Hi,
how can I exclude IP addresses or ranges from SecureXL on the SMB appliances with R80.20.5?
My management is R80.40.
I followed sk104468 and edited "table.def" but when I check according to the SK on the gateway I get the following result:
# fw tab -t f2f_addresses
localhost:
Table f2f_addresses not loaded: Invalid argument
My best guess is that I got hold of the wrong "table.def" as there are several available:
/opt/CPsuite-R80.40/fw1/lib/table.def
/opt/CPR7520CMP-R80.40/lib/table.def
/opt/CPR7540CMP-R80.40/lib/table.def
/opt/CPR76CMP-R80.40/lib/table.def
/opt/CPSFWR77CMP-R80.40/lib/table.def
/opt/CPSFWR80CMP-R80.40/lib/table.def
/opt/CPR77CMP-R80.40/lib/table.def
/opt/CPR75CMP-R80.40/lib/table.def
/opt/CPNGXCMP-R80.40/lib/table.def
/opt/CPSG80CMP-R80.40/lib/table.def
/opt/CPR71CMP-R80.40/lib/table.def
/opt/CPSG80R75CMP-R80.40/lib/table.def
I used the first one as it seemed the obvious choice for R80 policy targets. Unluckily sk98339 is not updated to include R80.40 as management or R80.20 SMB as target yet.
Yours, Martin
P.S. If the question is "Why the hell do I want to disable SecureXL?" In my setup some services are not working properly. When I disable SecureXL to debug the connections, they start working. Unluckily I have not found a way to disable SecureXL permanently. When I do "fwaccel off" it turns itself "on" again after a few hours (I have no idea how or why).
P.P.S. Migrated from a 1470 with R77.20 to a 1550 with R80.20.5 about a week ago. This has been a lot more painful than expected. But I want to play with Layered Policies, so I have to go that way.