![Zyxel ZyWALL USG 50 — руководство по таймерам watchdog для системных устройств [347/386]](/img/pdf.png)
Zyxel ZyWALL USG 50 — руководство по таймерам watchdog для системных устройств [347/386]
![Zyxel ZyWALL USG 1000 [347/386] Watchdog timer](/views2/1169219/page347/bg15b.png)
ZyWALL (ZLD) CLI Reference Guide 347
CHAPTER 47
Watchdog Timer
This chapter provides information about the ZyWALL’s watchdog timers.
47.1 Hardware Watchdog Timer
The hardware watchdog has the system restart if the hardware fails.
The hardware-watchdog-timer commands are for support engineers.
It is recommended that you not modify the hardware watchdog timer
settings.
47.2 Software Watchdog Timer
The software watchdog has the system restart if the core firmware fails.
The software-watchdog-timer commands are for support engineers.
It is recommended that you not modify the software watchdog timer
settings.
Table 207 hardware-watchdog-timer Commands
COMMAND DESCRIPTION
[no] hardware-watchdog-timer <4..37> Sets how long the system’s hardware can be unresponsive before resetting.
The no command turns the timer off.
show hardware-watchdog-timer status Displays the settings of the hardware watchdog timer.
Table 208 software-watchdog-timer Commands
COMMAND DESCRIPTION
[no] software-watchdog-timer
<10..600>
Sets how long the system’s core firmware can be unresponsive before
resetting. The no command turns the timer off.
show software-watchdog-timer status Displays the settings of the software watchdog timer.
show software-watchdog-timer log Displays a log of when the software watchdog timer took effect.
Содержание
- Cli reference guide p.1
- Default login details p.1
- Quick start guide p.1
- Security firewalls p.1
- Zywall zld series p.1
- Do not use commands not documented in this guide p.2
- Some commands or command options in this guide may not be available in your product see your product s user s guide for a list of supported features every effort has been made to ensure that the information in this guide is accurate p.2
- It is recommended you use the web configurator to configure the zywall p.2
- Introduction 7 p.3
- Reference 7 p.3
- Chapter 1 command line interface 9 p.5
- Table of contents p.5
- Part i introduction 17 p.5
- Chapter 2 user and privilege modes 3 p.5
- Chapter 6 interfaces 3 p.6
- Chapter 5 registration 5 p.6
- Chapter 4 status 1 p.6
- Chapter 3 object reference 9 p.6
- Part ii reference 37 p.6
- Chapter 9 routing protocol 07 p.7
- Chapter 8 route 9 p.7
- Chapter 7 trunks 3 p.7
- Chapter 15 ip mac binding 31 p.8
- Chapter 14 alg 27 p.8
- Chapter 13 http redirect 23 p.8
- Chapter 12 virtual servers 19 p.8
- Chapter 11 ddns 115 p.8
- Chapter 10 zones 111 p.8
- Chapter 19 l2tp vpn 57 p.9
- Chapter 18 ssl vpn 51 p.9
- Chapter 17 ipsec vpn 41 p.9
- Chapter 16 firewall 33 p.9
- Chapter 21 anti virus 73 p.10
- Chapter 20 application patrol 63 p.10
- Chapter 22 idp commands 81 p.10
- Chapter 26 user group 29 p.11
- Chapter 25 device ha 21 p.11
- Chapter 24 anti spam 211 p.11
- Chapter 23 content filtering 99 p.11
- Chapter 31 authentication objects 55 p.12
- Chapter 30 aaa server 49 p.12
- Chapter 29 schedules 47 p.12
- Chapter 28 services 43 p.12
- Chapter 27 addresses 37 p.12
- Chapter 37 system 79 p.13
- Chapter 36 dhcpv6 objects 76 p.13
- Chapter 35 endpoint security 69 p.13
- Chapter 34 ssl application 66 p.13
- Chapter 33 isp accounts 64 p.13
- Chapter 32 certificates 59 p.13
- Chapter 38 system remote management 85 p.14
- Chapter 41 reports and reboot 23 p.15
- Chapter 40 logs 17 p.15
- Chapter 39 file manager 99 p.15
- Chapter 47 watchdog timer 47 p.16
- List of commands alphabetical 51 p.16
- Chapter 46 maintenance tools 41 p.16
- Chapter 45 packet flow filter 37 p.16
- Chapter 44 packet flow explore 33 p.16
- Chapter 43 diagnostics 31 p.16
- Chapter 42 session timeout 29 p.16
- Introduction p.17
- Accessing the cli p.19
- The configuration file p.19
- Overview p.19
- Command line interface p.19
- Console port p.20
- Web configurator console p.20
- Note the default login username is admin and password is 1234 the username and password are case sensitive p.20
- Note before you can access the cli through the web configurator make sure your computer supports the java runtime environment you will be prompted to download and install the java plug in if it is not already installed p.20
- Router config p.22
- Note the default login username is admin it is case sensitive p.22
- Configure termina p.22
- Telnet 192 68 p.23
- Telnet p.23
- Ssh secure shell p.23
- Note the default login username is admin and password is 1234 the username and password are case sensitive p.23
- How to find commands in this guide p.23
- Command summary p.24
- Command input values optional p.24
- Command examples optional p.24
- Background information optional p.24
- Service objec p.24
- Note see the user s guide for background information about most features p.24
- How commands are explained p.24
- Command syntax p.24
- Zywall zld cli reference guide p.25
- You run cli commands in one of several modes p.25
- User privilege configuration sub command p.25
- Table 2 cli modes p.25
- See chapter 26 on page 229 for more information about the user types user users can only log in look at but not run the available commands in user mode and log out limited admin users can look at the configuration in the web configurator and cli and they can run basic diagnostics in the cli admin users can configure the zywall in the web configurator or cli p.25
- It is highly recommended that you change the password for accessing the zywall see section 26 on page 230 for the appropriate commands p.25
- Exactly as it appears followed by two numbers between 1 and 65535 p.25
- Cli modes p.25
- Chapter 1 command line interface p.25
- Changing the password p.25
- At the time of writing there is not much difference between user and privilege mode for admin users this is reserved for future use p.25
- A list of valid commands can be found by typing p.26
- Zywall zld cli reference guide p.26
- To view detailed help information for a command enter p.26
- Shortcuts and help p.26
- List of sub commands or required user input p.26
- List of available commands p.26
- Figure 9 help available commands example 1 p.26
- Figure 12 help required user input example p.26
- Figure 11 help sub command information example p.26
- Figure 10 help available command example 2 p.26
- Chapter 1 command line interface p.26
- At the command prompt to view a list of available commands within a command group enter p.26
- Erase current command p.27
- Entering partial commands p.27
- Entering a in a command p.27
- Configur p.27
- Command history p.27
- The no commands p.27
- Navigation p.27
- Zywall zld cli reference guide p.28
- You can use the or tab to get more information about the next input value that is required for a command in some cases the next input value is a string whose length and allowable characters may not be displayed in the screen for example in the following example the next input value is a string called p.28
- When you use the example above note that zywall usg 200 and below models use a name such as wan1 wan2 opt lan1 ext wlan or dmz p.28
- The following table provides more information about input values like p.28
- Tag values legal values p.28
- Table 3 input value formats for strings in cli commands p.28
- Input values p.28
- Description p.28
- Chapter 1 command line interface p.28
- Zywall zld cli reference guide p.29
- Tag values legal values p.29
- Table 3 input value formats for strings in cli commands continued p.29
- Chapter 1 command line interface p.29
- Chapter 1 command line interface p.30
- Zywall zld cli reference guide p.30
- Tag values legal values p.30
- Table 3 input value formats for strings in cli commands continued p.30
- Zywall zld cli reference guide p.31
- Use the p.31
- The zywall usg 200 and below models use a name such as wan1 wan2 opt lan1 ext wlan or dmz p.31
- Tag values legal values p.31
- Table 3 input value formats for strings in cli commands continued p.31
- Saving configuration changes p.31
- Note always save the changes before you log out after each management session all unsaved changes will be lost after the system restarts p.31
- How you specify an ethernet interface depends on the zywall model p.31
- For the zywall usg 300 and above use ge x x 1 n where n equals the highest numbered ethernet interface for your zywall model p.31
- Ethernet interfaces p.31
- Command to save the current configuration to the zywall p.31
- Chapter 1 command line interface p.31
- Logging out p.32
- User and privilege modes p.33
- Zywall zld cli reference guide p.34
- Table 4 user u and privilege p mode commands continued p.34
- Subsequent chapters in this guide describe the configuration commands user privilege mode commands that are also configuration commands for example show are described in more detail in the related configuration command chapter p.34
- Note these commands are for zyxel s internal manufacturing process p.34
- Debug commands marked with an asterisk are not available when the debug flag is on and are for zyxel service personnel use only the debug commands follow a linux based syntax so if there p.34
- Debug commands p.34
- Command mode description p.34
- Chapter 2 user and privilege modes p.34
- Zywall zld cli reference guide p.35
- Table 5 debug commands p.35
- Is a linux equivalent it is displayed in this chapter for your reference you must know a command listed here well before you use it otherwise it may cause undesired results p.35
- Command syntax description linux command equivalent p.35
- Chapter 2 user and privilege modes p.35
- Table 5 debug commands continued p.36
- Command syntax description linux command equivalent p.36
- Chapter 2 user and privilege modes p.36
- Zywall zld cli reference guide p.36
- Reference p.37
- Object reference commands p.39
- Object reference p.39
- Zywall zld cli reference guide p.40
- This example shows how to check which configuration is using an address object named lan1_subnet for the command output firewall rule 3 named lan1 to usg 2000 is using the address object p.40
- Table 6 show reference commands continued p.40
- Object reference command example p.40
- Command description p.40
- Chapter 3 object reference p.40
- Status p.41
- Zywall zld cli reference guide p.42
- Here is an example of the command that displays the listening ports p.42
- Here are examples of the commands that display the fan speed mac address memory usage ram size and serial number p.42
- Chapter 4 status p.42
- Zywall zld cli reference guide p.43
- Here is an example of the command that displays the open ports p.43
- Chapter 4 status p.43
- Zywall zld cli reference guide p.44
- This example shows the current led states on the zywall the sys led lights on and green the aux and hdd leds are both off p.44
- Here are examples of the commands that display the system uptime and model firmware and build information p.44
- Chapter 4 status p.44
- Subscription services available on the zywall p.45
- Registration p.45
- Myzyxel com overview p.45
- Registration commands p.46
- Note to update the signature file or use a subscription service you have to register the zywall and activate the corresponding service at myzyxel com through the zywall p.46
- Configure termina p.46
- Command examples p.47
- Command description p.47
- Chapter 5 registration p.47
- Zywall zld cli reference guide p.47
- The following commands allow you to register your device with an existing account or create a new account and register the device at one time and activate a trial service subscription p.47
- The following command displays the account information and whether the device is registered p.47
- Table 9 command summary registration continued p.47
- Zywall zld cli reference guide p.48
- The following table displays the number for each country p.48
- The following command displays the service registration status and type and how many days remain before the service expires p.48
- The following command displays the seller details you have entered on the zywall p.48
- Table 10 country codes p.48
- Country code country name country code country name p.48
- Country code p.48
- Chapter 5 registration p.48
- Zywall zld cli reference guide p.49
- Table 10 country codes continued p.49
- Country code country name country code country name p.49
- Chapter 5 registration p.49
- Zywall zld cli reference guide p.50
- Table 10 country codes continued p.50
- Country code country name country code country name p.50
- Chapter 5 registration p.50
- Zywall zld cli reference guide p.51
- Table 10 country codes continued p.51
- Country code country name country code country name p.51
- Chapter 5 registration p.51
- Interface overview p.53
- Types of interfaces p.53
- Interfaces p.53
- Table 11 characteristics of ethernet vlan bridge pppoe pptp and virtual interface zywall usg 300 and above p.54
- Port groups trunks and the auxiliary interface have a lot of characteristics that are specific to each type of interface these characteristics are listed in the following tables and discussed in more detail farther on p.54
- Characteristics ethernet vlan bridge pppoe pptp virtual p.54
- Characteristics ethernet ethernet ethernet vlan bridge ppp virtual p.54
- Chapter 6 interfaces p.54
- Zywall zld cli reference guide p.54
- Trunks manage load balancing between interfaces p.54
- The auxiliary interface along with an external modem provides an interface the zywall can use to dial out this interface can be used as a backup wan interface for example the auxiliary interface controls the dial backup port labeled aux on some models p.54
- Table 12 ethernet vlan bridge ppp and virtual interface characteristics zywall usg 200 and below models p.54
- Zywall zld cli reference guide p.55
- Table 13 cellular and wlan interface characteristics p.55
- Table 12 ethernet vlan bridge ppp and virtual interface characteristics zywall usg 200 and below models continued p.55
- Characteristics ethernet ethernet ethernet vlan bridge ppp virtual p.55
- Characteristics cellular wlan p.55
- Chapter 6 interfaces p.55
- Usg 200 and below model p.56
