ZyXEL Communications 4.04 Network Card User Manual
Contents
1. COMMAND DESCRIPTION M config delete firewall attack send Deletes the setting for whether an alert should be sent on R B alert registering an attack config delete firewall attack tcp Deletes the setting for DOS detection based on the R B max incomplete maximum number of sessions allowed with the same destination host address config delete firewall mail Removes all settings for e mailing the firewall log R B config delete firewall mail day Deletes the setting for which day the firewall log e mail is R B sent config delete firewall e mail Deletes the setting for where the e mail is sent to R B email to config delete firewall mail hour Deletes the setting for which hour the e mail is sent R B config delete firewall e mail mail Deletes the setting for which e mail server is used to send R B server the e mail config delete firewall mail Deletes the setting for which minute the e mail is sent at R B minute config delete firewall e mail Deletes the setting for the schedule for when the e mail is R B policy sent config delete firewall e mail Deletes the setting for the return address for the e mail log R B return addr config delete firewall e mail Deletes the setting for the subject of the e mail log R B subject config delete firewall set lt set gt Removes the specified set of rules applying to traffic from a R B given interface to another config del2. RAST ORS Ra OSS ewe 34 CecOerver list IIe d 9 UIROS doe ob xp be hae eee oe el ewe eee 34 PERC GENE cob aded s deae a a w du eee ote eee e E HUE make 34 Wise 206 che p Ra Nd REUS Cade ted Re Soe Gates eaqui aoe eaten ROS 34 meses Seiten spies e hae Sas eG Ree Mok S RARE ee HOG ROL fu qs taie x aas 34 seag Pape sre ee Ree oe a Gee ee ee oe de aU ea eae 34 Sage queue been dene we Rese Fades Roads mena ee ida a 39 Ronen Elas eo Y BOULE EID Rete Generar du QUE 39 Got OLETE QUE a Wo Ue Oe BORER ESR COR E A Fe d rece du EE PPS 39 Dt QLP SAUR por GR UR 39 Gral Q2 6 494 44 dede eee See BERS IPS Sd ded ed eae 39 OisshpboDnsB heck iad Pike Xa o EROR ed eS o Ae ACC RO AC ide Medici C E NR dec CR 39 USELESS BUS POLE E eue KON EP Op RE Eae due No HEC 39 ES SS OPPES Qu ru quand eu xU d EORR E a qua Eb d x RCRAGE Roa qox E Re RC NR KO dg dE e do CREE 39 epsBlISDHR DEBE nuage S d ad Ka eo E p a e E qd RIDE dt uo cU ea eee ee iR 39 VNDE ASHE AS EN XX dew RA dd d mas 39 Dnistatus qe elo pos Rho gore ee ee ae 40 Ore Li ee nee eee don
3. Table 61 Ipsec Commands continued COMMAND DESCRIPTION M ipsec ipsecDisplay rule number Displays the specified IPSec rule Or displays all R B runtime IPSec rules without specifying a rule Use ipsecAdd or ipsecEdit to load an IPSec rule before using this command ipsec ipsecAdd Allocates a working buffer to add an IPSec rule R B ipsec ipsecEdit lt rule number gt Loads the specified IPSec rule for editing R B ipsec ipsecSave Saves the IPSec rule settings from the working R B buffer to the non volatile memory ipsec ipsecList Lists all IPSec rules R B ipsec ipsecDelete lt rule number gt Deletes the specified