![Zyxel ZyWALL 1100 [173/438] Secure policy overview](/img/pdf.png)
Zyxel ZyWALL 1100 [173/438] Secure policy overview
![Zyxel ZyWALL 1100 [173/438] Secure policy overview](/views2/1169224/page173/bgad.png)
ZyWALL / USG (ZLD) CLI Reference Guide 173
CHAPTER 26
Secure Policy
This chapter introduces the ZyWALL / USG’s secure policies and shows you how to configure them.
Note: In the guide Secure Policy commands may also be referred to as Firewall in general
descriptions.
26.1 Secure Policy Overview
A secure policy is a template of security settings that can be applied to specific traffic at specific
times. The policy can be applied:
• to a specific direction of travel of packets (from / to)
• to a specific source and destination address objects
• to a specific type of traffic (services)
• to a specific user or group of users
• at a specific schedule
The policy can be configured:
• to allow or deny traffic that matches the criteria above
• send a log or alert for traffic that matches the criteria above
• to apply the actions configured in the UTM profiles (application patrol, content filter, IDP, anti-
virus, anti-spam) to traffic that matches the criteria above
Note: Secure policies can be applied to both IPv4 and IPv6 traffic
The secure policies can also limit the number of user sessions.
The following example shows the ZyWALL / USG’s default security policies behavior for a specific
direction of travel of packets. WAN to LAN traffic and how stateful inspection works. A LAN user can
initiate a Telnet session from within the LAN zone and the ZyWALL / USG allows the response.
However, the ZyWALL / USG blocks incoming Telnet traffic initiated from the WAN zone and
destined for the LAN zone.
Figure 18 Default Directional Policy Example
Содержание
- Cli reference guide 1
- Default login details 1
- Quick start guide 1
- Security firewalls 1
- Zywall usg zld series 1
- Do not use commands not documented in this guide 2
- It is recommended you use the web configurator to configure the zywall usg 2
- Some commands or command options in this guide may not be available in your product see your product s user s guide for a list of supported features every effort has been made to ensure that the information in this guide is accurate 2
- Introduction 9 3
- Reference 9 3
- Chapter 1 command line interface 1 5
- Chapter 2 user and privilege modes 5 5
- Part i introduction 19 5
- Table of contents 5
- Chapter 3 object reference 1 6
- Chapter 4 status 3 6
- Chapter 5 registration 9 6
- Chapter 6 ap management 3 6
- Chapter 7 ap group 8 6
- Chapter 8 wireless lan profiles 5 6
- Part ii reference 39 6
- Chapter 10 wireless frame capture 3 7
- Chapter 11 dynamic channel selection 5 7
- Chapter 12 auto healing 6 7
- Chapter 13 leds 9 7
- Chapter 14 interfaces 1 7
- Chapter 9 rogue ap 9 7
- Chapter 15 trunks 25 8
- Chapter 16 route 29 8
- Chapter 17 routing protocol 39 9
- Chapter 18 zones 43 9
- Chapter 19 ddns 47 9
- Chapter 20 virtual servers 51 9
- Chapter 21 http redirect 55 9
- Chapter 22 alg 59 9
- Chapter 23 upnp 63 10
- Chapter 24 ip mac binding 67 10
- Chapter 25 layer 2 isolation 70 10
- Chapter 26 secure policy 73 10
- Chapter 27 web authentication 89 10
- Chapter 28 rtls 93 11
- Chapter 29 ipsec vpn 95 11
- Chapter 30 ssl vpn 09 11
- Chapter 31 l2tp vpn 13 11
- Chapter 32 bandwidth management 19 12
- Chapter 33 application patrol 25 12
- Chapter 34 anti virus 29 12
- Chapter 35 idp commands 35 12
- Chapter 36 content filtering 47 13
- Chapter 37 anti spam 57 13
- Chapter 38 ssl inspection 67 13
- Chapter 39 device ha 73 13
- Chapter 40 user group 79 14
- Chapter 41 application object 86 14
- Chapter 42 addresses 89 14
- Chapter 43 services 95 14
- Chapter 44 schedules 99 14
- Chapter 45 aaa server 01 14
- Chapter 46 authentication objects 07 15
- Chapter 47 authentication server 10 15
- Chapter 48 certificates 13 15
- Chapter 49 isp accounts 17 15
- Chapter 50 ssl application 19 15
- Chapter 51 dhcpv6 objects 22 16
- Chapter 52 system 25 16
- Chapter 53 system remote management 37 16
- Chapter 54 file manager 49 17
- Chapter 55 logs 69 17
- Chapter 56 reports and reboot 75 18
- Chapter 57 session timeout 81 18
- Chapter 58 diagnostics 83 18
- Chapter 59 packet flow explore 85 18
- Chapter 60 maintenance tools 89 18
- Chapter 61 watchdog timer 95 18
- List of commands alphabetical 99 18
- Introduction 19
- Accessing the cli 21
- Command line interface 21
- Overview 21
- The configuration file 21
- Console port 22
- Note before you can access the cli through the web configurator make sure your computer supports the java runtime environment you will be prompted to download and install the java plug in if it is not already installed 22
- Note the default login username is admin and password is 1234 the username and password are case sensitive 22
- Web configurator console 22
- Configure termina 24
- Note the default login username is admin it is case sensitive 24
- Router config 24
- How to find commands in this guide 25
- Note the default login username is admin and password is 1234 the username and password are case sensitive 25
- Ssh secure shell 25
- Telnet 25
- Telnet 192 68 25
- Background information optional 26
- Command examples optional 26
- Command input values optional 26
- Command summary 26
- Command syntax 26
- How commands are explained 26
- Note see the user s guide for background information about most features 26
- Service objec 26
- At the time of writing there is not much difference between user and privilege mode for admin users this is reserved for future use 27
- Changing the password 27
- Chapter 1 command line interface 27
- Cli modes 27
- Exactly as it appears followed by two numbers between 1 and 65535 27
- It is highly recommended that you change the password for accessing the zywall usg see section 40 on page 280 for the appropriate commands 27
- See chapter 40 on page 279 for more information about the user types user users can only log in look at but not run the available commands in user mode and log out limited admin users can look at the configuration in the web configurator and cli and they can run basic diagnostics in the cli admin users can configure the zywall usg in the web configurator or cli 27
- Table 2 cli modes 27
- User privilege configuration sub command 27
- You run cli commands in one of several modes 27
- Zywall usg zld cli reference guide 27
- A list of valid commands can be found by typing 28
- At the command prompt to view a list of available commands within a command group enter 28
- Chapter 1 command line interface 28
- Figure 10 help available command example 2 28
- Figure 11 help sub command information example 28
- Figure 12 help required user input example 28
- Figure 9 help available commands example 1 28
- List of available commands 28
- List of sub commands or required user input 28
- Shortcuts and help 28
- To view detailed help information for a command enter 28
- Zywall usg zld cli reference guide 28
- Command history 29
- Configur 29
- Entering a in a command 29
- Entering partial commands 29
- Erase current command 29
- Navigation 29
- The no commands 29
- Chapter 1 command line interface 30
- Description 30
- Input values 30
- Table 3 input value formats for strings in cli commands 30
- Tag values legal values 30
- The following table provides more information about input values like 30
- When you use the example above note that zywall usg usg 200 and below models use a name such as wan1 wan2 opt lan1 ext wlan or dmz 30
- You can use the or tab to get more information about the next input value that is required for a command in some cases the next input value is a string whose length and allowable characters may not be displayed in the screen for example in the following example the next input value is a string called 30
- Zywall usg zld cli reference guide 30
- Chapter 1 command line interface 31
- Table 3 input value formats for strings in cli commands continued 31
- Tag values legal values 31
- Zywall usg zld cli reference guide 31
- Chapter 1 command line interface 32
- Table 3 input value formats for strings in cli commands continued 32
- Tag values legal values 32
- Zywall usg zld cli reference guide 32
- Chapter 1 command line interface 33
- Command to save the current configuration to the zywall usg 33
- Ethernet interfaces 33
- For other zywall usg models use a name such as wan1 wan2 opt lan1 or dmz 33
- For some zywall usg models use ge x x 1 n where n equals the highest numbered ethernet interface for your zywall usg model 33
- How you specify an ethernet interface depends on the zywall usg model 33
- Note always save the changes before you log out after each management session all unsaved changes will be lost after the system restarts 33
- Saving configuration changes 33
- Table 3 input value formats for strings in cli commands continued 33
- Tag values legal values 33
- Use the 33
- Zywall usg zld cli reference guide 33
- Logging out 34
- User and privilege modes 35
- Chapter 2 user and privilege modes 36
- Command mode description 36
- Command syntax description linux command equivalent 36
- Debug commands 36
- Debug commands marked with an asterisk are not available when the debug flag is on and are for zyxel service personnel use only the debug commands follow a linux based syntax so if there is a linux equivalent it is displayed in this chapter for your reference you must know a command listed here well before you use it otherwise it may cause undesired results 36
- Note these commands are for zyxel s internal manufacturing process 36
- Subsequent chapters in this guide describe the configuration commands user privilege mode commands that are also configuration commands for example show are described in more detail in the related configuration command chapter 36
- Table 4 user u and privilege p mode commands continued 36
- Table 5 debug commands 36
- Zywall usg zld cli reference guide 36
- Chapter 2 user and privilege modes 37
- Command syntax description linux command equivalent 37
- Table 5 debug commands continued 37
- Zywall usg zld cli reference guide 37
- Reference 39
- Object reference 41
- Object reference commands 41
- Chapter 3 object reference 42
- Command description 42
- Object reference command example 42
- Table 6 show reference commands continued 42
- This example shows how to check which configuration is using an address object named lan1_subnet for the command output firewall rule 3 named lan1 to usg 2000 is using the address object 42
- Zywall usg zld cli reference guide 42
- Status 43
- Chapter 4 status 44
- Here are examples of the commands that display the cpu and disk utilization 44
- Here are examples of the commands that display the fan speed mac address memory usage ram size and serial number 44
- Zywall usg zld cli reference guide 44
- Chapter 4 status 45
- Here is an example of the command that displays the listening ports 45
- Zywall usg zld cli reference guide 45
- Chapter 4 status 46
- Here is an example of the command that displays the open ports 46
- Zywall usg zld cli reference guide 46
- Chapter 4 status 47
- Here are examples of the commands that display the system uptime and model firmware and build information 47
- This example shows the current led states on the zywall usg the sys led lights on and green the hdd leds is off 47
- Zywall usg zld cli reference guide 47
- Myzyxel com overview 49
- Registration 49
- Subscription services available on the zywall usg 49
- Configure termina 50
- Note to update the signature file or use a subscription service you have to register the zywall usg and activate the corresponding service at myzyxel com through the zywall usg 50
- Registration commands 50
- Chapter 5 registration 51
- Command examples 51
- The following command displays the account information and whether the device is registered 51
- The following command displays the service registration status and type and how many days remain before the service expires 51
- Zywall usg zld cli reference guide 51
- Ap management 53
- Ap management commands 53
- Ap management overview 53
- Ap group profile ap group profile_name sets the ap group to which the ap belongs 54
- Capwap ap local ap 54
- Chapter 6 ap management 54
- Command description 54
- Command to enter the configuration mode before you can use these commands 54
- Configure termina 54
- Sets the ap group to which the ap belongs 54
- Sets the output power between 0 to 30 dbm for the radio on the 54
- Sets the output power between 0 to 30 dbm for the radio on the built in ap that belongs to this group 54
- Sets the zywall usg to overwrite the ap s lan port settings use the no command to not overwrite the specified settings 54
- Sets the zywall usg to overwrite the ap s output power radio or ssid profile settings for the specified radio use the no command to not overwrite the specified settings 54
- Slot_name monitor profile profile_name sets the specified radio slot_name to monitor mode and assigns a created profile to the radio monitor mode aps act as wireless monitors which can detect rogue aps and help you in building a list of friendly ones see also section 8 on page 65 use the no command to remove the monitor mode profile assignment for the specified radio slot_name 54
- Table 10 command summary ap management 54
- That belongs to this group 54
- The following table describes the commands available for ap management you must use the 54
- Use the no command to remov 54
- Zywall usg zld cli reference guide 54
- Chapter 6 ap management 56
- Command description 56
- Creates a new vlan or configures an existing vlan you can disable or enable the vlan set the vlan id assign up to three ports to this vlan as members and set whether the port is to tag outgoing traffic with the vlan id vlan_interface the name of the vlan vlan1 for example 56
- Join lan_port tag untag lan_port tag untag lan_port tag untag 56
- No vlan_interface removes the specified vlan 56
- Show capwap ap ac ip displays the address of the zywall usg or auto if the ap finds the zywall usg through broadcast packets 56
- Show capwap ap fallback displays whether the managed ap s will change back to associate with the primary ap controller when the primary ap controller is available 56
- Show capwap ap fallback interval displays the interval for how often the managed ap s check whether the primary ap controller is available 56
- Show country code list displays a reference list of two letter country codes 56
- Show default country code displays the default country code configured on the zywall usg 56
- Table 10 command summary ap management continued 56
- Zywall usg zld cli reference guide 56
- Ap management commands example 57
- Chapter 6 ap management 57
- Command description 57
- Displays the port and or vlan settings for the specified ap you can also set to display settings for a specified port a sepcified vlan all physical ethernet ports the uplink port or all vlans on the ap 57
- Show lan provision ap ap_mac interface lan_port vlan_interface all ethernet uplink vlan 57
- Table 10 command summary ap management continued 57
- The following example shows you how to add an ap to the management list and then edit it 57
- Zywall usg zld cli reference guide 57
- Ap group 58
- Ap group commands 58
- Wireless load balancing overview 58
- Table 12 command summary ap group continued 59
- Note this parameter has been optimized for the zywall usg and should not be changed unless you have been specifically directed to do so by zyxel support 60
- Table 12 command summary ap group continued 60