- Table 14 relationships between different types of interfaces p.56
- Relationships between interfaces p.56
- Interface required port interface p.56
- In the zywall interfaces are usually created on top of other interfaces only ethernet interfaces are created directly on top of the physical ports or port groups the relationships between interfaces are explained in the following table p.56
- Chapter 6 interfaces p.56
- Zywall zld cli reference guide p.56
- Zywall zld cli reference guide p.57
- This table lists basic properties and ip address commands p.57
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands p.57
- The following sections introduce commands that are supported by several types of interfaces see section 6 on page 76 for the unique commands for each type of interface p.57
- Table 16 interface general commands basic properties and ip address assignment p.57
- Table 15 input values for general interface commands p.57
- Label description p.57
- Interface general commands summary p.57
- Command description p.57
- Chapter 6 interfaces p.57
- Basic interface properties and ip address commands p.57
- Zywall zld cli reference guide p.58
- Table 16 interface general commands basic properties and ip address assignment continued p.58
- Command description p.58
- Chapter 6 interfaces p.58
- Zywall zld cli reference guide p.59
- Table 16 interface general commands basic properties and ip address assignment continued p.59
- Command description p.59
- Chapter 6 interfaces p.59
- Zywall zld cli reference guide p.60
- Table 16 interface general commands basic properties and ip address assignment continued p.60
- Note make sure you also enable this option in the dhcpv6 clients to make rapid commit work p.60
- Command description p.60
- Chapter 6 interfaces p.60
- Zywall zld cli reference guide p.61
- Table 16 interface general commands basic properties and ip address assignment continued p.61
- Note make sure you also disable this option in the dhcpv6 clients p.61
- Command description p.61
- Chapter 6 interfaces p.61
- The following commands make ethernet interface ge1 a dhcp client p.62
- Chapter 6 interfaces p.62
- Basic interface properties command examples p.62
- Zywall zld cli reference guide p.62
- This example shows how to modify the name of interface ge4 to vip first you have to check the interface system name ge4 in this example on the zywall then change the name and display the result p.62
- This example shows how to change the user defined name from vip to partner note that you have to use the interface rename command if you do not know the system name of the interface to use the interface name command you have to find out the corresponding system name first ge4 in this example this example also shows how to change the user defined name from partner to customer using the interface name command p.62
- This example shows how to restart an interface you can check all interface names on the zywall then use either the system name or user defined name of an interface ge4 or customer in this example to restart it p.63
- Zywall zld cli reference guide p.63
- This table lists dhcp setting commands dhcp is based on dhcp pools create a dhcp pool if you want to assign a static ip address to a mac address or if you want to specify the starting ip address and pool size of a range of ip addresses that can be assigned to dhcp clients there are different commands for each configuration afterwards in either case you have to bind the dhcp pool to the interface p.63
- Table 17 interface commands dhcp settings p.63
- Network p.63
- Dhcp setting commands p.63
- Command description p.63
- Chapter 6 interfaces p.63
- Networ p.64
- Hardware addres p.64
- Command description p.64
- Chapter 6 interfaces p.64
- Zywall zld cli reference guide p.64
- Table 17 interface commands dhcp settings continued p.64
- Note the ip address must be in the same subnet as the interface to which you plan to bind the dhcp pool p.64
- Note the dhcp pool must have the same subnet as the interface to which you plan to bind it p.64
- Zywall zld cli reference guide p.65
- Table 17 interface commands dhcp settings continued p.65
- Note you must specify the p.65
- Network numbe p.65
- First and the start address must be in the same subnet p.65
- Command description p.65
- Chapter 6 interfaces p.65
- The following example uses these commands to configure dhcp pool dhcp_test p.66
- The following example configures the dhcp_test pool with a sip server code 120 extended dhcp option with one ip address to provide to the sip clients p.66
- Dhcp setting command examples p.66
- Dhcp extended option setting command example p.66
- Chapter 6 interfaces p.66
- Zywall zld cli reference guide p.66
- Zywall zld cli reference guide p.67
- This table shows an example of each interface type s sub commands the sub commands vary for different interface types p.67
- Table 18 examples for different interface parameters ethernet virtual interface pppoe pptp p.67
- Interface parameter command examples p.67
- Chapter 6 interfaces p.67
- Cellular wlan vlan p.67
- This table lists the commands for ospf settings p.68
- Table 20 interface commands ospf settings p.68
- Table 19 interface commands rip settings p.68
- Table 18 examples for different interface parameters p.68
- Rip commands p.68
- Ospf commands p.68
- Command description p.68
- Chapter 6 interfaces p.68
- Bridge auxiliary tunnel p.68
- Zywall zld cli reference guide p.68
- This table lists the commands for rip settings p.68
- Zywall zld cli reference guide p.69
- Table 20 interface commands ospf settings continued p.69
- Ip ospf hello interva p.69
- Ip ospf dead interva p.69
- Command description p.69
- Chapter 6 interfaces p.69
- Table 21 interface commands ping check p.70
- Zywall zld cli reference guide p.70
- Use these commands to have an interface regularly check the connection to the gateway you specified to make sure it is still available you specify how often the interface checks the connection how long to wait for a response before the attempt is a failure and how many consecutive failures are required before the zywall stops routing to the gateway the zywall resumes routing to the gateway the first time the gateway passes the connectivity check p.70
- This table lists the ping check commands p.70
- Connectivity check ping check commands p.70
- Command description p.70
- Chapter 6 interfaces p.70
- Chapter 6 interfaces p.71
- Zywall zld cli reference guide p.71
- This table lists the commands you can use to set the mac address of an interface on the zywall usg 200 and below models these commands only apply to a wan or opt interface p.71
- This section covers commands that are specific to ethernet interfaces p.71
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands p.71
- The following commands show you how to set the wan1 interface to use a tcp handshake on port 8080 to check the connection to ip address 1 p.71
- Table 23 interface commands mac setting p.71
- Table 22 input values for ethernet interface commands p.71
- Mac address setting commands p.71
- Label description p.71
- Ethernet interface specific commands p.71
- Connectivity check command example p.71
- Command description p.71
- Port grouping commands p.72
- Note in cli representative interfaces are also called representative ports p.72
- Command description p.72
- Chapter 6 interfaces p.72
- Zywall zld cli reference guide p.72
- This section covers commands that are specific to port grouping p.72
- Table 24 basic interface setting commands p.72
- Table 23 interface commands mac setting continued p.72
- Zywall zld cli reference guide p.73
- Virtual interfaces use many of the general interface commands discussed at the beginning of section 6 on page 57 there are no additional commands for virtual interfaces p.73
- Virtual interface specific commands p.73
- Virtual interface command examples p.73
- The following commands set up a virtual interface on top of ethernet interface ge1 the virtual interface is named ge1 1 with the following parameters ip 1 subnet 255 55 55 p.73
- The following commands set port 1 to use auto negotiation auto and port 2 to use a 10 mbps connection speed and half duplex p.73
- The following commands add physical port 5 to representative interface ge1 p.73
- Port grouping command examples p.73
- Chapter 6 interfaces p.73
- Gateway 4 upstream bandwidth 345 downstream bandwidth 123 and description i am vir interface p.74
- Command description p.74
- Chapter 6 interfaces p.74
- Zywall zld cli reference guide p.74
- This table lists the pppoe pptp interface commands p.74
- This section covers commands that are specific to pppoe pptp interfaces pppoe pptp interfaces also use many of the general interface commands discussed at the beginning of section 6 on page 57 p.74
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands p.74
- Table 26 interface commands pppoe pptp interfaces p.74
- Table 25 input values for pppoe pptp interface commands p.74
- Pppoe pptp specific commands p.74
- Label description p.74
- Zywall zld cli reference guide p.75
- The following commands show you how to configure pppoe pptp interface ppp0 with the following characteristics base interface ge1 isp account hinet local address 1 remote address p.75
- Table 26 interface commands pppoe pptp interfaces continued p.75
- Pppoe pptp interface command examples p.75
- Command description p.75
- Chapter 6 interfaces p.75
- Chapter 6 interfaces p.76
- Cellular interface specific commands p.76
- Zywall zld cli reference guide p.76
- Use these commands to add edit dial disconnect or delete cellular interfaces when you add a new cellular interface make sure you enter the account you must use the p.76
- Use a 3g third generation cellular device with the zywall for wireless broadband internet access p.76
- The following commands show you how to connect and disconnect ppp0 p.76
- Table 27 cellular interface commands p.76
- Mtu 1200 upstream bandwidth 345 downstream bandwidth 123 description i am ppp0 and dialed only when used p.76
- Configure terminal p.76
- Command to enter the configuration mode before you can use these commands p.76
- Command description p.76
- Zywall zld cli reference guide p.77
- Table 27 cellular interface commands continued p.77
- Command description p.77
- Chapter 6 interfaces p.77
- Command description p.78
- Chapter 6 interfaces p.78
- Cellular status p.78
- Zywall zld cli reference guide p.78
- The following table describes the different kinds of cellular connection status on the zywall p.78
- Table 28 cellular status p.78
- Table 27 cellular interface commands continued p.78
- Status description p.78
- Zywall zld cli reference guide p.79
- Table 28 cellular status p.79
- Status description p.79
- Chapter 6 interfaces p.79
- Zywall zld cli reference guide p.80
- This second example shows specifying a new pin code of 4567 p.80
- This example shows the configuration of a cellular interface named cellular2 for use with a sierra wireless ac850 3g card it uses only a 3g or 3 g connection pin code 1234 an mtu of 1200 bytes a description of this is cellular2 and sets the connection to be nailed up p.80
- This example shows the 3g connection profile settings for interface cellular2 on the zywall you have to dial 99 1 to use profile 1 but authentication is not required dial 99 2 to use profile 2 and authentication is required p.80
- This example shows the 3g and sim card information for interface cellular2 on the zywall p.80
- Chapter 6 interfaces p.80
- Cellular interface command examples p.80
- Zywall zld cli reference guide p.81
- Use these commands to add edit activate deactivate or delete tunnel interfaces you must use the p.81
- Tunnel interface specific commands p.81
- The zywall uses tunnel interfaces in generic routing encapsulation gre ipv6 in ipv4 and 6to4 tunnels this section covers commands specific to tunnel interfaces tunnel interfaces also use many of the general interface commands discussed at the beginning of section 6 on page 57 p.81
- Table 29 tunnel interface commands p.81
- Configure termina p.81
- Command to enter the configuration mode before you can use these commands gre mode tunnels support ping check see section 6 on page 70 for more on ping check p.81
- Command description p.81
- Chapter 6 interfaces p.81
- Usb storage specific commands p.82
- Tunnel interface command examples p.82
- This example creates a tunnel interface called tunnel0 that uses wan1 as the source 168 68 68 68 as the destination and 10 00 and 255 55 as the inner source ip p.82
- Table 30 usb storage general commands p.82
- Note for the zywall which supports more than one usb ports these commands only apply to the usb storage device that is first attached to the zywall p.82
- Command description p.82
- Chapter 6 interfaces p.82
- Zywall zld cli reference guide p.82
- Use these commands to configure settings that apply to the usb storage device connected to the zywall p.82
- Zywall zld cli reference guide p.83
- You can install a compatible wlan card to use the zywall as an access point ap for a wireless network p.83
- Wlan specific commands p.83
- Usb storage general commands example p.83
- This example shows how to display the status of the connected usb storage device p.83
- The following table identifies the values required for several wlan commands other input values are discussed with the corresponding commands p.83
- Table 31 input values for wlan interface commands p.83
- Table 30 usb storage general commands continued p.83
- Label description p.83
- Command description p.83
- Chapter 6 interfaces p.83
- Table 32 wlan general commands p.84
- Command description p.84
- Chapter 6 interfaces p.84
- Zywall zld cli reference guide p.84
- Wlan general commands p.84
- Use these commands to configure global settings that apply to all of the wireless lan interfaces you create on the wlan card p.84
- Zywall zld cli reference guide p.85
- Wlan interface commands p.85
- Wlan general commands example p.85
- Use these commands to configure global settings that apply to all of the wireless lan interfaces you create on the wlan card p.85
