USG110 ip-exception

JaapHoetmer
JaapHoetmer Posts: 3  Freshman Member
Friend Collector Fourth Anniversary
Hello,

I am trying to set up ip-exception on a USG110, but the commands listed in the CLI reference are not available on the device.


Running firmware version is 4.73, the CLI reference covers v4.10-4.60.

The first command to enable this should be
security-service ip-exception <profile_name>
however, the command security-service isn't even available.

Can anybody shed some light on this?

Your help is much appreciated.
Kind regards,
Jaap

All Replies

  • zyman2008
    zyman2008 Posts: 223  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary
    edited August 2022
    @JaapHoetmer
    The design of USG is a little bit different with ATP/USG FLEX.
    USG does not support IP exception feature. 
    But you can create a security policy to bypass security check of a specific source IP/destination IP on USG.
    1. Create address object, for example object name is SOURCE_IP, DESTINATION_IP
    2. Insert a secure policy rule on the top with the first priority order,

    secure-policy insert 1
    name RULE01
    sourceip SOURCE_IP
    destinationip DESTINATION_IP
    action allow
  • JaapHoetmer
    JaapHoetmer Posts: 3  Freshman Member
    Friend Collector Fourth Anniversary
    Hi @zyman2008 , thanks for the clarification.

    Kind regards,
    Jaap


Security Highlight