Re: Discuss with "fw6 sam_policy add"

Herschel_Liang · ‎2022-07-26

[Expert@R80.30_GW1:0]# fw6 sam_policy add -a d -l r -t 3600 -n aaa quota service any source cidr:2::2/128 concurrent-conns 1000 fl ush true
add quota: validation failed: Bad source 'cidr:2::2/128' (-5)
[Expert@R80.30_GW1:0]# fw6 sam_policy add -a d -l r -t 3600 -n aaa quota service any source cidr:2::2/12 concurrent-conns 1000 flush true add quota: validation failed: Bad source 'cidr:2::2/12' (-5)
[Expert@R80.30_GW1:0]# fw6 sam_policy add -a d -l r -t 3600 -n aaa quota service any source cidr:"2::2/12" concurrent-conns 1000 flush true
add quota: validation failed: Bad source 'cidr:2::2/12' (-5)
[Expert@R80.30_GW1:0]# fw6 sam_policy add -a d -l r -t 3600 -n aaa quota service any source "cidr:2::2/12" concurrent-conns 1000 flush true
add quota: validation failed: Bad source 'cidr:2::2/12' (-5)
[Expert@R80.30_GW1:0]#

I want to block the IPv6 malicious source addresses via the SAM rule and have tried many many times, but it seems that suffer from a syntax issue. Who can tell me what is wrong with it? THX!

PhoneBoy · ‎2022-07-26

Perhaps instead of doing this with sam_policy, use:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Herschel_Liang · ‎2022-07-26

I have read it, but test fail. I would like to a detail example now.

PhoneBoy · ‎2022-07-27

What precise fwaccel6 dos commands did you try and what were their precise results?

Are you a member of CheckMates?

Discuss with "fw6 sam_policy add"