IPSec rule R B ipsec ipsecConfig name lt name gt Sets the IPSec rule s name up to 31 characters R B ipsec ipsecConfig active lt Yes No gt Turns the IPSec rule on or off R B ipsec ipsecConfig saIndex lt index gt Binds the IPSec rule with the specified IKE rule R B ipsec ipsecConfig multiPro Yes No Enables the multiple proposal R B ipsec ipsecConfig nailUp lt Yes No gt Enables the nailed up R B ipsec ipsecConfig activeProtocol Sets the active protocol R B 0 AH 1 ESP ipsec ipsecConfig encryAlgo Sets the phase 2 encryption algorithm R B 0 Null 1 DES 2 3DES 3 AES gt ipsec ipsecConfig encryKeyLen Sets the phase 2 encryption key length R B lt 0 128 1 192 2 256 gt ipsec ipsecConfig authAlgo Sets the phase 2 authentication algorithm R B 0 MD5 1 SHA1 ipsec ipsecConf
4. A EC d Rd OR TE e CAO OEC RE ced E CR 96 ip alg disable lt ALG FIP IALO MAZI JALO SIPS seniorke eh Dog Kp ace ere e eR CC AC RC o AG 6 ip alo disable lt AUG PIP ALG A323 ALG OIPF mo RR ade ROCA CRCAOL ci 97 DD Ale dien Sah Sa com ite S Sb ades ear dei d a dois ed x dia i ddp 6 M SB vlc di Se daa cdd ub eS RS ee oem ae aa wea E sd imd qd 97 ip alg enable lt ALG FTP ALG B323 AT SIE E a a ea eae ae 6 ib alg Bnable AT Mia ALG SOLES 223942 9d edd ee once cdd Aa 8 Lp alg LbpEPssrtNuU POTE seaxackpang dose EO KO x ROGER 6 Le alg Fep oEEN Sere zerrari eror d REOR COREE S EP boi A S RE Rad 97 lp alg Eu RU RR eee WN hae eRe Se ESE ERED RES REAR SEER ROC RU RC 6 ip alg SXZXDpLINGSQGUC TO ESET EASES LORE d MUR P 97 lp alias IUHOOIdf ape qao E wee pea ese Sa KER S PHRASE OQ CORAN RE MERE Roe CICER OR CR C EUER 6 acr uda S endo Rede iva ou unb o a ee Ro EUER DU ROCA OE UA IO d e Mee pra ar rus IX Ap arp mORDPSLUICONS sctivs do dc RC Re EEG Re deae doo MGR 98 Xp arp sckGrastulbLous forcevpdare Ionloft eese Re RU 98 ip arp add lt ip addtess gt ether masc address RARUS RUE EORR UR cee AGRONL RE RO
5. 169 wan Sard networkMode SHOW 214676480 ER GSN PT HU PERI d qux P SSE EWE SEES Ee 169 wwan card serviceProv change networkmodeindex esee irak ee eee awe een nn 169 Hwan pord SOREVULIOBDPOU SPON Laeta ue Fog o IRR Cd ORCI VEO p Uo de MUR o o ee opc a ood 169 WAN pard aW e RACE OR ECC GARE RR d e e Ke a 169 Hian ponio Son CSELEIUES wee a 9 x ue SSE iP eb Ped EUR RE ved xd Pee db deddes ER ES 158 wet contis suthTvpe KR RAO 153 yvan contre datae gir qom orci ix HR Un tono c eis 170 muan contis data enable E T WWan config budgetCbrl data quota deta quotes dex Uh UR Rem Rae x Roe eR RD RR RR ITO wusm contis ace che oh Bx x ae hace Rae CR daw ce we 170 wwan config budgetCtrl highbimtt alert sede send 4 eer ana gen on ke eit 170 WWEN Contig budgetctrl bhrghLimrit AllewNewbonn on oii ccawdiswnes Saved tenaa eaii 170 wwan contig budgetCtrl BighLimit KeepCurcrConn on GEf veda need bana ieee kak 170 pwan contig budgetsotrel higbhLimir log E A ca 170 contig budgekCerl BIGNLENUE qao cc X x44 3 3 3 SAREE SDE ees RR 170 ween contio budgetOtrl lowLimdt alert e