- Note this parameter has been optimized for the zywall usg and should not be changed unless you have been specifically directed to do so by zyxel support 61
- Table 12 command summary ap group continued 61
- Ap group examples 62
- Table 12 command summary ap group continued 62
- The following example shows you how to create an ap group profile named test and configure the ap s first radio to work in repeater mode using the default radio profile and the zymesh_test zymesh profile it also adds the ap with the mac address 00 a0 c5 01 23 45 to this ap group 62
- The following example shows you how to create an ap group profile named gp1 and configure ap load balancing in by station mode the maximum number of stations is set to 1 63
- The following example shows you how to create an ap group profile named gp2 and configure ap load balancing in by traffic mode the traffic level is set to low and disassociate station is enabled 63
- The following example shows the settings and status of the vlan s configured for the managed aps nwa5301 nj in the default ap group 64
- The following example shows the status of ethernet ports for the managed aps nwa5301 nj in the default ap group it also shows whether the lan1 port is enabled and what the port s vlan id is 64
- Ap radio profile commands 65
- Wireless lan profiles 65
- Wireless lan profiles overview 65
- Band 2 g 5g band mode bg bgn a ac an sets the radio band 2 ghz or 5 ghz and band mode for this profile band mode details for 2 ghz bg lets ieee 802 1b and ieee 802 1g clients associate with the ap for 2 ghz bgn lets ieee 802 1b ieee 802 1g and ieee 802 1n clients associate with the ap for 5 ghz a lets only ieee 802 1a clients associate with the ap for 5 ghz ac lets ieee 802 1a ieee 802 1n and ieee 802 1ac clients associate with the ap for 5 ghz an lets ieee 802 1a and ieee 802 1n clients associate with the ap 66
- Chapter 8 wireless lan profiles 66
- Command description 66
- Command to enter the configuration mode before you can use these commands 66
- Configure termina 66
- Label description 66
- Table 13 input values for general radio and monitor profile commands continued 66
- Table 14 command summary radio profile 66
- The following table describes the commands available for radio profile management you must use the 66
- Zywall usg zld cli reference guide 66
- Chapter 8 wireless lan profiles 68
- Command description 68
- Table 14 command summary radio profile continued 68
- Zywall usg zld cli reference guide 68
- Chapter 8 wireless lan profiles 69
- Command description 69
- Table 14 command summary radio profile continued 69
- Zywall usg zld cli reference guide 69
- 2 g band with channel 6 70
- A beacon interval of 100ms 70
- A dtim period of 2 70
- A short guard interval 70
- Ampdu frame aggregation enabled 70
- Amsdu frame aggregation enabled 70
- An ampdu buffer limit of 65535 bytes 70
- An ampdu subframe limit of 64 frames 70
- An amsdu buffer limit of 4096 70
- An output power of 100 70
- Ap profile commands example 70
- Block acknowledgement enabled 70
- Channel width of 20mhz 70
- Chapter 8 wireless lan profiles 70
- Command description 70
- It will also assign the ssid profile labeled default in order to create wlan vap wlan 1 1 functionality within the radio profile 70
- Table 14 command summary radio profile continued 70
- The following example shows you how to set up the radio profile named radio01 activate it and configure it to use the following settings 70
- Zywall usg zld cli reference guide 70
- Ap monitor profile commands 71
- Configure termina 71
- Chapter 8 wireless lan profiles 72
- Command description 72
- Exit exits configuration mode for this profile 72
- Label description 72
- Sets the duration in milliseconds that the device using this profile scans each channel 72
- Ssid profile commands 72
- Table 16 command summary monitor profile continued 72
- Table 17 input values for general ssid profile commands 72
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 72
- Zywall usg zld cli reference guide 72
- Chapter 8 wireless lan profiles 73
- Command description 73
- Command to enter the configuration mode before you can use these commands 73
- Configure termina 73
- Note the managed aps must be dual band capable 73
- Sets the timeout period in seconds within which the ap accepts probe or authentication requests to a 2 ghz wi fi network when the band select mode is set to standard 73
- Table 18 command summary ssid profile 73
- The following table describes the commands available for ssid profile management you must use the 73
- Zywall usg zld cli reference guide 73
- Chapter 8 wireless lan profiles 74
- Command description 74
- Ssid profile example 74
- Table 18 command summary ssid profile continued 74
- The following example creates an ssid profile with the name zyxel it makes the assumption that both the security profile security01 and the mac filter profile macfilter01 already exist 74
- Zywall usg zld cli reference guide 74
- Chapter 8 wireless lan profiles 75
- Command description 75
- Command to enter the configuration mode before you can use these commands 75
- Configure termina 75
- Label description 75
- No dot11w data frames in 802 1 wlans can be encrypted and authenticated with wep wpa or wpa2 but 802 1 management frames such as beacon probe response association request association response de authentication and disassociation are always unauthenticated and unencrypted ieee 802 1w protected management frames allows aps to use the existing security mechanisms encryption and authentication methods defined in ieee 802 1i wpa wpa2 to protect management frames this helps prevent wireless dos attacks enables management frame protection mfp to add security to 802 1 management frames use the no parameter to disable it 75
- Security profile commands 75
- Sets whether wireless clients have to support management frame protection in order to access the wireless network 1 if you do not require the wireless clients to support mfp management frames will be encrypted if the clients support mfp 2 wireless clients must support mfp in order to join the ap s wireless network 75
- Table 19 input values for general security profile commands 75
- Table 20 command summary security profile 75
- The following table describes the commands available for security profile management you must use the 75
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 75
- Zywall usg zld cli reference guide 75
- Chapter 8 wireless lan profiles 76
- Command description 76
- Table 20 command summary security profile continued 76
- Zywall usg zld cli reference guide 76
- Chapter 8 wireless lan profiles 77
- Command description 77
- Command to enter the configuration mode before you can use these commands 77
- Configure termina 77
- Label description 77
- Mac filter profile commands 77
- Security profile example 77
- Table 21 input values for general mac filter profile commands 77
- Table 22 command summary mac filter profile 77
- The following example creates a security profile with the name security01 77
- The following table describes the commands available for security profile management you must use the 77
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 77
- Zywall usg zld cli reference guide 77
- Chapter 8 wireless lan profiles 78
- Mac filter profile example 78
- The following example creates a mac filter profile with the name macfilter01 78
- Zywall usg zld cli reference guide 78
- Rogue ap 79
- Rogue ap detection commands 79
- Rogue ap detection overview 79
- Chapter 9 rogue ap 80
- Command description 80
- Rogue ap detection examples 80
- Table 24 command summary rogue ap detection continued 80
- This example displays the rogue ap detection list 80
- This example sets the device associated with mac address 00 13 49 11 11 11 as a rogue ap and the device associated with mac address 00 13 49 11 11 22 as a friendly ap it then removes mac address from the rogue ap list with the assumption that it was misidentified 80
- Zywall usg zld cli reference guide 80
- Note containing a rogue ap means broadcasting unviable login data at it preventing legitimate wireless clients from connecting to it this is a kind of denial of service attack 81
- Rogue ap containment overview 81
- Chapter 9 rogue ap 82
- Command description 82
- Command to enter the configuration mode before you can use these commands 82
- Configure termina 82
- Label description 82
- Rogue ap containment commands 82
- Rogue ap containment example 82
- Table 25 input values for rogue ap containment commands 82
- Table 26 command summary rogue ap containment 82
- The following table describes the commands available for rogue ap containment you must use the 82
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 82
- This example contains the device associated with mac address 00 13 49 11 11 12 then displays the containment list for confirmation 82
- Zywall usg zld cli reference guide 82
- Wireless frame capture 83
- Wireless frame capture commands 83
- Wireless frame capture overview 83
- Chapter 10 wireless frame capture 84
- Command description 84
- Command to enter the configuration mode before you can use these commands 84
- Configure termina 84
- Table 28 command summary wireless frame capture 84
- The following table describes the commands available for wireless frame capture you must use the 84
- This example configures the wireless frame capture parameters for an ap located at ip address 192 68 84
- This example shows frame capture status and configuration 84
- Wireless frame capture examples 84
- Zywall usg zld cli reference guide 84
- Dcs commands 85
- Dcs overview 85
- Dynamic channel selection 85
- Auto healing 86
- Auto healing commands 86
- Auto healing overview 86
- Auto healing examples 87
- Chapter 12 auto healing 87
- Command description 87
- Table 31 command summary auto healing continued 87
- This example enables auto healing and sets the power level in dbm to which the neighbor aps of the failed ap increase their output power 87
- Zywall usg zld cli reference guide 87
- Hapter 89
- Led suppression commands 89
- Led suppression mode 89
- Chapter 13 leds 90
- Led locator 90
- Led locator commands 90
- Led locator commands example 90
- Led suppression commands example 90
- Note you should run this command before enabling the led locator function 90
- Table 33 led locator commands 90
- The following example activates led suppression mode on the ap with the mac address 00 a0 c5 01 23 45 and displays the settings 90
- The following example turns on the led locator feature on the ap with the mac address 00 a0 c5 01 23 45 sets how long the locator led stays blinking and also displays the settings 90
- The led locator feature identifies the location of the wac ap among several devices in the network you can run this feature and set a timer 90
- Use these commands to run the led locator feature you must use the configure terminal command before you can use these commands 90
- Zywall usg zld cli reference guide 90
- Interface overview 91
- Interfaces 91
- Types of interfaces 91
- Chapter 14 interfaces 92
- Characteristics ethernet ethernet ethernet vlan bridge ppp virtual 92
- Characteristics ethernet vlan bridge pppoe pptp virtual 92
- Port groups and trunks have a lot of characteristics that are specific to each type of interface these characteristics are listed in the following tables and discussed in more detail farther on 92
- Table 34 characteristics of ethernet vlan bridge pppoe pptp and virtual interface for some zywall usg models 92
- Table 35 ethernet vlan bridge ppp and virtual interface characteristics for other zywall usg models 92
- Zywall usg zld cli reference guide 92
- Chapter 14 interfaces 93
- Characteristics cellular 93
- Characteristics ethernet ethernet ethernet vlan bridge ppp virtual 93
- Table 35 ethernet vlan bridge ppp and virtual interface characteristics for other zywall usg models continued 93
- Table 36 cellular and wlan interface characteristics 93
- Zywall usg zld cli reference guide 93
- Chapter 14 interfaces 94
- In the zywall usg interfaces are usually created on top of other interfaces only ethernet interfaces are created directly on top of the physical ports or port groups the relationships between interfaces are explained in the following table 94
- Interface required port interface 94
- Relationships between interfaces 94
- Table 37 relationships between different types of interfaces 94
- Zywall usg zld cli reference guide 94
- Basic interface properties and ip address commands 95
- Chapter 14 interfaces 95
- Command description 95
- Interface general commands summary 95
- Label description 95
- Table 38 input values for general interface commands 95
- Table 39 interface general commands basic properties and ip address assignment 95
- The following sections introduce commands that are supported by several types of interfaces see section 14 on page 115 for the unique commands for each type of interface 95
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 95
- This table lists basic properties and ip address commands 95
- Zywall usg zld cli reference guide 95
- Chapter 14 interfaces 96
- Command description 96
- Table 39 interface general commands basic properties and ip address assignment continued 96
- Zywall usg zld cli reference guide 96
- Chapter 14 interfaces 97
- Command description 97
- Table 39 interface general commands basic properties and ip address assignment continued 97
- Zywall usg zld cli reference guide 97
- Chapter 14 interfaces 98
- Command description 98
- Note make sure you also enable this option in the dhcpv6 clients to make rapid commit work 98
- Table 39 interface general commands basic properties and ip address assignment continued 98
- Zywall us 98
- Zywall usg zld cli reference guide 98
- Chapter 14 interfaces 99
- Command description 99
- Note make sure you also disable this option in the dhcpv6 clients 99
- Table 39 interface general commands basic properties and ip address assignment continued 99
- Zywall usg zld cli reference guide 99
- Basic interface properties command examples 100
- Chapter 14 interfaces 100
- The following commands make ethernet interface ge1 a dhcp client 100
- This example shows how to change the user defined name from vip to partner note that you have to use the interface rename command if you do not know the system name of the interface to use the interface name command you have to find out the corresponding system name first ge4 in this example this example also shows how to change the user defined name from partner to customer using the interface name command 100
- This example shows how to modify the name of interface ge4 to vip first you have to check the interface system name ge4 in this example on the zywall usg then change the name and display the result 100
- Zywall usg zld cli reference guide 100
- Chapter 14 interfaces 101
- Command description 101
- Enter configuration terminal mode and select an interface 101
- Igmp proxy commands 101
- Table 40 interface commands igmp proxy commands 101
- This example shows how to restart an interface you can check all interface names on the zywall usg then use either the system name or user defined name of an interface ge4 or customer in this example to restart it 101
- Zywall us 101
- Zywall usg zld cli reference guide 101
- Chapter 14 interfaces 102
- Command description 102
- Dhcp setting commands 102
- Igmp command example 102
- Network 102
- Table 41 interface commands dhcp settings 102
- The following commands activate igmp version 2 upstream on the lan1 interface 102
