Scribd Logo
Upload

Welcome to Scribd!

  • PASC-FW-PA-0174-IE02display Currentaa

    Uploaded by

    Brandon Flores
    2 views12 pages

    Original Title

    PASC-FW-PA-0174-IE02display currentaa

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    2 views12 pages

    PASC-FW-PA-0174-IE02display Currentaa

    Uploaded by

    Brandon Flores

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 12

    mmandSource=1, ConfigSource=2, ConfigDestination=4)

    <PASC-FW-PA-0259-IE01>display current-configuration
    2024-04-25 21:14:39.430 -05:00
    !Software Version V600R007C00SPC200
    #
    sysname PASC-FW-PA-0259-IE01
    #
    set net-manager vpn-instance GESTION
    #
    l2tp domain suffix-separator @
    #
    info-center channel 6 name loghost1
    info-center loghost source Vlanif3000
    info-center loghost 10.187.0.57 vpn-instance GESTION channel 6 facility local4
    info-center loghost 10.187.0.58 vpn-instance GESTION channel 6 facility local4
    info-center loghost 10.85.37.185 vpn-instance GESTION channel 6 facility local4
    #
    ipv6
    #
    vlan batch 1000 2000 3000
    #
    authentication-profile name portal_authen_default
    #
    ip netstream timeout active 20
    ip netstream timeout inactive 100
    ip netstream export version 9
    ip netstream export source 10.85.37.185
    ip netstream export host 10.187.0.100 9996
    ip netstream export template timeout-rate 1
    #
    undo factory-configuration prohibit
    #
    undo telnet ipv6 server enable
    #
    clock timezone PE minus 05:00:00
    #
    firewall packet-filter basic-protocol enable
    #
    update schedule location-sdb weekly Sun 00:19
    #
    firewall defend action discard
    #
    undo log type traffic enable
    log type syslog enable
    log type policy enable
    undo log type threat enable
    undo log type url enable
    undo log type um enable
    undo log type mail-filter enable
    undo log type content enable
    #
    dataflow enable
    undo dataflow type traffic ipv6 enable
    #
    undo sa force-detection enable
    #
    lldp enable
    #
    banner enable
    #
    user-manage web-authentication security port 8887
    undo privacy-statement english
    undo privacy-statement chinese
    page-setting
    user-manage security version tlsv1.1 tlsv1.2
    password-policy
    level high
    user-manage single-sign-on ad
    user-manage single-sign-on tsm
    user-manage single-sign-on radius
    user-manage auto-sync online-user
    #
    firewall ids authentication type aes256
    #
    web-manager security version tlsv1.1 tlsv1.2
    web-manager enable
    web-manager security enable
    #
    firewall dataplane to manageplane application-apperceive default-action drop
    #
    dhcp enable
    #
    undo feedback type threat-log enable
    #
    update schedule ips-sdb daily 07:19
    update schedule av-sdb daily 07:19
    update schedule sa-sdb daily 07:19
    update schedule cnc daily 07:19
    update schedule ext-url-sdb daily 07:19
    #
    ip vpn-instance GESTION
    ipv4-family
    route-distinguisher 1:1
    ipv6-family
    route-distinguisher 1:1
    #
    ip vpn-instance default
    ipv4-family
    #
    hwtacacs-server template HWTACACS
    hwtacacs-server authentication 10.187.0.34 vpn-instance GESTION
    hwtacacs-server authorization 10.187.0.34 vpn-instance GESTION
    hwtacacs-server accounting 10.187.0.34 vpn-instance GESTION
    hwtacacs-server source-ip 10.85.37.185
    hwtacacs-server shared-key cipher %^%#f/L>/n/Am4DW<^~)*u,46ciX1$"^:JB22h"{]vc'[UN|
    ~kX%wCj3PlYMW'm%%^%#
    undo hwtacacs-server user-name domain-included
    #
    time-range worktime
    period-range 08:00:00 to 18:00:00 working-day
    #
    ike proposal default
    encryption-algorithm aes-256 aes-192 aes-128
    dh group14
    authentication-algorithm sha2-512 sha2-384 sha2-256
    authentication-method pre-share
    integrity-algorithm hmac-sha2-256
    prf hmac-sha2-256
    #
    web-auth-server default
    port 50100
    #
    portal-access-profile name default
    #
    ip pool INALAMBRICO
    gateway-list 10.82.91.129
    network 10.82.91.128 mask 255.255.255.128
    dns-list 8.8.8.8 8.8.4.4
    #
    ip pool ALAMBRICO
    gateway-list 10.84.75.113
    network 10.84.75.112 mask 255.255.255.240
    dns-list 8.8.8.8 8.8.4.4
    #
    dhcpv6 pool WLAN
    address prefix 2001:DB8:3C4D:2::B700/120
    #
    dhcpv6 pool LAN
    address prefix 2001:DB8:3C4D:2::2:B700/120
    #
    aaa
    authentication-scheme admin_ad
    authentication-scheme admin_ad_local
    authentication-scheme admin_hwtacacs
    authentication-scheme admin_hwtacacs_local
    authentication-scheme admin_ldap
    authentication-scheme admin_ldap_local
    authentication-scheme admin_local
    authentication-scheme admin_radius
    authentication-scheme admin_radius_local
    authentication-scheme default
    authentication-scheme fitel
    authentication-mode hwtacacs local
    authorization-scheme default
    authorization-scheme fitel
    authorization-mode hwtacacs local
    accounting-scheme default
    accounting-scheme fitel
    accounting-mode hwtacacs
    domain default
    service-type internetaccess ssl-vpn l2tp ike dot1x
    internet-access mode password
    reference user current-domain
    domain fitel
    authentication-scheme fitel
    accounting-scheme fitel
    authorization-scheme fitel
    hwtacacs-server HWTACACS
    service-type internetaccess ssl-vpn l2tp ike administrator-access
    internet-access mode password
    reference user default-domain
    manager-user audit-admin
    password cipher $1a$P!/::5!g]E$801r>s`!nF{E`<:|_l$I_-n()WZ&eU~~f4=6G4f;$
    service-type web terminal
    level 15