- This example sets wireless slot 1 to use the ieee 802 1b and ieee 802 1g bands channel 5 super mode 50 output power and enables it p.85
- Table 33 wlan interface commands p.85
- Table 32 wlan general commands continued p.85
- Command description p.85
- Chapter 6 interfaces p.85
- Zywall zld cli reference guide p.86
- Table 33 wlan interface commands continued p.86
- Command description p.86
- Chapter 6 interfaces p.86
- Zywall zld cli reference guide p.87
- Wlan mac filter commands p.87
- Wlan interface commands example p.87
- Use these commands to give specific wireless clients exclusive access to the zywall allow association or block specific devices from accessing the zywall deny association based on the devices mac addresses p.87
- This example configures wlan ap interface 2 for slot 1 to use ssid wlan_test wpa security modes with a pre shared key of 12345678 ip address 1 netmask 255 55 55 and a gateway ip address of 1 with a priority of 10 p.87
- Table 34 wlan general commands p.87
- Table 33 wlan interface commands continued p.87
- Command description p.87
- Chapter 6 interfaces p.87
- Wlan mac filter commands example p.88
- Vlan interface specific commands p.88
- Table 36 interface commands vlan interfaces continued p.89
- Label description p.89
- Command description p.89
- Chapter 6 interfaces p.89
- Bridge specific commands p.89
- Zywall zld cli reference guide p.89
- Vlan interface command examples p.89
- This table lists the bridge interface commands p.89
- This section covers commands that are specific to bridge interfaces bridge interfaces also use many of the general interface commands discussed at the beginning of section 6 on page 57 p.89
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands p.89
- The following commands show you how to set up vlan vlan100 with the following parameters vlan id 100 interface ge1 ip 1 subnet 255 55 55 mtu 598 gateway 2 description i am vlan100 upstream bandwidth 345 and downstream bandwidth 123 p.89
- Table 38 interface commands bridge interfaces p.89
- Table 37 input values for bridge interface commands p.89
- Table 39 interface commands auxiliary interface p.90
- Table 38 interface commands bridge interfaces continued p.90
- Interfac p.90
- Commands and the second table explains the values you can input with these commands p.90
- Command description p.90
- Chapter 6 interfaces p.90
- Bridge interface command examples p.90
- Auxiliary interface specific commands p.90
- Zywall zld cli reference guide p.90
- The following commands show you how to set up a bridge interface named br0 with the following parameters member ge1 ip 1 subnet 255 55 55 mtu 598 gateway 2 upstream bandwidth 345 downstream bandwidth 123 and description i am br0 p.90
- The first table below lists the auxiliary p.90
- Zywall zld cli reference guide p.91
- The following commands show you how to set up the auxiliary interface aux with the following parameters phone number 0340508888 tone dialing port speed 115200 initial string atz timeout 30 seconds username kk password kk u2online chap pap authentication and description i am aux interface p.91
- The following commands show how to dial disconnect and stop the auxiliary interface p.91
- Table 39 interface commands auxiliary interface continued p.91
- Command description p.91
- Chapter 6 interfaces p.91
- Auxiliary interface command examples p.91
- Trunks overview p.93
- Trunks p.93
- Trunk scenario examples p.93
- Command to enter the configuration mode before you can use these commands see table 40 on page 94 for details about the values you can input with these commands p.94
- Command description p.94
- Chapter 7 trunks p.94
- Zywall zld cli reference guide p.94
- Trunk commands summary p.94
- Trunk commands input values p.94
- The following table lists the p.94
- The following table explains the values you can input with the p.94
- Table 41 interface group commands summary p.94
- Table 40 interface group command input values p.94
- Label description p.94
- Interface group p.94
- Interface grou p.94
- Configure termina p.94
- Commands you must use the p.94
- Commands p.94
- Sends new session traffic through the least utilized of these interfaces p.95
- Command description p.95
- Chapter 7 trunks p.95
- Zywall zld cli reference guide p.95
- Trunk command examples p.95
- The following example creates a weighted round robin trunk for ethernet interfaces ge1 and ge2 the zywall sends twice as much traffic through ge1 p.95
- The following example creates a least load first trunk for ethernet interface ge3 and vlan 5 which will only apply to outgoing traffic through the trunk the p.95
- Table 41 interface group commands summary continued p.95
- Wan1 wan2 p.96
- Link sticking p.96
- Link sticking commands summary p.97
- Link sticking command example p.97
- Configure termina p.97
- Policy route commands p.99
- Policy route p.99
- Configure termina p.100
- Command to enter the configuration mode before you can use these commands p.100
- Command description p.100
- Chapter 8 route p.100
- Zywall zld cli reference guide p.100
- The following table describes the commands available for policy route you must use the p.100
- Table 44 command summary policy route p.100
- Table 43 input values for general policy route commands continued p.100
- Label description p.100
- Zywall zld cli reference guide p.101
- Table 44 command summary policy route continued p.101
- Command description p.101
- Chapter 8 route p.101
- Zywall zld cli reference guide p.102
- Table 44 command summary policy route continued p.102
- Command description p.102
- Chapter 8 route p.102
- Table 44 command summary policy route continued p.103
- Command description p.103
- Chapter 8 route p.103
- Zywall zld cli reference guide p.103
- Zywall zld cli reference guide p.104
- The following commands create two address objects tw_subnet and gw_1 and insert a policy that routes the packets with the source ip address tw_subnet and any destination ip address through the interface ge1 to the next hop router gw_1 this route uses the ip address of the outgoing interface as the matched packets source ip address p.104
- Table 45 assured forwarding af behavior group p.104
- Policy route command example p.104
- Class 1 class 2 class 3 class 4 p.104
- Chapter 8 route p.104
- Assured forwarding af phb for diffserv p.104
- Assured forwarding af behavior is defined in rfc 2597 the af behavior group defines four af classes inside each class packets are given a high medium or low drop precedence the drop precedence determines the probability that routers in the network will drop packets when congestion occurs if congestion occurs between classes the traffic in the higher class smaller numbered class is generally given priority combining the classes and drop precedence produces the following twelve dscp encodings from af11 through af43 the decimal equivalent is listed in brackets p.104
- Static route commands p.105
- Ip static route p.105
- Configure termina p.105
- Table 46 command summary static route continued p.106
- Static route commands examples p.106
- Command description p.106
- Chapter 8 route p.106
- Zywall zld cli reference guide p.106
- The following commands set and show three examples of static ipv6 routes for traffic destined for ipv6 addresses with prefix 2002 22 22 34 the first route sends the traffic out through interface ge2 and uses metric 1 the second sends the traffic to gateway 2001 12 12 and uses metric 2 the third sends the traffic to the fe80 1 2 link local gateway on interface ge2 and uses metric 2 p.106
- The following command sets a static route with ip address 10 0 0 and subnet mask 255 55 55 and with the next hop interface ge1 then use the show command to display the setting p.106
- The following command deletes all static ipv6 routes with the same prefix p.106
- The following command deletes a specific static ipv6 route p.106
- Routing protocol overview p.107
- Routing protocol commands summary p.107
- Routing protocol p.107
- This table lists the commands for rip p.108
- This table lists the commands for general ospf configuration p.108
- Table 50 router commands general ospf configuration p.108
- Table 49 router commands rip p.108
- Rip commands p.108
- General ospf commands p.108
- Command description p.108
- Chapter 9 routing protocol p.108
- Zywall zld cli reference guide p.108
- Zywall zld cli reference guide p.109
- Virtual link commands p.109
- This table lists the commands for virtual links in ospf areas p.109
- This table lists the commands for ospf areas p.109
- Table 52 router commands virtual links in ospf areas p.109
- Table 51 router commands ospf areas p.109
- Ospf area commands p.109
- Command description p.109
- Chapter 9 routing protocol p.109
- The following example shows learned routing information on the zywall p.110
- Table 53 ip route commands learned routing information p.110
- Show ip route command example p.110
- Learned routing information commands p.110
- Command description p.110
- Chapter 9 routing protocol p.110
- Zywall zld cli reference guide p.110
- This table lists the commands to look at learned routing information p.110
- Zones overview p.111
- Zywall zld cli reference guide p.112
- Zone commands summary p.112
- This table lists the zone commands p.112
- The following table describes the values required for many zone commands other values are discussed with the corresponding commands s p.112
- Table 55 zone commands p.112
- Table 54 input values for zone commands p.112
- Label description p.112
- Command description p.112
- Chapter 10 zones p.112
- Zywall zld cli reference guide p.113
- Zone command examples p.113
- The following commands add ethernet interfaces ge1 and ge2 to zone a and block intra zone traffic p.113
- Chapter 10 zones p.113
- Ddns overview p.115
- Zywall zld cli reference guide p.116
- The following table lists the ddns commands p.116
- The following table describes the values required for many ddns commands other values are discussed with the corresponding commands p.116
- Table 58 ip ddns commands p.116
- Table 57 input values for ddns commands p.116
- Label description p.116
- Ddns commands summary p.116
- Command description p.116
- Chapter 11 ddns p.116
- Zywall zld cli reference guide p.117
- Table 58 ip ddns commands continued p.117
- Command description p.117
- Chapter 11 ddns p.117
- Virtual server commands summary p.119
- 1 1 nat and many 1 1 nat p.119
- Virtual servers p.119
- Virtual server overview p.119
- Zywall zld cli reference guide p.120
- The following table lists the virtual server commands p.120
- Table 60 ip virtual server commands p.120
- Command description p.120
- Chapter 12 virtual servers p.120
- Zywall zld cli reference guide p.121
- Virtual server command examples p.121
- The following command shows information about all the virtual servers in the zywall p.121
- The following command creates virtual server wan lan_h323 on the wan1 interface that maps ip addresses 10 to 192 68 6 for tcp protocol traffic on port 1720 it also adds a nat loopback entry p.121
- Table 60 ip virtual server commands continued p.121
- Command description p.121
- Chapter 12 virtual servers p.121
- Tutorial how to allow public access to a server p.122
- Http redirect p.123
- Web proxy server p.123
- Http redirect overview p.123
- Http redirect commands p.124
- Configure termina p.124
- Zywall zld cli reference guide p.125
- The following commands create a http redirect rule disable it and display the settings p.125
- Http redirect command examples p.125
- Chapter 13 http redirect p.125
- Alg introduction p.127
- Table 63 alg commands p.128
- Configure termina p.128
- Commands you must use the p.128
- Command to enter the configuration mode before you can use these commands p.128
- Command description p.128
- Chapter 14 alg p.128
- Alg commands p.128
- Zywall zld cli reference guide p.128
- The following table lists the p.128
- Alg commands example p.129
- Ip mac binding overview p.131
- Ip mac binding commands p.131
- Ip mac binding p.131
- Zywall zld cli reference guide p.132
- The following example enables ip mac binding on the lan1 interface and displays the interface s ip mac binding status p.132
- Ip mac binding commands example p.132
- Chapter 15 ip mac binding p.132
- Firewall overview p.133
- Firewall p.133
- Configure termina p.134
- Command to enter the configuration mode before you can use the configuration commands commands that do not have ipv6 specified in the description are for ipv4 p.134
- Command description p.134
- Chapter 16 firewall p.134
- Zywall zld cli reference guide p.134
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands p.134
- The following table describes the commands available for the firewall you must use the p.134
- Table 66 command summary firewall p.134
- Table 65 input values for general firewall commands p.134
- Label description p.134
- Firewall commands p.134
- Zywall zld cli reference guide p.135
- Table 66 command summary firewall continued p.135
- Command description p.135
- Chapter 16 firewall p.135
- Zywall zld cli reference guide p.136
- Table 66 command summary firewall continued p.136
- Command description p.136
- Chapter 16 firewall p.136
- Chapter 16 firewall p.137
- Zywall zld cli reference guide p.137
- The following table describes the sub commands for several firewall and firewall6 commands p.137
- Table 67 firewall sub commands p.137
- Firewall sub commands p.137
- Command description p.137
- Set the service to which this rule applies p.138
- Set the direction of travel of packets to which the rule applies p.138
- Set the destination ip address es p.138
- Set the action the zywall is to take on packets which match this rule p.138
- Firewall command examples p.138
- Enter the firewall sub command mode to add a firewall rule p.138
- Enter configuration command mode p.138
- Create an ip address object p.138
- Create a service object p.138
- Command description p.138
- Chapter 16 firewall p.138
- Zywall zld cli reference guide p.138
- These are ipv4 firewall configuration examples the ipv6 firewall commands are similar p.138