- This table lists dhcp setting commands dhcp is based on dhcp pools create a dhcp pool if you want to assign a static ip address to a mac address or if you want to specify the starting ip address and pool size of a range of ip addresses that can be assigned to dhcp clients there are different commands for each configuration afterwards in either case you have to bind the dhcp pool to the interface 102
- Zywall usg zld cli reference guide 102
- Chapter 14 interfaces 103
- Command description 103
- Hardware addres 103
- Networ 103
- Note the dhcp pool must have the same subnet as the interface to which you plan to bind it 103
- Note the ip address must be in the same subnet as the interface to which you plan to bind the dhcp pool 103
- Table 41 interface commands dhcp settings continued 103
- Zywall usg zld cli reference guide 103
- Chapter 14 interfaces 104
- Command description 104
- First and the start address must be in the same subnet 104
- Network numbe 104
- Note you must specify the 104
- Table 41 interface commands dhcp settings continued 104
- Zywall usg zld cli reference guide 104
- Chapter 14 interfaces 105
- Dhcp extended option setting command example 105
- Dhcp setting command examples 105
- The following example configures the dhcp_test pool with a sip server code 120 extended dhcp option with one ip address to provide to the sip clients 105
- The following example uses these commands to configure dhcp pool dhcp_test 105
- Zywall usg zld cli reference guide 105
- Cellular vlan 106
- Chapter 14 interfaces 106
- Interface parameter command examples 106
- Table 42 examples for different interface parameters ethernet virtual interface pppoe pptp 106
- This table shows an example of each interface type s sub commands the sub commands vary for different interface types 106
- Zywall usg zld cli reference guide 106
- Bridge tunnel 107
- Chapter 14 interfaces 107
- Command description 107
- Ospf commands 107
- Rip commands 107
- Table 42 examples for different interface parameters 107
- Table 43 interface commands rip settings 107
- Table 44 interface commands ospf settings 107
- This table lists the commands for ospf settings 107
- This table lists the commands for rip settings 107
- Zywall usg zld cli reference guide 107
- Chapter 14 interfaces 108
- Command description 108
- Ip ospf dead interva 108
- Ip ospf hello interva 108
- Table 44 interface commands ospf settings continued 108
- Zywall usg zld cli reference guide 108
- Chapter 14 interfaces 109
- Command description 109
- Connectivity check ping check commands 109
- Table 45 interface commands ping check 109
- This table lists the ping check commands 109
- Use these commands to have an interface regularly check the connection to the gateway you specified to make sure it is still available you specify how often the interface checks the connection how long to wait for a response before the attempt is a failure and how many consecutive failures are required before the zywall usg stops routing to the gateway the zywall usg resumes routing to the gateway the first time the gateway passes the connectivity check 109
- Zywall usg zld cli reference guide 109
- Chapter 14 interfaces 110
- Command description 110
- Connectivity check command example 110
- Ethernet interface specific commands 110
- Label description 110
- Mac address setting commands 110
- Table 46 input values for ethernet interface commands 110
- Table 47 interface commands mac setting 110
- The following commands show you how to set the wan1 interface to use a tcp handshake on port 8080 to check the connection to ip address 1 110
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 110
- This section covers commands that are specific to ethernet interfaces 110
- This table lists the commands you can use to set the mac address of an interface on some zywall usg models these commands only apply to a wan or opt interface 110
- Zywall usg zld cli reference guide 110
- Chapter 14 interfaces 111
- Command description 111
- Note in cli representative interfaces are also called representative ports 111
- Port grouping commands 111
- Table 47 interface commands mac setting continued 111
- Table 48 basic interface setting commands 111
- This section covers commands that are specific to port grouping 111
- Zywall us 111
- Zywall usg zld cli reference guide 111
- Chapter 14 interfaces 112
- Port grouping command examples 112
- The following commands add physical port 7 to representative interface lan2 112
- The following commands set port 1 to use auto negotiation auto and port 2 to use a 10 mbps connection speed and half duplex 112
- The following commands set up a virtual interface on top of ethernet interface ge1 the virtual interface is named ge1 1 with the following parameters ip 1 subnet 255 55 55 112
- Virtual interface command examples 112
- Virtual interface specific commands 112
- Virtual interfaces use many of the general interface commands discussed at the beginning of section 14 on page 95 there are no additional commands for virtual interfaces 112
- Zywall usg zld cli reference guide 112
- Chapter 14 interfaces 113
- Command description 113
- Gateway 4 upstream bandwidth 345 downstream bandwidth 123 and description i am vir interface 113
- Label description 113
- Pppoe pptp specific commands 113
- Table 49 input values for pppoe pptp interface commands 113
- Table 50 interface commands pppoe pptp interfaces 113
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 113
- This section covers commands that are specific to pppoe pptp interfaces pppoe pptp interfaces also use many of the general interface commands discussed at the beginning of section 14 on page 95 113
- This table lists the pppoe pptp interface commands 113
- Zywall usg zld cli reference guide 113
- Chapter 14 interfaces 114
- Command description 114
- Pppoe pptp interface command examples 114
- Table 50 interface commands pppoe pptp interfaces continued 114
- The following commands show you how to configure pppoe pptp interface ppp0 with the following characteristics base interface ge1 isp account hinet local address 1 remote address 114
- Zywall usg zld cli reference guide 114
- Cellular interface specific commands 115
- Chapter 14 interfaces 115
- Command description 115
- Command to enter the configuration mode before you can use these commands 115
- Configure terminal 115
- Mtu 1200 upstream bandwidth 345 downstream bandwidth 123 description i am ppp0 and dialed only when used 115
- Table 51 interface cellular commands 115
- The following commands show you how to connect and disconnect ppp0 115
- Use a 3g third generation cellular device with the zywall usg for wireless broadband internet access 115
- Use these commands to add edit dial disconnect or delete cellular interfaces when you add a new cellular interface make sure you enter the account you must use the 115
- Zywall usg zld cli reference guide 115
- Chapter 14 interfaces 116
- Command description 116
- Table 51 interface cellular commands continued 116
- Zywall us 116
- Zywall usg zld cli reference guide 116
- Cellular status 117
- Chapter 14 interfaces 117
- Command description 117
- Status description 117
- Table 51 interface cellular commands continued 117
- Table 52 cellular status 117
- The following table describes the different kinds of cellular connection status on the zywall usg 117
- Zywall usg zld cli reference guide 117
- Chapter 14 interfaces 118
- Status description 118
- Table 52 cellular status 118
- Zywall usg zld cli reference guide 118
- Cellular interface command examples 119
- Chapter 14 interfaces 119
- This example shows the 3g and sim card information for interface cellular2 on the zywall usg 119
- This example shows the 3g connection profile settings for interface cellular2 on the zywall usg you have to dial 99 1 to use profile 1 but authentication is not required dial 99 2 to use profile 2 and authentication is required 119
- This example shows the configuration of a cellular interface named cellular2 for use with a sierra wireless ac850 3g card it uses only a 3g or 3 g connection pin code 1234 an mtu of 1200 bytes a description of this is cellular2 and sets the connection to be nailed up 119
- This second example shows specifying a new pin code of 4567 119
- Zywall usg zld cli reference guide 119
- Chapter 14 interfaces 120
- Command description 120
- Command to enter the configuration mode before you can use these commands gre mode tunnels support ping check see section 14 on page 109 for more on ping check 120
- Configure termina 120
- Table 53 interface tunnel commands 120
- The zywall usg uses tunnel interfaces in generic routing encapsulation gre ipv6 in ipv4 and 6to4 tunnels this section covers commands specific to tunnel interfaces tunnel interfaces also use many of the general interface commands discussed at the beginning of section 14 on page 95 120
- Tunnel interface specific commands 120
- Use these commands to add edit activate deactivate or delete tunnel interfaces you must use the 120
- Zywall usg zld cli reference guide 120
- Chapter 14 interfaces 121
- Command description 121
- Note for the zywall usg which supports more than one usb ports these commands only apply to the usb storage device that is first attached to the zywall usg 121
- Table 54 usb storage general commands 121
- This example creates a tunnel interface called tunnel0 that uses wan1 as the source 168 68 68 68 as the destination and 10 00 and 255 55 as the inner source ip 121
- Tunnel interface command examples 121
- Usb storage specific commands 121
- Use these commands to configure settings that apply to the usb storage device connected to the zywall usg 121
- Zywall usg 121
- Zywall usg zld cli reference guide 121
- Chapter 14 interfaces 122
- Command description 122
- Label description 122
- Table 54 usb storage general commands continued 122
- Table 55 input values for vlan interface commands 122
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 122
- This example shows how to display the status of the connected usb storage device 122
- This section covers commands that are specific to vlan interfaces vlan interfaces also use many of the general interface commands discussed at the beginning of section 14 on page 95 122
- Usb storage general commands example 122
- Vlan interface specific commands 122
- Zywall usg zld cli reference guide 122
- Bridge specific commands 123
- Chapter 14 interfaces 123
- Command description 123
- Label description 123
- Table 56 interface commands vlan interfaces 123
- Table 57 input values for bridge interface commands 123
- The following commands show you how to set up vlan vlan100 with the following parameters vlan id 100 interface ge1 ip 1 subnet 255 55 55 mtu 598 gateway 2 description i am vlan100 upstream bandwidth 345 and downstream bandwidth 123 123
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 123
- This section covers commands that are specific to bridge interfaces bridge interfaces also use many of the general interface commands discussed at the beginning of section 14 on page 95 123
- This table lists the vlan interface commands 123
- Vlan interface command examples 123
- Zywall usg zld cli reference guide 123
- Bridge interface command examples 124
- Chapter 14 interfaces 124
- Command description 124
- Table 58 interface commands bridge interfaces 124
- The following commands show you how to set up a bridge interface named br0 with the following parameters member ge1 ip 1 subnet 255 55 55 mtu 598 gateway 2 upstream bandwidth 345 downstream bandwidth 123 and description i am br0 124
- This table lists the bridge interface commands 124
- Zywall usg zld cli reference guide 124
- Trunk scenario examples 125
- Trunks 125
- Trunks overview 125
- Chapter 15 trunks 126
- Command description 126
- Command to enter the configuration mode before you can use these commands see table 59 on page 126 for details about the values you can input with these commands 126
- Commands 126
- Commands you must use the 126
- Configure termina 126
- Interface grou 126
- Interface group 126
- Label description 126
- Table 59 interface group command input values 126
- Table 60 interface group commands summary 126
- The following table explains the values you can input with the 126
- The following table lists the 126
- Trunk commands input values 126
- Trunk commands summary 126
- Zywall usg zld cli reference guide 126
- Chapter 15 trunks 127
- Command description 127
- Table 60 interface group commands summary continued 127
- The following example creates a least load first trunk for ethernet interface ge3 and vlan 5 which will only apply to outgoing traffic through the trunk the zywall usg sends new session traffic through the least utilized of these interfaces 127
- The following example creates a weighted round robin trunk for ethernet interfaces ge1 and ge2 the zywall usg sends twice as much traffic through ge1 127
- Trunk command examples 127
- Zywall usg zld cli reference guide 127
- Chapter 15 trunks 128
- The following example creates a spill over trunk for ethernet interfaces ge1 and ge3 which will apply to both incoming and outgoing traffic through the trunk the zywall usg sends traffic through ge1 until it hits the limit of 1000 kbps the zywall usg sends anything over 1000 kbps through ge3 128
- Zywall usg zld cli reference guide 128
- Policy route 129
- Policy route commands 129
- Chapter 16 route 130
- Command description 130
- Command to enter the configuration mode before you can use these commands 130
- Configure termina 130
- Label description 130
- Table 61 input values for general policy route commands continued 130
- Table 62 command summary policy route 130
- The following table describes the commands available for policy route you must use the 130
- Zywall usg zld cli reference guide 130
- Chapter 16 route 131
- Command description 131
- Table 62 command summary policy route continued 131
- Zywall usg zld cli reference guide 131
- Chapter 16 route 132
- Command description 132
- Table 62 command summary policy route continued 132
- Zywall usg zld cli reference guide 132
- Chapter 16 route 133
- Command description 133
- Table 62 command summary policy route continued 133
- Zywall usg zld cli reference guide 133
- Assured forwarding af behavior is defined in rfc 2597 the af behavior group defines four af classes inside each class packets are given a high medium or low drop precedence the drop precedence determines the probability that routers in the network will drop packets when congestion occurs if congestion occurs between classes the traffic in the higher class smaller numbered class is generally given priority combining the classes and drop precedence produces 134
- Assured forwarding af phb for diffserv 134
- Chapter 16 route 134
- Command description 134
- Table 62 command summary policy route continued 134
- Zywall usg zld cli reference guide 134
- Chapter 16 route 135
- Class 1 class 2 class 3 class 4 135
- Ip static route 135
- Policy route command example 135
- Table 63 assured forwarding af behavior group 135
- The following commands create two address objects tw_subnet and gw_1 and insert a policy that routes the packets with the source ip address tw_subnet and any destination ip address through the interface ge1 to the next hop router gw_1 this route uses the ip address of the outgoing interface as the matched packets source ip address 135
- The following twelve dscp encodings from af11 through af43 the decimal equivalent is listed in brackets 135
- The zywall usg has no knowledge of the networks beyond the network that is directly connected to the zywall usg for instance the zywall usg knows about network n2 in the following figure through gateway r1 however the zywall usg is unable to route a packet to 135