    manager-user admin
    password cipher $1a$Rj_rTg#x>;$hg(d;4Z6rQo7']-dE-d']D=`3A"rg>"^;r:##8yB$
    service-type web terminal
    level 15

    manager-user admin_bandtel
    password cipher $1a$BEm]:(wc5@$u.n7#o%!aDO.fAJULS-T]$AuLLC=BXG1LM64tf/M$
    service-type web terminal telnet ssh
    level 15

    role system-admin
    role device-admin
    role device-admin(monitor)
    role audit-admin
    bind manager-user audit-admin role audit-admin
    bind manager-user admin role system-admin
    #
    ntp-service server disable
    ntp-service ipv6 server disable
    ntp-service source-interface Vlanif3000 vpn-instance GESTION
    ntp-service unicast-server 10.187.0.65
    ntp-service unicast-server 10.187.0.66
    #
    interface Vlanif1000
    description ACCESO_INALAMBRICO
    ipv6 enable
    ip address 10.82.91.129 255.255.255.128
    ipv6 address 2001:DB8:3C4D:2::B701/120
    undo ipv6 nd ra halt
    ipv6 nd autoconfig managed-address-flag
    ipv6 nd autoconfig other-flag
    ip netstream inbound
    ip netstream sampler fix-packets 1200 inbound
    service-manage ping permit
    dhcp select global
    dhcpv6 server WLAN
    #
    interface Vlanif2000
    description ACCESO_ALAMBRICO
    ipv6 enable
    ip address 10.84.75.113 255.255.255.240
    ipv6 address 2001:DB8:3C4D:2::2:B701/120
    undo ipv6 nd ra halt
    ipv6 nd autoconfig managed-address-flag
    ipv6 nd autoconfig other-flag
    ip netstream inbound
    ip netstream sampler fix-packets 1200 inbound
    service-manage ping permit
    dhcp select global
    dhcpv6 server LAN
    #
    interface Vlanif3000
    description GESTION
    ip binding vpn-instance GESTION
    ipv6 enable
    ip address 10.85.37.185 255.255.255.248
    ipv6 address 2001:DB8:3C4D:2::4:B701/120
    service-manage https permit
    service-manage ping permit
    service-manage ssh permit
    service-manage snmp permit
    service-manage netconf permit
    #
    l2tp-group default-lns
    #
    interface GigabitEthernet0/0/0
    portswitch
    description CONEXION-SWITCH
    undo shutdown
    port link-type trunk
    undo port trunk allow-pass vlan 1
    port trunk allow-pass vlan 1000 2000 3000
    alias GE0/METH
    #
    interface GigabitEthernet0/0/1
    portswitch
    description to_VideoConferencia
    undo shutdown
    port link-type access
    port default vlan 2000
    #
    interface GigabitEthernet0/0/2
    portswitch
    description to_UPS
    undo shutdown
    port link-type access
    port default vlan 3000
    #
    interface GigabitEthernet0/0/3
    shutdown
    #
    interface GigabitEthernet0/0/4
    shutdown
    #
    interface GigabitEthernet0/0/5
    shutdown
    #
    interface GigabitEthernet0/0/6
    shutdown
    #
    interface GigabitEthernet0/0/7
    shutdown
    #
    interface GigabitEthernet0/0/8
    description UPLINK
    undo shutdown
    ipv6 enable
    alias WAN
    service-manage https permit
    service-manage ping permit
    service-manage ssh permit
    service-manage snmp permit
    #
    interface GigabitEthernet0/0/8.501
    vlan-type dot1q 501
    description to_ATN_SERVICIOS_INTERNET
    ipv6 enable
    ip address 10.30.98.222 255.255.255.252
    ipv6 address 2001:DB8:3C4D:2::D:EADE/126
    ip netstream inbound
    ip netstream sampler fix-packets 1200 inbound
    alias WAN_INTERNET
    service-manage ping permit
    #
    interface GigabitEthernet0/0/8.1001
    vlan-type dot1q 1001
    description to_ATN_SERVICIOS_INTRANET
    ipv6 enable
    ip address 10.30.114.222 255.255.255.252
    ipv6 address 2001:DB8:3C4D:2::D:F2DE/126
    ip netstream inbound
    ip netstream sampler fix-packets 1200 inbound
    alias WAN_INTRANET
    service-manage ping permit
    #