- The following example shows you how to add an ipv4 firewall rule to allow a myservice connection from the wan zone to the ip addresses dest_1 in the lan zone p.138
- The following command displays the default ipv4 firewall rule that applies to the wan to zywall packet direction the firewall rule number is in the rule s priority number in the global rule list p.138
- Table 67 firewall sub commands continued p.138
- Session limit commands p.139
- Configure termina p.139
- Zywall zld cli reference guide p.140
- Table 69 command summary session limit continued p.140
- Command description p.140
- Chapter 16 firewall p.140
- Ipsec vpn overview p.141
- Ipsec vpn p.141
- Ipsec vpn commands summary p.142
- Command description p.143
- Chapter 17 ipsec vpn p.143
- Zywall zld cli reference guide p.143
- This table lists the commands for ike sas vpn gateways p.143
- The following sections list the ipsec vpn commands p.143
- Table 71 isakmp commands ike sas p.143
- Table 70 input values for ipsec vpn commands continued p.143
- Label description p.143
- Ike sa commands p.143
- Zywall zld cli reference guide p.144
- This table lists the commands for ipsec sas excluding manual keys vpn connections using vpn gateways p.144
- Table 72 crypto commands ipsec sas p.144
- Table 71 isakmp commands ike sas continued p.144
- Ipsec sa commands except manual keys p.144
- Command description p.144
- Chapter 17 ipsec vpn p.144
- Aaa authentication p.144
- Chapter 17 ipsec vpn p.145
- Zywall zld cli reference guide p.145
- Table 72 crypto commands ipsec sas continued p.145
- Note you must allow traffic whose source and destination ip addresses do not match the local and remote policy if you want to use the ipsec sa in a vpn concentrator p.145
- Command description p.145
- Zywall zld cli reference guide p.146
- Table 72 crypto commands ipsec sas continued p.146
- Command description p.146
- Chapter 17 ipsec vpn p.146
- Vpn concentrator commands p.147
- This table lists the commands for the vpn concentrator p.147
- This table lists the additional commands for ipsec sas using manual keys vpn connections using manual keys p.147
- Table 74 vpn concentrator commands vpn concentrator p.147
- Table 73 crypto map commands ipsec sas manual keys p.147
- Ipsec sa commands for manual keys p.147
- Command description p.147
- Chapter 17 ipsec vpn p.147
- Zywall zld cli reference guide p.147
- Zywall zld cli reference guide p.148
- Vpn configuration provisioning commands p.148
- This table lists the commands for vpn configuration provisioning p.148
- Table 75 vpn configuration provision commands vpn configuration provisioning p.148
- Table 74 vpn concentrator commands vpn concentrator continued p.148
- Command description p.148
- Chapter 17 ipsec vpn p.148
- Zywall zld cli reference guide p.149
- This table lists the commands for the sa monitor p.149
- Table 76 sa commands sa monitor p.149
- Sa monitor commands p.149
- Command description p.149
- Chapter 17 ipsec vpn p.149
- Ssl access policy limitations p.151
- Ssl access policy p.151
- Ssl vpn commands p.151
- Ssl vpn p.151
- Ssl application objects p.151
- Zywall zld cli reference guide p.152
- This table lists the commands for ssl vpn you must use the p.152
- The following sections list the ssl vpn commands p.152
- Table 78 ssl vpn commands p.152
- Table 77 input values for ssl vpn commands continued p.152
- Ssl vpn commands p.152
- Label description p.152
- Configure termina p.152
- Command to enter the configuration mode before you can use these commands p.152
- Command description p.152
- Chapter 18 ssl vpn p.152
- Command description p.153
- Chapter 18 ssl vpn p.153
- Zywall zld cli reference guide p.153
- Windows xp is installed p.153
- Users have to access the ssl vpn using a computer that complies with all the following criteria defined in object eps 1 p.153
- Trendmicro pc cillin internet security 2007 is installed and activated p.153
- The zywall will assign two dns server settings 172 6 and 172 6 defined in objects dns1 and dns2 to the computers which match the rule s criteria p.153
- The zywall will assign an ip address from 192 68 00 to 192 68 00 0 defined in object ip pool to the computers which match the rule s criteria p.153
- The ssl vpn users are allowed to access the zywall s local network 172 6 0 24 defined in object network1 p.153
- Table 78 ssl vpn commands p.153
- Setting an ssl vpn rule tutorial p.153
- Only users using the tester account can use the ssl vpn p.153
- Here is an example ssl vpn configuration the ssl vpn rule defines p.153
- Create the ssl vpn user account named tester with password 1234 p.154
- Create four address objects for the ssl vpn dhcp pool dns servers and the local network for ssl vpn authenticated users to access p.154
- Create an ssl vpn rule named ssl_vpn_test enable it and apply objects you just created p.154
- Create an endpoint security profile named eps 1 ssl vpn users computers must install windows xp and trendmicro pc cillin internet security 2007 besides the pc cillin anti virus must be activated p.154
- Chapter 18 ssl vpn p.154
- Zywall zld cli reference guide p.154
- First of all configure 10 54 24 for the ip address of interface ge2 which is an external interface for public ssl vpn to access configure 172 6 0 54 24 for the ip address of interface ge3 which is an internal network p.154
- Zywall zld cli reference guide p.155
- Displays the ssl vpn rule settings p.155
- Chapter 18 ssl vpn p.155
- L2tp vpn overview p.157
- L2tp vpn p.157
- Ipsec configuration p.157
- Using the default l2tp vpn connection p.158
- Policy route p.158
- Lan_subnet p.158
- L2tp_pool p.158
- Configure termina p.159
- Command to enter the configuration mode before you can use these commands p.159
- Command description p.159
- Chapter 19 l2tp vpn p.159
- Zywall zld cli reference guide p.159
- This table lists the commands for l2tp vpn you must use the p.159
- The following table describes the values required for some l2tp vpn commands other values are discussed with the corresponding commands p.159
- The following sections list the l2tp vpn commands p.159
- Table 80 l2tp vpn commands p.159
- Table 79 input values for l2tp vpn commands p.159
- Note modifying this vpn connection or the vpn gateway that it uses disconnects any existing l2tp vpn sessions p.159
- Label description p.159
- L2tp vpn commands p.159
- Table 80 l2tp vpn commands p.160
- Lan_subnet 192 68 24 p.160
- L2tp vpn example p.160
- Figure 23 l2tp vpn example p.160
- Command description p.160
- Chapter 19 l2tp vpn p.160
- 3 7 05 l2tp_pool 192 68 0 0 192 68 0 0 p.160
- Zywall zld cli reference guide p.160
- This example uses the following settings in creating a basic l2tp vpn tunnel see the web configurator user s guide for how to configure l2tp in remote user computers using windows xp and windows 2000 p.160
- The zywall has a static ip address of 172 3 7 05 for the ge3 interface p.160
- The remote user has a dynamic public ip address and connects through the internet p.160
- Configuring the l2tp vpn settings example p.161
- Configuring the default l2tp vpn gateway example p.161
- Configuring the default l2tp vpn connection example p.161
- Zywall zld cli reference guide p.162
- The following commands configure and display the policy route for the l2tp vpn connection entry p.162
- Set the policy route s source address to the address object that you want to allow the remote users to access lan_subnet in this example p.162
- Set the next hop to be the default_l2tp_vpn_connection tunnel p.162
- Set the destination address to the ip address pool that the zywall assigns to the remote users l2tp_pool in this example p.162
- Enable the policy route p.162
- Enable the connection p.162
- Configuring the policy route for l2tp example p.162
- Chapter 19 l2tp vpn p.162
- Application patrol overview p.163
- Application patrol commands summary p.163
- Application patrol p.163
- Zywall zld cli reference guide p.164
- This table lists the commands for rules in each pre defined application p.164
- This table lists the commands for each pre defined application p.164
- The following sections list the application patrol commands p.164
- Table 83 app commands rules in pre defined applications p.164
- Table 82 app commands pre defined applications p.164
- Table 81 input values for application patrol commands continued p.164
- Rule commands for pre defined applications p.164
- Pre defined application commands p.164
- Label description p.164
- Command description p.164
- Chapter 20 application patrol p.164
- Chapter 20 application patrol p.165
- Zywall zld cli reference guide p.165
- The following table describes the sub commands for several application patrol rule commands note that not all rule commands use all the sub commands listed here p.165
- Table 84 app protocol rule sub commands p.165
- Table 83 app commands rules in pre defined applications continued p.165
- Rule sub commands p.165
- Command description p.165
- Zywall zld cli reference guide p.166
- This table lists the commands for exception rules for application access controls these commands are used for backward compatible only p.166
- The following table describes the sub commands for several application patrol exception rule commands note that not all rule commands use all the sub commands listed here p.166
- Table 86 app patrol exception rule sub commands p.166
- Table 85 app commands exception rules in pre defined applications p.166
- Exception rule sub commands p.166
- Exception commands for pre defined applications p.166
- Command description p.166
- Chapter 20 application patrol p.166
- Chapter 20 application patrol p.167
- Zywall zld cli reference guide p.167
- This table lists the commands for rules in other applications p.167
- This table lists the commands for other applications in application patrol p.167
- Table 88 app commands rules in other applications p.167
- Table 87 app commands other applications p.167
- Table 86 app patrol exception rule sub commands continued p.167
- Rule commands for other applications p.167
- Other application commands p.167
- Command description p.167
- The following table describes the sub commands for several application patrol other rule commands note that not all rule commands use all the sub commands listed here p.168
- Table 89 app patrol other rule sub commands p.168
- Other rule sub commands p.168
- Note you must register for the idp apppatrol signature service at least the trial before you can use it see chapter 5 on page 45 p.168
- General commands for application patrol p.168
- Command description p.168
- Chapter 20 application patrol p.168
- Zywall zld cli reference guide p.168
- Zywall zld cli reference guide p.169
- This table lists the general commands for application patrol p.169
- Table 90 app commands pre defined applications p.169
- Command description p.169
- Chapter 20 application patrol p.169
- Zywall zld cli reference guide p.170
- The following examples show the information that is displayed by some of the p.170
- Table 90 app commands pre defined applications continued p.170
- General command examples p.170
- Commands p.170
- Command description p.170
- Chapter 20 application patrol p.170
- Zywall zld cli reference guide p.171
- Chapter 20 application patrol p.171
- Anti virus p.173
- Anti virus overview p.173
- Anti virus commands p.173
- Zywall zld cli reference guide p.174
- Zone to zone anti virus rules p.174
- This example shows how to activate and deactivate anti virus on the zywall p.174
- The following table describes the commands for configuring the zone to zone rules you must use the p.174
- The following table describes general anti virus commands you must use the p.174
- Table 93 commands for zone to zone anti virus rules p.174
- Table 92 general anti virus commands p.174
- Note you must register for the anti virus service before you can use it see chapter 5 on page 45 p.174
- General anti virus commands p.174
- Configure termina p.174
- Command to enter the configuration mode before you can use these commands p.174
- Command description p.174
- Chapter 21 anti virus p.174
- Activate deactivate anti virus example p.174
- Zywall zld cli reference guide p.175
- Table 93 commands for zone to zone anti virus rules continued p.175
- Command description p.175
- Chapter 21 anti virus p.175
- Zywall zld cli reference guide p.176
- Zone to zone anti virus rule example p.176
- White and black lists p.176
- This example shows how to configure and display a wan to lan antivirus rule to scan http traffic and destroy infected files the white and black lists are ignored and zipped files are decompressed any zipped files that cannot be decompressed are destroyed p.176
- The following table describes the commands for configuring the white list and black list you must use the p.176
- Table 94 commands for anti virus white and black lists p.176
- Configure termina p.176
- Command to enter the configuration mode before you can use these commands p.176
- Command description p.176
- Chapter 21 anti virus p.176
- Command description p.177
- Chapter 21 anti virus p.177
- Zywall zld cli reference guide p.177
- White and black lists example p.177
- This example shows how to enable the white list and configure an active white list entry for files with a exe extension it also enables the black list and configure an inactive black list entry for files with a exe extension p.177
- The following table describes the command for searching for signatures you must use the p.177
- Table 95 command for anti virus signature search p.177
- Table 94 commands for anti virus white and black lists continued p.177
- Signature search anti virus command p.177
- Configure termina p.177
- Command to enter the configuration mode before you can use this command p.177
- Use these commands to update new signatures you should have already registered for anti virus service p.178
- Update anti virus signatures p.178
- This example shows how to search for anti virus signatures with msn in the name p.178
- Table 96 update signatures p.178
- Signature search example p.178
- Command description p.178
- Chapter 21 anti virus p.178
- Zywall zld cli reference guide p.178
- Zywall zld cli reference guide p.179
