![Zyxel ZyWALL USG 50 [239/386] Address object command examples](/img/pdf.png)
Zyxel ZyWALL USG 50 [239/386] Address object command examples
![Zyxel ZyWALL USG 20 [239/386] Address object command examples](/views2/1169219/page239/bgef.png)
Chapter 27 Addresses
ZyWALL (ZLD) CLI Reference Guide
239
27.2.1.1 Address Object Command Examples
The following example creates three IPv4 address objects and then deletes one.
Router# configure terminal
Router(config)# address-object A0 192.168.1.1
Router(config)# address-object A1 192.168.1.1-192.168.1.20
Router(config)# address-object A2 192.168.1.0/24
Router(config)# show address-object
Object name Type Address Ref.
=====================================================================
A0 HOST 192.168.1.1 0
A1 RANGE 192.168.1.1-192.168.1.20 0
A2 SUBNET 192.168.1.0/24 0
Router(config)# no address-object A2
Router(config)# show address-object
Object name Type Address Ref.
=====================================================================
A0 HOST 192.168.1.1 0
A1 RANGE 192.168.1.1-192.168.1.20 0
Содержание
- Cli reference guide 1
- Default login details 1
- Quick start guide 1
- Security firewalls 1
- Zywall zld series 1
- Do not use commands not documented in this guide 2
- It is recommended you use the web configurator to configure the zywall 2
- Some commands or command options in this guide may not be available in your product see your product s user s guide for a list of supported features every effort has been made to ensure that the information in this guide is accurate 2
- Introduction 7 3
- Reference 7 3
- Chapter 1 command line interface 9 5
- Chapter 2 user and privilege modes 3 5
- Part i introduction 17 5
- Table of contents 5
- Chapter 3 object reference 9 6
- Chapter 4 status 1 6
- Chapter 5 registration 5 6
- Chapter 6 interfaces 3 6
- Part ii reference 37 6
- Chapter 7 trunks 3 7
- Chapter 8 route 9 7
- Chapter 9 routing protocol 07 7
- Chapter 10 zones 111 8
- Chapter 11 ddns 115 8
- Chapter 12 virtual servers 19 8
- Chapter 13 http redirect 23 8
- Chapter 14 alg 27 8
- Chapter 15 ip mac binding 31 8
- Chapter 16 firewall 33 9
- Chapter 17 ipsec vpn 41 9
- Chapter 18 ssl vpn 51 9
- Chapter 19 l2tp vpn 57 9
- Chapter 20 application patrol 63 10
- Chapter 21 anti virus 73 10
- Chapter 22 idp commands 81 10
- Chapter 23 content filtering 99 11
- Chapter 24 anti spam 211 11
- Chapter 25 device ha 21 11
- Chapter 26 user group 29 11
- Chapter 27 addresses 37 12
- Chapter 28 services 43 12
- Chapter 29 schedules 47 12
- Chapter 30 aaa server 49 12
- Chapter 31 authentication objects 55 12
- Chapter 32 certificates 59 13
- Chapter 33 isp accounts 64 13
- Chapter 34 ssl application 66 13
- Chapter 35 endpoint security 69 13
- Chapter 36 dhcpv6 objects 76 13
- Chapter 37 system 79 13
- Chapter 38 system remote management 85 14
- Chapter 39 file manager 99 15
- Chapter 40 logs 17 15
- Chapter 41 reports and reboot 23 15
- Chapter 42 session timeout 29 16
- Chapter 43 diagnostics 31 16
- Chapter 44 packet flow explore 33 16
- Chapter 45 packet flow filter 37 16
- Chapter 46 maintenance tools 41 16
- Chapter 47 watchdog timer 47 16
- List of commands alphabetical 51 16
- Introduction 17
- Accessing the cli 19
- Command line interface 19
- Overview 19
- The configuration file 19
- Console port 20
- Note before you can access the cli through the web configurator make sure your computer supports the java runtime environment you will be prompted to download and install the java plug in if it is not already installed 20
- Note the default login username is admin and password is 1234 the username and password are case sensitive 20
- Web configurator console 20
- Configure termina 22
- Note the default login username is admin it is case sensitive 22
- Router config 22
- How to find commands in this guide 23
- Note the default login username is admin and password is 1234 the username and password are case sensitive 23
- Ssh secure shell 23
- Telnet 23
- Telnet 192 68 23
- Background information optional 24
- Command examples optional 24
- Command input values optional 24
- Command summary 24
- Command syntax 24
- How commands are explained 24
- Note see the user s guide for background information about most features 24
- Service objec 24
- At the time of writing there is not much difference between user and privilege mode for admin users this is reserved for future use 25
- Changing the password 25
- Chapter 1 command line interface 25
- Cli modes 25
- Exactly as it appears followed by two numbers between 1 and 65535 25
- It is highly recommended that you change the password for accessing the zywall see section 26 on page 230 for the appropriate commands 25
- See chapter 26 on page 229 for more information about the user types user users can only log in look at but not run the available commands in user mode and log out limited admin users can look at the configuration in the web configurator and cli and they can run basic diagnostics in the cli admin users can configure the zywall in the web configurator or cli 25
- Table 2 cli modes 25
- User privilege configuration sub command 25
- You run cli commands in one of several modes 25
- Zywall zld cli reference guide 25
- A list of valid commands can be found by typing 26
- At the command prompt to view a list of available commands within a command group enter 26
- Chapter 1 command line interface 26
- Figure 10 help available command example 2 26
- Figure 11 help sub command information example 26
- Figure 12 help required user input example 26
- Figure 9 help available commands example 1 26
- List of available commands 26
- List of sub commands or required user input 26
- Shortcuts and help 26
- To view detailed help information for a command enter 26
- Zywall zld cli reference guide 26
- Command history 27
- Configur 27
- Entering a in a command 27
- Entering partial commands 27
- Erase current command 27
- Navigation 27
- The no commands 27
- Chapter 1 command line interface 28
- Description 28
- Input values 28
- Table 3 input value formats for strings in cli commands 28
- Tag values legal values 28
- The following table provides more information about input values like 28
- When you use the example above note that zywall usg 200 and below models use a name such as wan1 wan2 opt lan1 ext wlan or dmz 28
- You can use the or tab to get more information about the next input value that is required for a command in some cases the next input value is a string whose length and allowable characters may not be displayed in the screen for example in the following example the next input value is a string called 28
- Zywall zld cli reference guide 28
- Chapter 1 command line interface 29
- Table 3 input value formats for strings in cli commands continued 29
- Tag values legal values 29
- Zywall zld cli reference guide 29
- Chapter 1 command line interface 30
- Table 3 input value formats for strings in cli commands continued 30
- Tag values legal values 30
- Zywall zld cli reference guide 30
- Chapter 1 command line interface 31
- Command to save the current configuration to the zywall 31
- Ethernet interfaces 31
- For the zywall usg 300 and above use ge x x 1 n where n equals the highest numbered ethernet interface for your zywall model 31
- How you specify an ethernet interface depends on the zywall model 31
- Note always save the changes before you log out after each management session all unsaved changes will be lost after the system restarts 31
- Saving configuration changes 31
- Table 3 input value formats for strings in cli commands continued 31
- Tag values legal values 31
- The zywall usg 200 and below models use a name such as wan1 wan2 opt lan1 ext wlan or dmz 31
- Use the 31
- Zywall zld cli reference guide 31
- Logging out 32
- User and privilege modes 33
- Chapter 2 user and privilege modes 34
- Command mode description 34
- Debug commands 34
- Debug commands marked with an asterisk are not available when the debug flag is on and are for zyxel service personnel use only the debug commands follow a linux based syntax so if there 34
- Note these commands are for zyxel s internal manufacturing process 34
- Subsequent chapters in this guide describe the configuration commands user privilege mode commands that are also configuration commands for example show are described in more detail in the related configuration command chapter 34
- Table 4 user u and privilege p mode commands continued 34
- Zywall zld cli reference guide 34
- Chapter 2 user and privilege modes 35
- Command syntax description linux command equivalent 35
- Is a linux equivalent it is displayed in this chapter for your reference you must know a command listed here well before you use it otherwise it may cause undesired results 35
- Table 5 debug commands 35
- Zywall zld cli reference guide 35
- Chapter 2 user and privilege modes 36
- Command syntax description linux command equivalent 36
- Table 5 debug commands continued 36
- Zywall zld cli reference guide 36
- Reference 37
- Object reference 39
- Object reference commands 39
- Chapter 3 object reference 40
- Command description 40
- Object reference command example 40
- Table 6 show reference commands continued 40
- This example shows how to check which configuration is using an address object named lan1_subnet for the command output firewall rule 3 named lan1 to usg 2000 is using the address object 40
- Zywall zld cli reference guide 40
- Status 41
- Chapter 4 status 42
- Here are examples of the commands that display the fan speed mac address memory usage ram size and serial number 42
- Here is an example of the command that displays the listening ports 42
- Zywall zld cli reference guide 42
- Chapter 4 status 43
- Here is an example of the command that displays the open ports 43
- Zywall zld cli reference guide 43
- Chapter 4 status 44
- Here are examples of the commands that display the system uptime and model firmware and build information 44
- This example shows the current led states on the zywall the sys led lights on and green the aux and hdd leds are both off 44
- Zywall zld cli reference guide 44
- Myzyxel com overview 45
- Registration 45
- Subscription services available on the zywall 45
- Configure termina 46
- Note to update the signature file or use a subscription service you have to register the zywall and activate the corresponding service at myzyxel com through the zywall 46
- Registration commands 46
- Chapter 5 registration 47
- Command description 47
- Command examples 47
- Table 9 command summary registration continued 47
- The following command displays the account information and whether the device is registered 47
- The following commands allow you to register your device with an existing account or create a new account and register the device at one time and activate a trial service subscription 47
- Zywall zld cli reference guide 47
- Chapter 5 registration 48
- Country code 48
- Country code country name country code country name 48
- Table 10 country codes 48
- The following command displays the seller details you have entered on the zywall 48
- The following command displays the service registration status and type and how many days remain before the service expires 48
- The following table displays the number for each country 48
- Zywall zld cli reference guide 48
- Chapter 5 registration 49
- Country code country name country code country name 49
- Table 10 country codes continued 49
- Zywall zld cli reference guide 49
- Chapter 5 registration 50
- Country code country name country code country name 50
- Table 10 country codes continued 50
- Zywall zld cli reference guide 50
- Chapter 5 registration 51
- Country code country name country code country name 51
- Table 10 country codes continued 51
- Zywall zld cli reference guide 51
- Interface overview 53
- Interfaces 53
- Types of interfaces 53
- Chapter 6 interfaces 54
- Characteristics ethernet ethernet ethernet vlan bridge ppp virtual 54
- Characteristics ethernet vlan bridge pppoe pptp virtual 54
- Port groups trunks and the auxiliary interface have a lot of characteristics that are specific to each type of interface these characteristics are listed in the following tables and discussed in more detail farther on 54
- Table 11 characteristics of ethernet vlan bridge pppoe pptp and virtual interface zywall usg 300 and above 54
- Table 12 ethernet vlan bridge ppp and virtual interface characteristics zywall usg 200 and below models 54
- The auxiliary interface along with an external modem provides an interface the zywall can use to dial out this interface can be used as a backup wan interface for example the auxiliary interface controls the dial backup port labeled aux on some models 54
- Trunks manage load balancing between interfaces 54
- Zywall zld cli reference guide 54
- Chapter 6 interfaces 55
- Characteristics cellular wlan 55
- Characteristics ethernet ethernet ethernet vlan bridge ppp virtual 55
- Table 12 ethernet vlan bridge ppp and virtual interface characteristics zywall usg 200 and below models continued 55
- Table 13 cellular and wlan interface characteristics 55
- Zywall zld cli reference guide 55
- Chapter 6 interfaces 56
- In the zywall interfaces are usually created on top of other interfaces only ethernet interfaces are created directly on top of the physical ports or port groups the relationships between interfaces are explained in the following table 56
- Interface required port interface 56
- Relationships between interfaces 56
- Table 14 relationships between different types of interfaces 56
- Usg 200 and below model 56
- Zywall zld cli reference guide 56