6. ZyWALL ZyNOS CLI Reference Guide Chapter 2 Common Commands Use the following commands for system debugging A console port speed of 115 200 bps is necessary to view packet traces on the ZyWALL ras sys trcpacket sw on ras sys trcdisp brief 0 09 21 27 180 ENET1 T 0342 UDP 0 0 0 0 68 gt 255 255 255 255 67 1 09 21 30 180 ENET1 T 0342 UDP 0 0 0 0 68 gt 255 255 255 255 67 2 09 21 37 180 ENET1 T 0342 UDP 0 0 0 0 68 gt 255 255 255 255 67 3 09 21 53 180 ENET1 T 0342 UDP 0 0 0 0 68 gt 255 255 255 255 67 4 09 21 55 180 ENET1 T 0342 UDP 0 0 0 0 68 gt 255 255 255 255 67 ras sys trcdisp enif0 bothway TIME 09 24 53 180 enet1 XMIT 1en 342 call 0 0000 ftf Ef ff ff 00 13 49 00 00 02 08 00 45 00 0010 01 48 04 df 00 00 ff 11 b5 c6 00 00 00 00 ff ff 0020 ff ff 00 44 00 43 01 34 e6 79 01 01 06 00 00 00 0030 1 4f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0040 00 00 00 00 00 00 00 13 49 00 00 02 00 00 00 00 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 The extended ping command is used to have the ZyWALL ping IP address 172 16 1 202 five times in the following example ras ip pingext 172 16 1 202 n 5 Resolving 172 16 1 202 172 16 1 202 sent rcvd size rtt avg max min 1 1 36 510 510 510 5
7. Damnbetf ACE ACER EON 119 LE iep TACOS br taria dor qddcqve eee 118 ip Eque SEO C UR CR 117 ip ifconfig interface ip address lt mask bits gt lt broadcast address gt lt mtu value gt varius RR Il rp emp debug XC UR RUE ORC NOR NONU RR RR 111 ago gmp dorwerdall Ono dcdn d nd wies iaraa E du RES dU BA dd RE Doras NEN RA ip gmp ifsce lt interrece gt grouptm 2602142748354 E cnc steed names eee eee Sw ee won IIT ZyWALL ZyNOS CLI Reference Guide Index of Commands ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip Lone tases lt interface gt interyal eee eae 111 lup thats lt 2nteriace gt Jain REC KG RR REE SORES 11g irace lt interiaces Leave AQEPDHDE eee awe eee 111 AcRd md 4 e ea 112 ddp iface Interfarp raptime 10D0 283 933993 4 iawo iit PFERDE S d Sx RES 112 ioo State x b
8. sys myZyxelCom serviceRefresh Gets up to date service status from the R myZyXEL com database sys myZyxelCom display Displays the ZyWALL s registration information R sys myZyxelCom serviceDisplay Displays the service status including the expiration R date if the service is already activated ZyWALL ZyNOS CLI Reference Guide 196 Chapter 18 myZyXEL com Commands 18 2 Country Codes The following section lists the relationship between countries and country codes defined in the ZyWALL Table 64 Country Codes COUNTRY NAME COUNTRY CODE AFGHANISTAN 1 ALBANIA 2 ALGERIA 3 AMERICA 4 ANDORRA 5 ANGOLA 6 ANGUILLA 7 ANTARTICA 8 ANTIGUA AND BARBUDA 9 ARGENTINA 10 ARMENIA 11 ARUBA 12 ASCENSION ISLAND 13 AUSTRALIA 14 AUSTRIA 15 AZERBAIJAN 16 BAHAMAS 17 BAHRAIN 18 BANGLADESH 19 BARBADOS 20 BELARUS 21 BELGIUM 22 BELIZE 23 BENIN 24 BERMUDA 25 BHUTAN 26 BOLIVIA 27 BOSNIA AND HERZEGOVINA 28 BOTSWANA 29 BOUVET ISLAND 30 BRAZIL 31 BRITISH INDIAN OCEAN TERRITORY 32 BRUNEI DARUSSALAM 33 BULGARIA 34 BURKINA FASO 35 ZyWALL ZyNOS CLI Reference Guide Chapter 18 myZyXEL com Commands Table 64 Country Codes COUNTRY NAME COUNTRY CODE BURUNDI 36
