TMS zl Management and Configuration Guide ST.1.2.100916
A-47
Command-Line Reference
Global Configuration Context
Recall that, on the TMS zl Module, you can assign a domain name to a RADIUS
server. If you do so, users must submit their username followed by
@<domain name> when authenticating to that server.
access-policy
You use the access-policy command to configure all of your firewall access
policies. You can configure these policies according to several parameters:
■ User group
■ Type of policy (unicast or multicast)
■ Source zone
■ Destination zone
■ Action (permit or deny)
■ Service
■ Source address
■ Destination address
To configure (or delete) a unicast access policy (and optionally specify a user
group), enter the following command:
Syntax: [no] access-policy [group <name>] <source zone> <destination zone>
<action> {<protocol> | [service <service>]} <source address> [source port] <des-
tination address> [<destination port>] [extended options]
Replace <name> with the name of the user group you are creating.
The available options for the command are shown in Table A-11. At the end
of the access-policy command, you can append various optional keywords,
which are listed in Table A-11 as extended options.
Note If you renamed a zone using a keyword in the CLI (such as GRE, VPN, or L2TP),
include the zone name in quotation marks when you enter the access-policy
command. If you do not use quotation marks, you will receive the error
message “Invalid input.”
Generally, it is best practices to avoid using such CLI keywords when renam-
ing zones.
To create a multicast access policy, enter the following command:
Syntax: [no] access-policy multicast <source zone> <destination zone> <action>
< protocol | service <service object> > <source address> [source port] <destination
address> [destination port] [extended options]