- Update signature examples p.179
- These examples show how to enable disable automatic anti virus downloading schedule updates display the schedule display the update status show the new updated signature version number show the total number of signatures and show the date time the signatures were created p.179
- The following table describes the commands for collecting and displaying anti virus statistics you must use the p.179
- Table 97 commands for anti virus statistics p.179
- Configure termina p.179
- Command to enter the configuration mode before you can use these commands p.179
- Command description p.179
- Chapter 21 anti virus p.179
- Anti virus statistics p.179
- Zywall zld cli reference guide p.180
- This example shows how to collect and display anti virus statistics it also shows how to sort the display by the most common destination ip addresses p.180
- Chapter 21 anti virus p.180
- Anti virus statistics example p.180
- General idp commands p.181
- Overview p.181
- Idp commands p.181
- Idp activation p.181
- Idp profile commands p.182
- Global profile commands p.182
- Activate deactivate idp example p.182
- Zywall zld cli reference guide p.183
- Use the following rules to apply idp profiles to specific directions of packet travel p.183
- Table 101 idp zone to zone rule commands p.183
- In this example we rename an idp signature profile from old_profile to new_profile delete the bye_profile and show all base profiles available p.183
- Idp zone to zone rules p.183
- Example of global profile commands p.183
- Command description p.183
- Chapter 22 idp commands p.183
- Command description p.184
- Chapter 22 idp commands p.184
- Zywall zld cli reference guide p.184
- Use these commands to create a new idp signature profile or edit an existing one it is recommended you use the web configurator to create edit profiles if you do not specify a base profile the default base profile is none p.184
- Use these commands to create a new anomaly profile or edit an existing one it is recommended you use the web configurator to create edit profiles if you do not specify a base profile the default base profile is none p.184
- The following example creates idp zone to zone rule one the rule applies the lan_idp profile to all traffic going to the lan zone p.184
- Table 102 editing creating idp signature profiles p.184
- Note you cannot change the base profile later p.184
- Example of idp zone to zone rule commands p.184
- Editing creating idp signature profiles p.184
- Editing creating anomaly profiles p.184
- Zywall zld cli reference guide p.185
- Table 103 editing creating anomaly profiles p.185
- Note you cannot change the base profile later p.185
- Command description p.185
- Chapter 22 idp commands p.185
- Command description p.186
- Chapter 22 idp commands p.186
- Zywall zld cli reference guide p.186
- Table 103 editing creating anomaly profiles continued p.186
- Zywall zld cli reference guide p.187
- Table 103 editing creating anomaly profiles continued p.187
- Command description p.187
- Chapter 22 idp commands p.187
- Zywall zld cli reference guide p.188
- Use this command to search for signatures in the named profile p.188
- Use these commands to edit the system protect profiles p.188
- Table 104 editing system protect profiles p.188
- Signature search p.188
- In this example we create a profile named test configure some settings display them and then return to global command mode p.188
- Editing system protect p.188
- Creating an anomaly profile example p.188
- Command description p.188
- Chapter 22 idp commands p.188
- Zywall zld cli reference guide p.189
- The following table displays the command line severity platform and policy type equivalent values if you want to combine platforms in a search then add their respective numbers together for p.189
- Table 105 signature search command p.189
- Search parameter tables p.189
- Note it is recommended you use the web configurator to search for signatures p.189
- Command description p.189
- Chapter 22 idp commands p.189
- Zywall zld cli reference guide p.190
- The following table displays the command line service and action equivalent values if you want to combine services in a search then add their respective numbers together for example to search for signatures for dns finger and ftp services then type 7 as the service parameter p.190
- Table 107 service and action command values p.190
- Table 106 severity platform and policy type command values p.190
- Severity platform policy type p.190
- Service service action p.190
- Example to search for signatures for windows nt windows xp and windows 2000 computers then type 12 as the platform parameter p.190
- Chapter 22 idp commands p.190
- Custom signatures screen p.191
- Signature search example p.191
- Note you must use the web configurator to import a custom signature file p.191
- Idp custom signatures p.191
- Zywall zld cli reference guide p.192
- This example shows you how to edit a custom signature p.192
- These examples show how to create a custom signature edit one display details of one all and show the total number of custom signatures p.192
- Custom signature examples p.192
- Chapter 22 idp commands p.192
- Zywall zld cli reference guide p.193
- This example shows you how to display custom signature details p.193
- Chapter 22 idp commands p.193
- Zywall zld cli reference guide p.194
- This example shows you how to display custom signature contents p.194
- Chapter 22 idp commands p.194
- Command description p.195
- Chapter 22 idp commands p.195
- Zywall zld cli reference guide p.195
- Use these commands to update new signatures you register for idp service before you can update idp signatures although you do not have to register in order to update system protect signatures p.195
- Update idp signatures p.195
- This example shows you how to display the number of custom signatures on the zywall p.195
- This example shows you how to display all details of a custom signature p.195
- Table 109 update signatures p.195
- Note you must use the web configurator to import a custom signature file p.195
- Update signature examples p.196
- These examples show how to enable disable automatic idp downloading schedule updates display the schedule display the update status show the new updated signature version number show the total number of signatures and show the date time the signatures were created p.196
- The following table describes the commands for collecting and displaying idp statistics you must use the p.196
- Table 110 commands for idp statistics p.196
- Idp statistics p.196
- Configure termina p.196
- Command to enter the configuration mode before you can use these commands p.196
- Command description p.196
- Chapter 22 idp commands p.196
- Zywall zld cli reference guide p.196
- Zywall zld cli reference guide p.197
- This example shows how to collect and display idp statistics it also shows how to sort the display by the most common signature name source ip address or destination ip address p.197
- Idp statistics example p.197
- Chapter 22 idp commands p.197
- External web filtering service p.199
- Content filtering reports p.199
- Content filtering policies p.199
- Content filtering overview p.199
- Content filtering p.199
- Table 111 content filter command input values p.200
- Label description p.200
- Content filter command input values p.200
- Content filte p.200
- Commands p.200
- Chapter 23 content filtering p.200
- Zywall zld cli reference guide p.200
- The following table explains the values you can input with the p.200
- Zywall zld cli reference guide p.201
- The following table lists the commands that you can use for general content filter configuration such as enabling content filtering viewing and ordering your list of content filtering policies creating a denial of access message or specifying a redirect url and checking your external web filtering service registration status use the p.201
- Table 111 content filter command input values continued p.201
- Label description p.201
- General content filter commands p.201
- Configure termina p.201
- Command to enter the configuration p.201
- Chapter 23 content filtering p.201
- Zywall zld cli reference guide p.202
- Table 112 content filter general commands p.202
- Mode to be able to use these commands see table 111 on page 200 for details about the values you can input with these commands p.202
- Command description p.202
- Chapter 23 content filtering p.202
- Chapter 23 content filtering p.203
- Zywall zld cli reference guide p.203
- The following table lists the commands that you can use to configure a content filtering policy a content filtering policy defines which content filter profile should be applied when it should be applied and to whose web access it should be applied use the p.203
- Table 113 content filter filtering profile commands summary p.203
- Table 112 content filter general commands continued p.203
- Content filter filtering profile commands p.203
- Configure termina p.203
- Command to enter the configuration mode to be able to use these commands see table 111 on page 200 for details about the values you can input with these commands p.203
- Command description p.203
- Zywall zld cli reference guide p.204
- Table 113 content filter filtering profile commands summary continued p.204
- Command description p.204
- Chapter 23 content filtering p.204
- Table 113 content filter filtering profile commands summary continued p.205
- Content filter url cache commands p.205
- Command description p.205
- Chapter 23 content filtering p.205
- Zywall zld cli reference guide p.205
- The following table lists the commands that you can use to view and configure your zywall s url caching you can configure how long a categorized web site address remains in the as well as view those web site addresses to which access has been allowed or blocked based on the responses from the external content filtering server the zywall only queries the external content filtering database for sites not found in the cache p.205
- Zywall zld cli reference guide p.206
- Use the p.206
- The following table describes the commands for collecting and displaying content filtering statistics you must use the p.206
- Table 115 commands for content filtering statistics p.206
- Table 114 content filter url cache commands p.206
- Content filtering statistics p.206
- Configure termina p.206
- Command to enter the configuration mode to be able to use these commands see table 111 on page 200 for details about the values you can input with these commands p.206
- Command to enter the configuration mode before you can use these commands p.206
- Command description p.206
- Chapter 23 content filtering p.206
- Content filtering statistics example p.207
- Content filtering commands example p.207
- Chapter 5 on page 45 p.207
- Note you must register for the external web filtering service before you can use it see p.207
- Zywall zld cli reference guide p.208
- Chapter 23 content filtering p.208
- Activate the customization p.208
- Zywall zld cli reference guide p.209
- Use this command to display the settings of the profile p.209
- Chapter 23 content filtering p.209
- General anti spam commands p.211
- Anti spam overview p.211
- Anti spam commands p.211
- Anti spam p.211
- Configure termina p.212
- Command to enter the configuration mode before you can use these commands p.212
- Command description p.212
- Chapter 24 anti spam p.212
- Activate deactivate anti spam example p.212
- Zywall zld cli reference guide p.212
- Zone to zone anti spam rules p.212
- This example shows how to activate and deactivate anti spam on the zywall p.212
- The following table describes the commands for configuring the zone to zone rules you must use the p.212
- Table 118 commands for zone to zone anti spam rules p.212
- Zywall zld cli reference guide p.213
- Table 118 commands for zone to zone anti spam rules continued p.213
- Command description p.213
- Chapter 24 anti spam p.213
- Zone to zone anti spam rule example p.214
- White and black lists p.214
- This example shows how to configure and display a wan to dmz anti spam rule to scan pop3 and smtp traffic smtp spam is forwarded pop3 spam is marked with a spam tag the zywall logs the event when an e mail matches the dnsbl see section 24 on page 216 for more on dnsbl the white and black lists are ignored p.214
- The following table identifies values used in these commands other input values are discussed with the corresponding commands p.214
- Table 119 input values for white and black list anti spam commands p.214
- Label description p.214
- Chapter 24 anti spam p.214
- Zywall zld cli reference guide p.214
- Zywall zld cli reference guide p.215
- Use the white list to identify legitimate e mail and the black list to identify spam e mail the following table describes the commands for configuring the white list and black list you must use the p.215
- Table 120 commands for anti spam white and black lists p.215
- Table 119 input values for white and black list anti spam commands continued p.215
- Label description p.215
- Configure termina p.215
- Command to enter the configuration mode before you can use these commands p.215
- Command description p.215
- Chapter 24 anti spam p.215
- White and black lists example p.216
- Regular expressions in black or white list entries p.216
- Dnsbl anti spam commands p.216
- Configure termina p.216
- Command description p.217
- Chapter 24 anti spam p.217
- Zywall zld cli reference guide p.217
- This table describes the dnsbl commands p.217
- Table 122 dnsbl commands p.217
- Turns dnsbl checking on p.218
- This example p.218
- Table 122 dnsbl commands p.218
- Sets the zywall to use dnsbl example com as a dnsbl p.218
- Sets the zywall to start dnsbl checking from the first ip address in the mail header p.218
- Sets the zywall to forward pop3 mail with a tag if the queries to the dnsbl domains time out p.218
- Sets the zywall to check up to 4 sender and relay server ip addresses in e mail headers against the dnsbl p.218
- Sets the dnsbl timeout tag to dnsbl timeout p.218
- Sets the dnsbl tag to dnsbl p.218
- Dnsbl example p.218