- Zywall usg zld cli reference guide 135
- Configure termina 136
- Static route commands 136
- Chapter 16 route 137
- Static route commands examples 137
- The following command deletes a specific static ipv6 route 137
- The following command deletes all static ipv6 routes with the same prefix 137
- The following command sets a static route with ip address 10 0 0 and subnet mask 255 55 55 and with the next hop interface ge1 then use the show command to display the setting 137
- The following commands set and show three examples of static ipv6 routes for traffic destined for ipv6 addresses with prefix 2002 22 22 34 the first route sends the traffic out through interface ge2 and uses metric 1 the second sends the traffic to gateway 2001 12 12 and uses metric 2 the third sends the traffic to the fe80 1 2 link local gateway on interface ge2 and uses metric 2 137
- Zywall usg zld cli reference guide 137
- Routing protocol 139
- Routing protocol commands summary 139
- Routing protocol overview 139
- Chapter 17 routing protocol 140
- Command description 140
- General ospf commands 140
- Rip commands 140
- Table 67 router commands rip 140
- Table 68 router commands general ospf configuration 140
- This table lists the commands for general ospf configuration 140
- This table lists the commands for rip 140
- Zywall usg zld cli reference guide 140
- Chapter 17 routing protocol 141
- Command description 141
- Ospf area commands 141
- Table 69 router commands ospf areas 141
- Table 70 router commands virtual links in ospf areas 141
- This table lists the commands for ospf areas 141
- This table lists the commands for virtual links in ospf areas 141
- Virtual link commands 141
- Zywall usg zld cli reference guide 141
- Chapter 17 routing protocol 142
- Command description 142
- Learned routing information commands 142
- Show ip route command example 142
- Table 70 router commands virtual links in ospf areas continued 142
- Table 71 ip route commands learned routing information 142
- The following example shows learned routing information on the zywall usg 142
- This table lists the commands to look at learned routing information 142
- Zywall usg zld cli reference guide 142
- Zones overview 143
- Chapter 18 zones 144
- Command description 144
- Label description 144
- Table 72 input values for zone commands 144
- Table 73 zone commands 144
- The following table describes the values required for many zone commands other values are discussed with the corresponding commands 144
- This table lists the zone commands 144
- Zone commands summary 144
- Zywall usg zld cli reference guide 144
- Chapter 18 zones 145
- The following commands add ethernet interfaces ge1 and ge2 to zone a 145
- Zone command examples 145
- Zywall usg zld cli reference guide 145
- Ddns overview 147
- Chapter 19 ddns 148
- Command description 148
- Ddns commands summary 148
- Label description 148
- Table 75 input values for ddns commands 148
- Table 76 ip ddns commands 148
- The following table describes the values required for many ddns commands other values are discussed with the corresponding commands 148
- The following table lists the ddns commands 148
- Zywall usg zld cli reference guide 148
- Chapter 19 ddns 149
- Command description 149
- Ddns commands example 149
- Table 76 ip ddns commands continued 149
- The following example sets up a ddns profile where the interface is wan1 and uses http 149
- Zywall usg zld cli reference guide 149
- 1 1 nat and many 1 1 nat 151
- Virtual server commands summary 151
- Virtual server overview 151
- Virtual servers 151
- Chapter 20 virtual servers 152
- Command description 152
- Table 78 ip virtual server commands 152
- The following table lists the virtual server commands 152
- Zywall usg zld cli reference guide 152
- Chapter 20 virtual servers 153
- Command description 153
- Table 78 ip virtual server commands continued 153
- The following command creates virtual server wan lan_h323 on the wan1 interface that maps ip addresses 10 to 192 68 6 for tcp protocol traffic on port 1720 it also adds a nat loopback entry 153
- The following command shows information about all the virtual servers in the zywall usg 153
- Virtual server command examples 153
- Zywall usg zld cli reference guide 153
- Tutorial how to allow public access to a server 154
- Http redirect 155
- Http redirect overview 155
- Web proxy server 155
- Configure termina 156
- Http redirect commands 156
- Chapter 21 http redirect 157
- Http redirect command examples 157
- The following commands create a http redirect rule disable it and display the settings 157
- Zywall usg zld cli reference guide 157
- Alg introduction 159
- Alg commands 160
- Chapter 22 alg 160
- Command description 160
- Command to enter the configuration mode before you can use these commands 160
- Commands you must use the 160
- Configure termina 160
- Table 81 alg commands 160
- The following table lists the 160
- Zywall usg zld cli reference guide 160
- Alg commands example 161
- Upnp and nat pmp commands 163
- Upnp and nat pmp overview 163
- Chapter 23 upnp 164
- Command description 164
- Table 82 ip upnp commands continued 164
- The following example turns on upnp and nat pmp on the zywall usg and it s two lan interfaces it also shows the upnp and nat pmp settings 164
- Upnp nat pmp commands example 164
- Zywall usg zld cli reference guide 164
- Chapter 23 upnp 165
- The following example displays the zywall usg s port mapping entries and removes the entry with the specified port number and protocol type 165
- Zywall usg zld cli reference guide 165
- Ip mac binding 167
- Ip mac binding commands 167
- Ip mac binding overview 167
- Chapter 24 ip mac binding 168
- Ip mac binding commands example 168
- The following example enables ip mac binding on the lan1 interface and displays the interface s ip mac binding status 168
- Zywall usg zld cli reference guide 168
- Layer 2 isolation 170
- Layer 2 isolation overview 170
- Chapter 25 layer 2 isolation 171
- Command description 171
- Command to enter the configuration mode before you can use these commands 171
- Configure terminal 171
- Layer 2 isolation commands 171
- Layer 2 isolation white list sub commands 171
- Table 84 l2 isolation commands 171
- Table 85 l2 isolation white list sub commands 171
- The following table describes the sub commands for l2 isolation white list commands 171
- The following table lists the l2 isolation commands you must use the 171
- Zywall usg zld cli reference guide 171
- Chapter 25 layer 2 isolation 172
- Command description 172
- Layer 2 isolation commands example 172
- Table 85 l2 isolation white list sub commands continued 172
- The following example enables layer 2 isolation on the zywall usg and interface lan2 it also creates a rule in the white list to allow access to the device with ip address 172 7 6 it then displays the layer 2 isolation settings 172
- Zywall usg zld cli reference guide 172
- Secure policy 173
- Secure policy overview 173
- Chapter 26 secure policy 174
- Command description 174
- Command to enter the configuration mode before you can use the configuration commands commands that do not have ipv6 specified in the description are for ipv4 174
- Configure termina 174
- Label description 174
- Secure policy commands 174
- Table 86 input values for secure policy commands 174
- Table 87 command summary secure policy 174
- The following table describes the commands available for the secure policy you must use the 174
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 174
- Zywall usg zld cli reference guide 174
- Chapter 26 secure policy 175
- Command description 175
- Table 87 command summary secure policy continued 175
- Zywall usg zld cli reference guide 175
- Chapter 26 secure policy 176
- Command description 176
- Table 87 command summary secure policy continued 176
- Zywall usg zld cli reference guide 176
- Chapter 26 secure policy 177
- Command description 177
- Secure policy sub commands 177
- Table 87 command summary secure policy continued 177
- Table 88 firewall sub commands 177
- The following table describes the sub commands for several secure policy and secure policy6 commands 177
- Zywall usg zld cli reference guide 177
- Chapter 26 secure policy 178
- Command description 178
- Table 88 firewall sub commands continued 178
- Zywall usg zld cli reference guide 178
- Chapter 26 secure policy 179
- Command description 179
- Create a service object 179
- Create an ip address object 179
- Enter configuration command mode 179
- Enter the secure policy sub command mode to add a secure policy rule 179
- Secure policy command examples 179
- Set the action the zywall usg is to take on packets which match this rule 179
- Set the destination ip address es 179
- Set the direction of travel of packets to which the rule applies 179
- Set the service to which this rule applies 179
- Table 88 firewall sub commands continued 179
- The following example shows you how to add an ipv4 secure policy rule to allow a myservice connection from the wan zone to the ip addresses dest_1 in the lan zone 179
- These are ipv4 secure policy configuration examples the ipv6 secure policy commands are similar 179
- Zywall usg zld cli reference guide 179
- Chapter 26 secure policy 180
- The following command displays the default ipv4 secure policy rule that applies to the wan to zywall usg packet direction the secure policy rule number is in the rule s priority number in the global rule list 180
- Zywall usg zld cli reference guide 180
- Chapter 26 secure policy 181
- Label description 181
- Session limit commands 181
- Table 89 input values for general session limit commands 181
- The following command displays the default ipv6 firewall rule that applies to the wan to zywall usg packet direction the firewall rule number is in the rule s priority number in the global rule list 181
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 181
- Zywall usg zld cli reference guide 181
- Chapter 26 secure policy 182
- Command description 182
- Command to enter the configuration mode before you can use these commands 182
- Configure termina 182
- Label description 182
- Table 89 input values for general session limit commands continued 182
- Table 90 command summary session limit 182
- The following table describes the session limit commands you must use the 182
- Zywall usg zld cli reference guide 182
- Adp commands overview 183
- Protocol anomalies 183
- Traffic anomalies 183
- Adp activation commands 184
- Adp command input values 184
- Adp global profile commands 184
- Adp zone to zone rule commands 184
- Chapter 26 secure policy 184
- Label description 184
- Table 91 input values for adp commands 184
- Table 92 adp activation commands 184
- Table 93 adp global profile commands 184
- Table 94 adp zone to zone rule commands 184
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 184
- These commands bind adp profiles 184
- These coomands apply to all adp profiles on the 184
- Use these coomands to activate adp and see statius 184
- Zywall usg zld cli reference guide 184
- Adp add edit profile commands 185
- Chapter 26 secure policy 185
- Label description 185
- Table 94 adp zone to zone rule commands continued 185
- Table 95 adp add edit profile commands 185
- These commands create or edit exsiting adp profiles 185
- Zywall usg zld cli reference guide 185
- Chapter 26 secure policy 186
- Label description 186
- Table 95 adp add edit profile commands continued 186
- Zywall usg zld cli reference guide 186
- Chapter 26 secure policy 187
- Label description 187
- Table 95 adp add edit profile commands continued 187
- Zywall usg zld cli reference guide 187
- Web authentication 189
- Web authentication commands 189
- Web authentication overview 189
- Chapter 27 web authentication 190
- Command description 190
- Table 96 web auth commands continued 190
- Table 97 web auth policy sub commands 190
- The following table describes the sub commands for several web auth policy commands note that not all rule commands use all the sub commands listed here 190
- Web auth policy sub commands 190
- Zywall usg zld cli reference guide 190
- Chapter 27 web authentication 191
- Command description 191
- Sso configuration commands 191
- Sso does not support ipv6 or radius you must use it in an ipv4 network environment with windows ad active directory or ldap lightweight directory access protocol authentication databases 191
- Sso overview 191
- Sso single sign on integrates domain controller and zywall usg authentication mechanisms so that users just need to log in once single login to get access to permitted resources 191
- Table 97 web auth policy sub commands continued 191
- Table 98 sso commands and subcommnds 191
- The zywall usg the dc the sso agent and the ldap or ad server must all be in the same domain and be able to communicate with each other 191
- Use these commands to configure the zywall usg to communicate with sso 191
- You must enable web authentication to use sso 191
- Zywall usg zld cli reference guide 191
- Chapter 27 web authentication 192
- Command description 192
- Command setup sequence example 192
- Sso show commands 192
- Table 99 sso show commands 192
- The following commands show how to configure the zywall usg to communicate with an an sso agent at ip address 1 using port 2158 and preshared key 12345678 192
- You don t need to enter the configuration mode before you can use these commands use them to see sso configurations done 192
- Zywall usg zld cli reference guide 192
- Rtls overview 193
- Chapter 28 rtls 194
- Command description 194
- Rtls configuration commands 194
- Rtls configuration examples 194
- Table 101 rtls commands 194
- The following command displays the commands run on the ap 194
- The following commands show how to enable rtls to use wi fi to track the location of ekahau wi fi tags specify the ip address of the ekahau rtls controller and then show the configuration settings 194
- Use these commands to configure rtls on the zywall usg 194
- Zywall usg zld cli reference guide 194
- Ipsec vpn 195
- Ipsec vpn overview 195
- Ipsec vpn commands summary 196
- Chapter 29 ipsec vpn 197
- Command description 197
- Ipv4 ikev1 sa commands 197
- Label description 197
- Table 102 input values for ipsec vpn commands continued 197
- Table 103 isakmp commands ike sas 197
- The following sections list the ipsec vpn commands 197
- This table lists the commands for ike sas vpn gateways 197
- Zywall usg zld cli reference guide 197
- Aaa authentication 198
- Chapter 29 ipsec vpn 198
- Command description 198
- Ipv4 ipsec sa commands except manual keys 198
- Table 103 isakmp commands ike sas continued 198
- Table 104 crypto commands ipsec sas 198
- This table lists the commands for ipsec sas excluding manual keys vpn connections using vpn gateways 198
- Zywall usg zld cli reference guide 198
- Chapter 29 ipsec vpn 199
- Command description 199
- Table 104 crypto commands ipsec sas continued 199
- Zywall usg zld cli reference guide 199
- Chapter 29 ipsec vpn 200
- Command description 200
- Note you must allow traffic whose source and destination ip addresses do not match the local and remote policy if you want to use the ipsec sa in a vpn concentrator 200
- Table 104 crypto commands ipsec sas continued 200
- Zywall usg zld cli reference guide 200
- Chapter 29 ipsec vpn 201
- Command description 201
- Ipv4 ipsec sa commands for manual keys 201
- Table 105 crypto map commands ipsec sas manual keys 201
- Table 106 vpn concentrator commands vpn concentrator 201
