Once object groups have been put in place, it is important for
network administrators to be able to monitor and modify them as necessary. This
section will look at the following three commands that are used for these
purposes:
-
show object-group
-
no object-group
-
clear object-group
Viewing Object Groups
The show
object-group command gives a network administrator the ability to
easily review object groups that are currently configured on a PIX Security
Appliance
. This enables
the administrator to view the object groups based on several criteria. The PIX
displays defined object groups by their grp_id when the
show object-group id grp_id command is entered. The
PIX also displays defined object groups by group type when the show
object-group command is entered with the
protocol, service,
icmp-type, or network option. When the
show object-group is entered without a parameter, all
defined object groups are shown.
Removing Object Groups
Two
commands that are used to maintain object groups on a PIX Security Appliance
are the no object-group and clear
object-group commands
. The
no object-group command removes a single object group from
the configuration, whereas the clear object-group command
is used to erase all object groups from the PIX.