- Displays the dnsbl statistics p.218
- Command description p.218
- Chapter 24 anti spam p.218
- Zywall zld cli reference guide p.218
- Zywall zld cli reference guide p.219
- This example shows how to collect anti spam statistics and display a summary p.219
- The following table describes the commands for collecting and displaying anti spam statistics you must use the p.219
- Table 123 commands for anti spam statistics p.219
- Configure termina p.219
- Command to enter the configuration mode before you can use these commands p.219
- Command description p.219
- Chapter 24 anti spam p.219
- Anti spam statistics example p.219
- Anti spam statistics p.219
- Device ha overview p.221
- Device ha p.221
- Cluster id p.222
- Before you begin p.222
- Active passive mode device ha p.222
- Virtual router p.222
- Note subscribe to services on the backup zywall before synchronizing it with the master zywall p.222
- Monitored interfaces in active passive mode device ha p.222
- General device ha commands p.222
- Virtual router and management ip addresses p.223
- Device h p.223
- Active passive mode device ha commands p.223
- Zywall zld cli reference guide p.224
- Table 126 device ha ap mode commands continued p.224
- Command description p.224
- Chapter 25 device ha p.224
- Virtual router redundancy protocol vrrp overview p.225
- Legacy mode vrrp device ha commands p.225
- Legacy mode vrrp device ha p.225
- Device h p.225
- Active passive mode device ha command example p.225
- Vrrp group overview p.225
- Zywall zld cli reference guide p.226
- Vrrp synchronization commands p.226
- Vrrp group commands p.226
- This table lists the commands for vrrp groups p.226
- This table lists the commands for synchronization you can synchronize with other zywall s of the same model that are running the same firmware version p.226
- Table 129 device ha commands synchronization p.226
- Table 128 device ha commands vrrp groups p.226
- Command description p.226
- Chapter 25 device ha p.226
- This table lists the commands for link monitoring link monitoring has the master zywall shut down all of its vrrp interfaces if one of its vrrp interface links goes down this way the backup zywall takes over all of the master zywall s functions p.227
- Table 130 device ha commands synchronization p.227
- Table 129 device ha commands synchronization continued p.227
- Link monitoring commands p.227
- Command description p.227
- Chapter 25 device ha p.227
- Zywall zld cli reference guide p.227
- User types p.229
- User group p.229
- User account overview p.229
- User group commands summary p.230
- User commands p.230
- The following table identifies the values required for many p.230
- The following sections list the p.230
- The first table lists the commands for users p.230
- Table 133 username groupname commands summary users p.230
- Table 132 username groupname command input values p.230
- Label description p.230
- Commands other input values are discussed with the corresponding commands p.230
- Commands p.230
- Command description p.230
- Chapter 26 user group p.230
- Zywall zld cli reference guide p.230
- Username groupnam p.230
- Zywall zld cli reference guide p.231
- User setting commands p.231
- User group commands p.231
- This table lists the commands for user settings except for forcing user authentication p.231
- This table lists the commands for groups p.231
- Table 135 username groupname commands summary settings p.231
- Table 134 username groupname commands summary groups p.231
- Table 133 username groupname commands summary users continued p.231
- Command description p.231
- Chapter 26 user group p.231
- The following commands show the current settings for the number of simultaneous logins p.232
- Table 135 username groupname commands summary settings continued p.232
- Command description p.232
- Chapter 26 user group p.232
- Zywall zld cli reference guide p.232
- User setting command examples p.232
- Zywall zld cli reference guide p.233
- This table lists the commands for forcing user authentication p.233
- Table 136 username groupname commands summary forcing user authentication p.233
- Force user authentication commands p.233
- Command description p.233
- Chapter 26 user group p.233
- The following table describes the sub commands for several force auth policy commands note that not all rule commands use all the sub commands listed here p.234
- The following commands show how to insert a force authentication policy at position 1 of the checking order this policy applies endpoint security policies and uses the following settings p.234
- Table 137 force auth policy sub commands p.234
- Force authentication policy insert command example p.234
- Force auth sub commands p.234
- Command description p.234
- Chapter 26 user group p.234
- Activate yes p.234
- Zywall zld cli reference guide p.234
- Zywall zld cli reference guide p.235
- User authentication required p.235
- This table lists additional commands for users p.235
- Table 138 username groupname commands summary additional p.235
- Source use address object lan1_subnet p.235
- Schedule no specified p.235
- Endpoint security object use eps winxp and eps winvista for the first and second checking eps objects p.235
- Endpoint security activate p.235
- Destination use address object dmz_servers p.235
- Description eps on lan p.235
- Command description p.235
- Chapter 26 user group p.235
- Additional user commands p.235
- Chapter 26 user group p.236
- Additional user command examples p.236
- Zywall zld cli reference guide p.236
- The following commands display the users that are currently logged in to the zywall and forces the logout of all logins from a specific ip address p.236
- The following commands display the users that are currently locked out and then unlocks the user who is displayed p.236
- Addresses p.237
- Address overview p.237
- Address commands summary p.237
- Zywall zld cli reference guide p.238
- This table lists the commands for address objects p.238
- The following sections list the address object and address group commands p.238
- Table 140 address object and address6 object commands p.238
- Command description p.238
- Chapter 27 addresses p.238
- Address object commands p.238
- The following example creates three ipv4 address objects and then deletes one p.239
- Chapter 27 addresses p.239
- Address object command examples p.239
- Zywall zld cli reference guide p.239
- Zywall zld cli reference guide p.240
- This table lists the commands for address groups p.240
- The following example creates host range subnet and link local ipv6 address objects and then deletes the subnet ipv6 address object p.240
- Table 141 object group commands address groups p.240
- Command description p.240
- Chapter 27 addresses p.240
- Address group commands p.240
- Zywall zld cli reference guide p.241
- The following commands create three address objects a0 a1 and a2 and add a1 and a2 to address group rd p.241
- Table 141 object group commands address groups continued p.241
- Command description p.241
- Chapter 27 addresses p.241
- Address group command examples p.241
- Services p.243
- Service object commands p.243
- Services overview p.243
- Services commands summary p.243
- Zywall zld cli reference guide p.244
- The following commands create four services displays them and then removes one of them p.244
- The first table lists the commands for service groups p.244
- Table 144 object group commands service groups p.244
- Table 143 service object commands service objects continued p.244
- Service object command examples p.244
- Service group commands p.244
- Command description p.244
- Chapter 28 services p.244
- The following commands create service icmp_echo create service group sg1 and add icmp_echo to sg1 p.245
- Table 144 object group commands service groups continued p.245
- Service group command examples p.245
- Command description p.245
- Chapter 28 services p.245
- Zywall zld cli reference guide p.245
- Schedules p.247
- Schedule overview p.247
- Schedule commands summary p.247
- Zywall zld cli reference guide p.248
- The following commands create recurring schedule schedule1 and one time schedule schedule2 and then delete schedule1 p.248
- Table 146 schedule commands continued p.248
- Schedule command examples p.248
- Command description p.248
- Chapter 29 schedules p.248
- Authentication server command summary p.249
- Ad server commands p.249
- Aaa server overview p.249
- Aaa server p.249
- Command description p.250
- Chapter 30 aaa server p.250
- Zywall zld cli reference guide p.250
- The following table lists the p.250
- Table 148 ldap server commands p.250
- Table 147 ad server commands continued p.250
- Ldap server commands p.250
- Ldap server p.250
- Commands you use to set the default ldap server p.250
- Radius server command example p.251
- Radius server p.251
- Note you can not delete a server group that is currently in use p.251
- Commands you use to set the default radius server p.251
- Commands you use to configure a group of ad servers p.251
- Command description p.251
- Chapter 30 aaa server p.251
- Aaa group server ad commands p.251
- Aaa group server ad p.251
- Zywall zld cli reference guide p.251
- The following table lists the p.251
- The following example sets the secret key and timeout period of the default radius server 172 3 0 00 to 87643210 and 80 seconds p.251
- Table 150 aaa group server ad commands p.251
- Table 149 radius server commands p.251
- Radius server commands p.251
- Zywall zld cli reference guide p.252
- The following table lists the p.252
- Table 151 aaa group server ldap commands p.252
- Table 150 aaa group server ad commands continued p.252
- Note you can not delete a server group that is currently in use p.252
- Commands you use to configure a group of ldap servers p.252
- Command description p.252
- Chapter 30 aaa server p.252
- Aaa group server ldap commands p.252
- Aaa group server ldap p.252
- Zywall zld cli reference guide p.253
- The following table lists the p.253
- Table 152 aaa group server radius commands p.253
- Table 151 aaa group server ldap commands continued p.253
- Note you can not delete a server group that is currently in use p.253
- Commands you use to configure a group of radius servers p.253
- Command description p.253
- Chapter 30 aaa server p.253
- Aaa group server radius commands p.253
- Aaa group server radius p.253
- Zywall zld cli reference guide p.254
- The following example creates a radius server group with two members and sets the secret key to 12345678 and the timeout to 100 seconds then this example also shows how to view the radius group settings p.254
- Table 152 aaa group server radius commands continued p.254
- Command description p.254
- Chapter 30 aaa server p.254
- Aaa group server command example p.254
- Authentication objects overview p.255
- Authentication objects p.255
- Aaa authentication commands p.255
- Test aaa command p.256
- Test aa p.256
- Test a user account command example p.256
- Table 154 test aaa command p.256
- Table 153 aaa authentication commands continued p.256
- Port 389 p.256
- Note you must specify at least one member for each profile each type of member can only be used once in a profile p.256
- Ip address 172 6 0 p.256
- Command you use to teat a user account on an authentication server p.256
- Command description p.256
- Chapter 31 authentication objects p.256
- Base dn dc zyxel dc com p.256
- Zywall zld cli reference guide p.256
- Aaa authentication command example p.256
- The following table lists the p.256
- The following example shows how to test whether a user account named userabc exists on the ad authentication server which uses the following settings p.256
- The following example creates an authentication profile to authentication users using the ldap server group and then the local user database p.256
- Zywall zld cli reference guide p.257
- The result shows the account exists on the ad server otherwise the zywall responds an error p.257
- Password abcdefg p.257
- Login name attribute samaccountname p.257
- Chapter 31 authentication objects p.257
- Bind dn zyxel engineerabc p.257
- Certificates overview p.259
- Certificates commands input values p.259
- Certificates p.259
- Certificate commands p.259
- Chapter 32 certificates p.260
- Certificates commands summary p.260
- Zywall zld cli reference guide p.260
- The following table lists the commands that you can use to display and manage the zywall s summary list of certificates and certification requests you can also create certificates or certification requests use the p.260
- Table 156 ca commands summary p.260
- Table 155 certificates commands input values continued p.260
- Label description p.260
- Configure termina p.260
- Command to enter the configuration mode to be able to use these commands p.260
- Command description p.260
- Zywall zld cli reference guide p.261
- Table 156 ca commands summary continued p.261
- Command description p.261
- Chapter 32 certificates p.261
- Zywall zld cli reference guide p.262
- Table 156 ca commands summary continued p.262
- Command description p.262
- Chapter 32 certificates p.262
- Zywall zld cli reference guide p.263
- The following example creates a self signed x 09 certificate with ip address 10 8 as the common name it uses the rsa key type with a 512 bit key then it displays the list of local certificates finally it deletes the pkcs12request certification request p.263
- Chapter 32 certificates p.263
- Certificates commands examples p.263
- Pppoe and pptp account commands p.264
- Isp accounts overview p.264
- Isp accounts p.264
- Zywall zld cli reference guide p.265
- The following table lists the cellular isp account commands p.265
- Table 158 cellular account commands p.265
- Table 157 pppoe and pptp isp account commands continued p.265
- Command description p.265
- Chapter 33 isp accounts p.265
- Cellular account commands p.265
- Ssl application object commands p.266
- Ssl application p.266
- Ssl application overview p.266
- Zywall zld cli reference guide p.267
- Table 159 ssl application object commands p.267
- Command description p.267
- Chapter 34 ssl application p.267
- Zywall zld cli reference guide p.268