- Basic interface properties and ip address commands 57
- Chapter 6 interfaces 57
- Command description 57
- Interface general commands summary 57
- Label description 57
- Table 15 input values for general interface commands 57
- Table 16 interface general commands basic properties and ip address assignment 57
- The following sections introduce commands that are supported by several types of interfaces see section 6 on page 76 for the unique commands for each type of interface 57
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 57
- This table lists basic properties and ip address commands 57
- Zywall zld cli reference guide 57
- Chapter 6 interfaces 58
- Command description 58
- Table 16 interface general commands basic properties and ip address assignment continued 58
- Zywall zld cli reference guide 58
- Chapter 6 interfaces 59
- Command description 59
- Table 16 interface general commands basic properties and ip address assignment continued 59
- Zywall zld cli reference guide 59
- Chapter 6 interfaces 60
- Command description 60
- Note make sure you also enable this option in the dhcpv6 clients to make rapid commit work 60
- Table 16 interface general commands basic properties and ip address assignment continued 60
- Zywall zld cli reference guide 60
- Chapter 6 interfaces 61
- Command description 61
- Note make sure you also disable this option in the dhcpv6 clients 61
- Table 16 interface general commands basic properties and ip address assignment continued 61
- Zywall zld cli reference guide 61
- Basic interface properties command examples 62
- Chapter 6 interfaces 62
- The following commands make ethernet interface ge1 a dhcp client 62
- This example shows how to change the user defined name from vip to partner note that you have to use the interface rename command if you do not know the system name of the interface to use the interface name command you have to find out the corresponding system name first ge4 in this example this example also shows how to change the user defined name from partner to customer using the interface name command 62
- This example shows how to modify the name of interface ge4 to vip first you have to check the interface system name ge4 in this example on the zywall then change the name and display the result 62
- Zywall zld cli reference guide 62
- Chapter 6 interfaces 63
- Command description 63
- Dhcp setting commands 63
- Network 63
- Table 17 interface commands dhcp settings 63
- This example shows how to restart an interface you can check all interface names on the zywall then use either the system name or user defined name of an interface ge4 or customer in this example to restart it 63
- This table lists dhcp setting commands dhcp is based on dhcp pools create a dhcp pool if you want to assign a static ip address to a mac address or if you want to specify the starting ip address and pool size of a range of ip addresses that can be assigned to dhcp clients there are different commands for each configuration afterwards in either case you have to bind the dhcp pool to the interface 63
- Zywall zld cli reference guide 63
- Chapter 6 interfaces 64
- Command description 64
- Hardware addres 64
- Networ 64
- Note the dhcp pool must have the same subnet as the interface to which you plan to bind it 64
- Note the ip address must be in the same subnet as the interface to which you plan to bind the dhcp pool 64
- Table 17 interface commands dhcp settings continued 64
- Zywall zld cli reference guide 64
- Chapter 6 interfaces 65
- Command description 65
- First and the start address must be in the same subnet 65
- Network numbe 65
- Note you must specify the 65
- Table 17 interface commands dhcp settings continued 65
- Zywall zld cli reference guide 65
- Chapter 6 interfaces 66
- Dhcp extended option setting command example 66
- Dhcp setting command examples 66
- The following example configures the dhcp_test pool with a sip server code 120 extended dhcp option with one ip address to provide to the sip clients 66
- The following example uses these commands to configure dhcp pool dhcp_test 66
- Zywall zld cli reference guide 66
- Cellular wlan vlan 67
- Chapter 6 interfaces 67
- Interface parameter command examples 67
- Table 18 examples for different interface parameters ethernet virtual interface pppoe pptp 67
- This table shows an example of each interface type s sub commands the sub commands vary for different interface types 67
- Zywall zld cli reference guide 67
- Bridge auxiliary tunnel 68
- Chapter 6 interfaces 68
- Command description 68
- Ospf commands 68
- Rip commands 68
- Table 18 examples for different interface parameters 68
- Table 19 interface commands rip settings 68
- Table 20 interface commands ospf settings 68
- This table lists the commands for ospf settings 68
- This table lists the commands for rip settings 68
- Zywall zld cli reference guide 68
- Chapter 6 interfaces 69
- Command description 69
- Ip ospf dead interva 69
- Ip ospf hello interva 69
- Table 20 interface commands ospf settings continued 69
- Zywall zld cli reference guide 69
- Chapter 6 interfaces 70
- Command description 70
- Connectivity check ping check commands 70
- Table 21 interface commands ping check 70
- This table lists the ping check commands 70
- Use these commands to have an interface regularly check the connection to the gateway you specified to make sure it is still available you specify how often the interface checks the connection how long to wait for a response before the attempt is a failure and how many consecutive failures are required before the zywall stops routing to the gateway the zywall resumes routing to the gateway the first time the gateway passes the connectivity check 70
- Zywall zld cli reference guide 70
- Chapter 6 interfaces 71
- Command description 71
- Connectivity check command example 71
- Ethernet interface specific commands 71
- Label description 71
- Mac address setting commands 71
- Table 22 input values for ethernet interface commands 71
- Table 23 interface commands mac setting 71
- The following commands show you how to set the wan1 interface to use a tcp handshake on port 8080 to check the connection to ip address 1 71
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 71
- This section covers commands that are specific to ethernet interfaces 71
- This table lists the commands you can use to set the mac address of an interface on the zywall usg 200 and below models these commands only apply to a wan or opt interface 71
- Zywall zld cli reference guide 71
- Chapter 6 interfaces 72
- Command description 72
- Note in cli representative interfaces are also called representative ports 72
- Port grouping commands 72
- Table 23 interface commands mac setting continued 72
- Table 24 basic interface setting commands 72
- This section covers commands that are specific to port grouping 72
- Zywall zld cli reference guide 72
- Chapter 6 interfaces 73
- Port grouping command examples 73
- The following commands add physical port 5 to representative interface ge1 73
- The following commands set port 1 to use auto negotiation auto and port 2 to use a 10 mbps connection speed and half duplex 73
- The following commands set up a virtual interface on top of ethernet interface ge1 the virtual interface is named ge1 1 with the following parameters ip 1 subnet 255 55 55 73
- Virtual interface command examples 73
- Virtual interface specific commands 73
- Virtual interfaces use many of the general interface commands discussed at the beginning of section 6 on page 57 there are no additional commands for virtual interfaces 73
- Zywall zld cli reference guide 73
- Chapter 6 interfaces 74
- Command description 74
- Gateway 4 upstream bandwidth 345 downstream bandwidth 123 and description i am vir interface 74
- Label description 74
- Pppoe pptp specific commands 74
- Table 25 input values for pppoe pptp interface commands 74
- Table 26 interface commands pppoe pptp interfaces 74
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 74
- This section covers commands that are specific to pppoe pptp interfaces pppoe pptp interfaces also use many of the general interface commands discussed at the beginning of section 6 on page 57 74
- This table lists the pppoe pptp interface commands 74
- Zywall zld cli reference guide 74
- Chapter 6 interfaces 75
- Command description 75
- Pppoe pptp interface command examples 75
- Table 26 interface commands pppoe pptp interfaces continued 75
- The following commands show you how to configure pppoe pptp interface ppp0 with the following characteristics base interface ge1 isp account hinet local address 1 remote address 75
- Zywall zld cli reference guide 75
- Cellular interface specific commands 76
- Chapter 6 interfaces 76
- Command description 76
- Command to enter the configuration mode before you can use these commands 76
- Configure terminal 76
- Mtu 1200 upstream bandwidth 345 downstream bandwidth 123 description i am ppp0 and dialed only when used 76
- Table 27 cellular interface commands 76
- The following commands show you how to connect and disconnect ppp0 76
- Use a 3g third generation cellular device with the zywall for wireless broadband internet access 76
- Use these commands to add edit dial disconnect or delete cellular interfaces when you add a new cellular interface make sure you enter the account you must use the 76
- Zywall zld cli reference guide 76
- Chapter 6 interfaces 77
- Command description 77
- Table 27 cellular interface commands continued 77
- Zywall zld cli reference guide 77
- Cellular status 78
- Chapter 6 interfaces 78
- Command description 78
- Status description 78
- Table 27 cellular interface commands continued 78
- Table 28 cellular status 78
- The following table describes the different kinds of cellular connection status on the zywall 78
- Zywall zld cli reference guide 78
- Chapter 6 interfaces 79
- Status description 79
- Table 28 cellular status 79
- Zywall zld cli reference guide 79
- Cellular interface command examples 80
- Chapter 6 interfaces 80
- This example shows the 3g and sim card information for interface cellular2 on the zywall 80
- This example shows the 3g connection profile settings for interface cellular2 on the zywall you have to dial 99 1 to use profile 1 but authentication is not required dial 99 2 to use profile 2 and authentication is required 80
- This example shows the configuration of a cellular interface named cellular2 for use with a sierra wireless ac850 3g card it uses only a 3g or 3 g connection pin code 1234 an mtu of 1200 bytes a description of this is cellular2 and sets the connection to be nailed up 80
- This second example shows specifying a new pin code of 4567 80
- Zywall zld cli reference guide 80
- Chapter 6 interfaces 81
- Command description 81
- Command to enter the configuration mode before you can use these commands gre mode tunnels support ping check see section 6 on page 70 for more on ping check 81
- Configure termina 81
- Table 29 tunnel interface commands 81
- The zywall uses tunnel interfaces in generic routing encapsulation gre ipv6 in ipv4 and 6to4 tunnels this section covers commands specific to tunnel interfaces tunnel interfaces also use many of the general interface commands discussed at the beginning of section 6 on page 57 81
- Tunnel interface specific commands 81
- Use these commands to add edit activate deactivate or delete tunnel interfaces you must use the 81
- Zywall zld cli reference guide 81
- Chapter 6 interfaces 82
- Command description 82
- Note for the zywall which supports more than one usb ports these commands only apply to the usb storage device that is first attached to the zywall 82
- Table 30 usb storage general commands 82
- This example creates a tunnel interface called tunnel0 that uses wan1 as the source 168 68 68 68 as the destination and 10 00 and 255 55 as the inner source ip 82
- Tunnel interface command examples 82
- Usb storage specific commands 82
- Use these commands to configure settings that apply to the usb storage device connected to the zywall 82
- Zywall zld cli reference guide 82
- Chapter 6 interfaces 83
- Command description 83
- Label description 83
- Table 30 usb storage general commands continued 83
- Table 31 input values for wlan interface commands 83
- The following table identifies the values required for several wlan commands other input values are discussed with the corresponding commands 83
- This example shows how to display the status of the connected usb storage device 83
- Usb storage general commands example 83
- Wlan specific commands 83
- You can install a compatible wlan card to use the zywall as an access point ap for a wireless network 83
- Zywall zld cli reference guide 83
- Chapter 6 interfaces 84
- Command description 84
- Table 32 wlan general commands 84
- Use these commands to configure global settings that apply to all of the wireless lan interfaces you create on the wlan card 84
- Wlan general commands 84
- Zywall zld cli reference guide 84
- Chapter 6 interfaces 85
- Command description 85
- Table 32 wlan general commands continued 85
- Table 33 wlan interface commands 85
- This example sets wireless slot 1 to use the ieee 802 1b and ieee 802 1g bands channel 5 super mode 50 output power and enables it 85
- Use these commands to configure global settings that apply to all of the wireless lan interfaces you create on the wlan card 85
- Wlan general commands example 85
- Wlan interface commands 85
- Zywall zld cli reference guide 85
- Chapter 6 interfaces 86
- Command description 86
- Table 33 wlan interface commands continued 86
- Zywall zld cli reference guide 86