    interface GigabitEthernet0/0/8.1501
    vlan-type dot1q 1501
    description to_ATN_GESTION
    ip binding vpn-instance GESTION
    ipv6 enable
    ip address 10.30.130.222 255.255.255.252
    ipv6 address 2001:DB8:3C4D:2::E:ADE/126
    alias WAN_GESTION
    service-manage https permit
    service-manage ping permit
    service-manage ssh permit
    service-manage snmp permit
    service-manage telnet permit
    service-manage netconf permit
    #
    interface GigabitEthernet0/0/9
    undo shutdown
    #
    interface GigabitEthernet0/0/10
    undo shutdown
    #
    interface GigabitEthernet0/0/11
    undo shutdown
    #
    interface Virtual-if0
    #
    interface NULL0
    #
    firewall zone local
    set priority 100
    #
    firewall zone trust
    set priority 85
    add interface GigabitEthernet0/0/2
    add interface GigabitEthernet0/0/8.1501
    add interface Vlanif3000
    #
    firewall zone untrust
    set priority 5
    add interface GigabitEthernet0/0/0
    add interface GigabitEthernet0/0/1
    add interface GigabitEthernet0/0/8.1001
    add interface GigabitEthernet0/0/8.501
    add interface Vlanif1000
    add interface Vlanif2000
    #
    firewall zone dmz
    set priority 50
    #
    api
    #
    bgp 65082
    peer 10.30.98.221 as-number 65430
    peer 10.30.98.221 description to_INTERNET
    peer 10.30.114.221 as-number 65430
    peer 10.30.114.221 description to_INTRANET
    peer 2001:DB8:3C4D:2:D::EADD as-number 65430
    peer 2001:DB8:3C4D:2:D::EADD description to_INTERNET
    peer 2001:DB8:3C4D:2:D::F2DD as-number 65430
    peer 2001:DB8:3C4D:2:D::F2DD description to_INTRANET
    #
    ipv4-family unicast
    undo synchronization
    network 10.82.91.128 255.255.255.128
    network 10.84.75.112 255.255.255.240
    peer 10.30.98.221 enable
    peer 10.30.98.221 ip-prefix SERVICIOS-EXPORT export
    peer 10.30.98.221 keep-all-routes
    peer 10.30.114.221 enable
    peer 10.30.114.221 ip-prefix SERVICIOS-EXPORT export
    peer 10.30.114.221 keep-all-routes
    #
    ipv6-family unicast
    undo synchronization
    network 2001:DB8:3C4D:2::B700 120
    network 2001:DB8:3C4D:2::2:B700 120
    #
    ipv4-family vpn-instance GESTION
    network 10.85.37.184 255.255.255.248
    peer 10.30.130.221 as-number 65430
    peer 10.30.130.221 description to_OyM
    peer 10.30.130.221 ip-prefix GESTION-IMPORT import
    peer 10.30.130.221 ip-prefix GESTION-EXPORT export
    #
    ipv6-family vpn-instance GESTION
    network 2001:DB8:3C4D:2::4:B700 120
    peer 2001:DB8:3C4D:2:E::ADD as-number 65430
    peer 2001:DB8:3C4D:2:E::ADD description to_OyM
    #
    undo icmp name timestamp-request receive
    undo icmp name timestamp-reply receive
    undo icmp type 17 code 0 receive
    undo icmp type 18 code 0 receive
    #
    ip ip-prefix GESTION-IMPORT index 10 permit 10.187.0.0 24
    ip ip-prefix GESTION-IMPORT index 20 permit 172.22.2.0 24
    ip ip-prefix GESTION-IMPORT index 30 permit 10.180.100.0 24
    ip ip-prefix GESTION-EXPORT index 10 permit 10.85.37.184 29
    ip ip-prefix SERVICIOS-EXPORT index 10 permit 10.82.91.128 25
    ip ip-prefix SERVICIOS-EXPORT index 20 permit 10.84.75.112 28
    #
    snmp-agent
    snmp-agent local-engineid 800007DB031856446FD374
    snmp-agent sys-info contact OyM Bandtel Acceso Team
    snmp-agent sys-info location Pasco
    snmp-agent sys-info version v3
    snmp-agent group v3 v3group privacy read-view v3view write-view v3view notify-view
    v3view
    snmp-agent target-host trap address udp-domain 10.187.0.29 vpn-instance GESTION
    params securityname cipher %^%#'kZ#F=C`YWZd$mIF0561!Oh(7b,h}<Nf0-ZPu,!5%^%#
    snmp-agent mib-view included v3view iso
    snmp-agent usm-user v3 user-pronatel