- The following commands create and display a server type ssl application object named zw5 for a web server at ip address 192 68 2 p.268
- Ssl application command examples p.268
- Chapter 34 ssl application p.268
- Endpoint security overview p.269
- Endpoint security p.269
- Endpoint security commands summary p.270
- Configure termina p.270
- Command to enter the configuration mode before you can use these commands p.270
- Command description p.270
- Chapter 35 endpoint security p.270
- Zywall zld cli reference guide p.270
- User computers must have sun s java java runtime environment or jre installed and enabled with a minimum version of 1 p.270
- This table lists the commands for creating endpoint security objects you must use the p.270
- The following table describes the values required for many endpoint security object commands other values are discussed with the corresponding commands p.270
- The following sections list the endpoint security object commands p.270
- Table 161 endpoint security object commands p.270
- Table 160 input values for endpoint security commands p.270
- Requirements p.270
- Label description p.270
- Endpoint security object commands p.270
- Zywall zld cli reference guide p.271
- Table 161 endpoint security object commands p.271
- Command description p.271
- Chapter 35 endpoint security p.271
- Command description p.272
- Chapter 35 endpoint security p.272
- Zywall zld cli reference guide p.272
- Table 161 endpoint security object commands p.272
- Zywall zld cli reference guide p.273
- Windows service pack 2 or above p.273
- Windows auto update enabled p.273
- Table 161 endpoint security object commands p.273
- Peter wants to create and display an endpoint security object named eps example only the computers that match the following criteria can access the company s ssl vpn p.273
- Personal firewall windows firewall installed and enabled p.273
- Operating system windows xp p.273
- Endpoint security object command example p.273
- Command description p.273
- Chapter 35 endpoint security p.273
- Anti virus kaspersky anti virus v2011 installed and enabled p.273
- Then he also needs to check the personal firewall software name defined on the zywall copy and paste the name of the output item 4 for the setting later p.274
- However he needs to check the anti virus software name defined on the zywall the following example shows how to check all available anti virus software packages for which the zywall s endpoint security can check copy and paste the name of the output item 17 for the setting later p.274
- Chapter 35 endpoint security p.274
- Zywall zld cli reference guide p.274
- Zywall zld cli reference guide p.275
- Then he leaves the sub command mode and uses the show command to view the eps object settings p.275
- See chapter 18 on page 151 for how to configure an ssl vpn using this eps object p.275
- Now peter can create the eps object profile as the example shown next note that he uses the matching criteria all command to make sure all users computers have the required software installed and settings being configured before they access the company s ssl vpn p.275
- For users who fail the endpoint security checking peter decides to show them an error message of endpoint security checking failed contact helpdesk at 7777 if you have any questions the following shows how to configure the error message p.275
- Chapter 35 endpoint security p.275
- Dhcpv6 objects p.276
- Dhcpv6 object commands summary p.276
- Dhcpv6 object commands p.276
- This example makes test1 into a dhcpv6 address pool lease object for ipv6 addresses 2004 10 to 2004 40 p.277
- This example creates and displays a dhcpv6 lease object named test1 for ipv6 address 2003 1 with duid 00 01 02 03 04 05 06 07 p.277
- Table 163 dhcpv6 object commands continued p.277
- Dhcpv6 object command examples p.277
- Command description p.277
- Chapter 36 dhcpv6 objects p.277
- Zywall zld cli reference guide p.277
- Zywall zld cli reference guide p.278
- This example deletes the test1 dhcpv6 lease object p.278
- This example creates and displays a dhcpv6 pre fix delegation lease object named pfx for ipv6 address prefix 2005 64 and duid 00 01 02 03 04 05 06 07 then renames it to pd p.278
- This example creates a dhcpv6 pre fix delegation request object named pfx and displays its settings p.278
- Chapter 36 dhcpv6 objects p.278
- System overview p.279
- System p.279
- Customizing the www login page p.279
- Window background p.280
- Note message last line of text p.280
- Message color of all text p.280
- Logo title p.280
- Configure termina p.280
- Host name commands p.281
- Configure termina p.281
- Time and date p.281
- Date time commands p.282
- Console port speed p.282
- Configure termina p.282
- Domain zone forwarder p.283
- Dns overview p.283
- Dns commands p.283
- Configure termina p.283
- Zywall zld cli reference guide p.284
- This command sets an a record that specifies the mapping of a fully qualified domain name www abc com to an ip address 210 7 3 p.284
- Table 169 command summary dns continued p.284
- Dns command example p.284
- Command description p.284
- Chapter 37 system p.284
- Remote management overview p.285
- Remote management limitations p.285
- System timeout p.285
- System remote management p.285
- Zywall zld cli reference guide p.286
- The following table identifies the values required for many of these commands other input values are discussed with the corresponding commands p.286
- The following table describes the commands available for http https you must use the p.286
- Table 171 command summary http https p.286
- Table 170 input values for general system commands p.286
- Label description p.286
- Http https commands p.286
- Defaul p.286
- Configure termina p.286
- Common system command input values p.286
- Command to enter the configuration mode before you can use these commands p.286
- Command description p.286
- Chapter 38 system remote management p.286
- Chapter 38 system remote management p.287
- Zywall zld cli reference guide p.287
- Table 171 command summary http https continued p.287
- Defaul p.287
- Command description p.287
- Ssh implementation on the zywall p.288
- Requirements for using ssh p.288
- Http https command examples p.288
- The following table describes the commands available for ssh you must use the p.289
- Table 172 command summary ssh p.289
- Ssh commands p.289
- Ssh command examples p.289
- Defaul p.289
- Configure termina p.289
- Command to enter the configuration mode before you can use these commands p.289
- Command description p.289
- Chapter 38 system remote management p.289
- Zywall zld cli reference guide p.289
- This command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using ssh service p.289
- This command sets a certificate default to be used to identify the zywall p.289
- Zywall zld cli reference guide p.290
- You can configure your zywall for remote telnet access p.290
- This command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using telnet service p.290
- The following table describes the commands available for telnet you must use the p.290
- Telnet commands examples p.290
- Telnet commands p.290
- Telnet p.290
- Table 173 command summary telnet p.290
- Configure termina p.290
- Command to enter the configuration mode before you can use these commands p.290
- Command description p.290
- Chapter 38 system remote management p.290
- Configuring ftp p.291
- Configure termina p.291
- Ftp commands p.291
- Zywall zld cli reference guide p.292
- This command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using ftp service p.292
- This command displays ftp settings p.292
- The zywall will send traps to the snmp manager when any one of the following events occurs p.292
- The zywall supports mib ii that is defined in rfc 1213 and rfc 1215 the zywall also supports private mibs zywall mib and zyxel zywall zld common mib to collect information about cpu and memory usage and vpn total throughput the focus of the mibs is to let administrators collect statistical data and monitor status and performance you can download the zywall s mibs from www zyxel com p.292
- Table 175 snmp traps p.292
- Supported mibs p.292
- Snmp traps p.292
- Simple network management protocol is a protocol used for exchanging management information between network devices your zywall supports snmp agent functionality which allows a manager station to manage and monitor the zywall through the network the zywall supports snmp version one snmpv1 and version two snmpv2c p.292
- Object label object id description p.292
- Ftp commands examples p.292
- Chapter 38 system remote management p.292
- Command description p.293
- Chapter 38 system remote management p.293
- Zywall zld cli reference guide p.293
- The following table describes the commands available for snmp you must use the p.293
- The following command sets a service control rule that allowed the computers with the ip addresses matching the specified address object to access the specified zone using snmp service p.293
- Table 176 command summary snmp p.293
- Snmp commands examples p.293
- Snmp commands p.293
- Configure termina p.293
- Command to enter the configuration mode before you can use these commands p.293
- Dial in management p.294
- Connect an external serial modem to the dial backup port or aux port depending on your model to provide a remote management connection in case the zywall s other wan connections are down this is like an auxiliary interface except it is used for management connections coming into the zywall instead of as a backup wan connection p.294
- Configure the icmp filter to help keep the zywall hidden from probing attempts you can specify whether or not the zywall is to respond to probing for unused ports p.294
- Configure termina p.294
- Command to enter the configuration mode before you can use these commands p.294
- Command description p.294
- Chapter 38 system remote management p.294
- Access p.294
- Zywall zld cli reference guide p.294
- You must use the p.294
- The ip icmp filter commands are obsolete see chapter 16 on page 133 to configure firewall rules for icmp traffic going to the zywall to discard or reject icmp packets destined for the zywall p.294
- The following command sets the password secret for read write p.294
- The following command sets the ip address of the host that receives the snmp notifications to 172 3 5 4 and the password sent with each trap to qwerty p.294
- Table 177 command summary icmp filter p.294
- Icmp filter p.294
- Response strings p.295
- For regular telephone lines the default dial string tells the modem that the line uses tone dialing atdt is the command for a switch that requires tone dialing if your switch requires pulse dialing change the string to atdp p.295
- Dtr signal p.295
- Dial in management commands p.295
- Configure termina p.295
- Command to enter the configuration mode before you can use these commands p.295
- Command description p.295
- Chapter 38 system remote management p.295
- At command strings p.295
- Zywall zld cli reference guide p.295
- The response strings tell the zywall the tags or labels immediately preceding the various call parameters sent from the serial modem the response strings have not been standardized please consult the documentation of your serial modem to find the correct tags p.295
- The majority of wan devices default to hanging up the current call when the dtr data terminal ready signal is dropped by the dte when the drop dtr when hang up check box is selected the zywall uses this hardware signal to force the wan device to hang up in addition to issuing the drop command ath p.295
- The following table describes the commands available for dial in management you must use the p.295
- Table 178 command summary dial in management p.295
- Vantage cnm commands p.296
- Vantage cnm p.296
- Dial in management command examples p.296
- Configure termina p.296
- Vantage cnm command examples p.297
- Language commands p.297
- Configure termina p.297
- Ipv6 commands p.298
- Configure termina p.298
- File directories p.299
- Configuration files and shell scripts overview p.299
- File manager p.299
- Zywall zld cli reference guide p.300
- Your configuration files or shell scripts can use exit or a command line consisting of a single to have the zywall exit sub command mode p.300
- You have to run the example in table 27 on page 300 as a shell script because the first command is run in privilege mode if you remove the first command you have to run the example as a configuration file because the rest of the commands are executed in configuration mode see section 1 on page 25 for more information about cli modes p.300
- While configuration files and shell scripts have the same syntax the zywall applies configuration files differently than it runs shell scripts this is explained below p.300
- These files have the same syntax which is also identical to the way you run cli commands manually an example is shown below p.300
- Table 183 configuration files and shell scripts in the zywall p.300
- Note exit or must follow sub commands if it is to make the zywall exit sub command mode p.300
- In a configuration file or shell script use or as the first character of a command line to have the zywall treat the line as a comment p.300
- Figure 27 configuration file shell script example p.300
- Comments in configuration files or shell scripts p.300
- Chapter 39 file manager p.300
- Zywall configuration file details p.301
- Setenv stop on error off p.301
- Errors in configuration files or shell scripts p.301
- Configuration file flow at restart p.302
- Setenv startup stop on error of p.302
- File manager commands input values p.302
- Zywall zld cli reference guide p.303
- The following table lists the commands that you can use for file management p.303
- Table 185 file manager commands summary p.303
- File manager commands summary p.303
- Command description p.303
- Chapter 39 file manager p.303
- Ftp file transfer p.304
- File manager command examples p.304
- Command line ftp file upload p.304
- Enter bin to set the transfer mode to binary p.305
- Connect to the zywall p.305