- Chapter 6 interfaces 87
- Command description 87
- Table 33 wlan interface commands continued 87
- Table 34 wlan general commands 87
- This example configures wlan ap interface 2 for slot 1 to use ssid wlan_test wpa security modes with a pre shared key of 12345678 ip address 1 netmask 255 55 55 and a gateway ip address of 1 with a priority of 10 87
- Use these commands to give specific wireless clients exclusive access to the zywall allow association or block specific devices from accessing the zywall deny association based on the devices mac addresses 87
- Wlan interface commands example 87
- Wlan mac filter commands 87
- Zywall zld cli reference guide 87
- Vlan interface specific commands 88
- Wlan mac filter commands example 88
- Bridge specific commands 89
- Chapter 6 interfaces 89
- Command description 89
- Label description 89
- Table 36 interface commands vlan interfaces continued 89
- Table 37 input values for bridge interface commands 89
- Table 38 interface commands bridge interfaces 89
- The following commands show you how to set up vlan vlan100 with the following parameters vlan id 100 interface ge1 ip 1 subnet 255 55 55 mtu 598 gateway 2 description i am vlan100 upstream bandwidth 345 and downstream bandwidth 123 89
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 89
- This section covers commands that are specific to bridge interfaces bridge interfaces also use many of the general interface commands discussed at the beginning of section 6 on page 57 89
- This table lists the bridge interface commands 89
- Vlan interface command examples 89
- Zywall zld cli reference guide 89
- Auxiliary interface specific commands 90
- Bridge interface command examples 90
- Chapter 6 interfaces 90
- Command description 90
- Commands and the second table explains the values you can input with these commands 90
- Interfac 90
- Table 38 interface commands bridge interfaces continued 90
- Table 39 interface commands auxiliary interface 90
- The first table below lists the auxiliary 90
- The following commands show you how to set up a bridge interface named br0 with the following parameters member ge1 ip 1 subnet 255 55 55 mtu 598 gateway 2 upstream bandwidth 345 downstream bandwidth 123 and description i am br0 90
- Zywall zld cli reference guide 90
- Auxiliary interface command examples 91
- Chapter 6 interfaces 91
- Command description 91
- Table 39 interface commands auxiliary interface continued 91
- The following commands show how to dial disconnect and stop the auxiliary interface 91
- The following commands show you how to set up the auxiliary interface aux with the following parameters phone number 0340508888 tone dialing port speed 115200 initial string atz timeout 30 seconds username kk password kk u2online chap pap authentication and description i am aux interface 91
- Zywall zld cli reference guide 91
- Trunk scenario examples 93
- Trunks 93
- Trunks overview 93
- Chapter 7 trunks 94
- Command description 94
- Command to enter the configuration mode before you can use these commands see table 40 on page 94 for details about the values you can input with these commands 94
- Commands 94
- Commands you must use the 94
- Configure termina 94
- Interface grou 94
- Interface group 94
- Label description 94
- Table 40 interface group command input values 94
- Table 41 interface group commands summary 94
- The following table explains the values you can input with the 94
- The following table lists the 94
- Trunk commands input values 94
- Trunk commands summary 94
- Zywall zld cli reference guide 94
- Chapter 7 trunks 95
- Command description 95
- Sends new session traffic through the least utilized of these interfaces 95
- Table 41 interface group commands summary continued 95
- The following example creates a least load first trunk for ethernet interface ge3 and vlan 5 which will only apply to outgoing traffic through the trunk the 95
- The following example creates a weighted round robin trunk for ethernet interfaces ge1 and ge2 the zywall sends twice as much traffic through ge1 95
- Trunk command examples 95
- Zywall zld cli reference guide 95
- Link sticking 96
- Wan1 wan2 96
- Configure termina 97
- Link sticking command example 97
- Link sticking commands summary 97
- Policy route 99
- Policy route commands 99
- Chapter 8 route 100
- Command description 100
- Command to enter the configuration mode before you can use these commands 100
- Configure termina 100
- Label description 100
- Table 43 input values for general policy route commands continued 100
- Table 44 command summary policy route 100
- The following table describes the commands available for policy route you must use the 100
- Zywall zld cli reference guide 100
- Chapter 8 route 101
- Command description 101
- Table 44 command summary policy route continued 101
- Zywall zld cli reference guide 101
- Chapter 8 route 102
- Command description 102
- Table 44 command summary policy route continued 102
- Zywall zld cli reference guide 102
- Chapter 8 route 103
- Command description 103
- Table 44 command summary policy route continued 103
- Zywall zld cli reference guide 103
- Assured forwarding af behavior is defined in rfc 2597 the af behavior group defines four af classes inside each class packets are given a high medium or low drop precedence the drop precedence determines the probability that routers in the network will drop packets when congestion occurs if congestion occurs between classes the traffic in the higher class smaller numbered class is generally given priority combining the classes and drop precedence produces the following twelve dscp encodings from af11 through af43 the decimal equivalent is listed in brackets 104
- Assured forwarding af phb for diffserv 104
- Chapter 8 route 104
- Class 1 class 2 class 3 class 4 104
- Policy route command example 104
- Table 45 assured forwarding af behavior group 104
- The following commands create two address objects tw_subnet and gw_1 and insert a policy that routes the packets with the source ip address tw_subnet and any destination ip address through the interface ge1 to the next hop router gw_1 this route uses the ip address of the outgoing interface as the matched packets source ip address 104
- Zywall zld cli reference guide 104
- Configure termina 105
- Ip static route 105
- Static route commands 105
- Chapter 8 route 106
- Command description 106
- Static route commands examples 106
- Table 46 command summary static route continued 106
- The following command deletes a specific static ipv6 route 106
- The following command deletes all static ipv6 routes with the same prefix 106
- The following command sets a static route with ip address 10 0 0 and subnet mask 255 55 55 and with the next hop interface ge1 then use the show command to display the setting 106
- The following commands set and show three examples of static ipv6 routes for traffic destined for ipv6 addresses with prefix 2002 22 22 34 the first route sends the traffic out through interface ge2 and uses metric 1 the second sends the traffic to gateway 2001 12 12 and uses metric 2 the third sends the traffic to the fe80 1 2 link local gateway on interface ge2 and uses metric 2 106
- Zywall zld cli reference guide 106
- Routing protocol 107
- Routing protocol commands summary 107
- Routing protocol overview 107
- Chapter 9 routing protocol 108
- Command description 108
- General ospf commands 108
- Rip commands 108
- Table 49 router commands rip 108
- Table 50 router commands general ospf configuration 108
- This table lists the commands for general ospf configuration 108
- This table lists the commands for rip 108
- Zywall zld cli reference guide 108
- Chapter 9 routing protocol 109
- Command description 109
- Ospf area commands 109
- Table 51 router commands ospf areas 109
- Table 52 router commands virtual links in ospf areas 109
- This table lists the commands for ospf areas 109
- This table lists the commands for virtual links in ospf areas 109
- Virtual link commands 109
- Zywall zld cli reference guide 109
- Chapter 9 routing protocol 110
- Command description 110
- Learned routing information commands 110
- Show ip route command example 110
- Table 53 ip route commands learned routing information 110
- The following example shows learned routing information on the zywall 110
- This table lists the commands to look at learned routing information 110
- Zywall zld cli reference guide 110
- Zones overview 111
- Chapter 10 zones 112
- Command description 112
- Label description 112
- Table 54 input values for zone commands 112
- Table 55 zone commands 112
- The following table describes the values required for many zone commands other values are discussed with the corresponding commands s 112
- This table lists the zone commands 112
- Zone commands summary 112
- Zywall zld cli reference guide 112
- Chapter 10 zones 113
- The following commands add ethernet interfaces ge1 and ge2 to zone a and block intra zone traffic 113
- Zone command examples 113
- Zywall zld cli reference guide 113
- Ddns overview 115
- Chapter 11 ddns 116
- Command description 116
- Ddns commands summary 116
- Label description 116
- Table 57 input values for ddns commands 116
- Table 58 ip ddns commands 116
- The following table describes the values required for many ddns commands other values are discussed with the corresponding commands 116
- The following table lists the ddns commands 116
- Zywall zld cli reference guide 116
- Chapter 11 ddns 117
- Command description 117
- Table 58 ip ddns commands continued 117
- Zywall zld cli reference guide 117
- 1 1 nat and many 1 1 nat 119
- Virtual server commands summary 119
- Virtual server overview 119
- Virtual servers 119
- Chapter 12 virtual servers 120
- Command description 120
- Table 60 ip virtual server commands 120
- The following table lists the virtual server commands 120
- Zywall zld cli reference guide 120
- Chapter 12 virtual servers 121
- Command description 121
- Table 60 ip virtual server commands continued 121
- The following command creates virtual server wan lan_h323 on the wan1 interface that maps ip addresses 10 to 192 68 6 for tcp protocol traffic on port 1720 it also adds a nat loopback entry 121
- The following command shows information about all the virtual servers in the zywall 121
- Virtual server command examples 121
- Zywall zld cli reference guide 121
- Tutorial how to allow public access to a server 122
- Http redirect 123
- Http redirect overview 123
- Web proxy server 123
- Configure termina 124
- Http redirect commands 124
- Chapter 13 http redirect 125
- Http redirect command examples 125
- The following commands create a http redirect rule disable it and display the settings 125
- Zywall zld cli reference guide 125
- Alg introduction 127
- Alg commands 128
- Chapter 14 alg 128
- Command description 128
- Command to enter the configuration mode before you can use these commands 128
- Commands you must use the 128
- Configure termina 128
- Table 63 alg commands 128
- The following table lists the 128
- Zywall zld cli reference guide 128
- Alg commands example 129
- Ip mac binding 131
- Ip mac binding commands 131
- Ip mac binding overview 131
- Chapter 15 ip mac binding 132
- Ip mac binding commands example 132
- The following example enables ip mac binding on the lan1 interface and displays the interface s ip mac binding status 132
- Zywall zld cli reference guide 132
- Firewall 133
- Firewall overview 133
- Chapter 16 firewall 134
- Command description 134
- Command to enter the configuration mode before you can use the configuration commands commands that do not have ipv6 specified in the description are for ipv4 134
- Configure termina 134
- Firewall commands 134
- Label description 134
- Table 65 input values for general firewall commands 134
- Table 66 command summary firewall 134
- The following table describes the commands available for the firewall you must use the 134
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 134
- Zywall zld cli reference guide 134
- Chapter 16 firewall 135
- Command description 135
- Table 66 command summary firewall continued 135
- Zywall zld cli reference guide 135
- Chapter 16 firewall 136
- Command description 136
- Table 66 command summary firewall continued 136
- Zywall zld cli reference guide 136
- Chapter 16 firewall 137
- Command description 137
- Firewall sub commands 137
- Table 67 firewall sub commands 137
- The following table describes the sub commands for several firewall and firewall6 commands 137
- Zywall zld cli reference guide 137
- Chapter 16 firewall 138
- Command description 138
- Create a service object 138
- Create an ip address object 138
- Enter configuration command mode 138
- Enter the firewall sub command mode to add a firewall rule 138
- Firewall command examples 138
- Set the action the zywall is to take on packets which match this rule 138
- Set the destination ip address es 138
- Set the direction of travel of packets to which the rule applies 138
- Set the service to which this rule applies 138
- Table 67 firewall sub commands continued 138
- The following command displays the default ipv4 firewall rule that applies to the wan to zywall packet direction the firewall rule number is in the rule s priority number in the global rule list 138
- The following example shows you how to add an ipv4 firewall rule to allow a myservice connection from the wan zone to the ip addresses dest_1 in the lan zone 138
- These are ipv4 firewall configuration examples the ipv6 firewall commands are similar 138
- Zywall zld cli reference guide 138
- Configure termina 139