9. RR OEE RAS ERS 100 ci GxternalDB cache delete xentry n umber Rll 9 ciceaca cen eed Sw ADRES OER ERS Oe OREO 100 pr sXxXbebthalDE cache display 64 4024 34 ROGER ARR OCURRE KC R DRE Re ORES ee 100 of sBXLarnalDB cache tifeoUut FOURS OY C 100 ESI 2ternel ls enable ORIOLE 43uqcoacxued ACRORC RON God ACC UR OCURRA CR CR CC 100 cl GSXLarnalDB enablenog Con OlLbo ce aw eee OR AUR CSRS OHS SHS OO RR SRR SERS 100 cf externalDB exDblogserver server address iss x we ER OD 100 GI gubernalDb matchweb nene eed 100 cf externalDB queryURL index url lt Server localCache gt 153 cr gxternalDB reginftg display pO SOEUR RR RU RUE CR 101 DI Eerie Or Seon wb WAP do Roe da 101 serverList CsA nocd dee ERN Va EE PEQEEX E qu ERE A RF P Sd eR 101 GI external DE ServerList rerrgSh Ges GIRO SOM ASS RUE dUvsod ach e 191 ct externalDB serverunavailable none log block both i mn n m ymmo AUI cl externalDB untatedweb none log block BOUEN aee XU 9E OR SOR d DR px RR OE V wow 101 ef SsGxtebnelDE wAitingTine seconds sxcai cedars lt ocke sedan tase needed CR CC ed how 101 er Bh eck ada rust heywaord gt eas kee eae Ee ES 101 ct object delete rrust untrust keyword ndex
10. a aU DA IT HIM SEL cies Che Od Rd er Soha eq pix dd d ada E Ld 171 contig sehe KEELING epe Rote qo eani doo nec noe aen ibo JT Contry Mone Ge EBEN a dE qup acc ride Ree S Wc LAL Conta wenlclpAsusssm Le 23e kd dk Y Penden RP ate lar berated eR Vade A eE ITI LOBE 654 46 ASS 171 protils select Inden uana teens x kd e des x d EEG ROG KH RR d RR CR EROR E eR CM 171 Proc Lis AW taste need RE GS ae e iC Cerda Y dunes Re beh ebd apu ded s L71 BETA vu xad e ook a EX NC E ROCA E deb ACC CC 171 ZyWALL ZyNOS CLI Reference Guide Index of Commands ZyWALL ZyNOS CLI Reference Guide
11. qb pa dE d Hp dod ed PORES TQ d eg ves eu xeu pd quiu ue qE ed d edt bue 115 ror eerie Otic eves neave sin See pe RODA BORA CHE eR C EO gd at ILS rpe ip ee same Ree na cok he eee eee ee ae see eG kamen Rae TLS STF Igi misem LOOSE s lt esdcecaseeediundo Nara ea a A A rpt Skart Ortam DS mE Lg 3 ete ede tae ete eee I15 rnt Iein ema Dc ber ex met ddd e Ree E CR d dr a vss Ru Re A Elm E 115 rpt dea Boon eo KR RI cn re CR Ko oce ere da HE Sees coud S Qs ERN D E Red SO E dS pd ire Sue uda dde dou d da ras arb hes edd wg ETT 1135 BSttoute coniig actave Midas bw OW YCRUGC RR SERRA CANES 115 stroute config destination dest ip address mask bits gateway ip lt metric gt 115 St route Contig DEDBNASU XTIO 2606 ed ede quee eee be eRe KEINE be eee ee qud ques Iry SUrOHNPe coniig nask eb Red day NE EE AR 115 stronce pontig Metria dl ue dede deg 116 Straube Contig Name IPSE Lua dace d od e RU Sad deat eK Ue ADR RO CD GE od Kec 116 pbroube sepia L ausexlbuTl 3 BUE Re xo rug de RR RR Gack de eulos 116 esd SINCER Ex aada mE Edd b due XE EE See Save ICE om he ee ee ee Ra payee aOR ae ee 115 ZyWALL ZyNOS CLI Refer
