Digi TransPort WR11 User Manual page 799

Configuring security
Keep a route out of service and use recovery with a list of addresses
This syntax expands on the functionality above, and checks connectivity to a range of addresses using
a ping command. You can specify an address list that the recovery mechanism will ping in turn to see
if any respond. This helps ensure that even when one, two, or three destinations cannot be reached
due to an outage on the remote network, the connection will be made available again if at least one of
the addresses in the list responds.
The address lists are created using the following syntax:
#addr s <l i st - nam e> <addr ess1, addr ess2, addr ess3, addr ess4>
Address lists can span multiple lines if required, for example:
#addr s <l i st - nam e> <addr ess1, addr ess2>
#addr s <l i st - nam e> <addr ess3, addr ess4>
The address list is called using the recovery option pingl. An example firewall rule is:
pass out br eak end on PPP 1 pr ot o I CM P f r om 10. 1. 1. 1 t o 10. 1. 2. 1 i nspect - st at e
oos 60 t =10 c=5 d=10 r =pi ngl l i st A , 120, 10 r d=3 dt =60
This rule allows pings outbound, and on detecting a communication failure, it uses pings to a address
list named listA. The address list named listA could look like this:
#addr s l i st A 10. 1. 2. 1, 10. 1. 3. 1, 10. 1. 4. 1, 10. 1. 5. 1
#addr s l i st A 10. 1. 6. 1, 10. 2. 1. 1, 10. 2. 2. 1
This causes the recovery to ping the range of address shown in the list above.
Digi TransPort® Routers User Guide
Firewall
799