- This table lists the additional commands for ipsec sas using manual keys vpn connections using manual keys 201
- This table lists the commands for the vpn concentrator 201
- Vpn concentrator commands 201
- Zywall usg zld cli reference guide 201
- Chapter 29 ipsec vpn 202
- Command description 202
- Table 106 vpn concentrator commands vpn concentrator continued 202
- Table 107 vpn configuration provision commands vpn configuration provisioning 202
- This table lists the commands for vpn configuration provisioning 202
- Vpn configuration provisioning commands 202
- Zywall usg zld cli reference guide 202
- Chapter 29 ipsec vpn 203
- Command description 203
- Ipv4 ikev2 sa commands 203
- Sa monitor commands 203
- Table 108 sa commands sa monitor 203
- Table 109 sa commands ipv4 ikev2 203
- This table lists the commands for the ipv4 ikev2 sa 203
- This table lists the commands for the sa monitor 203
- Zywall usg zld cli reference guide 203
- Chapter 29 ipsec vpn 204
- Command description 204
- Table 109 sa commands ipv4 ikev2 continued 204
- Zywall usg zld cli reference guide 204
- Chapter 29 ipsec vpn 205
- Command description 205
- Ipv6 ikev2 sa commands 205
- Table 110 sa commands ipv6 ikev2 205
- This table lists the commands for the ipv4 ikev2 sa 205
- Zywall usg zld cli reference guide 205
- Chapter 29 ipsec vpn 206
- Command description 206
- Ipv6 ipsec sa commands 206
- Table 110 sa commands ipv6 ikev2 continued 206
- Table 111 crypto commands ipv6 ipsec sas 206
- This table lists the commands for ipv6 ipsec sas 206
- Zywall usg zld cli reference guide 206
- 0 ipv6 vpn concentrator commands 207
- Chapter 29 ipsec vpn 207
- Command description 207
- Note you must allow traffic whose source and destination ip addresses do not match the local and remote policy if you want to use the ipsec sa in a vpn concentrator 207
- Table 111 crypto commands ipv6 ipsec sas continued 207
- Table 112 vpn concentrator commands vpn concentrator 207
- This table lists the commands for the ipv6 vpn concentrator 207
- Zywall usg zld cli reference guide 207
- Chapter 29 ipsec vpn 208
- Command description 208
- Table 112 vpn concentrator commands vpn concentrator continued 208
- Zywall usg zld cli reference guide 208
- Ssl access policy 209
- Ssl access policy limitations 209
- Ssl application objects 209
- Ssl vpn 209
- Ssl vpn commands 209
- Chapter 30 ssl vpn 210
- Command description 210
- Command to enter the configuration mode before you can use these commands 210
- Configure termina 210
- Ssl vpn commands 210
- Table 114 ssl vpn commands 210
- The following sections list the ssl vpn commands 210
- This table lists the commands for ssl vpn you must use the 210
- Zywall usg zld cli reference guide 210
- Setting an ssl vpn rule tutorial 211
- Chapter 30 ssl vpn 212
- Displays the ssl vpn rule settings 212
- Zywall usg zld cli reference guide 212
- Ipsec configuration 213
- L2tp vpn 213
- L2tp vpn overview 213
- L2tp_pool 214
- Lan_subnet 214
- Policy route 214
- Using the default l2tp vpn connection 214
- Chapter 31 l2tp vpn 215
- Command description 215
- Command to enter the configuration mode before you can use these commands 215
- Configure termina 215
- L2tp vpn commands 215
- Label description 215
- Note modifying this vpn connection or the vpn gateway that it uses disconnects any existing l2tp vpn sessions 215
- Table 115 input values for l2tp vpn commands 215
- Table 116 l2tp vpn commands 215
- The following sections list the l2tp vpn commands 215
- The following table describes the values required for some l2tp vpn commands other values are discussed with the corresponding commands 215
- This table lists the commands for l2tp vpn you must use the 215
- Zywall usg zld cli reference guide 215
- 3 7 05 l2tp_pool 192 68 0 0 192 68 0 0 216
- Chapter 31 l2tp vpn 216
- Command description 216
- Figure 23 l2tp vpn example 216
- L2tp vpn example 216
- Lan_subnet 192 68 24 216
- Table 116 l2tp vpn commands 216
- The remote user has a dynamic public ip address and connects through the internet 216
- The zywall usg has a static ip address of 172 3 7 05 for the ge3 interface 216
- This example uses the following settings in creating a basic l2tp vpn tunnel see the web configurator user s guide for how to configure l2tp in remote user computers using windows xp and windows 2000 216
- Zywall usg zld cli reference guide 216
- Configuring the default l2tp vpn connection example 217
- Configuring the default l2tp vpn gateway example 217
- Configuring the l2tp vpn settings example 217
- Chapter 31 l2tp vpn 218
- Configuring the policy route for l2tp example 218
- Enable the connection 218
- Enable the policy route 218
- Set the destination address to the ip address pool that the zywall usg assigns to the remote users l2tp_pool in this example 218
- Set the next hop to be the default_l2tp_vpn_connection tunnel 218
- Set the policy route s source address to the address object that you want to allow the remote users to access lan_subnet in this example 218
- The following commands configure and display the policy route for the l2tp vpn connection entry 218
- Zywall usg zld cli reference guide 218
- Bandwidth management 219
- Bandwidth management commands 219
- Bandwidth management overview 219
- Bwm type 219
- Bandwidth sub commands 220
- Chapter 32 bandwidth management 220
- Command description 220
- Table 117 bwm commands continued 220
- Table 118 bwm sub commands 220
- The following table describes the sub commands for several bwm commands 220
- Zywall usg zld cli reference guide 220
- Chapter 32 bandwidth management 221
- Command description 221
- Table 118 bwm sub commands continued 221
- Zywall usg zld cli reference guide 221
- Chapter 32 bandwidth management 222
- Command description 222
- Table 118 bwm sub commands continued 222
- Zywall usg zld cli reference guide 222
- Bandwidth management commands examples 223
- Chapter 32 bandwidth management 223
- Command description 223
- Table 118 bwm sub commands continued 223
- The following example sets the priority code to 3 for packets in vlan 1 that don t match any other bwm rule bwm rule 1 marks matching outgoing traffic from vlan 1 to priority code 4 223
- Zywall usg zld cli reference guide 223
- Chapter 32 bandwidth management 224
- The following example adds a new bandwidth management policy for trial users to limit incoming and outgoing bandwidth and sets the traffic priority to 3 it then displays the policy settings 224
- Zywall usg zld cli reference guide 224
- Application patrol 225
- Application patrol commands summary 225
- Application patrol overview 225
- Application patrol command examples 226
- Application patrol commands 226
- Chapter 33 application patrol 226
- Command description 226
- Table 120 app commands application patrol 226
- This command shows details of an application patrol profile created 226
- This table lists the application patrol commands 226
- Zywall usg zld cli reference guide 226
- Chapter 33 application patrol 227
- These are some other example application patrol usage commands 227
- Zywall usg zld cli reference guide 227
- Anti virus 229
- Anti virus commands 229
- Anti virus overview 229
- Anti virus profile 230
- Chapter 34 anti virus 230
- Command description 230
- Command to enter the configuration mode before you can use these commands 230
- Configure termina 230
- General anti virus commands 230
- Note you must register for the anti virus service before you can use it see chapter 5 on page 49 230
- Table 122 general anti virus commands 230
- Table 123 anti virus profile commands 230
- The following table describes general anti virus commands you must use the 230
- This table lists the av profile related commands 230
- Zywall usg zld cli reference guide 230
- Anti virus profile command example 231
- Chapter 34 anti virus 231
- Command description 231
- Command to enter the configuration mode before you can use these commands 231
- Configure termina 231
- Table 123 anti virus profile commands 231
- Table 124 commands for anti virus white and black lists 231
- The following table describes the commands for configuring the white list and black list you must use the 231
- This is an example of anti virus profile commands 231
- White and black lists 231
- Zywall usg zld cli reference guide 231
- Chapter 34 anti virus 232
- Command description 232
- Command to enter the configuration mode before you can use this command 232
- Configure termina 232
- Signature search anti virus command 232
- Signature search example 232
- Table 124 commands for anti virus white and black lists continued 232
- Table 125 command for anti virus signature search 232
- The following table describes the command for searching for signatures you must use the 232
- This example shows how to enable the white list and configure an active white list entry for files with a exe extension it also enables the black list and configure an inactive black list entry for files with a exe extension 232
- This example shows how to search for anti virus signatures with msn in the name 232
- White and black lists example 232
- Zywall usg zld cli reference guide 232
- Chapter 34 anti virus 233
- Command description 233
- Table 126 update signatures 233
- These examples show how to enable disable automatic anti virus downloading schedule updates display the schedule display the update status show the new updated signature version number show the total number of signatures and show the date time the signatures were created 233
- Update anti virus signatures 233
- Update signature examples 233
- Use these commands to update new signatures you should have already registered for anti virus service 233
- Zywall usg zld cli reference guide 233
- Anti virus statistics 234
- Anti virus statistics example 234
- Chapter 34 anti virus 234
- Command description 234
- Command to enter the configuration mode before you can use these commands 234
- Configure termina 234
- Table 127 commands for anti virus statistics 234
- The following table describes the commands for collecting and displaying anti virus statistics you must use the 234
- This example shows how to collect and display anti virus statistics it also shows how to sort the display by the most common destination ip addresses 234
- Zywall usg zld cli reference guide 234
- General idp commands 235
- Idp activation 235
- Idp commands 235
- Overview 235
- Activate deactivate idp example 236
- Chapter 35 idp commands 236
- Command description 236
- Global profile commands 236
- Idp profile commands 236
- Table 129 idp activation 236
- Table 130 global profile commands 236
- This example shows how to activate and deactivate signature based idp on the zywall usg 236
- Use these commands to rename or delete existing profiles and show idp base profiles 236
- Zywall usg zld cli reference guide 236
- Chapter 35 idp commands 237
- Command description 237
- Editing creating idp signature profiles 237
- Example of global profile commands 237
- In this example we rename an idp signature profile from old_profile to new_profile delete the bye_profile and show all base profiles available 237
- Note you cannot change the base profile later 237
- Signature search 237
- Table 131 editing creating idp signature profiles 237
- Use these commands to create a new idp signature profile or edit an existing one it is recommended you use the web configurator to create edit profiles if you do not specify a base profile the default base profile is none 237
- Use this command to search for signatures in the named profile 237
- Zywall usg zld cli reference guide 237
- Chapter 35 idp commands 238
- Command description 238
- Note it is recommended you use the web configurator to search for signatures 238
- Search parameter tables 238
- Severity platform policy type 238
- Table 132 signature search command 238
- Table 133 severity platform and policy type command values 238
- The following table displays the command line severity platform and policy type equivalent values if you want to combine platforms in a search then add their respective numbers together for example to search for signatures for windows nt windows xp and windows 2000 computers then type 12 as the platform parameter 238
- Zywall usg zld cli reference guide 238
- Chapter 35 idp commands 239
- Containing the text worm within the signature name 239
- Generates logs 239
- Has a very low severity level 239
- Idp custom signatures 239
- Is a scan policy type dns service 239
- Is enabled 239
- Operates on the windows nt platform 239
- Service service action 239
- Signature search example 239
- Table 134 service and action command values 239
- The following table displays the command line service and action equivalent values if you want to combine services in a search then add their respective numbers together for example to search for signatures for dns finger and ftp services then type 7 as the service parameter 239
- This example command searches for all signatures in the lan_idp profile 239
- Use these commands to create a new signature or edit an existing one 239
- With an id of 12345 239
- Zywall usg zld cli reference guide 239
- Chapter 35 idp commands 240
- Command description 240
- Custom signature examples 240
- Custom signatures screen 240
- Note you must use the web configurator to import a custom signature file 240
- Table 135 custom signatures 240
- These examples show how to create a custom signature edit one display details of one all and show the total number of custom signatures 240
- Zywall usg zld cli reference guide 240
- Chapter 35 idp commands 241
- This example shows you how to display custom signature details 241
- This example shows you how to edit a custom signature 241
- Zywall usg zld cli reference guide 241
- Chapter 35 idp commands 242
- This example shows you how to display custom signature contents 242
- Zywall usg zld cli reference guide 242
- Chapter 35 idp commands 243
- Command description 243
- Note you must use the web configurator to import a custom signature file 243
- Table 136 update signatures 243
- This example shows you how to display all details of a custom signature 243
- This example shows you how to display the number of custom signatures on the zywall usg 243
- Update idp signatures 243
- Use these commands to update new signatures you register for idp service before you can update idp signatures although you do not have to register in order to update system protect signatures 243
- Zywall usg zld cli reference guide 243
- Chapter 35 idp commands 244
- Command description 244
- Command to enter the configuration mode before you can use these commands 244
- Configure termina 244
- Idp statistics 244
- Table 137 commands for idp statistics 244
- The following table describes the commands for collecting and displaying idp statistics you must use the 244
- These examples show how to enable disable automatic idp downloading schedule updates display the schedule display the update status show the new updated signature version number show the total number of signatures and show the date time the signatures were created 244
- Update signature examples 244
- Zywall usg zld cli reference guide 244
- Chapter 35 idp commands 245
- Idp statistics example 245
- This example shows how to collect and display idp statistics it also shows how to sort the display by the most common signature name source ip address or destination ip address 245
- Zywall usg zld cli reference guide 245
- Content filtering 247
- Content filtering overview 247
- Content filtering reports 247
- External web filtering service 247
- Chapter 36 content filtering 248
- Commands 248