- Session limit commands 139
- Chapter 16 firewall 140
- Command description 140
- Table 69 command summary session limit continued 140
- Zywall zld cli reference guide 140
- Ipsec vpn 141
- Ipsec vpn overview 141
- Ipsec vpn commands summary 142
- Chapter 17 ipsec vpn 143
- Command description 143
- Ike sa commands 143
- Label description 143
- Table 70 input values for ipsec vpn commands continued 143
- Table 71 isakmp commands ike sas 143
- The following sections list the ipsec vpn commands 143
- This table lists the commands for ike sas vpn gateways 143
- Zywall zld cli reference guide 143
- Aaa authentication 144
- Chapter 17 ipsec vpn 144
- Command description 144
- Ipsec sa commands except manual keys 144
- Table 71 isakmp commands ike sas continued 144
- Table 72 crypto commands ipsec sas 144
- This table lists the commands for ipsec sas excluding manual keys vpn connections using vpn gateways 144
- Zywall zld cli reference guide 144
- Chapter 17 ipsec vpn 145
- Command description 145
- Note you must allow traffic whose source and destination ip addresses do not match the local and remote policy if you want to use the ipsec sa in a vpn concentrator 145
- Table 72 crypto commands ipsec sas continued 145
- Zywall zld cli reference guide 145
- Chapter 17 ipsec vpn 146
- Command description 146
- Table 72 crypto commands ipsec sas continued 146
- Zywall zld cli reference guide 146
- Chapter 17 ipsec vpn 147
- Command description 147
- Ipsec sa commands for manual keys 147
- Table 73 crypto map commands ipsec sas manual keys 147
- Table 74 vpn concentrator commands vpn concentrator 147
- This table lists the additional commands for ipsec sas using manual keys vpn connections using manual keys 147
- This table lists the commands for the vpn concentrator 147
- Vpn concentrator commands 147
- Zywall zld cli reference guide 147
- Chapter 17 ipsec vpn 148
- Command description 148
- Table 74 vpn concentrator commands vpn concentrator continued 148
- Table 75 vpn configuration provision commands vpn configuration provisioning 148
- This table lists the commands for vpn configuration provisioning 148
- Vpn configuration provisioning commands 148
- Zywall zld cli reference guide 148
- Chapter 17 ipsec vpn 149
- Command description 149
- Sa monitor commands 149
- Table 76 sa commands sa monitor 149
- This table lists the commands for the sa monitor 149
- Zywall zld cli reference guide 149
- Ssl access policy 151
- Ssl access policy limitations 151
- Ssl application objects 151
- Ssl vpn 151
- Ssl vpn commands 151
- Chapter 18 ssl vpn 152
- Command description 152
- Command to enter the configuration mode before you can use these commands 152
- Configure termina 152
- Label description 152
- Ssl vpn commands 152
- Table 77 input values for ssl vpn commands continued 152
- Table 78 ssl vpn commands 152
- The following sections list the ssl vpn commands 152
- This table lists the commands for ssl vpn you must use the 152
- Zywall zld cli reference guide 152
- Chapter 18 ssl vpn 153
- Command description 153
- Here is an example ssl vpn configuration the ssl vpn rule defines 153
- Only users using the tester account can use the ssl vpn 153
- Setting an ssl vpn rule tutorial 153
- Table 78 ssl vpn commands 153
- The ssl vpn users are allowed to access the zywall s local network 172 6 0 24 defined in object network1 153
- The zywall will assign an ip address from 192 68 00 to 192 68 00 0 defined in object ip pool to the computers which match the rule s criteria 153
- The zywall will assign two dns server settings 172 6 and 172 6 defined in objects dns1 and dns2 to the computers which match the rule s criteria 153
- Trendmicro pc cillin internet security 2007 is installed and activated 153
- Users have to access the ssl vpn using a computer that complies with all the following criteria defined in object eps 1 153
- Windows xp is installed 153
- Zywall zld cli reference guide 153
- Chapter 18 ssl vpn 154
- Create an endpoint security profile named eps 1 ssl vpn users computers must install windows xp and trendmicro pc cillin internet security 2007 besides the pc cillin anti virus must be activated 154
- Create an ssl vpn rule named ssl_vpn_test enable it and apply objects you just created 154
- Create four address objects for the ssl vpn dhcp pool dns servers and the local network for ssl vpn authenticated users to access 154
- Create the ssl vpn user account named tester with password 1234 154
- First of all configure 10 54 24 for the ip address of interface ge2 which is an external interface for public ssl vpn to access configure 172 6 0 54 24 for the ip address of interface ge3 which is an internal network 154
- Zywall zld cli reference guide 154
- Chapter 18 ssl vpn 155
- Displays the ssl vpn rule settings 155
- Zywall zld cli reference guide 155
- Ipsec configuration 157
- L2tp vpn 157
- L2tp vpn overview 157
- L2tp_pool 158
- Lan_subnet 158
- Policy route 158
- Using the default l2tp vpn connection 158
- Chapter 19 l2tp vpn 159
- Command description 159
- Command to enter the configuration mode before you can use these commands 159
- Configure termina 159
- L2tp vpn commands 159
- Label description 159
- Note modifying this vpn connection or the vpn gateway that it uses disconnects any existing l2tp vpn sessions 159
- Table 79 input values for l2tp vpn commands 159
- Table 80 l2tp vpn commands 159
- The following sections list the l2tp vpn commands 159
- The following table describes the values required for some l2tp vpn commands other values are discussed with the corresponding commands 159
- This table lists the commands for l2tp vpn you must use the 159
- Zywall zld cli reference guide 159
- 3 7 05 l2tp_pool 192 68 0 0 192 68 0 0 160
- Chapter 19 l2tp vpn 160
- Command description 160
- Figure 23 l2tp vpn example 160
- L2tp vpn example 160
- Lan_subnet 192 68 24 160
- Table 80 l2tp vpn commands 160
- The remote user has a dynamic public ip address and connects through the internet 160
- The zywall has a static ip address of 172 3 7 05 for the ge3 interface 160
- This example uses the following settings in creating a basic l2tp vpn tunnel see the web configurator user s guide for how to configure l2tp in remote user computers using windows xp and windows 2000 160
- Zywall zld cli reference guide 160
- Configuring the default l2tp vpn connection example 161
- Configuring the default l2tp vpn gateway example 161
- Configuring the l2tp vpn settings example 161
- Chapter 19 l2tp vpn 162
- Configuring the policy route for l2tp example 162
- Enable the connection 162
- Enable the policy route 162
- Set the destination address to the ip address pool that the zywall assigns to the remote users l2tp_pool in this example 162
- Set the next hop to be the default_l2tp_vpn_connection tunnel 162
- Set the policy route s source address to the address object that you want to allow the remote users to access lan_subnet in this example 162
- The following commands configure and display the policy route for the l2tp vpn connection entry 162
- Zywall zld cli reference guide 162
- Application patrol 163
- Application patrol commands summary 163
- Application patrol overview 163
- Chapter 20 application patrol 164
- Command description 164
- Label description 164
- Pre defined application commands 164
- Rule commands for pre defined applications 164
- Table 81 input values for application patrol commands continued 164
- Table 82 app commands pre defined applications 164
- Table 83 app commands rules in pre defined applications 164
- The following sections list the application patrol commands 164
- This table lists the commands for each pre defined application 164
- This table lists the commands for rules in each pre defined application 164
- Zywall zld cli reference guide 164
- Chapter 20 application patrol 165
- Command description 165
- Rule sub commands 165
- Table 83 app commands rules in pre defined applications continued 165
- Table 84 app protocol rule sub commands 165
- The following table describes the sub commands for several application patrol rule commands note that not all rule commands use all the sub commands listed here 165
- Zywall zld cli reference guide 165
- Chapter 20 application patrol 166
- Command description 166
- Exception commands for pre defined applications 166
- Exception rule sub commands 166
- Table 85 app commands exception rules in pre defined applications 166
- Table 86 app patrol exception rule sub commands 166
- The following table describes the sub commands for several application patrol exception rule commands note that not all rule commands use all the sub commands listed here 166
- This table lists the commands for exception rules for application access controls these commands are used for backward compatible only 166
- Zywall zld cli reference guide 166
- Chapter 20 application patrol 167
- Command description 167
- Other application commands 167
- Rule commands for other applications 167
- Table 86 app patrol exception rule sub commands continued 167
- Table 87 app commands other applications 167
- Table 88 app commands rules in other applications 167
- This table lists the commands for other applications in application patrol 167
- This table lists the commands for rules in other applications 167
- Zywall zld cli reference guide 167
- Chapter 20 application patrol 168
- Command description 168
- General commands for application patrol 168
- Note you must register for the idp apppatrol signature service at least the trial before you can use it see chapter 5 on page 45 168
- Other rule sub commands 168
- Table 89 app patrol other rule sub commands 168
- The following table describes the sub commands for several application patrol other rule commands note that not all rule commands use all the sub commands listed here 168
- Zywall zld cli reference guide 168
- Chapter 20 application patrol 169
- Command description 169
- Table 90 app commands pre defined applications 169
- This table lists the general commands for application patrol 169
- Zywall zld cli reference guide 169
- Chapter 20 application patrol 170
- Command description 170
- Commands 170
- General command examples 170
- Table 90 app commands pre defined applications continued 170
- The following examples show the information that is displayed by some of the 170
- Zywall zld cli reference guide 170
- Chapter 20 application patrol 171
- Zywall zld cli reference guide 171
- Anti virus 173
- Anti virus commands 173
- Anti virus overview 173
- Activate deactivate anti virus example 174
- Chapter 21 anti virus 174
- Command description 174
- Command to enter the configuration mode before you can use these commands 174
- Configure termina 174
- General anti virus commands 174
- Note you must register for the anti virus service before you can use it see chapter 5 on page 45 174
- Table 92 general anti virus commands 174
- Table 93 commands for zone to zone anti virus rules 174
- The following table describes general anti virus commands you must use the 174
- The following table describes the commands for configuring the zone to zone rules you must use the 174
- This example shows how to activate and deactivate anti virus on the zywall 174
- Zone to zone anti virus rules 174
- Zywall zld cli reference guide 174
- Chapter 21 anti virus 175
- Command description 175
- Table 93 commands for zone to zone anti virus rules continued 175
- Zywall zld cli reference guide 175
- Chapter 21 anti virus 176
- Command description 176
- Command to enter the configuration mode before you can use these commands 176
- Configure termina 176
- Table 94 commands for anti virus white and black lists 176
- The following table describes the commands for configuring the white list and black list you must use the 176
- This example shows how to configure and display a wan to lan antivirus rule to scan http traffic and destroy infected files the white and black lists are ignored and zipped files are decompressed any zipped files that cannot be decompressed are destroyed 176
- White and black lists 176
- Zone to zone anti virus rule example 176
- Zywall zld cli reference guide 176
- Chapter 21 anti virus 177
- Command description 177
- Command to enter the configuration mode before you can use this command 177
- Configure termina 177
- Signature search anti virus command 177
- Table 94 commands for anti virus white and black lists continued 177
- Table 95 command for anti virus signature search 177
- The following table describes the command for searching for signatures you must use the 177
- This example shows how to enable the white list and configure an active white list entry for files with a exe extension it also enables the black list and configure an inactive black list entry for files with a exe extension 177
- White and black lists example 177
- Zywall zld cli reference guide 177
- Chapter 21 anti virus 178
- Command description 178
- Signature search example 178
- Table 96 update signatures 178
- This example shows how to search for anti virus signatures with msn in the name 178
- Update anti virus signatures 178
- Use these commands to update new signatures you should have already registered for anti virus service 178
- Zywall zld cli reference guide 178
- Anti virus statistics 179
- Chapter 21 anti virus 179
- Command description 179
- Command to enter the configuration mode before you can use these commands 179
- Configure termina 179
- Table 97 commands for anti virus statistics 179
- The following table describes the commands for collecting and displaying anti virus statistics you must use the 179
