Syntax applicable for vpn console table
config vpnmgr vpntable edit xxxx set topology star|meshed|dial set psk-auto-generate enable|disable set psksecret xxxx set ike1proposal 3des-sha1 3des-md5 … set ike1dhgroup XXXX set ike1keylifesec 28800 set ike1mode aggressive|main set ike1dpd enable|disable set ike1nattraversal enable|disable set ike1natkeepalive 10 set ike2proposal 3des-sha1 3des-md5 set ike2dhgroup 5
set ike2keylifetype seconds|kbyte|both set ike2keylifesec 1800 set ike2keylifekbs 5120 set ike2keepalive enable|disable set replay enable|disable set pfs enable|disable set ike2autonego enable|disable set fcc-enforcement enable|disable
set localid-type auto|fqdn|user-fqdn|keyid|addressasn1dn set authmethod psk|signature set inter-vdom enable|disable set certificate XXXX
next
end
Syntax applicable for vpn console node
config vpnmgr node edit “1” set vpntable “<table_name>” set role hub|spoke set iface xxxx set hub_iface xxxx
set automatic_routing enable|disable set extgw_p2_per_net enable|disable set banner xxxx
set route-overlap use-old|use-new|allow
history
set dns-mode manual|auto set domain xxxx set local-gw x.x.x.x set unity-support enable|disable set xauthtype disable|client|pap|chap|auto
set authusr xxxx set authpasswd xxxx set authusrgrp xxxx set public-ip x.x.x.x config protected_subnet edit 1 set addr xxxx xxxx … next
end
Syntax applicable for setting installation target on policy package
config firewall policy edit x
…regular policy command here…
set _scope “<dev_name>”-“<vdom_name>”
next
end
Syntax applicable for global policy config global header policy
…regular policy command here…
end config global footer policy
…regular policy command here… end