User Guide
OmniAccess SafeGuard OS Administration Guide
325
Chapter 7: Establishing a Security Policy
policy debug [enable | disable]
To verify the settings of policy debug, use the show policy debug command as discussed
in Showing Policy Debug on page 330.
System Generated Policies and Roles
SafeGuard OS creates policies and roles for internal use. These policies and roles are not
available for external configuration, but have key significance when understanding
policy. Configure whether this information should be hidden or displayed in related
show command output. To enable viewing of system policy information, use the
following Global Configuration command:
policy system-display
The command has no options or parameters. The command is enabled by default. To
prevent system policy information from displaying in show command output, use the no
version of the command:
no policy system-display
Default System Policies
The SafeGuard OS creates default policies to facilitate the authentication process.
The System_CPAuthRedir helps to redirect Captive Portal traffic to the CPU.
policy user System_CPAuthRedir
filter System_CPAuthRedir-1 from any to any tcp 16978 redirect-cpu precedence 1
filter System_CPAuthRedir-2 from any to any tcp 16979 redirect-cpu precedence 2
The System_Redirect helps to send the supported authentication packets to the CPU to
facilitate the initial authentication and reauthentication process.
system-policy System_Redirect
filter System_Redirect-radius from any to any udp 1812 copy-cpu precedence 1
filter System_Redirect-dhcp-1 from any to any udp 67 copy-cpu precedence 2
filter System_Redirect-dhcp-2 from any to any udp 68 copy-cpu precedence 3
filter System_Redirect-krb from any to any udp 88 copy-cpu precedence 4
filter System_Redirect-krb-tcp from any to any tcp 88 copy-cpu precedence 5
Syntax Description enable Enables the capture of debug information.
disable Disables the capture of debug information.