- These examples show how to enable disable automatic anti virus downloading schedule updates display the schedule display the update status show the new updated signature version number show the total number of signatures and show the date time the signatures were created 179
- Update signature examples 179
- Zywall zld cli reference guide 179
- Anti virus statistics example 180
- Chapter 21 anti virus 180
- This example shows how to collect and display anti virus statistics it also shows how to sort the display by the most common destination ip addresses 180
- Zywall zld cli reference guide 180
- General idp commands 181
- Idp activation 181
- Idp commands 181
- Overview 181
- Activate deactivate idp example 182
- Global profile commands 182
- Idp profile commands 182
- Chapter 22 idp commands 183
- Command description 183
- Example of global profile commands 183
- Idp zone to zone rules 183
- In this example we rename an idp signature profile from old_profile to new_profile delete the bye_profile and show all base profiles available 183
- Table 101 idp zone to zone rule commands 183
- Use the following rules to apply idp profiles to specific directions of packet travel 183
- Zywall zld cli reference guide 183
- Chapter 22 idp commands 184
- Command description 184
- Editing creating anomaly profiles 184
- Editing creating idp signature profiles 184
- Example of idp zone to zone rule commands 184
- Note you cannot change the base profile later 184
- Table 102 editing creating idp signature profiles 184
- The following example creates idp zone to zone rule one the rule applies the lan_idp profile to all traffic going to the lan zone 184
- Use these commands to create a new anomaly profile or edit an existing one it is recommended you use the web configurator to create edit profiles if you do not specify a base profile the default base profile is none 184
- Use these commands to create a new idp signature profile or edit an existing one it is recommended you use the web configurator to create edit profiles if you do not specify a base profile the default base profile is none 184
- Zywall zld cli reference guide 184
- Chapter 22 idp commands 185
- Command description 185
- Note you cannot change the base profile later 185
- Table 103 editing creating anomaly profiles 185
- Zywall zld cli reference guide 185
- Chapter 22 idp commands 186
- Command description 186
- Table 103 editing creating anomaly profiles continued 186
- Zywall zld cli reference guide 186
- Chapter 22 idp commands 187
- Command description 187
- Table 103 editing creating anomaly profiles continued 187
- Zywall zld cli reference guide 187
- Chapter 22 idp commands 188
- Command description 188
- Creating an anomaly profile example 188
- Editing system protect 188
- In this example we create a profile named test configure some settings display them and then return to global command mode 188
- Signature search 188
- Table 104 editing system protect profiles 188
- Use these commands to edit the system protect profiles 188
- Use this command to search for signatures in the named profile 188
- Zywall zld cli reference guide 188
- Chapter 22 idp commands 189
- Command description 189
- Note it is recommended you use the web configurator to search for signatures 189
- Search parameter tables 189
- Table 105 signature search command 189
- The following table displays the command line severity platform and policy type equivalent values if you want to combine platforms in a search then add their respective numbers together for 189
- Zywall zld cli reference guide 189
- Chapter 22 idp commands 190
- Example to search for signatures for windows nt windows xp and windows 2000 computers then type 12 as the platform parameter 190
- Service service action 190
- Severity platform policy type 190
- Table 106 severity platform and policy type command values 190
- Table 107 service and action command values 190
- The following table displays the command line service and action equivalent values if you want to combine services in a search then add their respective numbers together for example to search for signatures for dns finger and ftp services then type 7 as the service parameter 190
- Zywall zld cli reference guide 190
- Custom signatures screen 191
- Idp custom signatures 191
- Note you must use the web configurator to import a custom signature file 191
- Signature search example 191
- Chapter 22 idp commands 192
- Custom signature examples 192
- These examples show how to create a custom signature edit one display details of one all and show the total number of custom signatures 192
- This example shows you how to edit a custom signature 192
- Zywall zld cli reference guide 192
- Chapter 22 idp commands 193
- This example shows you how to display custom signature details 193
- Zywall zld cli reference guide 193
- Chapter 22 idp commands 194
- This example shows you how to display custom signature contents 194
- Zywall zld cli reference guide 194
- Chapter 22 idp commands 195
- Command description 195
- Note you must use the web configurator to import a custom signature file 195
- Table 109 update signatures 195
- This example shows you how to display all details of a custom signature 195
- This example shows you how to display the number of custom signatures on the zywall 195
- Update idp signatures 195
- Use these commands to update new signatures you register for idp service before you can update idp signatures although you do not have to register in order to update system protect signatures 195
- Zywall zld cli reference guide 195
- Chapter 22 idp commands 196
- Command description 196
- Command to enter the configuration mode before you can use these commands 196
- Configure termina 196
- Idp statistics 196
- Table 110 commands for idp statistics 196
- The following table describes the commands for collecting and displaying idp statistics you must use the 196
- These examples show how to enable disable automatic idp downloading schedule updates display the schedule display the update status show the new updated signature version number show the total number of signatures and show the date time the signatures were created 196
- Update signature examples 196
- Zywall zld cli reference guide 196
- Chapter 22 idp commands 197
- Idp statistics example 197
- This example shows how to collect and display idp statistics it also shows how to sort the display by the most common signature name source ip address or destination ip address 197
- Zywall zld cli reference guide 197
- Content filtering 199
- Content filtering overview 199
- Content filtering policies 199
- Content filtering reports 199
- External web filtering service 199
- Chapter 23 content filtering 200
- Commands 200
- Content filte 200
- Content filter command input values 200
- Label description 200
- Table 111 content filter command input values 200
- The following table explains the values you can input with the 200
- Zywall zld cli reference guide 200
- Chapter 23 content filtering 201
- Command to enter the configuration 201
- Configure termina 201
- General content filter commands 201
- Label description 201
- Table 111 content filter command input values continued 201
- The following table lists the commands that you can use for general content filter configuration such as enabling content filtering viewing and ordering your list of content filtering policies creating a denial of access message or specifying a redirect url and checking your external web filtering service registration status use the 201
- Zywall zld cli reference guide 201
- Chapter 23 content filtering 202
- Command description 202
- Mode to be able to use these commands see table 111 on page 200 for details about the values you can input with these commands 202
- Table 112 content filter general commands 202
- Zywall zld cli reference guide 202
- Chapter 23 content filtering 203
- Command description 203
- Command to enter the configuration mode to be able to use these commands see table 111 on page 200 for details about the values you can input with these commands 203
- Configure termina 203
- Content filter filtering profile commands 203
- Table 112 content filter general commands continued 203
- Table 113 content filter filtering profile commands summary 203
- The following table lists the commands that you can use to configure a content filtering policy a content filtering policy defines which content filter profile should be applied when it should be applied and to whose web access it should be applied use the 203
- Zywall zld cli reference guide 203
- Chapter 23 content filtering 204
- Command description 204
- Table 113 content filter filtering profile commands summary continued 204
- Zywall zld cli reference guide 204
- Chapter 23 content filtering 205
- Command description 205
- Content filter url cache commands 205
- Table 113 content filter filtering profile commands summary continued 205
- The following table lists the commands that you can use to view and configure your zywall s url caching you can configure how long a categorized web site address remains in the as well as view those web site addresses to which access has been allowed or blocked based on the responses from the external content filtering server the zywall only queries the external content filtering database for sites not found in the cache 205
- Zywall zld cli reference guide 205
- Chapter 23 content filtering 206
- Command description 206
- Command to enter the configuration mode before you can use these commands 206
- Command to enter the configuration mode to be able to use these commands see table 111 on page 200 for details about the values you can input with these commands 206
- Configure termina 206
- Content filtering statistics 206
- Table 114 content filter url cache commands 206
- Table 115 commands for content filtering statistics 206
- The following table describes the commands for collecting and displaying content filtering statistics you must use the 206
- Use the 206
- Zywall zld cli reference guide 206
- Chapter 5 on page 45 207
- Content filtering commands example 207
- Content filtering statistics example 207
- Note you must register for the external web filtering service before you can use it see 207
- Activate the customization 208
- Chapter 23 content filtering 208
- Zywall zld cli reference guide 208
- Chapter 23 content filtering 209
- Use this command to display the settings of the profile 209
- Zywall zld cli reference guide 209
- Anti spam 211
- Anti spam commands 211
- Anti spam overview 211
- General anti spam commands 211
- Activate deactivate anti spam example 212
- Chapter 24 anti spam 212
- Command description 212
- Command to enter the configuration mode before you can use these commands 212
- Configure termina 212
- Table 118 commands for zone to zone anti spam rules 212
- The following table describes the commands for configuring the zone to zone rules you must use the 212
- This example shows how to activate and deactivate anti spam on the zywall 212
- Zone to zone anti spam rules 212
- Zywall zld cli reference guide 212
- Chapter 24 anti spam 213
- Command description 213
- Table 118 commands for zone to zone anti spam rules continued 213
- Zywall zld cli reference guide 213
- Chapter 24 anti spam 214
- Label description 214
- Table 119 input values for white and black list anti spam commands 214
- The following table identifies values used in these commands other input values are discussed with the corresponding commands 214
- This example shows how to configure and display a wan to dmz anti spam rule to scan pop3 and smtp traffic smtp spam is forwarded pop3 spam is marked with a spam tag the zywall logs the event when an e mail matches the dnsbl see section 24 on page 216 for more on dnsbl the white and black lists are ignored 214
- White and black lists 214
- Zone to zone anti spam rule example 214
- Zywall zld cli reference guide 214
- Chapter 24 anti spam 215
- Command description 215
- Command to enter the configuration mode before you can use these commands 215
- Configure termina 215
- Label description 215
- Table 119 input values for white and black list anti spam commands continued 215
- Table 120 commands for anti spam white and black lists 215
- Use the white list to identify legitimate e mail and the black list to identify spam e mail the following table describes the commands for configuring the white list and black list you must use the 215
- Zywall zld cli reference guide 215
- Configure termina 216
- Dnsbl anti spam commands 216
- Regular expressions in black or white list entries 216
- White and black lists example 216
- Chapter 24 anti spam 217
- Command description 217
- Table 122 dnsbl commands 217
- This table describes the dnsbl commands 217
- Zywall zld cli reference guide 217
- Chapter 24 anti spam 218
- Command description 218
- Displays the dnsbl statistics 218
- Dnsbl example 218
- Sets the dnsbl tag to dnsbl 218
- Sets the dnsbl timeout tag to dnsbl timeout 218
- Sets the zywall to check up to 4 sender and relay server ip addresses in e mail headers against the dnsbl 218
- Sets the zywall to forward pop3 mail with a tag if the queries to the dnsbl domains time out 218
- Sets the zywall to start dnsbl checking from the first ip address in the mail header 218
- Sets the zywall to use dnsbl example com as a dnsbl 218
- Table 122 dnsbl commands 218
- This example 218
- Turns dnsbl checking on 218
- Zywall zld cli reference guide 218
- Anti spam statistics 219
- Anti spam statistics example 219
- Chapter 24 anti spam 219
- Command description 219
- Command to enter the configuration mode before you can use these commands 219
