Technical data
136 Meru System Director Configuration Guide © 2012 Meru Networks, Inc.
Policy Enforcement Module
default(config-qosrule)# action drop
default(config-qosrule)# firewall-filter-id 1
default(config-qosrule)# firewall-filter-id-match on
default(config-qosrule)# qosrule-logging on
default(config-qosrule)# qosrule-logging-frequency 30
default(config-qosrule)# exit
default(config)# exit
To check the configuration of the policy, use the show qosrule command:
default# show qosrule
ID Dst IP Dst Mask DPort Src IP Src Mask SPort Prot QoS
Action Drop Firewall Filter
1 0.0.0.0 0.0.0.0 1720 0.0.0.0 0.0.0.0 0 6
h323 capture head
2 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0 1720 6
h323 capture head
3 0.0.0.0 0.0.0.0 5060 0.0.0.0 0.0.0.0 0 17 sip
capture head
4 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0 5060 17 sip
capture head
7 0.0.0.0 0.0.0.0 5200 0.0.0.0 0.0.0.0 0 17
none forward head
8 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0 5200 17
none forward head
200 0.0.0.0 0.0.0.0 80 0.0.0.0 0.0.0.0 0 6
none drop tail 1
QoS Rules(7 entries)
default#
The following commands are required to apply the example filter ID 1 to the Security
Profile.
default(config-security)# firewall-capability configured
default(config-security)# firewall-filter-id 1
default(config-security)# security-logging off
Troubleshooting Per-User Firewall
Policy Enforcement Module license must already be installed.
Turn on the QoS rule logging feature available in QoS rule page. If the client traffic
hits the rule, the same will be displayed in the syslog server or via the CLI
command show syslog-file firewall.
Note:
Once you create a firewall rule, you cannot modify the rule to enable or
disable firewall logging. As a workaround, either create the firewall rule with the
required option or delete the rule and re-apply it with the required option.