    snmp-agent usm-user v3 user-pronatel group v3group
    snmp-agent usm-user v3 user-pronatel authentication-mode sha cipher %^%#B}t5=^m,
    $7_D>{AoTyoSj4Ah<mX^sA89bk-BUkBD[1kZU;iySAuoVdXK&etJ%^%#
    snmp-agent usm-user v3 user-pronatel privacy-mode aes128 cipher %^
    %#KEaMXHv]9$O67y;f,[s5jY6(OEN<8TO}z8-fr#=>Mn+R#l^,kUfd.JW39E#N%^%#
    snmp-agent trap source Vlanif3000
    snmp-agent trap enable
    #
    undo ssh server compatible-ssh1x enable
    stelnet server enable
    ssh authentication-type default password
    ssh user admin_bandtel
    ssh user admin_bandtel authentication-type password
    ssh user admin_bandtel service-type all
    ssh user admin_bandtel sftp-directory hda1:
    ssh client first-time enable
    sftp client-source -a 10.85.37.185
    ssh server cipher aes256_ctr aes128_ctr
    ssh server hmac sha2_256 sha1
    ssh client cipher aes256_ctr aes128_ctr
    ssh client hmac sha2_256 sha1
    ssh server dh-exchange min-len 2048
    #
    firewall detect ftp
    #
    firewall log source 10.85.37.185 6666
    firewall log host 2 10.187.0.57 9002 vpn-instance GESTION
    firewall log host 3 10.187.0.58 9002 vpn-instance GESTION
    firewall log session new-session enable
    firewall log session url-log enable
    #
    v-gateway ssl-renegotiation-attack defend enable
    #
    user-interface con 0
    authentication-mode aaa
    user-interface vty 0 4
    authentication-mode aaa
    user-interface vty 16 20
    #
    pki realm default
    #
    profile type ips name profile_ips_pc
    description profile for intranet users
    signature-set name filter1
    os unix-like windows android ios other
    target client
    severity medium high
    protocol HTTP
    #
    profile type url-filter name bloc
    category pre-defined subcategory-id 101 action alert
    category pre-defined subcategory-id 102 action alert
    category pre-defined subcategory-id 162 action alert
    category pre-defined subcategory-id 163 action alert
    category pre-defined subcategory-id 164 action alert
    category pre-defined subcategory-id 165 action alert
    category pre-defined subcategory-id 103 action alert
    category pre-defined subcategory-id 166 action alert
    category pre-defined subcategory-id 167 action alert
    category pre-defined subcategory-id 168 action alert
    category pre-defined subcategory-id 104 action alert
    category pre-defined subcategory-id 169 action alert
    category pre-defined subcategory-id 170 action alert
    category pre-defined subcategory-id 105 action alert
    category pre-defined subcategory-id 171 action alert
    category pre-defined subcategory-id 172 action alert
    category pre-defined subcategory-id 173 action alert
    category pre-defined subcategory-id 174 action alert
    category pre-defined subcategory-id 106 action alert
    category pre-defined subcategory-id 108 action alert
    category pre-defined subcategory-id 251 action alert
    category pre-defined subcategory-id 177 action alert
    category pre-defined subcategory-id 109 action alert
    category pre-defined subcategory-id 110 action alert
    category pre-defined subcategory-id 248 action alert
    category pre-defined subcategory-id 178 action alert
    category pre-defined subcategory-id 111 action alert
    category pre-defined subcategory-id 112 action alert
    category pre-defined subcategory-id 179 action alert
    category pre-defined subcategory-id 114 action alert
    category pre-defined subcategory-id 115 action alert
    category pre-defined subcategory-id 180 action alert
    category pre-defined subcategory-id 181 action alert
    category pre-defined subcategory-id 117 action alert
    category pre-defined subcategory-id 118 action alert