12. 0 0 0 0 Default gateway 0 0 0 0 Lease time 0 seconds Renewal time 0 seconds Rebind time 0 seconds Client State periodtimer flags Status Packet InCount 3 OutCount ip dhcp enifl client renew ip dhcp enifl status on iface enifl is client Hostnam zyxel zyxel com Domain Name zyxel com Server IP address 172 16 5 2 Client IP address DNS server 172 5716 5 27 Default gateway 172 16 37 25 Lease time 604800 seconds Renewal time 302400 seconds Rebind time 529200 seconds Client State Sy periodtimer 272 flags 2 Status Packet InCount 0 0 0 0 0 0 0 0 8 286 2 ras gt ras gt DHCP 3 OutCount retry timer 3 4 retry timer 2 ll e DiscardCount 172 16 37 48 24 1725 16 5 1 0 0 0 0 0 302397 DiscardCount I e 0 0 ZyWALL ZyNOS CLI Reference Guide Chapter 2 Common Commands To view the ARP table for the LAN port enter ip arp status enifO ras ip arp status enif0 received 1458 badtype 0 bogus addr 0 reqst in 312 replies 9 reqst out 16 cache hit 11278 88 cache miss 1521 11 IP addr Type Time Addr stat iface 172 16 1 44 10 Mb Ethernet 290 00 13 49 6b 10 55 41 enifo 172 16 1 123 10 Mb Ethernet 290 00 0a e4 06 11 91 41 enifo I72 165 129 10 Mb Ethernet 290 00 02 e3 57 ea 4f 41 enifo 172 16 1 122 10 Mb Ethernet 280 00 c0 a8 a e9 27 41 enifo 172 16 1 105 10 Mb Ethernet 280 00
13. 94 tan boca AA ee ewe ee Se Eee wee 133 Lg timoirdmne 209800 i224 cece stems dee Que o E RUE de 133 Le prr ewaniWwergHhto Wanz Wecghb ER ECCE EE KO RSS RS TR ER REO 133 poe channel disable CHANNELS 4524443 P RPEREEAE RO EE RES ERE e ae d eue Ed 145 poe channel enable lt CHANNEL gerent usr RNS DE RRES AGES RE RES KADER ES RENEE ER 145 pos channel SNGQW aao omae SOS SAMOS TERRES SSSA CRESS Oe ew eee ee Oe 145 poe debug PON QEE 13523 2a 4 phe Oe nee ORE DRA AGRAR RU SAVER SER OE EA RRS Re RACE ee CR 145 Poe Ciel Seer barrr SUE Sub Se ee dd e eee Ph OR ae es Ge dbaker ee E 145 grep Sareea G1 as oA eG bE AS XR dpud RAdaddd Sees Sees ads Sens 145 Pes Scher PES iori MP we ue 145 ZyWALL ZyNOS CLI Reference Guide 197 Index of Commands poe poe poe poe poe poe poe poe poe poe poe poe poe poe poe poe poe pptp pptp pptp pptp pptp pptp Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys lt NODE NAMES qoa scc dup Secale NW SR dp SOS E eee VES qQON SENSN RUE NE BE Ws 145 2pposoi Iel PONE 23 xaursucb kraka eR COR qx
14. OR Rom m RRS 88 D SONO 244b bob P4dod ede RO Qoae Ok ed dew rq pP PS Ee P wdExescas id iridis dde d eid 162 ROSENE uxo CR OR HEAR ORARE AS ACRES ESAS RUINA COMO FEROS YE ESS CN 162 logs category 8021x 0 none 1 10g 0 don t show debug typell show debug type 153 logs category access 0 none 1 10g 2 alert 3 both 0 don t show debug type 1 show Debug CYS sxcdue wXedded v ere Y A RE Edu EGE ded reed xeqeshdqpETIPPadbda e dog dev ewe 153 dogs Bstegsi as DU DMHORSILS ION 2 224499 59 3 E ROO 153 logs category attack 0 none 1 10g 2 alert 3 both 0 don t show debug typell show Henua CYPE X Reda dades nok Ee dun vid Ramee dq 153 logs category av O none 1l log 2 alert 3 both 0 don t show debug type 1 show debug 8445425 9255925055 ase aa nga d i seu ae dad qd Bud ad 153 logs category cdr 0 none 1 10g 0 don t show debug type 1 show debug type 153 Poss IUSDISN 449b a Quee be ba Sacto en see Sane IERI Edessa rade d edu e 153 logs category error O none 1 log 2 alert 3 both 0 don t show debug type 1 show gobud EYRE srei sre rat GOSS X OX OR ORO doe EHE OR OEE CON OE PUR EORR 153 legs category semp pUrinonellrliod use g3e3 3 gee EGGEGRGCEGRUS dedos d donk RARO ee 153 logs category idp 0 none 1 10g 2 alert 3 both 0 don t show debug type 1 show debug xdg ed kd edo XAR CY e RODA OR UC ENE RC HOES EEE RU C RC 153 logs categor