- Command line ftp file download p.305
- Command line ftp configuration file upload example p.305
- Chapter 39 file manager p.305
- Zywall zld cli reference guide p.305
- Use get to download files for example p.305
- Use dir or ls if you need to display a list of the files in the directory p.305
- Use cd to change to the directory that contains the files you want to download p.305
- The following example transfers a configuration file named tomorrow conf from the computer and saves it on the zywall as next conf p.305
- The firmware update can take up to five minutes do not turn off or reset the zywall while the firmware update is in progress if you lose power during the firmware upload you may need to refer to section 39 on page 307 to recover the firmware p.305
- Note uploading a custom signature file named custom rules overwrites all custom signatures on the zywall p.305
- Get vpn_setup zysh vpn zysh transfers the vpn_setup zysh configuration file on the zywall to your computer and renames it vpn zysh p.305
- Figure 28 ftp configuration file upload example p.305
- Recovery image p.306
- Firmware p.306
- Figure 30 zywall file usage at startup p.306
- Figure 29 ftp configuration file download example p.306
- Command line ftp configuration file download example p.306
- Chapter 39 file manager p.306
- Boot module p.306
- Zywall zld cli reference guide p.306
- Zywall file usage at startup p.306
- The zywall uses the following files at system startup p.306
- The recovery image checks and loads the firmware the zywall notifies you if the firmware is damaged p.306
- The following example gets a configuration file named today conf from the zywall and saves it on the computer as current conf p.306
- The boot module performs a basic hardware test you cannot restore the boot module if it is damaged the boot module also checks and loads the recovery image the zywall notifies you if the recovery image is damaged p.306
- Notification of a damaged recovery image or firmware p.307
- Note do not press any keys at this point wait to see what displays next p.307
- Restoring the recovery image p.308
- Note you only need to use this section if you need to restore the recovery image p.308
- Note you only need to use the atuk or atur command if the recovery image is damaged p.309
- Restoring the firmware p.310
- Note this section is not for normal firmware uploads you only need to use this section if you need to recover the firmware p.310
- Restoring the default system database p.312
- Using the atkz u debug command p.314
- Note you only need to use the atkz u command if the default system database is damaged p.314
- Log commands summary p.317
- Zywall zld cli reference guide p.318
- This table lists the commands to look at log entries p.318
- This table lists the commands for the system log settings p.318
- Table 188 logging commands system log settings p.318
- Table 187 logging commands log entries p.318
- System log commands p.318
- Log entries commands p.318
- Command description p.318
- Chapter 40 logs p.318
- The following command displays the current status of the system log p.319
- Table 189 logging commands debug log settings p.319
- System log command examples p.319
- Debug log commands p.319
- Command description p.319
- Chapter 40 logs p.319
- Zywall zld cli reference guide p.319
- This table lists the commands for the debug log settings p.319
- Zywall zld cli reference guide p.320
- This table lists the commands for the remote syslog server settings p.320
- This table lists the commands for the e mail profile settings p.320
- This table lists the commands for setting how often to send information to the vrpt zyxel s vantage report server p.320
- Table 192 logging commands e mail profile settings p.320
- Table 191 logging commands vrpt settings p.320
- Table 190 logging commands remote syslog server settings p.320
- E mail profile commands p.320
- Command description p.320
- Chapter 40 logs p.320
- Zywall zld cli reference guide p.321
- Table 192 logging commands e mail profile settings continued p.321
- Command description p.321
- Chapter 40 logs p.321
- Zywall zld cli reference guide p.322
- This table lists the commands for the console port settings p.322
- The following commands set up e mail log 1 p.322
- Table 193 logging commands console port settings p.322
- E mail profile command examples p.322
- Console port logging commands p.322
- Command description p.322
- Chapter 40 logs p.322
- Reports and reboot p.323
- Report commands summary p.323
- Report commands p.323
- Session commands p.324
- Report command examples p.324
- Packet size statistics commands p.324
- Command description p.324
- Chapter 41 reports and reboot p.324
- Zywall zld cli reference guide p.324
- Using the packet size statistics to view packet size distribution may aid you in troubleshooting network performance in particular a large number of small packets can drastically reduce throughput this table lists the commands to enable and disable packet size statistics data collection and display the setting status and statistics p.324
- This table lists the commands to display the current sessions for debugging or statistical analysis p.324
- The following commands start collecting data display the traffic reports and stop collecting data p.324
- Table 196 packet size statistics commands p.324
- Table 195 session commands p.324
- The following table identifies the values used in some of these commands other input values are discussed with the corresponding commands p.325
- Table 198 email daily report commands p.325
- Table 197 input values for email daily report commands p.325
- Table 196 packet size statistics commands continued p.325
- Label description p.325
- Email daily report commands p.325
- Configure termina p.325
- Command to enter the configuration mode before you can use these commands p.325
- Command description p.325
- Chapter 41 reports and reboot p.325
- Zywall zld cli reference guide p.325
- Use these commands to have the zywall e mail you system statistics every day you must use the p.325
- Table 198 email daily report commands continued p.326
- Stops the system name from being appended to the mail subject p.326
- Specifies example smtp mail server com as the address of the smtp mail server p.326
- Sets the subject of the report e mails to test p.326
- Sets the sender as my email example com p.326
- Sets my email example com as the fourth mail to option p.326
- Sets example administrator example com as the first account to which to send the mail p.326
- Has the zywall not use the second and third mail to options p.326
- Has the zywall not use the fifth mail to option p.326
- Email daily report example p.326
- Disables the reporting p.326
- Command description p.326
- Chapter 41 reports and reboot p.326
- Appends the date and time to the mail subject p.326
- Zywall zld cli reference guide p.326
- This example sets the following about sending a daily report e mail p.326
- Zywall zld cli reference guide p.327
- Turns on the daily e mail reporting p.327
- Sets the zywall to send the report at 1 57 pm p.327
- Has the zywall provide username 12345 and password 12345 to the smtp server for authentication p.327
- Has the zywall not reset the counters after sending the report p.327
- Has the report include cpu memory port and session usage along with traffic statistics p.327
- Chapter 41 reports and reboot p.327
- Use the p.328
- This displays the email daily report settings and has the zywall send the report p.328
- Reboot p.328
- If you made changes in the cli you have to use the p.328
- Command to save the configuration before you reboot otherwise the changes are lost when you reboot p.328
- Command to restart the device p.328
- Chapter 41 reports and reboot p.328
- Zywall zld cli reference guide p.328
- Use this to restart the device for example if the device begins behaving erratically p.328
- Session timeout p.329
- Diagnostics p.331
- Diagnosis commands example p.331
- Diagnosis commands p.331
- Packet flow explore commands p.333
- Packet flow explore p.333
- The following example shows the default wan trunk s settings p.334
- The following example shows all snat related functions and their order p.334
- The following example shows all routing related functions and their order p.334
- The following example shows all activated site to site vpn rules p.334
- The following example shows all activated dynamic vpn rules p.334
- The following example shows all activated 1 to 1 snat rules p.334
- Packet flow explore commands example p.334
- Chapter 44 packet flow explore p.334
- Zywall zld cli reference guide p.334
- Zywall zld cli reference guide p.335
- The following example shows all activated static dynamic vpn rules p.335
- The following example shows all activated policy routes which use snat and enable nat loopback p.335
- The following example shows all activated policy routes which use snat p.335
- The following example shows all activated dynamic vpn rules p.335
- The following example shows all activated 1 to 1 nat rules p.335
- Chapter 44 packet flow explore p.335
- Zywall zld cli reference guide p.336
- The following example shows the default wan trunk settings p.336
- Chapter 44 packet flow explore p.336
- Packet flow filter commands p.337
- Packet flow filter p.337
- Packet flow filter commands examples p.338
- Command description p.338
- Chapter 45 packet flow filter p.338
- Zywall zld cli reference guide p.338
- This example displays whether or not the packet flow filter is activated and whether the ring buffer is enabled or disabled p.338
- The following example configures packet flow filter 1 to display how the firewall and policy routes handle udp protocol 17 traffic with source port 123 sent from ip address 1 to ip address 5 port 456 then it turns on the packet flow filter p.338
- Table 203 packet flow filter commands continued p.338
- Zywall zld cli reference guide p.339
- This example displays the packet flow filter 1 s settings p.339
- This example displays the details of a captured packet flow in this case traffic matches and is dropped by firewall rule 3 p.339
- Chapter 45 packet flow filter p.339
- Zywall zld cli reference guide p.340
- This example activates the packet flow ring buffer feature p.340
- Chapter 45 packet flow filter p.340
- Maintenance tools p.341
- Zywall zld cli reference guide p.342
- Table 204 maintenance tools commands in privilege mode continued p.342
- Command description p.342
- Chapter 46 maintenance tools p.342
- Zywall zld cli reference guide p.343
- Table 205 maintenance tools commands in configuration mode p.343
- Table 204 maintenance tools commands in privilege mode continued p.343
- Some packet trace command examples are shown below p.343
- Maintenance command examples p.343
- Here are maintenance tool commands that you can use in configuration mode p.343
- Command description p.343
- Chapter 46 maintenance tools p.343
- Then configure the following settings to capture packets going through the zywall s wan1 interface only p.344
- The following examples show how to configure packet capture settings and perform a packet capture first you have to check whether a packet capture is running this example shows no other packet capture is running then you can also check the current packet capture settings p.344
- The following example creates an arp table entry for ip address 192 68 0 and mac address 01 02 03 04 05 06 then it shows the arp table and finally removes the new entry p.344
- Table 206 maintenance tools commands in configuration mode p.344
- Packet capture command example p.344
- Here are maintenance tool commands that you can use in configure mode p.344
- Command description p.344
- Chapter 46 maintenance tools p.344
- Zywall zld cli reference guide p.344
- Zywall zld cli reference guide p.345
- You can use ftp to download a capture file open and study it using a packet analyzer tool for example ethereal or wireshark p.345
- Use the ring buffer no p.345
- The maximum size of a packet capture file 100 megabytes p.345
- Save the captured packets to usb storage device p.345
- Manually stop the running packet capturing p.345
- Ip address any p.345
- Host port any then you do not need to configure this setting p.345
- Host ip any p.345
- File suffix example p.345
- File size 10 megabytes p.345
- Exit the sub command mode and have the zywall capture packets according to the settings you just configured p.345
- Duration 150 seconds p.345
- Check current packet capture status and list all stored packet captures p.345
- Chapter 46 maintenance tools p.345
- Watchdog timer p.347
- Software watchdog timer p.347
- Hardware watchdog timer p.347
- Zywall zld cli reference guide p.348
- The following example displays the application watchdog configuration and lists the processes that the application watchdog is monitoring p.348
- The application watchdog has the system restart a process that fails these are the p.348
- Table 209 app watchdog commands p.348
- Configure termina p.348
- Commands use the p.348
- Command to enter the configuration mode to be able to use these commands p.348
- Command description p.348
- Chapter 47 watchdog timer p.348
- Application watchdog commands example p.348
- Application watchdog p.348
- App watchdog p.348
- Chapter 47 watchdog timer p.349
- Zywall zld cli reference guide p.349
- List of commands alphabetical p.351
Похожие устройства
-
Zyxel USG1100Описание параметров -
Zyxel ZyWALL USG 2000Рекомендации по настройке -
Zyxel ZyWALL USG 2000Инструкция по установке -
Zyxel ZyWALL USG 2000Справочник командного интерфейса -
Zyxel ZyWALL USG 2000Инструкция по эксплуатации -
Zyxel ZyWALL USG 1000Инструкция по установке -
Zyxel ZyWALL USG 1000Рекомендации по настройке
-
Zyxel ZyWALL USG 1000Справочник командного интерфейса
-
Zyxel ZyWALL USG 1000Инструкция по эксплуатации
-
Zyxel ZyWALL USG 300Рекомендации по настройке
-
Zyxel ZyWALL USG 300Справочник командного интерфейса
-
Zyxel ZyWALL USG 300Инструкция по установке
Узнайте о таймерах watchdog для аппаратного и программного обеспечения. Получите информацию о командах и настройках для обеспечения надежности системы.