- Content filte 248
- Content filter command input values 248
- Label description 248
- Table 138 content filter command input values 248
- The following table explains the values you can input with the 248
- Zywall usg zld cli reference guide 248
- Chapter 36 content filtering 249
- Command to enter the 249
- Configure termina 249
- General content filter commands 249
- Label description 249
- Table 138 content filter command input values continued 249
- The following table lists the commands that you can use for general content filter configuration such as creating a denial of access message or specifying a redirect url and checking your external web filtering service registration status use the 249
- Zywall usg zld cli reference guide 249
- Chapter 36 content filtering 250
- Command description 250
- Configuration mode to be able to use these commands see table 138 on page 248 for details about the values you can input with these commands 250
- Table 139 content filter general commands 250
- Zywall usg zld cli reference guide 250
- Chapter 36 content filtering 251
- Command description 251
- Command to enter the configuration mode to be able to use these commands see table 138 on page 248 for details about the values you can input with these commands 251
- Configure termina 251
- Content filter filtering profile commands 251
- Table 140 content filter filtering profile commands summary 251
- The following table lists the commands that you can use to configure a content filtering profile use the 251
- Zywall usg zld cli reference guide 251
- Chapter 36 content filtering 252
- Command description 252
- Table 140 content filter filtering profile commands summary continued 252
- Zywall usg zld cli reference guide 252
- Chapter 5 on page 49 253
- Configure termina 253
- Content filtering commands example 253
- Content filtering statistics 253
- Content filtering statistics example 253
- Note you must register for the external web filtering service before you can use it see 253
- Append a secure policy with content filter profile 254
- Chapter 36 content filtering 254
- You can also customize the filtering profile the following commands block active x java and proxy access 254
- Zywall usg zld cli reference guide 254
- Chapter 36 content filtering 255
- Use this command to display the settings of the profile 255
- Zywall usg zld cli reference guide 255
- Anti spam 257
- Anti spam commands 257
- Anti spam overview 257
- Anti spam profile rules 257
- Chapter 37 anti spam 258
- Command description 258
- Table 143 commands for anti spam profile rules continued 258
- Zywall usg zld cli reference guide 258
- Anti spam profile example 259
- Chapter 37 anti spam 259
- Command description 259
- Table 143 commands for anti spam profile rules continued 259
- This example shows how to configure and display a wan to dmz anti spam profile to scan pop3 and smtp traffic smtp spam is forwarded pop3 spam is marked with a spam tag the zywall usg logs the event when an e mail matches the dnsbl see section 37 on page 262 for more on dnsbl the white and black lists are ignored 259
- Zywall usg zld cli reference guide 259
- Chapter 37 anti spam 260
- Command description 260
- Command to enter the configuration mode before you can use these commands 260
- Configure termina 260
- Label description 260
- Table 144 input values for white and black list anti spam commands 260
- Table 145 commands for anti spam white and black lists 260
- The following table identifies values used in these commands other input values are discussed with the corresponding commands 260
- Use the white list to identify legitimate e mail and the black list to identify spam e mail the following table describes the commands for configuring the white list and black list you must use the 260
- White and black lists 260
- Zywall usg zld cli reference guide 260
- Chapter 37 anti spam 261
- Command description 261
- Regular expressions in black or white list entries 261
- Table 145 commands for anti spam white and black lists continued 261
- The following applies for a black or white list entry based on an e mail subject e mail address or e mail header value 261
- This example shows how to configure and enable a white list entries for e mails with testwhite in the subject e mails from whitelist ourcompany com e mails with the date header set to 2007 and e mails from or forwarded by ip address 192 68 with subnet 255 55 55 261
- Use a question mark to let a single character vary for example use a c without the quotation marks to specify abc acc and so on 261
- White and black lists example 261
- You can also use a wildcard for example if you configure def com any e mail address that ends in def com matches so mail def com matches 261
- Zywall usg zld cli reference guide 261
- Chapter 37 anti spam 262
- Command description 262
- Command to enter the configuration mode before you can use these commands 262
- Configure termina 262
- Dnsbl anti spam commands 262
- Label description 262
- Table 146 input values for dnsbl commands 262
- Table 147 dnsbl commands 262
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 262
- The wildcard can be anywhere in the text string and you can use more than one wildcard you cannot use two wildcards side by side there must be other characters between them 262
- The zywall usg checks the first header with the name you specified in the entry so if the e mail has more than one received header the zywall usg checks the first one 262
- This section describes the commands for checking the sender and relay ip addresses in e mail headers against dns domain name service based spam black lists dnsbls you must use the 262
- This table describes the dnsbl commands 262
- Zywall usg zld cli reference guide 262
- Chapter 37 anti spam 263
- Command description 263
- Dnsbl example 263
- Sets the dnsbl tag to dnsbl 263
- Sets the dnsbl timeout tag to dnsbl timeout 263
- Sets the zywall usg to check up to 4 sender and relay server ip addresses in e mail headers against the dnsbl 263
- Sets the zywall usg to forward pop3 mail with a tag if the queries to the dnsbl domains time out 263
- Sets the zywall usg to start dnsbl checking from the first ip address in the mail header 263
- Sets the zywall usg to use dnsbl example com as a dnsbl 263
- Table 147 dnsbl commands 263
- This example 263
- Turns dnsbl checking on 263
- Zywall usg zld cli reference guide 263
- Anti spam statistics 264
- Chapter 37 anti spam 264
- Command description 264
- Command to enter the configuration mode before you can use these commands 264
- Configure termina 264
- Displays the dnsbl statistics 264
- Table 148 commands for anti spam statistics 264
- The following table describes the commands for collecting and displaying anti spam statistics you must use the 264
- Zywall usg zld cli reference guide 264
- Anti spam statistics example 265
- Chapter 37 anti spam 265
- Command description 265
- Table 148 commands for anti spam statistics continued 265
- This example shows how to collect anti spam statistics and display a summary 265
- Zywall usg zld cli reference guide 265
- Ssl inspection 267
- Ssl inspection commands summary 267
- Ssl inspection overview 267
- Chapter 38 ssl inspection 268
- Command description 268
- Ssl inspection exclusion commands 268
- Ssl inspection profile settings 268
- Table 150 ssl inspection exclusion commands 268
- Table 151 ssl inspection profile commands 268
- The following sections list the commands 268
- There may be privacy and legality issues regarding inspecting a user s encrypted session the legal issues may vary by locale so it s important to check with your legal department to make sure that it s ok to intercept ssl traffic from your zywall usg users 268
- This table lists the ssl inspection exclusion related commands 268
- This table lists the ssl inspection profile setting commands 268
- To ensure individual privacy and meet legal requirements you can configure an exclusion list to exclude matching sessions to destination servers this traffic is not intercepted and is passed through uninspected 268
- Zywall usg zld cli reference guide 268
- Chapter 38 ssl inspection 269
- Command description 269
- Ssl inspection certificate cache 269
- Ssl inspection certificate update 269
- Table 151 ssl inspection profile commands 269
- Table 152 ssl inspection certificate cache commands 269
- Table 153 ssl inspection certificate update commands 269
- This table lists the ssl inspection certificate cache commands 269
- Use these commands to update the latest certificates of servers using ssl connections to the zywall usg network you should have internet access and have activated ssl inspection on the zywall usg at myzyxel com 269
- Zywall usg zld cli reference guide 269
- Chapter 38 ssl inspection 270
- Command description 270
- Ssl inspection statistics 270
- Table 153 ssl inspection certificate update commands 270
- Table 154 ssl inspection statistics commands 270
- These are some example ssl inspection certificate update usage commands 270
- This table lists the ssl inspection statistics commands 270
- Zywall usg zld cli reference guide 270
- Chapter 38 ssl inspection 271
- Ssl inspection command examples 271
- These are some other example ssl inspection usage commands 271
- Zywall usg zld cli reference guide 271
- Device ha 273
- Device ha overview 273
- Active passive mode device ha 274
- Before you begin 274
- Cluster id 274
- General device ha commands 274
- Monitored interfaces in active passive mode device ha 274
- Note subscribe to services on the backup zywall usg before synchronizing it with the master zywall usg 274
- Virtual router 274
- Virtual router and management ip addresses 274
- Active passive mode device ha commands 275
- Chapter 39 device ha 275
- Command description 275
- Commands 275
- Device h 275
- Each interface can also have a management ip address you can connect to this ip address to manage the zywall usg regardless of whether it is the master or the backup 275
- Label description 275
- Table 156 input values for device ha commands 275
- Table 157 device ha ap mode commands 275
- The following sections list the 275
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 275
- This table lists the commands for configuring active passive mode device ha 275
- Zywall usg zld cli reference guide 275
- Chapter 39 device ha 276
- Command description 276
- Table 157 device ha ap mode commands continued 276
- Zywall usg zld cli reference guide 276
- Active passive mode device ha command example 277
- Chapter 39 device ha 277
- This example configures a zywall usg to be a master zywall usg for active passive mode device ha there is a management ip address of 192 68 on lan1 wan1 and lan1 are monitored the synchronization password is set to mysyncpassword 277
- Zywall usg zld cli reference guide 277
- User account overview 279
- User group 279
- User types 279
- Chapter 40 user group 280
- Command description 280
- Commands 280
- Commands other input values are discussed with the corresponding commands 280
- Label description 280
- Table 159 username groupname command input values 280
- Table 160 username groupname commands summary users 280
- The first table lists the commands for users 280
- The following sections list the 280
- The following table identifies the values required for many 280
- User commands 280
- User group commands summary 280
- Username groupnam 280
- Zywall usg zld cli reference guide 280
- Chapter 40 user group 281
- Command description 281
- Table 160 username groupname commands summary users continued 281
- Table 161 username groupname commands summary groups 281
- Table 162 username groupname commands summary settings 281
- This table lists the commands for groups 281
- This table lists the commands for user settings except for forcing user authentication 281
- User group commands 281
- User setting commands 281
- Zywall usg zld cli reference guide 281
- Chapter 40 user group 282
- Command description 282
- Table 162 username groupname commands summary settings continued 282
- The following commands show the current settings for the number of simultaneous logins 282
- User setting command examples 282
- Zywall usg zld cli reference guide 282
- Chapter 40 user group 283
- Command description 283
- Create a mac role mac address user type user account named zyxel mac 283
- Mac auth commands 283
- Mac auth example 283
- Map a wireless client s mac address of 00 13 49 11 a0 c4 to the zyxel mac mac role mac address user account 283
- Modify the wlan security profile named securewlan1 as follows 283
- Table 163 mac auth commands summary 283
- The following commands 283
- This example uses an external server to authenticate wireless clients by mac address after authentication the zywall usg maps the wireless client to a mac address user account mac role configure user aware features to control mac address user access to network services 283
- This table lists the commands for mappings mac addresses to mac address user accounts 283
- Turn on mac authentication 283
- Use colons to separate the two character pairs within account mac addresses 283
- Use the authentication method named auth1 283
- Zywall usg zld cli reference guide 283
- Additional user commands 284
- Chapter 40 user group 284
- Command description 284
- Table 164 username groupname commands summary additional 284
- This table lists additional commands for users 284
- Use upper case letters in the account mac addresses 284
- Zywall usg zld cli reference guide 284
- Additional user command examples 285
- Chapter 40 user group 285
- The following commands display the users that are currently locked out and then unlocks the user who is displayed 285
- The following commands display the users that are currently logged in to the zywall usg and forces the logout of all logins from a specific ip address 285
- Zywall usg zld cli reference guide 285
- Application object 286
- Application object commands 286
- Application object commands summary 286
- Application object 287
- Application object group commands 287
- Chapter 41 application object 287
- Command description 287
- Examples 287
- Table 167 object group application commands 287
- These are some example usage commands 287
- This table lists the application object group commands 287
- Zywall usg zld cli reference guide 287
- Chapter 41 application object 288
- Examples 288
- Object group application 288
- These are some example usage commands 288
- Zywall usg zld cli reference guide 288
- Address commands summary 289
- Address overview 289
- Addresses 289
- Address object commands 290
- Chapter 42 addresses 290
- Command description 290
- Table 169 address object and address6 object commands 290
- The following sections list the address object and address group commands 290
- This table lists the commands for address objects 290
- Zywall usg zld cli reference guide 290
- Address object command examples 291
- Chapter 42 addresses 291
- The following example creates three ipv4 address objects and then deletes one 291
- Zywall usg zld cli reference guide 291
- Address group commands 292
- Chapter 42 addresses 292
- Command description 292
- Table 170 object group commands address groups 292
- The following example creates host range subnet and link local ipv6 address objects and then deletes the subnet ipv6 address object 292
- This table lists the commands for address groups 292
- Zywall usg zld cli reference guide 292
- Address group command examples 293
- Chapter 42 addresses 293
- Command description 293
- Table 170 object group commands address groups continued 293