- Configure termina 219
- Table 123 commands for anti spam statistics 219
- The following table describes the commands for collecting and displaying anti spam statistics you must use the 219
- This example shows how to collect anti spam statistics and display a summary 219
- Zywall zld cli reference guide 219
- Device ha 221
- Device ha overview 221
- Active passive mode device ha 222
- Before you begin 222
- Cluster id 222
- General device ha commands 222
- Monitored interfaces in active passive mode device ha 222
- Note subscribe to services on the backup zywall before synchronizing it with the master zywall 222
- Virtual router 222
- Active passive mode device ha commands 223
- Device h 223
- Virtual router and management ip addresses 223
- Chapter 25 device ha 224
- Command description 224
- Table 126 device ha ap mode commands continued 224
- Zywall zld cli reference guide 224
- Active passive mode device ha command example 225
- Device h 225
- Legacy mode vrrp device ha 225
- Legacy mode vrrp device ha commands 225
- Virtual router redundancy protocol vrrp overview 225
- Vrrp group overview 225
- Chapter 25 device ha 226
- Command description 226
- Table 128 device ha commands vrrp groups 226
- Table 129 device ha commands synchronization 226
- This table lists the commands for synchronization you can synchronize with other zywall s of the same model that are running the same firmware version 226
- This table lists the commands for vrrp groups 226
- Vrrp group commands 226
- Vrrp synchronization commands 226
- Zywall zld cli reference guide 226
- Chapter 25 device ha 227
- Command description 227
- Link monitoring commands 227
- Table 129 device ha commands synchronization continued 227
- Table 130 device ha commands synchronization 227
- This table lists the commands for link monitoring link monitoring has the master zywall shut down all of its vrrp interfaces if one of its vrrp interface links goes down this way the backup zywall takes over all of the master zywall s functions 227
- Zywall zld cli reference guide 227
- User account overview 229
- User group 229
- User types 229
- Chapter 26 user group 230
- Command description 230
- Commands 230
- Commands other input values are discussed with the corresponding commands 230
- Label description 230
- Table 132 username groupname command input values 230
- Table 133 username groupname commands summary users 230
- The first table lists the commands for users 230
- The following sections list the 230
- The following table identifies the values required for many 230
- User commands 230
- User group commands summary 230
- Username groupnam 230
- Zywall zld cli reference guide 230
- Chapter 26 user group 231
- Command description 231
- Table 133 username groupname commands summary users continued 231
- Table 134 username groupname commands summary groups 231
- Table 135 username groupname commands summary settings 231
- This table lists the commands for groups 231
- This table lists the commands for user settings except for forcing user authentication 231
- User group commands 231
- User setting commands 231
- Zywall zld cli reference guide 231
- Chapter 26 user group 232
- Command description 232
- Table 135 username groupname commands summary settings continued 232
- The following commands show the current settings for the number of simultaneous logins 232
- User setting command examples 232
- Zywall zld cli reference guide 232
- Chapter 26 user group 233
- Command description 233
- Force user authentication commands 233
- Table 136 username groupname commands summary forcing user authentication 233
- This table lists the commands for forcing user authentication 233
- Zywall zld cli reference guide 233
- Activate yes 234
- Chapter 26 user group 234
- Command description 234
- Force auth sub commands 234
- Force authentication policy insert command example 234
- Table 137 force auth policy sub commands 234
- The following commands show how to insert a force authentication policy at position 1 of the checking order this policy applies endpoint security policies and uses the following settings 234
- The following table describes the sub commands for several force auth policy commands note that not all rule commands use all the sub commands listed here 234
- Zywall zld cli reference guide 234
- Additional user commands 235
- Chapter 26 user group 235
- Command description 235
- Description eps on lan 235
- Destination use address object dmz_servers 235
- Endpoint security activate 235
- Endpoint security object use eps winxp and eps winvista for the first and second checking eps objects 235
- Schedule no specified 235
- Source use address object lan1_subnet 235
- Table 138 username groupname commands summary additional 235
- This table lists additional commands for users 235
- User authentication required 235
- Zywall zld cli reference guide 235
- Additional user command examples 236
- Chapter 26 user group 236
- The following commands display the users that are currently locked out and then unlocks the user who is displayed 236
- The following commands display the users that are currently logged in to the zywall and forces the logout of all logins from a specific ip address 236
- Zywall zld cli reference guide 236
- Address commands summary 237
- Address overview 237
- Addresses 237
- Address object commands 238
- Chapter 27 addresses 238
- Command description 238
- Table 140 address object and address6 object commands 238
- The following sections list the address object and address group commands 238
- This table lists the commands for address objects 238
- Zywall zld cli reference guide 238
- Address object command examples 239
- Chapter 27 addresses 239
- The following example creates three ipv4 address objects and then deletes one 239
- Zywall zld cli reference guide 239
- Address group commands 240
- Chapter 27 addresses 240
- Command description 240
- Table 141 object group commands address groups 240
- The following example creates host range subnet and link local ipv6 address objects and then deletes the subnet ipv6 address object 240
- This table lists the commands for address groups 240
- Zywall zld cli reference guide 240
- Address group command examples 241
- Chapter 27 addresses 241
- Command description 241
- Table 141 object group commands address groups continued 241
- The following commands create three address objects a0 a1 and a2 and add a1 and a2 to address group rd 241
- Zywall zld cli reference guide 241
- Service object commands 243
- Services 243
- Services commands summary 243
- Services overview 243
- Chapter 28 services 244
- Command description 244
- Service group commands 244
- Service object command examples 244
- Table 143 service object commands service objects continued 244
- Table 144 object group commands service groups 244
- The first table lists the commands for service groups 244
- The following commands create four services displays them and then removes one of them 244
- Zywall zld cli reference guide 244
- Chapter 28 services 245
- Command description 245
- Service group command examples 245
- Table 144 object group commands service groups continued 245
- The following commands create service icmp_echo create service group sg1 and add icmp_echo to sg1 245
- Zywall zld cli reference guide 245
- Schedule commands summary 247
- Schedule overview 247
- Schedules 247
- Chapter 29 schedules 248
- Command description 248
- Schedule command examples 248
- Table 146 schedule commands continued 248
- The following commands create recurring schedule schedule1 and one time schedule schedule2 and then delete schedule1 248
- Zywall zld cli reference guide 248
- Aaa server 249
- Aaa server overview 249
- Ad server commands 249
- Authentication server command summary 249
- Chapter 30 aaa server 250
- Command description 250
- Commands you use to set the default ldap server 250
- Ldap server 250
- Ldap server commands 250
- Table 147 ad server commands continued 250
- Table 148 ldap server commands 250
- The following table lists the 250
- Zywall zld cli reference guide 250
- Aaa group server ad 251
- Aaa group server ad commands 251
- Chapter 30 aaa server 251
- Command description 251
- Commands you use to configure a group of ad servers 251
- Commands you use to set the default radius server 251
- Note you can not delete a server group that is currently in use 251
- Radius server 251
- Radius server command example 251
- Radius server commands 251
- Table 149 radius server commands 251
- Table 150 aaa group server ad commands 251
- The following example sets the secret key and timeout period of the default radius server 172 3 0 00 to 87643210 and 80 seconds 251
- The following table lists the 251
- Zywall zld cli reference guide 251
- Aaa group server ldap 252
- Aaa group server ldap commands 252
- Chapter 30 aaa server 252
- Command description 252
- Commands you use to configure a group of ldap servers 252
- Note you can not delete a server group that is currently in use 252
- Table 150 aaa group server ad commands continued 252
- Table 151 aaa group server ldap commands 252
- The following table lists the 252
- Zywall zld cli reference guide 252
- Aaa group server radius 253
- Aaa group server radius commands 253
- Chapter 30 aaa server 253
- Command description 253
- Commands you use to configure a group of radius servers 253
- Note you can not delete a server group that is currently in use 253
- Table 151 aaa group server ldap commands continued 253
- Table 152 aaa group server radius commands 253
- The following table lists the 253
- Zywall zld cli reference guide 253
- Aaa group server command example 254
- Chapter 30 aaa server 254
- Command description 254
- Table 152 aaa group server radius commands continued 254
- The following example creates a radius server group with two members and sets the secret key to 12345678 and the timeout to 100 seconds then this example also shows how to view the radius group settings 254
- Zywall zld cli reference guide 254
- Aaa authentication commands 255
- Authentication objects 255
- Authentication objects overview 255
- Aaa authentication command example 256
- Base dn dc zyxel dc com 256
- Chapter 31 authentication objects 256
- Command description 256
- Command you use to teat a user account on an authentication server 256
- Ip address 172 6 0 256
- Note you must specify at least one member for each profile each type of member can only be used once in a profile 256
- Port 389 256
- Table 153 aaa authentication commands continued 256
- Table 154 test aaa command 256
- Test a user account command example 256
- Test aa 256
- Test aaa command 256
- The following example creates an authentication profile to authentication users using the ldap server group and then the local user database 256
- The following example shows how to test whether a user account named userabc exists on the ad authentication server which uses the following settings 256
- The following table lists the 256
- Zywall zld cli reference guide 256
- Bind dn zyxel engineerabc 257
- Chapter 31 authentication objects 257
- Login name attribute samaccountname 257
- Password abcdefg 257
- The result shows the account exists on the ad server otherwise the zywall responds an error 257
- Zywall zld cli reference guide 257
- Certificate commands 259
- Certificates 259
- Certificates commands input values 259
- Certificates overview 259
- Certificates commands summary 260
- Chapter 32 certificates 260
- Command description 260
- Command to enter the configuration mode to be able to use these commands 260
- Configure termina 260
- Label description 260
- Table 155 certificates commands input values continued 260
- Table 156 ca commands summary 260
- The following table lists the commands that you can use to display and manage the zywall s summary list of certificates and certification requests you can also create certificates or certification requests use the 260
- Zywall zld cli reference guide 260
- Chapter 32 certificates 261
- Command description 261
- Table 156 ca commands summary continued 261
- Zywall zld cli reference guide 261
- Chapter 32 certificates 262
- Command description 262
- Table 156 ca commands summary continued 262
- Zywall zld cli reference guide 262
- Certificates commands examples 263
- Chapter 32 certificates 263
- The following example creates a self signed x 09 certificate with ip address 10 8 as the common name it uses the rsa key type with a 512 bit key then it displays the list of local certificates finally it deletes the pkcs12request certification request 263
- Zywall zld cli reference guide 263
- Isp accounts 264
- Isp accounts overview 264
- Pppoe and pptp account commands 264
- Cellular account commands 265
- Chapter 33 isp accounts 265
- Command description 265
- Table 157 pppoe and pptp isp account commands continued 265
- Table 158 cellular account commands 265
- The following table lists the cellular isp account commands 265
- Zywall zld cli reference guide 265
- Ssl application 266
- Ssl application object commands 266
- Ssl application overview 266
- Chapter 34 ssl application 267
- Command description 267
- Table 159 ssl application object commands 267
- Zywall zld cli reference guide 267
- Chapter 34 ssl application 268
- Ssl application command examples 268
- The following commands create and display a server type ssl application object named zw5 for a web server at ip address 192 68 2 268
- Zywall zld cli reference guide 268
- Endpoint security 269
- Endpoint security overview 269
- Chapter 35 endpoint security 270