15. Antispam Commands Use these commands to configure antispam settings on the ZyWALL 3 1 Command Summary The following table describes the values required for many antispam as commands Other values are discussed with the corresponding commands Table 8 as Command Input Values LABEL DESCRIPTION interface Specifies an interface The options are 1an wan1 dmz wlan vpn not case sensitive number start Specifies an index number less than or equal to the total number of entries on a number end black or white list number timeout Specifies the timeout period in seconds The following section lists the commands for this feature Table 9 as Commands COMMAND DESCRIPTION M as asAction 011 When the mail session limit has been exceeded the ZyWALL R B either forwards further mail to recipients 0 or blocks further mail 1 as delete blackRule Deletes the blacklist filter The user can delete one filter ora R B number start number end set of filters number as delete whiteRule Deletes the whitelist filter The user can delete one filter ora R B number start number end set of filters number as dir interface interface Enables or disables antispam checking depending on the R B lt on off gt source and destination of the mail as display antispam Displays the antispam configuration R B as display runtimedata Displays runtime data for
16. 21 2424 RPM a bere eave sent Gee 149 Arcdmabe Ogg 2 222285 d do eS GrR RS a SAREE ee dd dd Ed RS 149 engue DSXEG 4e av aw SEED CARRERA TRAD HE REX CR RES RSS ER Sa Kod de 149 Lunnel Rose dus do Super dd ede hod uei be arde dA wed RA d 149 SEEN V bed iie adonde Rabe IE E ad ed edd vods a Re ea Qa OSE eap dd eed d qa deae 162 authserver locdluser disp X AA 154 authserver localuser edit index 0 inactive l active username password 151 duthserver logaluser load 151 audthsserver localiser SAVE Q enaun ar xU ROO ACAURRCE UK EROR CAOR REP EEEREN ERA Re OR Dg 191 eu qni Pedes dudo ev d Pn AERA EM PCM quc qd Od P qoM 162 Carnie QSOs cerddi a4 kb p EORR CE EN qua OR CE GUARD e dE Re d 162 Singe 1444x993 Sh b CERES ECR E REN ERIE ISS COREE 162 gpounbtrvendo 252445 CES ADRCS SOROS BEE EQUIS ASHE SEWER eue RU d 162 162 Gace gabe yer SB nagd sede ego dE cokes tad ae ees eau adu Bd eoe uad 151 garterime xx UE V Gh dae ees Sr UR GR ORA RR Tal pute esi he BOS SG AES Ap dd uw as e EE 152 datetine time Ah Ime SRY xk ewes eed we dew wm RR RR EUR RC nee DR aerial CR OR OR
17. COMMAND DESCRIPTION M sys atsh Displays system information R B sys baud 1 5 Sets the console port speed 1 38400 bps 2 19200 bps 3 R B 9600 4 57600 5 115200 sys callhist display Displays the call history R Sys callhist remove index Removes an entry from the call history R Sys countrycode countrycode Sets or displays the country code See Table 64 on page 136 R B for the country codes Sys cpu display Displays the CPU utilization R B sys ddns debug lt 0 off 1 on gt Enables or disables