CLI命令:
exec policy verify
ISG2000_A(M)-> exec policy verify
Rule 46 is shadowed by rule 37
Rule 94 is shadowed by rule 88
Rule 98 is shadowed by rule 15
Rulebase verification done: shadowed rules were found
结果表示policy id为46的策略被policy id为37的策略遮盖
policy id为94的策略被policy id为88的策略遮盖
policy id为98的策略被policy id为15的策略遮盖
明细如下:
ISG2000_A(M)-> get policy id 46
name:"none" (id 46), zone Untrust -> Trust,action Permit, status "enabled"
src "10.243.60.11/32", dst "MIP(10.244.150.19)", serv "9060"
Policies on this *** tunnel: 0
nat off, Web filtering : disabled
*** unknown ***, policy flag 00000000, session backup: on
traffic shapping off, scheduler n/a, serv flag 00
log no, log count 0, alert no, counter no(0) byte rate(sec/min) 0/0
total octets 103824, counter(session/packet/octet) 0/0/0
No Authentication
No User, User Group or Group expression set
ISG2000_A(M)-> get policy id 37
name:"none" (id 37), zone Untrust -> Trust,action Permit, status "enabled"
1 source: "10.243.60.11/32"
2 destinations: "MIP(10.244.150.19)", "MIP(10.244.150.41)"
4 services: "39062", "80-85", "81-29060", "9060"
Policies on this *** tunnel: 0
nat off, Web filtering : disabled
*** unknown ***, policy flag 00000000, session backup: on
traffic shapping off, scheduler n/a, serv flag 00
log no, log count 0, alert no, counter no(0) byte rate(sec/min) 0/0
total octets 486144, counter(session/packet/octet) 0/0/0
No Authentication
No User, User Group or Group expression set
转自(http://k968888.blog.sohu.com/)特此感谢~
转载于:https://blog.51cto.com/oldtian/629844
扫一扫
182
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