- Command description 270
- Command to enter the configuration mode before you can use these commands 270
- Configure termina 270
- Endpoint security commands summary 270
- Endpoint security object commands 270
- Label description 270
- Requirements 270
- Table 160 input values for endpoint security commands 270
- Table 161 endpoint security object commands 270
- The following sections list the endpoint security object commands 270
- The following table describes the values required for many endpoint security object commands other values are discussed with the corresponding commands 270
- This table lists the commands for creating endpoint security objects you must use the 270
- User computers must have sun s java java runtime environment or jre installed and enabled with a minimum version of 1 270
- Zywall zld cli reference guide 270
- Chapter 35 endpoint security 271
- Command description 271
- Table 161 endpoint security object commands 271
- Zywall zld cli reference guide 271
- Chapter 35 endpoint security 272
- Command description 272
- Table 161 endpoint security object commands 272
- Zywall zld cli reference guide 272
- Anti virus kaspersky anti virus v2011 installed and enabled 273
- Chapter 35 endpoint security 273
- Command description 273
- Endpoint security object command example 273
- Operating system windows xp 273
- Personal firewall windows firewall installed and enabled 273
- Peter wants to create and display an endpoint security object named eps example only the computers that match the following criteria can access the company s ssl vpn 273
- Table 161 endpoint security object commands 273
- Windows auto update enabled 273
- Windows service pack 2 or above 273
- Zywall zld cli reference guide 273
- Chapter 35 endpoint security 274
- However he needs to check the anti virus software name defined on the zywall the following example shows how to check all available anti virus software packages for which the zywall s endpoint security can check copy and paste the name of the output item 17 for the setting later 274
- Then he also needs to check the personal firewall software name defined on the zywall copy and paste the name of the output item 4 for the setting later 274
- Zywall zld cli reference guide 274
- Chapter 35 endpoint security 275
- For users who fail the endpoint security checking peter decides to show them an error message of endpoint security checking failed contact helpdesk at 7777 if you have any questions the following shows how to configure the error message 275
- Now peter can create the eps object profile as the example shown next note that he uses the matching criteria all command to make sure all users computers have the required software installed and settings being configured before they access the company s ssl vpn 275
- See chapter 18 on page 151 for how to configure an ssl vpn using this eps object 275
- Then he leaves the sub command mode and uses the show command to view the eps object settings 275
- Zywall zld cli reference guide 275
- Dhcpv6 object commands 276
- Dhcpv6 object commands summary 276
- Dhcpv6 objects 276
- Chapter 36 dhcpv6 objects 277
- Command description 277
- Dhcpv6 object command examples 277
- Table 163 dhcpv6 object commands continued 277
- This example creates and displays a dhcpv6 lease object named test1 for ipv6 address 2003 1 with duid 00 01 02 03 04 05 06 07 277
- This example makes test1 into a dhcpv6 address pool lease object for ipv6 addresses 2004 10 to 2004 40 277
- Zywall zld cli reference guide 277
- Chapter 36 dhcpv6 objects 278
- This example creates a dhcpv6 pre fix delegation request object named pfx and displays its settings 278
- This example creates and displays a dhcpv6 pre fix delegation lease object named pfx for ipv6 address prefix 2005 64 and duid 00 01 02 03 04 05 06 07 then renames it to pd 278
- This example deletes the test1 dhcpv6 lease object 278
- Zywall zld cli reference guide 278
- Customizing the www login page 279
- System 279
- System overview 279
- Configure termina 280
- Logo title 280
- Message color of all text 280
- Note message last line of text 280
- Window background 280
- Configure termina 281
- Host name commands 281
- Time and date 281
- Configure termina 282
- Console port speed 282
- Date time commands 282
- Configure termina 283
- Dns commands 283
- Dns overview 283
- Domain zone forwarder 283
- Chapter 37 system 284
- Command description 284
- Dns command example 284
- Table 169 command summary dns continued 284
- This command sets an a record that specifies the mapping of a fully qualified domain name www abc com to an ip address 210 7 3 284
- Zywall zld cli reference guide 284
- Remote management limitations 285
- Remote management overview 285
- System remote management 285
- System timeout 285
- Chapter 38 system remote management 286
- Command description 286
- Command to enter the configuration mode before you can use these commands 286
- Common system command input values 286
- Configure termina 286
- Defaul 286
- Http https commands 286
- Label description 286
- Table 170 input values for general system commands 286
- Table 171 command summary http https 286
- The following table describes the commands available for http https you must use the 286
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands 286
- Zywall zld cli reference guide 286
- Chapter 38 system remote management 287
- Command description 287
- Defaul 287
- Table 171 command summary http https continued 287
- Zywall zld cli reference guide 287
- Http https command examples 288
- Requirements for using ssh 288
- Ssh implementation on the zywall 288
- Chapter 38 system remote management 289
- Command description 289
- Command to enter the configuration mode before you can use these commands 289
- Configure termina 289
- Defaul 289
- Ssh command examples 289
- Ssh commands 289
- Table 172 command summary ssh 289
- The following table describes the commands available for ssh you must use the 289
- This command sets a certificate default to be used to identify the zywall 289
- This command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using ssh service 289
- Zywall zld cli reference guide 289
- Chapter 38 system remote management 290
- Command description 290
- Command to enter the configuration mode before you can use these commands 290
- Configure termina 290
- Table 173 command summary telnet 290
- Telnet 290
- Telnet commands 290
- Telnet commands examples 290
- The following table describes the commands available for telnet you must use the 290
- This command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using telnet service 290
- You can configure your zywall for remote telnet access 290
- Zywall zld cli reference guide 290
- Configure termina 291
- Configuring ftp 291
- Ftp commands 291
- Chapter 38 system remote management 292
- Ftp commands examples 292
- Object label object id description 292
- Simple network management protocol is a protocol used for exchanging management information between network devices your zywall supports snmp agent functionality which allows a manager station to manage and monitor the zywall through the network the zywall supports snmp version one snmpv1 and version two snmpv2c 292
- Snmp traps 292
- Supported mibs 292
- Table 175 snmp traps 292
- The zywall supports mib ii that is defined in rfc 1213 and rfc 1215 the zywall also supports private mibs zywall mib and zyxel zywall zld common mib to collect information about cpu and memory usage and vpn total throughput the focus of the mibs is to let administrators collect statistical data and monitor status and performance you can download the zywall s mibs from www zyxel com 292
- The zywall will send traps to the snmp manager when any one of the following events occurs 292
- This command displays ftp settings 292
- This command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using ftp service 292
- Zywall zld cli reference guide 292
- Chapter 38 system remote management 293
- Command description 293
- Command to enter the configuration mode before you can use these commands 293
- Configure termina 293
- Snmp commands 293
- Snmp commands examples 293
- Table 176 command summary snmp 293
- The following command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using snmp service 293
- The following table describes the commands available for snmp you must use the 293
- Zywall zld cli reference guide 293
- Access 294
- Chapter 38 system remote management 294
- Command description 294
- Command to enter the configuration mode before you can use these commands 294
- Configure termina 294
- Configure the icmp filter to help keep the zywall hidden from probing attempts you can specify whether or not the zywall is to respond to probing for unused ports 294
- Connect an external serial modem to the dial backup port or aux port depending on your model to provide a remote management connection in case the zywall s other wan connections are down this is like an auxiliary interface except it is used for management connections coming into the zywall instead of as a backup wan connection 294
- Dial in management 294
- Icmp filter 294
- Table 177 command summary icmp filter 294
- The following command sets the ip address of the host that receives the snmp notifications to 172 3 5 4 and the password sent with each trap to qwerty 294
- The following command sets the password secret for read write 294
- The ip icmp filter commands are obsolete see chapter 16 on page 133 to configure firewall rules for icmp traffic going to the zywall to discard or reject icmp packets destined for the zywall 294
- You must use the 294
- Zywall zld cli reference guide 294
- At command strings 295
- Chapter 38 system remote management 295
- Command description 295
- Command to enter the configuration mode before you can use these commands 295
- Configure termina 295
- Dial in management commands 295
- Dtr signal 295
- For regular telephone lines the default dial string tells the modem that the line uses tone dialing atdt is the command for a switch that requires tone dialing if your switch requires pulse dialing change the string to atdp 295
- Response strings 295
- Table 178 command summary dial in management 295
- The following table describes the commands available for dial in management you must use the 295
- The majority of wan devices default to hanging up the current call when the dtr data terminal ready signal is dropped by the dte when the drop dtr when hang up check box is selected the zywall uses this hardware signal to force the wan device to hang up in addition to issuing the drop command ath 295
- The response strings tell the zywall the tags or labels immediately preceding the various call parameters sent from the serial modem the response strings have not been standardized please consult the documentation of your serial modem to find the correct tags 295
- Zywall zld cli reference guide 295
- Configure termina 296
- Dial in management command examples 296
- Vantage cnm 296
- Vantage cnm commands 296
- Configure termina 297
- Language commands 297
- Vantage cnm command examples 297
- Configure termina 298
- Ipv6 commands 298
- Configuration files and shell scripts overview 299
- File directories 299
- File manager 299
- Chapter 39 file manager 300
- Comments in configuration files or shell scripts 300
- Figure 27 configuration file shell script example 300
- In a configuration file or shell script use or as the first character of a command line to have the zywall treat the line as a comment 300
- Note exit or must follow sub commands if it is to make the zywall exit sub command mode 300
- Table 183 configuration files and shell scripts in the zywall 300
- These files have the same syntax which is also identical to the way you run cli commands manually an example is shown below 300
- While configuration files and shell scripts have the same syntax the zywall applies configuration files differently than it runs shell scripts this is explained below 300
- You have to run the example in table 27 on page 300 as a shell script because the first command is run in privilege mode if you remove the first command you have to run the example as a configuration file because the rest of the commands are executed in configuration mode see section 1 on page 25 for more information about cli modes 300
- Your configuration files or shell scripts can use exit or a command line consisting of a single to have the zywall exit sub command mode 300
- Zywall zld cli reference guide 300
- Errors in configuration files or shell scripts 301
- Setenv stop on error off 301
- Zywall configuration file details 301
- Configuration file flow at restart 302
- File manager commands input values 302
- Setenv startup stop on error of 302
- Chapter 39 file manager 303
- Command description 303
- File manager commands summary 303
- Table 185 file manager commands summary 303
- The following table lists the commands that you can use for file management 303
- Zywall zld cli reference guide 303
- Command line ftp file upload 304
- File manager command examples 304
- Ftp file transfer 304
- Chapter 39 file manager 305
- Command line ftp configuration file upload example 305
- Command line ftp file download 305
- Connect to the zywall 305
- Enter bin to set the transfer mode to binary 305
- Figure 28 ftp configuration file upload example 305
- Get vpn_setup zysh vpn zysh transfers the vpn_setup zysh configuration file on the zywall to your computer and renames it vpn zysh 305
- Note uploading a custom signature file named custom rules overwrites all custom signatures on the zywall 305