    category pre-defined subcategory-id 119 action alert
    category pre-defined subcategory-id 122 action block
    category pre-defined subcategory-id 182 action block
    category pre-defined subcategory-id 183 action block
    category pre-defined subcategory-id 184 action block
    category pre-defined subcategory-id 123 action alert
    category pre-defined subcategory-id 186 action alert
    category pre-defined subcategory-id 187 action alert
    category pre-defined subcategory-id 188 action alert
    category pre-defined subcategory-id 189 action alert
    category pre-defined subcategory-id 124 action alert
    category pre-defined subcategory-id 125 action alert
    category pre-defined subcategory-id 126 action alert
    category pre-defined subcategory-id 190 action alert
    category pre-defined subcategory-id 127 action alert
    category pre-defined subcategory-id 128 action alert
    category pre-defined subcategory-id 191 action alert
    category pre-defined subcategory-id 192 action alert
    category pre-defined subcategory-id 193 action alert
    category pre-defined subcategory-id 194 action alert
    category pre-defined subcategory-id 195 action alert
    category pre-defined subcategory-id 196 action alert
    category pre-defined subcategory-id 129 action alert
    category pre-defined subcategory-id 130 action alert
    category pre-defined subcategory-id 131 action alert
    category pre-defined subcategory-id 197 action alert
    category pre-defined subcategory-id 198 action alert
    category pre-defined subcategory-id 199 action alert
    category pre-defined subcategory-id 132 action alert
    category pre-defined subcategory-id 227 action alert
    category pre-defined subcategory-id 228 action alert
    category pre-defined subcategory-id 200 action alert
    category pre-defined subcategory-id 133 action alert
    category pre-defined subcategory-id 201 action alert
    category pre-defined subcategory-id 202 action alert
    category pre-defined subcategory-id 204 action alert
    category pre-defined subcategory-id 205 action alert
    category pre-defined subcategory-id 134 action alert
    category pre-defined subcategory-id 135 action alert
    category pre-defined subcategory-id 136 action alert
    category pre-defined subcategory-id 206 action alert
    category pre-defined subcategory-id 207 action alert
    category pre-defined subcategory-id 208 action alert
    category pre-defined subcategory-id 137 action alert
    category pre-defined subcategory-id 209 action alert
    category pre-defined subcategory-id 210 action alert
    category pre-defined subcategory-id 138 action alert
    category pre-defined subcategory-id 139 action alert
    category pre-defined subcategory-id 229 action alert
    category pre-defined subcategory-id 140 action alert
    category pre-defined subcategory-id 141 action alert
    category pre-defined subcategory-id 142 action alert
    category pre-defined subcategory-id 211 action alert
    category pre-defined subcategory-id 212 action alert
    category pre-defined subcategory-id 143 action alert
    category pre-defined subcategory-id 144 action alert
    category pre-defined subcategory-id 145 action alert
    category pre-defined subcategory-id 240 action alert
    category pre-defined subcategory-id 146 action alert
    category pre-defined subcategory-id 213 action alert
    category pre-defined subcategory-id 147 action alert
    category pre-defined subcategory-id 253 action alert
    category pre-defined subcategory-id 149 action alert
    category pre-defined subcategory-id 150 action alert
    category pre-defined subcategory-id 214 action alert
