Home  Prev  Clavister NetEye On-Premises Getting Started Guide  

4.2. Whitelist Setup Using the CLI

The following CLI commands could be used instead of the WebUI for whitelisting setup in cOS Core.

A. Configure FQDN Address Objects and FQDN Address Group

Device:/> add Address FQDNAddress my_whitelist_fqdn1
			Address=*.example.com
If there is more than one FQDN address object, combine them into an FQDN group object. 

Device:/> add Address FQDNGroup my_whitelist_fqdn_group
			Members=my_whitelist_fqdn1,my_whitelist_fqdn2
[Note] Note: FQDN wildcards require a DNSProfile

For FQDN wildcards to function, a DNSProfile object must also be associated with the IP policy that allows DNS traffic to flow to the Internet. This is explained further in the FQDN Address Objects section of the separate cOS Core Administration Guide.

B. Configure a Policy-based Routing Rule

Create a policy-based routing rule for the client traffic. Note that the rule position in the ruleset must be above the routing rule for the traffic going to NetEye. Setting the index to a value of 1 will place the rule at the top, above all other rules. 

Device:/> add RoutingRule
			ForwardRoutingTable=main
			ReturnRoutingTable=main
			SourceInterface=If1
			SourceNetwork=If1_net
			DestinationInterface=any
			DestinationNetwork=my_whitelist_fqdn_group
			Service=http-all
			Index=1

A CLI activate/commit command sequence can now be applied to make the configuration changes permanent. It is assumed that a suitable IP policy exists in the configuration which will allow client traffic to flow to the Internet.

Home  Prev