifc inside1_5 any rule-id 268435458 event-log both (hitcnt=0) 0xc5a178c1 access-list NGFW_ONBOX_ACL line 12 advanced trust ip ifc inside1_3 any ifc inside1_6 any rule-id 268435458 event-log both (hitcnt=0) 0xdbc1560f access-list NGFW_ONBOX_ACL line 13 advanced trust ip ifc inside1_3 any ifc inside1_7 any rule-id 268435458 event-log both (hitcnt=0) 0x3571535c access-list NGFW_ONBOX_ACL line 14 advanced trust ip ifc inside1_3 any ifc inside1_8 any rule-id 268435458 event-log both (hitcnt=0) 0xc4a66c0a access-list NGFW_ONBOX_ACL line 15 advanced trust ip ifc inside1_4 any ifc inside1_2 any rule-id 268435458 event-log both (hitcnt=0) 0x1d1a8032 access-list NGFW_ONBOX_ACL line 16 advanced trust ip ifc inside1_4 any ifc inside1_3 any rule-id 268435458 event-log both (hitcnt=0) 0x8f7bbcdf access-list NGFW_ONBOX_ACL line 17 advanced trust ip ifc inside1_4 any ifc inside1_5 any rule-id 268435458 event-log both (hitcnt=0) 0xe616991f access-list NGFW_ONBOX_ACL line 18 advanced trust ip ifc inside1_4 any ifc inside1_6 any rule-id 268435458 event-log both (hitcnt=0) 0x4db9d2aa access-list NGFW_ONBOX_ACL line 19 advanced trust ip ifc inside1_4 any ifc inside1_7 any rule-id 268435458 event-log both (hitcnt=0) 0xf8a88db4 access-list NGFW_ONBOX_ACL line 20 advanced trust ip ifc inside1_4 any ifc inside1_8 any rule-id 268435458 event-log both (hitcnt=0) 0x1d3b5b80 access-list NGFW_ONBOX_ACL line 21 advanced trust ip ifc inside1_5 any ifc inside1_2 any rule-id 268435458 event-log both (hitcnt=0) 0xf508bbd8 access-list NGFW_ONBOX_ACL line 22 advanced trust ip ifc inside1_5 any ifc inside1_3 any rule-id 268435458 event-log both (hitcnt=0) 0x7084f3fc access-list NGFW_ONBOX_ACL line 23 advanced trust ip ifc inside1_5 any ifc inside1_4 any rule-id 268435458 event-log both (hitcnt=0) 0xd989f9aa access-list NGFW_ONBOX_ACL line 24 advanced trust ip ifc inside1_5 any ifc inside1_6 any rule-id 268435458 event-log both (hitcnt=0) 0xd5aa77f5 access-list NGFW_ONBOX_ACL line 25 advanced trust ip ifc inside1_5 any ifc inside1_7 any rule-id 268435458 event-log both (hitcnt=0) 0x4a7648b2 access-list NGFW_ONBOX_ACL line 26 advanced trust ip ifc inside1_5 any ifc inside1_8 any rule-id 268435458 event-log both (hitcnt=0) 0x118ef4b4 access-list NGFW_ONBOX_ACL line 27 advanced trust ip ifc inside1_6 any ifc inside1_2 any rule-id 268435458 event-log both (hitcnt=0) 0xa6be4e58 access-list NGFW_ONBOX_ACL line 28 advanced trust ip ifc inside1_6 any ifc inside1_3 any rule-id 268435458 event-log both (hitcnt=0) 0xda17cb9e access-list NGFW_ONBOX_ACL line 29 advanced trust ip ifc inside1_6 any ifc inside1_4 any rule-id 268435458 event-log both (hitcnt=0) 0xc6bfe6b7 access-list NGFW_ONBOX_ACL line 30 advanced trust ip ifc inside1_6 any ifc inside1_5 any rule-id 268435458 event-log both (hitcnt=0) 0x5fe085c3 access-list NGFW_ONBOX_ACL line 31 advanced trust ip ifc inside1_6 any ifc inside1_7 any rule-id 268435458 event-log both (hitcnt=0) 0x4574192b access-list NGFW_ONBOX_ACL line 32 advanced trust ip ifc inside1_6 any ifc inside1_8 any rule-id 268435458 event-log both (hitcnt=0) 0x36203c1e access-list NGFW_ONBOX_ACL line 33 advanced trust ip ifc inside1_7 any ifc inside1_2 any rule-id 268435458 event-log both (hitcnt=0) 0x699725ea access-list NGFW_ONBOX_ACL line 34 advanced trust ip ifc inside1_7 any ifc inside1_3 any rule-id 268435458 event-log both (hitcnt=0) 0x36a1e6a1 access-list NGFW_ONBOX_ACL line 35 advanced trust ip ifc inside1_7 any ifc inside1_4 any rule-id 268435458 event-log both (hitcnt=0) 0xe415bb76 access-list NGFW_ONBOX_ACL line 36 advanced trust ip ifc inside1_7 any ifc inside1_5 any rule-id 268435458 event-log both (hitcnt=0) 0x18ebff70 access-list NGFW_ONBOX_ACL line 37 advanced trust ip ifc inside1_7 any ifc inside1_6 any rule-id 268435458 event-log both (hitcnt=0) 0xf9bfd690 access-list NGFW_ONBOX_ACL line 38 advanced trust ip ifc inside1_7 any ifc inside1_8 any rule-id 268435458 event-log both (hitcnt=0) 0xf08a88b4 access-list NGFW_ONBOX_ACL line 39 advanced trust ip ifc inside1_8 any ifc inside1_2 any rule-id 268435458 event-log both (hitcnt=0) 0xd2014e58 access-list NGFW_ONBOX_ACL line 40 advanced trust ip ifc inside1_8 any ifc inside1_3 any rule-id 268435458 event-log both (hitcnt=0) 0x952c7254 access-list NGFW_ONBOX_ACL line 41 advanced trust ip ifc inside1_8 any ifc inside1_4 any rule-id 268435458 event-log both (hitcnt=0) 0xfc38a46f access-list NGFW_ONBOX_ACL line 42 advanced trust ip ifc inside1_8 any ifc inside1_5 any rule-id 268435458 event-log both (hitcnt=0) 0x3f878e23 access-list NGFW_ONBOX_ACL line 43 advanced trust ip ifc inside1_8 any ifc inside1_6 any rule-id 268435458 event-log both (hitcnt=0) 0x48e852ce access-list NGFW_ONBOX_ACL line 44 advanced trust ip ifc inside1_8 any ifc inside1_7 any rule-id 268435458 event-log both (hitcnt=0) 0x83c65e52 access-list NGFW_ONBOX_ACL line 45 remark rule-id 268435457: ACCESS POLICY: NGFW_Access_Policy access-list NGFW_ONBOX_ACL line 46 remark rule-id 268435457: L5 RULE: Inside_Outside_Rule access-list NGFW_ONBOX_ACL line 47 advanced trust ip ifc inside1_2 any ifc outside any rule-id 268435457 event-log both (hitcnt=0) 0xea5bdd6e access-list NGFW_ONBOX_ACL line 48 advanced trust ip ifc inside1_3 any ifc outside any rule-id 268435457 event-log both (hitcnt=0) 0xd7461ffc access-list NGFW_ONBOX_ACL line 49 advanced trust ip ifc inside1_4 any ifc outside any rule-id 268435457 event-log both (hitcnt=0) 0x6e13508e access-list NGFW_ONBOX_ACL line 50 advanced trust ip ifc inside1_5 any ifc outside any rule-id 268435457 event-log both (hitcnt=0) 0xfe1fcdd6 access-list NGFW_ONBOX_ACL line 51 advanced trust ip ifc inside1_6 any ifc outside any rule-id 268435457 event-log both (hitcnt=0) 0xa4dba9a8 access-list NGFW_ONBOX_ACL line 52 advanced trust ip ifc inside1_7 any ifc outside any rule-id 268435457 event-log both (hitcnt=0) 0x2cfd43cd access-list NGFW_ONBOX_ACL line 53 advanced trust ip ifc inside1_8 any ifc outside any rule-id 268435457 event-log both (hitcnt=0) 0xc3c3fafb access-list NGFW_ONBOX_ACL line 54 remark rule-id 1: ACCESS POLICY: NGFW_Access_Policy access-list NGFW_ONBOX_ACL line 55 remark rule-id 1: L5 RULE: DefaultActionRule access-list NGFW_ONBOX_ACL line 56 advanced deny ip any any rule-id 1 (hitcnt=0) 0x84953cae >