    category pre-defined subcategory-id 215 action alert
    category pre-defined subcategory-id 216 action alert
    category pre-defined subcategory-id 217 action alert
    category pre-defined subcategory-id 218 action alert
    category pre-defined subcategory-id 219 action alert
    category pre-defined subcategory-id 220 action alert
    category pre-defined subcategory-id 221 action alert
    category pre-defined subcategory-id 222 action alert
    category pre-defined subcategory-id 223 action alert
    category pre-defined subcategory-id 252 action alert
    category pre-defined subcategory-id 151 action alert
    category pre-defined subcategory-id 230 action alert
    category pre-defined subcategory-id 152 action alert
    category pre-defined subcategory-id 238 action alert
    category pre-defined subcategory-id 153 action alert
    category pre-defined subcategory-id 154 action alert
    category pre-defined subcategory-id 155 action alert
    category pre-defined subcategory-id 224 action alert
    category pre-defined subcategory-id 225 action alert
    category pre-defined subcategory-id 156 action alert
    category pre-defined subcategory-id 157 action block
    category pre-defined subcategory-id 158 action block
    category pre-defined subcategory-id 231 action block
    category pre-defined subcategory-id 232 action block
    category pre-defined subcategory-id 159 action block
    category pre-defined subcategory-id 254 action block
    category pre-defined subcategory-id 160 action block
    category pre-defined subcategory-id 161 action alert
    category pre-defined subcategory-id 176 action block
    category pre-defined subcategory-id 226 action block
    category pre-defined subcategory-id 234 action block
    category pre-defined subcategory-id 235 action block
    category pre-defined subcategory-id 236 action alert
    category pre-defined subcategory-id 237 action alert
    category pre-defined subcategory-id 239 action block
    category pre-defined subcategory-id 241 action alert
    category pre-defined subcategory-id 233 action alert
    https-filter enable
    #
    profile type av name av_http_pop3
    description http-pop3
    http-detect direction download
    undo smtp-detect
    pop3-detect action delete-attachment
    imap-detect direction both action delete-attachment
    undo nfs-detect
    smb-detect direction download
    #
    sa
    #
    location
    #
    multi-interface
    mode proportion-of-weight
    #
    right-manager server-group
    #
    IoT
    #
    network-scan
    network-scan timeout per-asset 0
    network-scan timeout entire-scan 0
    conflict-resolve override
    #
    device-classification
    device-group pc
    device-group mobile-terminal
    device-group undefined-group
    #
    user-manage server-sync tsm
    #
    security-policy
    rule name DATOS
    policy logging
    session logging
    traffic logging enable
    source-zone local
    source-zone untrust
    destination-zone local
    destination-zone untrust
    profile av av_http_pop3
    profile ips profile_ips_pc
    profile url-filter bloc
    action permit
    rule name GESTION
    policy logging
    session logging
    traffic logging enable
    source-zone local
    source-zone trust
    destination-zone local
    destination-zone trust
    action permit
    #
    auth-policy
    #
    traffic-policy
    #
    policy-based-route
    #
    nat-policy
    #
    quota-policy
    #
    dns-transparent-policy
    mode based-on-multi-interface
    #
    rightm-policy
    #
    decryption-policy
    #
    mac-access-profile name mac_access_profile
    #
    return
    <PASC-FW-PA-0259-IE01>
    <PASC-FW-PA-0259-IE01>

    You might also like