You are here: Home > CLI Commands > Just_CLI_Topics > esi server

esi server

esi server <server_inst>

dport <tcp‑udp‑port>

mode {bridge|nat|route}

no

trusted‑ip‑addr <trusted-ip-addr_inst> [health-check]

trusted‑port <slot/port>] |

untrusted‑ip‑port <untrusted-ip-addr_inst> [health-check]

untrusted‑port <slot/port>

Description

This command configures an ESIExternal Services Interface. ESI provides an open interface for integrating security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance. server.

Syntax

Parameter

Description

Range

<server_inst>

Specifies the ESIExternal Services Interface. ESI provides an open interface for integrating security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance.  server configuration.

dport <tcp-udp-port>

Specifies the NATNetwork Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. destination TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. or UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port.

mode

Specifies the ESIExternal Services Interface. ESI provides an open interface for integrating security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance. server mode of operation:

bridge: ESIExternal Services Interface. ESI provides an open interface for integrating security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance.  server operates as a transparent bridge

nat: NATNetwork Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. destination addresses for the ESIExternal Services Interface. ESI provides an open interface for integrating security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance.  server

route: ESIExternal Services Interface. ESI provides an open interface for integrating security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance.  server operates as a router

no

Negates any configured parameter.

trusted-ip-addr

<trusted-ip-addr_inst>

Specifies the server IP address on the trusted network. As an option, you can also enable a health check on the specified address

trusted-port <slot/port>

Specifies the port connected to the trusted side of the ESIExternal Services Interface. ESI provides an open interface for integrating security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance. server. The interface must be in <slot>/<port> format.

untrusted-ip-addr

<untrusted-ip-addr_inst>

Specifies the server IP address on the untrusted network. As an option, you can also enable a health check on the specified address

untrusted-port <slot/port>

Specifies the port connected to the untrusted side of the ESIExternal Services Interface. ESI provides an open interface for integrating security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance. server. The interface must be in <slot>/<port> format.

Example

The following command specifies the ESIExternal Services Interface. ESI provides an open interface for integrating security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance. server attributes:

(host) [md] (config) #esi server forti_1

mode route

trusted‑ip‑addr 10.168.172.3

untrusted‑ip‑addr 10.168.171.3

Related Commands

Command

Description

show esi servers

Displays configuration information for ESIExternal Services Interface. ESI provides an open interface for integrating security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance.  servers.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platform

License

Command Mode

All platforms

Requires the PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license.

Config mode on Mobility Master.

/*]]>*/