以下示例以十六进制格式显示指定访问策略的简短信息(命中计数不是零的 ACE)。前两列以十六进制格式显示标识符,第三列显示命中计数,第四列显示时间戳值(也是十六进制格式)。命中计数值代表流量命中规则的次数。时间戳值报告最后一次命中的时间。如果命中计数为零,则不会显示任何信息。

以下是当 Telnet 流量通过时 show access-list brief 命令的输出示例:。

> show access-list test brief access-list test; 3 elements; name hash: 0xcb4257a3 7b1c1660 44ae5901 00000001 4a68ab51

以下是当 SSH 流量通过时 show access-list brief 命令的输出示例:。

> show access-list test brief access-list test; 3 elements; name hash: 0xcb4257a3 7b1c1660 44ae5901 00000001 4a68ab51 3666f922 44ae5901 00000001 4a68ab66

以下示例显示元素计数,即系统上定义的所有访问列表的访问控制条目总数。对于分配为访问组的访问列表,要全局控制访问或在接口上控制访问,可以通过启用对象组搜索来减少元素计数,这在运行配置中由 object-group-search access-control 命令表示。启用对象组搜索时,将在访问控制条目中使用网络对象;否则,对象将扩展为对象中包含的单个 IP 地址,并为每个源/目标地址对写入单独的条目。因此,使用具有 5 个 IP 地址的源网络对象和具有 6 个地址的目标对象的单个规则将扩展为 5 * 6 个条目,而不是一个元素。元素计数越高,访问列表越大,这可能会影响性能。

> show access-list element-count Total number of access-list elements: 33934

从 7.1 开始,如果启用对象组搜索,则会显示有关规则 (OBJGRP) 中对象组数量的其他信息,包括源 (SRC OBJ) 和目标 (DST OBJ) 对象之间的拆分,以及添加的和已删除的组。

> show access-list element-count Total number of access-list elements: 892 OBJGRP SRC OG DST OG ADD OG DEL OG 842 842 842 842 0


【本文地址】


今日新闻

推荐新闻

CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3