CLI Guide - WatchGuard Technologies
CLI Guide - WatchGuard Technologies
CLI Guide - WatchGuard Technologies
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Top-level configuration mode commands<br />
positions that you can choose from. You pick a<br />
location and enter a “1” to mark that bit.<br />
[-log_per_policy [enable|disable] ]<br />
This argument allows you to enable or disable<br />
logging on a per-policy basis.<br />
[-icmp_error_handling_per_policy<br />
[[global | all] |<br />
[[no] fragmentation_required]<br />
[[no] time_exceeded]<br />
[[no] network_unreachable]<br />
[[no] host_unreachable]<br />
[[no] port_unreachable] ]<br />
This argument allows you to implement ICMP<br />
error handling per policy, and specify error<br />
handling options.<br />
[-mss_adjustment_per_policy [auto|<br />
limit_to |disable|use_global]]<br />
This argument allows you to specify a per-policy<br />
TCP Maximum Segment Size. See<br />
“mss_adjustment” on page 112 for more<br />
information on these settings. To use the global<br />
settings, use the argument use_global.<br />
Examples<br />
WG(config)#policy Allow_Outbound Any<br />
Any \<br />
interface 0 -firewall pass -nat<br />
DYNAMIC_NAT <br />
WG(config)#policy HQ_BR_VPN HQ BR<br />
interface 0 \<br />
-firewall pass -ipsec bi HQ_IPsec<br />
<br />
WG(config)#policy SJ_NY_VPN SJ NY<br />
interface 1 \<br />
<strong>WatchGuard</strong> Command Line Interface <strong>Guide</strong> 59