- The following commands create three address objects a0 a1 and a2 and add a1 and a2 to address group rd 293
- Zywall usg zld cli reference guide 293
- Service object commands 295
- Services 295
- Services commands summary 295
- Services overview 295
- Chapter 43 services 296
- Command description 296
- Service group commands 296
- Service object command examples 296
- Table 172 service object commands service objects continued 296
- Table 173 object group commands service groups 296
- The first table lists the commands for service groups 296
- The following commands create four services displays them and then removes one of them 296
- Zywall usg zld cli reference guide 296
- Chapter 43 services 297
- Command description 297
- Service group command examples 297
- Table 173 object group commands service groups continued 297
- The following commands create service icmp_echo create service group sg1 and add icmp_echo to sg1 297
- Zywall usg zld cli reference guide 297
- Schedule commands summary 299
- Schedule overview 299
- Schedules 299
- Chapter 44 schedules 300
- Command description 300
- Schedule command examples 300
- Table 175 schedule commands continued 300
- The following commands create recurring schedule schedule1 and one time schedule schedule2 and then delete schedule1 300
- Zywall usg zld cli reference guide 300
- Aaa server 301
- Aaa server overview 301
- Ad server commands 301
- Authentication server command summary 301
- Chapter 45 aaa server 302
- Command description 302
- Commands you use to set the default ldap server 302
- Ldap server 302
- Ldap server commands 302
- Table 176 ad server commands continued 302
- Table 177 ldap server commands 302
- The following table lists the 302
- Zywall usg zld cli reference guide 302
- Aaa group server ad 303
- Aaa group server ad commands 303
- Chapter 45 aaa server 303
- Command description 303
- Commands you use to configure a group of ad servers 303
- Commands you use to set the default radius server 303
- Note you can not delete a server group that is currently in use 303
- Radius server 303
- Radius server command example 303
- Radius server commands 303
- Table 178 radius server commands 303
- Table 179 aaa group server ad commands 303
- The following example sets the secret key and timeout period of the default radius server 172 3 0 00 to 87643210 and 80 seconds 303
- The following table lists the 303
- Zywall usg zld cli reference guide 303
- Aaa group server ldap 304
- Aaa group server ldap commands 304
- Chapter 45 aaa server 304
- Command description 304
- Commands you use to configure a group of ldap servers 304
- Note you can not delete a server group that is currently in use 304
- Table 179 aaa group server ad commands continued 304
- Table 180 aaa group server ldap commands 304
- The following table lists the 304
- Zywall usg zld cli reference guide 304
- Aaa group server radius 305
- Aaa group server radius commands 305
- Chapter 45 aaa server 305
- Command description 305
- Commands you use to configure a group of radius servers 305
- Note you can not delete a server group that is currently in use 305
- Table 180 aaa group server ldap commands continued 305
- Table 181 aaa group server radius commands 305
- The following table lists the 305
- Zywall usg zld cli reference guide 305
- Aaa group server command example 306
- Chapter 45 aaa server 306
- Command description 306
- Table 181 aaa group server radius commands continued 306
- The following example creates a radius server group with two members and sets the secret key to 12345678 and the timeout to 100 seconds then this example also shows how to view the radius group settings 306
- Zywall usg zld cli reference guide 306
- Aaa authentication commands 307
- Authentication objects 307
- Authentication objects overview 307
- Aaa authentication command example 308
- Base dn dc zyxel dc com 308
- Bind dn zyxel engineerabc 308
- Chapter 46 authentication objects 308
- Command description 308
- Command you use to teat a user account on an authentication server 308
- Ip address 172 6 0 308
- Note you must specify at least one member for each profile each type of member can only be used once in a profile 308
- Port 389 308
- Table 182 aaa authentication commands continued 308
- Table 183 test aaa command 308
- Test a user account command example 308
- Test aa 308
- Test aaa command 308
- The following example creates an authentication profile to authentication users using the ldap server group and then the local user database 308
- The following example shows how to test whether a user account named userabc exists on the ad authentication server which uses the following settings 308
- The following table lists the 308
- Zywall usg zld cli reference guide 308
- Chapter 46 authentication objects 309
- Login name attribute samaccountname 309
- Password abcdefg 309
- The result shows the account exists on the ad server otherwise the zywall usg responds an error 309
- Zywall usg zld cli reference guide 309
- Authentication server 310
- Authentication server commands 310
- Authentication server overview 310
- Authentication server command examples 311
- Chapter 47 authentication server 311
- Command description 311
- Table 184 command summary authentication server continued 311
- The following example shows you how to enable the authentication server feature on the zywall usg and sets a trusted radius client profile this example also shows you the authentication server and client profile settings 311
- Zywall usg zld cli reference guide 311
- Certificate commands 313
- Certificates 313
- Certificates commands input values 313
- Certificates overview 313
- Certificates commands summary 314
- Chapter 48 certificates 314
- Command description 314
- Command to enter the configuration mode to be able to use these commands 314
- Configure termina 314
- Label description 314
- Table 185 certificates commands input values continued 314
- Table 186 ca commands summary 314
- The following table lists the commands that you can use to display and manage the zywall usg s summary list of certificates and certification requests you can also create certificates or certification requests use the 314
- Zywall usg zld cli reference guide 314
- Chapter 48 certificates 315
- Command description 315
- Table 186 ca commands summary continued 315
- Zywall usg zld cli reference guide 315
- Certificates commands examples 316
- Chapter 48 certificates 316
- Command description 316
- Table 186 ca commands summary continued 316
- The following example creates a self signed x 09 certificate with ip address 10 8 as the common name it uses the rsa key type with a 512 bit key then it displays the list of local certificates finally it deletes the pkcs12request certification request 316
- Zywall usg zld cli reference guide 316
- Isp accounts 317
- Isp accounts overview 317
- Pppoe and pptp account commands 317
- Cellular account commands 318
- Chapter 49 isp accounts 318
- Command description 318
- Table 187 pppoe and pptp isp account commands continued 318
- Table 188 cellular account commands 318
- The following table lists the cellular isp account commands 318
- Zywall usg zld cli reference guide 318
- Ssl application 319
- Ssl application object commands 319
- Ssl application overview 319
- Chapter 50 ssl application 320
- Command description 320
- Table 189 ssl application object commands 320
- Zywall usg zld cli reference guide 320
- Chapter 50 ssl application 321
- Ssl application command examples 321
- The following commands create and display a server type ssl application object named zw5 for a web server at ip address 192 68 2 321
- Zywall usg zld cli reference guide 321
- Dhcpv6 object commands 322
- Dhcpv6 object commands summary 322
- Dhcpv6 objects 322
- Chapter 51 dhcpv6 objects 323
- Command description 323
- Dhcpv6 object command examples 323
- Table 191 dhcpv6 object commands continued 323
- This example creates and displays a dhcpv6 lease object named test1 for ipv6 address 2003 1 with duid 00 01 02 03 04 05 06 07 323
- This example makes test1 into a dhcpv6 address pool lease object for ipv6 addresses 2004 10 to 2004 40 323
- Zywall usg zld cli reference guide 323
- Chapter 51 dhcpv6 objects 324
- This example creates a dhcpv6 prefix delegation request object named pfx and displays its settings 324
- This example creates and displays a dhcpv6 prefix delegation lease object named pfx for ipv6 address prefix 2005 64 and duid 00 01 02 03 04 05 06 07 then renames it to pd 324
- This example deletes the test1 dhcpv6 lease object 324
- Zywall usg zld cli reference guide 324
- Customizing the www login page 325
- System 325
- System overview 325
- Configure termina 326
- Logo title 326
- Message color of all text 326
- Note message last line of text 326
- Window background 326
- Configure termina 327
- Host name commands 327
- Time and date 327
- Configure termina 328
- Console port speed 328
- Date time commands 328
- Dns overview 329
- Domain zone forwarder 329
- Chapter 52 system 330
- Command description 330
- Command to enter the configuration mode before you can use these commands 330
- Configure termina 330
- Dns commands 330
- Label description 330
- Table 196 input values for general dns commands 330
- Table 197 command summary dns 330
- The following table describes the commands available for dns you must use the 330
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 330
- Zywall usg zld cli reference guide 330
- Chapter 52 system 331
- Command description 331
- Table 197 command summary dns continued 331
- Zywall usg zld cli reference guide 331
- Authentication server overview 332
- Chapter 52 system 332
- Command description 332
- Dns command examples 332
- Table 197 command summary dns continued 332
- The zywall usg can also work as a radius server to exchange messages with other aps for user authentication and authorization 332
- This command displays security options configured for the customized and default rules 332
- This command sets an a record that specifies the mapping of a fully qualified domain name www abc com to an ip address 210 7 3 332
- Zywall usg zld cli reference guide 332
- Authentication server commands 333
- Chapter 52 system 333
- Command description 333
- Defaul 333
- Table 198 command summary authentication server 333
- The following table lists the authentication server commands you use to configure the zywall usg s built in authentication server settings 333
- Zywall usg zld cli reference guide 333
- Authentication server command examples 334
- Configure termina 334
- Language commands 334
- Configure termina 335
- Ipv6 commands 335
- Zon commands 335
- Zon overview 335
- Chapter 52 system 336
- Command description 336
- Table 201 command summary zon continued 336
- This example enables lldp discovery and displays whether lldp discovery is enabled on the zywall usg 336
- Zon examples 336
- Zywall usg zld cli reference guide 336
- Remote management limitations 337
- Remote management overview 337
- System remote management 337
- System timeout 337
- Chapter 53 system remote management 338
- Command description 338
- Command to enter the configuration mode before you can use these commands 338
- Common system command input values 338
- Configure termina 338
- Defaul 338
- Http https commands 338
- Label description 338
- Table 202 input values for general system commands 338
- Table 203 command summary http https 338
- The following table describes the commands available for http https you must use the 338
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 338
- Zywall usg zld cli reference guide 338
- Chapter 53 system remote management 339
- Command description 339
- Defaul 339
- Table 203 command summary http https continued 339
- Zywall usg zld cli reference guide 339
- Http https command examples 340
- Requirements for using ssh 340
- Ssh implementation on the zywall usg 340
- Chapter 53 system remote management 341
- Command description 341
- Command to enter the configuration mode before you can use these commands 341
- Configure termina 341
- Defaul 341
- Ssh command examples 341
- Ssh commands 341
- Table 204 command summary ssh 341
- The following table describes the commands available for ssh you must use the 341
- This command sets a certificate default to be used to identify the zywall usg 341
- This command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using ssh service 341
- Zywall usg zld cli reference guide 341
- Chapter 53 system remote management 342
- Command description 342
- Command to enter the configuration mode before you can use these commands 342
- Configure termina 342
- Table 205 command summary telnet 342
- Telnet 342
- Telnet commands 342
- Telnet commands examples 342
- The following table describes the commands available for telnet you must use the 342
- This command displays telnet settings 342
- This command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using telnet service 342
- You can configure your zywall usg for remote telnet access 342
- Zywall usg zld cli reference guide 342
- Configure termina 343
- Configuring ftp 343
- Ftp commands 343
- Ftp commands examples 343
- Snmp traps 344
- Supported mibs 344
- Chapter 53 system remote management 345
- Command description 345
- Command to enter the configuration mode before you can use these commands 345
- Configure termina 345
- Object label object id description 345
- Snmp commands 345
- Table 207 snmp traps continued 345
- Table 208 command summary snmp 345
- The following table describes the commands available for snmp you must use the 345
- Zywall usg zld cli reference guide 345
- Access 346
- Chapter 53 system remote management 346
- Command description 346
- Snmp commands examples 346
- Table 208 command summary snmp continued 346
- The following command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using snmp service 346
- The following command sets the ip address of the host that receives the snmp notifications to 172 3 5 4 and the password sent with each trap to qwerty 346
- The following command sets the password secret for read write 346
- The following commands create an snmpv3 rule and then displays the configured settings 346
- Zywall usg zld cli reference guide 346
- Cloudcnm screen 347
- Configure termina 347
- Icmp filter 347
- Chapter 53 system remote management 348
- Command description 348
- Table 210 command summary cloudcnm 348
- The zywall usg must be able to communicate with the cloudcnm server 348
- To allow cloudcnm management of your zywall usg 348
- You must have a cloudcnm license with cnm id number or a cloudcnm url identifying the server 348
- Zywall usg zld cli reference guide 348
- Configuration files and shell scripts overview 349
- File directories 349
- File manager 349
- Chapter 54 file manager 350
- Comments in configuration files or shell scripts 350
- Figure 27 configuration file shell script example 350
- In a configuration file or shell script use or as the first character of a command line to have the zywall usg treat the line as a comment 350
- Note exit or must follow sub commands if it is to make the zywall usg exit sub command mode 350
- Table 212 configuration files and shell scripts in the zywall usg 350
- These files have the same syntax which is also identical to the way you run cli commands manually an example is shown below 350
- While configuration files and shell scripts have the same syntax the zywall usg applies configuration files differently than it runs shell scripts this is explained below 350