- The firmware update can take up to five minutes do not turn off or reset the zywall while the firmware update is in progress if you lose power during the firmware upload you may need to refer to section 39 on page 307 to recover the firmware 305
- The following example transfers a configuration file named tomorrow conf from the computer and saves it on the zywall as next conf 305
- Use cd to change to the directory that contains the files you want to download 305
- Use dir or ls if you need to display a list of the files in the directory 305
- Use get to download files for example 305
- Zywall zld cli reference guide 305
- Boot module 306
- Chapter 39 file manager 306
- Command line ftp configuration file download example 306
- Figure 29 ftp configuration file download example 306
- Figure 30 zywall file usage at startup 306
- Firmware 306
- Recovery image 306
- The boot module performs a basic hardware test you cannot restore the boot module if it is damaged the boot module also checks and loads the recovery image the zywall notifies you if the recovery image is damaged 306
- The following example gets a configuration file named today conf from the zywall and saves it on the computer as current conf 306
- The recovery image checks and loads the firmware the zywall notifies you if the firmware is damaged 306
- The zywall uses the following files at system startup 306
- Zywall file usage at startup 306
- Zywall zld cli reference guide 306
- Note do not press any keys at this point wait to see what displays next 307
- Notification of a damaged recovery image or firmware 307
- Note you only need to use this section if you need to restore the recovery image 308
- Restoring the recovery image 308
- Note you only need to use the atuk or atur command if the recovery image is damaged 309
- Note this section is not for normal firmware uploads you only need to use this section if you need to recover the firmware 310
- Restoring the firmware 310
- Restoring the default system database 312
- Note you only need to use the atkz u command if the default system database is damaged 314
- Using the atkz u debug command 314
- Log commands summary 317
- Chapter 40 logs 318
- Command description 318
- Log entries commands 318
- System log commands 318
- Table 187 logging commands log entries 318
- Table 188 logging commands system log settings 318
- This table lists the commands for the system log settings 318
- This table lists the commands to look at log entries 318
- Zywall zld cli reference guide 318
- Chapter 40 logs 319
- Command description 319
- Debug log commands 319
- System log command examples 319
- Table 189 logging commands debug log settings 319
- The following command displays the current status of the system log 319
- This table lists the commands for the debug log settings 319
- Zywall zld cli reference guide 319
- Chapter 40 logs 320
- Command description 320
- E mail profile commands 320
- Table 190 logging commands remote syslog server settings 320
- Table 191 logging commands vrpt settings 320
- Table 192 logging commands e mail profile settings 320
- This table lists the commands for setting how often to send information to the vrpt zyxel s vantage report server 320
- This table lists the commands for the e mail profile settings 320
- This table lists the commands for the remote syslog server settings 320
- Zywall zld cli reference guide 320
- Chapter 40 logs 321
- Command description 321
- Table 192 logging commands e mail profile settings continued 321
- Zywall zld cli reference guide 321
- Chapter 40 logs 322
- Command description 322
- Console port logging commands 322
- E mail profile command examples 322
- Table 193 logging commands console port settings 322
- The following commands set up e mail log 1 322
- This table lists the commands for the console port settings 322
- Zywall zld cli reference guide 322
- Report commands 323
- Report commands summary 323
- Reports and reboot 323
- Chapter 41 reports and reboot 324
- Command description 324
- Packet size statistics commands 324
- Report command examples 324
- Session commands 324
- Table 195 session commands 324
- Table 196 packet size statistics commands 324
- The following commands start collecting data display the traffic reports and stop collecting data 324
- This table lists the commands to display the current sessions for debugging or statistical analysis 324
- Using the packet size statistics to view packet size distribution may aid you in troubleshooting network performance in particular a large number of small packets can drastically reduce throughput this table lists the commands to enable and disable packet size statistics data collection and display the setting status and statistics 324
- Zywall zld cli reference guide 324
- Chapter 41 reports and reboot 325
- Command description 325
- Command to enter the configuration mode before you can use these commands 325
- Configure termina 325
- Email daily report commands 325
- Label description 325
- Table 196 packet size statistics commands continued 325
- Table 197 input values for email daily report commands 325
- Table 198 email daily report commands 325
- The following table identifies the values used in some of these commands other input values are discussed with the corresponding commands 325
- Use these commands to have the zywall e mail you system statistics every day you must use the 325
- Zywall zld cli reference guide 325
- Appends the date and time to the mail subject 326
- Chapter 41 reports and reboot 326
- Command description 326
- Disables the reporting 326
- Email daily report example 326
- Has the zywall not use the fifth mail to option 326
- Has the zywall not use the second and third mail to options 326
- Sets example administrator example com as the first account to which to send the mail 326
- Sets my email example com as the fourth mail to option 326
- Sets the sender as my email example com 326
- Sets the subject of the report e mails to test 326
- Specifies example smtp mail server com as the address of the smtp mail server 326
- Stops the system name from being appended to the mail subject 326
- Table 198 email daily report commands continued 326
- This example sets the following about sending a daily report e mail 326
- Zywall zld cli reference guide 326
- Chapter 41 reports and reboot 327
- Has the report include cpu memory port and session usage along with traffic statistics 327
- Has the zywall not reset the counters after sending the report 327
- Has the zywall provide username 12345 and password 12345 to the smtp server for authentication 327
- Sets the zywall to send the report at 1 57 pm 327
- Turns on the daily e mail reporting 327
- Zywall zld cli reference guide 327
- Chapter 41 reports and reboot 328
- Command to restart the device 328
- Command to save the configuration before you reboot otherwise the changes are lost when you reboot 328
- If you made changes in the cli you have to use the 328
- Reboot 328
- This displays the email daily report settings and has the zywall send the report 328
- Use the 328
- Use this to restart the device for example if the device begins behaving erratically 328
- Zywall zld cli reference guide 328
- Session timeout 329
- Diagnosis commands 331
- Diagnosis commands example 331
- Diagnostics 331
- Packet flow explore 333
- Packet flow explore commands 333
- Chapter 44 packet flow explore 334
- Packet flow explore commands example 334
- The following example shows all activated 1 to 1 snat rules 334
- The following example shows all activated dynamic vpn rules 334
- The following example shows all activated site to site vpn rules 334
- The following example shows all routing related functions and their order 334
- The following example shows all snat related functions and their order 334
- The following example shows the default wan trunk s settings 334
- Zywall zld cli reference guide 334
- Chapter 44 packet flow explore 335
- The following example shows all activated 1 to 1 nat rules 335
- The following example shows all activated dynamic vpn rules 335
- The following example shows all activated policy routes which use snat 335
- The following example shows all activated policy routes which use snat and enable nat loopback 335
- The following example shows all activated static dynamic vpn rules 335
- Zywall zld cli reference guide 335
- Chapter 44 packet flow explore 336
- The following example shows the default wan trunk settings 336
- Zywall zld cli reference guide 336
- Packet flow filter 337
- Packet flow filter commands 337
- Chapter 45 packet flow filter 338
- Command description 338
- Packet flow filter commands examples 338
- Table 203 packet flow filter commands continued 338
- The following example configures packet flow filter 1 to display how the firewall and policy routes handle udp protocol 17 traffic with source port 123 sent from ip address 1 to ip address 5 port 456 then it turns on the packet flow filter 338
- This example displays whether or not the packet flow filter is activated and whether the ring buffer is enabled or disabled 338
- Zywall zld cli reference guide 338
- Chapter 45 packet flow filter 339
- This example displays the details of a captured packet flow in this case traffic matches and is dropped by firewall rule 3 339
- This example displays the packet flow filter 1 s settings 339
- Zywall zld cli reference guide 339
- Chapter 45 packet flow filter 340
- This example activates the packet flow ring buffer feature 340
- Zywall zld cli reference guide 340
- Maintenance tools 341
- Chapter 46 maintenance tools 342
- Command description 342
- Table 204 maintenance tools commands in privilege mode continued 342
- Zywall zld cli reference guide 342
- Chapter 46 maintenance tools 343
- Command description 343
- Here are maintenance tool commands that you can use in configuration mode 343
- Maintenance command examples 343
- Some packet trace command examples are shown below 343
- Table 204 maintenance tools commands in privilege mode continued 343
- Table 205 maintenance tools commands in configuration mode 343
- Zywall zld cli reference guide 343
- Chapter 46 maintenance tools 344
- Command description 344
- Here are maintenance tool commands that you can use in configure mode 344
- Packet capture command example 344
- Table 206 maintenance tools commands in configuration mode 344
- The following example creates an arp table entry for ip address 192 68 0 and mac address 01 02 03 04 05 06 then it shows the arp table and finally removes the new entry 344
- The following examples show how to configure packet capture settings and perform a packet capture first you have to check whether a packet capture is running this example shows no other packet capture is running then you can also check the current packet capture settings 344
- Then configure the following settings to capture packets going through the zywall s wan1 interface only 344
- Zywall zld cli reference guide 344
- Chapter 46 maintenance tools 345
- Check current packet capture status and list all stored packet captures 345
- Duration 150 seconds 345
- Exit the sub command mode and have the zywall capture packets according to the settings you just configured 345
- File size 10 megabytes 345
- File suffix example 345
- Host ip any 345
- Host port any then you do not need to configure this setting 345
- Ip address any 345
- Manually stop the running packet capturing 345
- Save the captured packets to usb storage device 345
- The maximum size of a packet capture file 100 megabytes 345
- Use the ring buffer no 345
- You can use ftp to download a capture file open and study it using a packet analyzer tool for example ethereal or wireshark 345
- Zywall zld cli reference guide 345
- Hardware watchdog timer 347
- Software watchdog timer 347
- Watchdog timer 347
- App watchdog 348
- Application watchdog 348
- Application watchdog commands example 348
- Chapter 47 watchdog timer 348
- Command description 348
- Command to enter the configuration mode to be able to use these commands 348
- Commands use the 348
- Configure termina 348
- Table 209 app watchdog commands 348
- The application watchdog has the system restart a process that fails these are the 348
- The following example displays the application watchdog configuration and lists the processes that the application watchdog is monitoring 348
- Zywall zld cli reference guide 348
- Chapter 47 watchdog timer 349
- Zywall zld cli reference guide 349
- List of commands alphabetical 351
Похожие устройства
- Zyxel ZyWALL USG 50 Инструкция по установке
- Zyxel ZyWALL USG 50 Рекомендации по настройке
- HP spectre x360 13-4051ur, m3k02ea Инструкция по эксплуатации
- HP spectre x360 13-4050ur, l1s05ea Инструкция по эксплуатации
- HP 15-r263ur, l2u69ea Инструкция по эксплуатации
- HP proone 400, g9d90es Инструкция по эксплуатации
- HP probook 450, k9l17ea Инструкция по эксплуатации
- HP proone 400, d5u21ea Инструкция по эксплуатации
- HP proone 400, f4q59ea Инструкция по эксплуатации
- HP pavilion mini 300-030ur, l1v76ea Инструкция по эксплуатации
- HP pavilion mini 300-050ur, l6j46ea Инструкция по эксплуатации
- Zyxel USG100-PLUS Инструкция по эксплуатации
- HP probook 430, g6w10ea Инструкция по эксплуатации
- Zyxel USG100-PLUS Справочник командного интерфейса
- Zyxel USG100-PLUS Инструкция по установке
- Zyxel USG100-PLUS Рекомендации по настройке
- HP pavilion x360 11-n056nr, k6z45ea Инструкция по эксплуатации
- HP 250, l8a49es Инструкция по эксплуатации
- Zyxel ZyWALL USG 300 Инструкция по эксплуатации
- HP spectre pro x360, l8t80es Инструкция по эксплуатации