- You have to run the example in table 27 on page 350 as a shell script because the first command is run in privilege mode if you remove the first command you have to run the example as a configuration file because the rest of the commands are executed in configuration mode see section 1 on page 27 for more information about cli modes 350
- Your configuration files or shell scripts can use exit or a command line consisting of a single to have the zywall usg exit sub command mode 350
- Zywall usg zld cli reference guide 350
- Errors in configuration files or shell scripts 351
- Setenv stop on error off 351
- Zywall usg configuration file details 351
- Configuration file flow at restart 352
- File manager commands input values 352
- Setenv startup stop on error of 352
- Chapter 54 file manager 353
- Command description 353
- File manager commands summary 353
- Table 214 file manager commands summary 353
- The following table lists the commands that you can use for file management 353
- Zywall usg zld cli reference guide 353
- Chapter 54 file manager 354
- Command description 354
- File manager dual firmware commands 354
- Table 214 file manager commands summary continued 354
- Table 215 file manager dual firmware commands 354
- The following table lists the commands that you can use for managing dual firmware firmware uploaded using ftp goes to the running partition use the web configurator to upload firmware to the standby partition the zywall usg reboots automatically when you upload firmware to the running partition 354
- Zywall usg zld cli reference guide 354
- Chapter 54 file manager 355
- File manager command examples 355
- Ftp file transfer 355
- These are examples of the dual firmware commands 355
- These commands run the aaa zysh script at noon every day on the first day of every month and on every monday wednesday and friday 355
- This example saves a back up of the current configuration before applying a shell script file 355
- You can use ftp to transfer files to and from the zywall usg for advanced maintenance and support 355
- Zywall usg zld cli reference guide 355
- Chapter 54 file manager 356
- Command line ftp configuration file upload example 356
- Command line ftp file download 356
- Command line ftp file upload 356
- Connect to the zywall usg 356
- Enter bin to set the transfer mode to binary 356
- Figure 28 ftp configuration file upload example 356
- For example 356
- In the conf directory use put config conf today conf to upload the configuration file config conf to the zywall usg and rename it today conf 356
- Note uploading a custom signature file named custom rules overwrites all custom signatures on the zywall 356
- Put 1 0 xl bin transfers the firmware 1 0 xl bin to the zywall usg 356
- The firmware update can take up to five minutes do not turn off or reset the zywall usg while the firmware update is in progress if you lose power during the firmware upload you may need to refer to section 54 on page 358 to recover the firmware 356
- The following example transfers a configuration file named tomorrow conf from the computer and saves it on the zywall usg as next conf 356
- Use put to transfer files from the computer to the zywall usg 356
- You can upload the firmware after you log in through ftp to upload other files use cd to change to the corresponding directory 356
- Zywall usg zld cli reference guide 356
- Boot module 357
- Chapter 54 file manager 357
- Command line ftp configuration file download example 357
- Enter bin to set the transfer mode to binary 357
- Figure 29 ftp configuration file download example 357
- Figure 30 zywall usg file usage at startup 357
- Firmware 357
- Get vpn_setup zysh vpn zysh transfers the vpn_setup zysh configuration file on the zywall usg to your computer and renames it vpn zysh 357
- Recovery image 357
- The following example gets a configuration file named today conf from the zywall usg and saves it on the computer as current conf 357
- The zywall usg uses the following files at system startup 357
- Use cd to change to the directory that contains the files you want to download 357
- Use dir or ls if you need to display a list of the files in the directory 357
- Use get to download files for example 357
- Zywall usg file usage at startup 357
- Zywall usg zld cli reference guide 357
- Note do not press any keys at this point wait to see what displays next 358
- Notification of a damaged recovery image or firmware 358
- Note you only need to use this section if you need to restore the recovery image 359
- Restoring the recovery image 359
- Note you only need to use the atuk or atur command if the recovery image is damaged 360
- Note this section is not for normal firmware uploads you only need to use this section if you need to recover the firmware 361
- Restoring the firmware 361
- Restoring the default system database 363
- Note you only need to use the atkz u command if the default system database is damaged 365
- Using the atkz u debug command 365
- Log commands summary 369
- Chapter 55 logs 370
- Command description 370
- Log entries commands 370
- System log commands 370
- Table 217 logging commands log entries 370
- Table 218 logging commands system log settings 370
- This table lists the commands for the system log settings 370
- This table lists the commands to look at log entries 370
- Zywall usg zld cli reference guide 370
- Chapter 55 logs 371
- Command description 371
- Debug log commands 371
- System log command examples 371
- Table 219 logging commands debug log settings 371
- The following command displays the current status of the system log 371
- This table lists the commands for the debug log settings 371
- Zywall usg zld cli reference guide 371
- Chapter 55 logs 372
- Command description 372
- Table 220 logging commands remote syslog server settings 372
- Table 221 logging commands vrpt settings 372
- This table lists the commands for setting how often to send information to the vrpt zyxel s vantage report server 372
- This table lists the commands for the remote syslog server settings for the purposes of this device s cli access points are referred to as wtp 372
- Zywall usg zld cli reference guide 372
- Chapter 55 logs 373
- Command description 373
- E mail profile commands 373
- Table 221 logging commands vrpt settings continued 373
- Table 222 logging commands e mail profile settings 373
- This table lists the commands for the e mail profile settings 373
- Zywall usg zld cli reference guide 373
- Chapter 55 logs 374
- Command description 374
- Console port logging commands 374
- E mail profile command examples 374
- Table 222 logging commands e mail profile settings continued 374
- Table 223 logging commands console port settings 374
- The following commands set up e mail log 1 374
- This table lists the commands for the console port settings 374
- Zywall usg zld cli reference guide 374
- Report commands 375
- Report commands summary 375
- Reports and reboot 375
- Chapter 56 reports and reboot 376
- Command description 376
- Packet size statistics commands 376
- Report command examples 376
- Session commands 376
- Table 225 session commands 376
- Table 226 packet size statistics commands 376
- The following commands start collecting data display the traffic reports and stop collecting data 376
- This table lists the commands to display the current sessions for debugging or statistical analysis 376
- Using the packet size statistics to view packet size distribution may aid you in troubleshooting network performance in particular a large number of small packets can drastically reduce throughput this table lists the commands to enable and disable packet size statistics data collection and display the setting status and statistics 376
- Zywall usg zld cli reference guide 376
- Chapter 56 reports and reboot 377
- Command description 377
- Command to enter the configuration mode before you can use these commands 377
- Configure termina 377
- Email daily report commands 377
- Label description 377
- Table 226 packet size statistics commands continued 377
- Table 227 input values for email daily report commands 377
- Table 228 email daily report commands 377
- The following table identifies the values used in some of these commands other input values are discussed with the corresponding commands 377
- Use these commands to have the zywall usg e mail you system statistics every day you must use the 377
- Zywall usg zld cli reference guide 377
- Appends the date and time to the mail subject 378
- Chapter 56 reports and reboot 378
- Command description 378
- Disables the reporting 378
- Email daily report example 378
- Has the zywall usg not use the second and third mail to options 378
- Sets example administrator example com as the first account to which to send the mail 378
- Sets my email example com as the fourth mail to option 378
- Sets the sender as my email example com 378
- Sets the subject of the report e mails to test 378
- Specifies example smtp mail server com as the address of the smtp mail server 378
- Stops the system name from being appended to the mail subject 378
- Table 228 email daily report commands continued 378
- This example sets the following about sending a daily report e mail 378
- Zywall usg zld cli reference guide 378
- Chapter 56 reports and reboot 379
- Has the report include cpu memory port and session usage along with traffic statistics 379
- Has the zywall usg not reset the counters after sending the report 379
- Has the zywall usg not use the fifth mail to option 379
- Has the zywall usg provide username 12345 and password 12345 to the smtp server for authentication 379
- Sets the zywall usg to send the report at 1 57 pm 379
- Turns on the daily e mail reporting 379
- Zywall usg zld cli reference guide 379
- Chapter 56 reports and reboot 380
- Command to restart the device 380
- Command to save the configuration before you reboot otherwise the changes are lost when you reboot 380
- If you made changes in the cli you have to use the 380
- Reboot 380
- This displays the email daily report settings and has the zywall usg send the report 380
- Use the 380
- Use this to restart the device for example if the device begins behaving erratically 380
- Zywall usg zld cli reference guide 380
- Session timeout 381
- Diagnosis commands 383
- Diagnosis commands example 383
- Diagnostics 383
- Packet flow explore 385
- Packet flow explore commands 385
- Chapter 59 packet flow explore 386
- Packet flow explore commands example 386
- The following example shows all activated 1 to 1 snat rules 386
- The following example shows all activated dynamic vpn rules 386
- The following example shows all activated site to site vpn rules 386
- The following example shows all routing related functions and their order 386
- The following example shows all snat related functions and their order 386
- The following example shows the default wan trunk s settings 386
- Zywall usg zld cli reference guide 386
- Chapter 59 packet flow explore 387
- The following example shows all activated 1 to 1 nat rules 387
- The following example shows all activated dynamic vpn rules 387
- The following example shows all activated policy routes which use snat 387
- The following example shows all activated policy routes which use snat and enable nat loopback 387
- The following example shows all activated static dynamic vpn rules 387
- Zywall usg zld cli reference guide 387
- Chapter 59 packet flow explore 388
- The following example shows the default wan trunk settings 388
- Zywall usg zld cli reference guide 388
- Maintenance tools 389
- Chapter 60 maintenance tools 390
- Command description 390
- Table 232 maintenance tools commands in privilege mode continued 390
- Zywall usg zld cli reference guide 390
- Chapter 60 maintenance tools 391
- Command description 391
- Table 232 maintenance tools commands in privilege mode continued 391
- Zywall usg zld cli reference guide 391
- Chapter 60 maintenance tools 392
- Command description 392
- Here are maintenance tool commands that you can use in configuration mode 392
- Maintenance command examples 392
- Some packet trace command examples are shown below 392
- Table 232 maintenance tools commands in privilege mode continued 392
- Table 233 maintenance tools commands in configuration mode 392
- Zywall usg zld cli reference guide 392
- Chapter 60 maintenance tools 393
- Command description 393
- Here are maintenance tool commands that you can use in configure mode 393
- Packet capture command example 393
- Table 234 maintenance tools commands in configuration mode 393
- The following example creates an arp table entry for ip address 192 68 0 and mac address 01 02 03 04 05 06 then it shows the arp table and finally removes the new entry 393
- The following examples show how to configure packet capture settings and perform a packet capture first you have to check whether a packet capture is running this example shows no other packet capture is running then you can also check the current packet capture settings 393
- Then configure the following settings to capture packets going through the zywall usg s wan1 interface only 393
- Zywall usg zld cli reference guide 393
- Chapter 60 maintenance tools 394
- Check current packet capture status and list all stored packet captures 394
- Duration 150 seconds 394
- Exit the sub command mode and have the zywall usg capture packets according to the settings you just configured 394
- File size 10 megabytes 394
- File suffix example 394
- Host ip any 394
- Host port any then you do not need to configure this setting 394
- Ip address any 394
- Manually stop the running packet capturing 394
- Save the captured packets to usb storage device 394
- The maximum size of a packet capture file 100 megabytes 394
- Use the ring buffer no 394
- You can use ftp to download a capture file open and study it using a packet analyzer tool for example ethereal or wireshark 394
- Zywall usg zld cli reference guide 394
- Hardware watchdog timer 395
- Software watchdog timer 395
- Watchdog timer 395
- App watchdog 396
- Application watchdog 396
- Chapter 61 watchdog timer 396
- Command description 396
- Command to enter the configuration mode to be able to use these commands 396
- Commands use the 396
- Configure termina 396
- Table 237 app watchdog commands 396
- The application watchdog has the system restart a process that fails these are the 396
- Zywall usg zld cli reference guide 396
- Application watchdog commands example 397
- Chapter 61 watchdog timer 398
- Zywall usg zld cli reference guide 398
- List of commands alphabetical 399
Похожие устройства
- Zyxel USG 1900 Инструкция по эксплуатации
- Zyxel USG 1900 Рекомендации по настройке
- Zyxel USG 1900 Справочник командного интерфейса
- HP eliteone 705, j4v28ea Инструкция по эксплуатации
- HP dl360 g9 8sff cto server Инструкция по эксплуатации
- HP stream 11-d055ur, l0z83ea Инструкция по эксплуатации
- Zyxel ZyWALL USG 50 Инструкция по эксплуатации
- Zyxel ZyWALL USG 50 Справочник командного интерфейса
- Zyxel ZyWALL USG 50 Инструкция по установке
- Zyxel ZyWALL USG 50 Рекомендации по настройке
- HP spectre x360 13-4051ur, m3k02ea Инструкция по эксплуатации
- HP spectre x360 13-4050ur, l1s05ea Инструкция по эксплуатации
- HP 15-r263ur, l2u69ea Инструкция по эксплуатации
- HP proone 400, g9d90es Инструкция по эксплуатации
- HP probook 450, k9l17ea Инструкция по эксплуатации
- HP proone 400, d5u21ea Инструкция по эксплуатации
- HP proone 400, f4q59ea Инструкция по эксплуатации
- HP pavilion mini 300-030ur, l1v76ea Инструкция по эксплуатации
- HP pavilion mini 300-050ur, l6j46ea Инструкция по эксплуатации
- Zyxel USG100-PLUS Инструкция по эксплуатации