the DDNS debug service R B sys ddns display lt index gt Displays DDNS information for the specified entry R B sys ddns restart lt interface gt Updates DDNS on the specified interface R B sys domainname domain name Sets or displays the domain name R B sys edit lt filename gt Edits the system preset text files such as autoexec net R B sys feature Displays information on available features R B sys filter netbios config lt 0 10 gt NetBIOS Network Basic Input Output System are TCP or R B lt on off gt UDP broadcast packets that enable a computer to connect to and communicate with a LAN For some dial up services such as PPPoE or PPTP NetBIOS packets can cause unwanted calls Use this command to turn the NetBIOS filter on or off for the specified traffic 0 Between LAN and WAN1 1 Between LAN and DMZ 2 Between WAN1 and DMZ 3 IPSec pass through 4 Trigger Dial 5 Between LAN and WLAN 6 Between WAN1 an
18. Table 61 Ipsec Commands continued COMMAND DESCRIPTION M ipsec manualConfig lcAddrStart ip Sets the local network starting IP address R B address gt ipsec manualConfig lcAddrEndMask ip Sets the local network ending IP address for a R B address gt range or the subnet mask for a subnet ipsec manualConfig lcPortStart port Sets the starting port for local network traffic This is R B to limit the traffic sent or received in the VPN tunnel ipsec manualConfig lcPortEnd lt port gt Sets the ending port for local network traffic This is R B to limit the traffic sent or received in the VPN tunnel ipsec manualConfig rmAddrType Sets the remote address type R B 0 single l range 2 subnet ipsec manualConfig rmAddrStart ip Sets the remote network starting IP address R B address gt ipsec manualConfig rmAddrEndMask lt ip Sets the remote network ending IP address for a R B address gt range or the subnet mask for a subnet ipsec manualConfig rmPortStart lt port gt Sets the starting port for remote network traffic This R B is to limit the traffic sent or received in the VPN tunnel ipsec manualConfig rmPortEnd lt port gt Sets the ending port for remote network traffic This R B is to limit the traffic sent or received in the VPN tunnel ipsec manualConfig activeProtocol Sets the protocol the manual key rule uses R B lt 0 AH 1 ESP gt ipsec manualConfig ah encap Sets the encapsulation mode when using AH R B
19. A ROS WO p Soe a oh 135 pi dM 6 seek e 162 peobpeTvpe psum i SEED 4 33383 GLACE UE BUR RURSUS a E ACIER Ged eee GP Jeu CR IRR M m 162 pudsvrm Wire Lus cae takes RN WE HS Equi Kd Sh O44 X edad 183 2 020 A 163 ZyWALL ZyNOS CLI Reference Guide Index of Commands Soe ABDQE 6i0 es qusc qeq dices depu qu pac p RU QR EP duae VE RR Re 163 Bus POSU DEL QOIBSDISS 22445 5 XAq REN HER d EAR EE A RAN EC WE dU 163 Sve restart Viner Mine Q2 oes xh ASE HSER REESE QU doR EA E NR RU RES 163 sus n Lana qox XO EURO ae eed eae 158 Se En Case ROPE yee Ga cA abs SO e Oe ee Shed ee cin d Oe e ex eee dp See e dub ded de EIER S 158 Bue Em load Serer od e4gaGcka eR VOR RE do CE qe ko EDS E A RECREATION SES RAE d ec M 158 Sve Li MEU QS Teel S00 base Stee SRE E e 158 Sos sins p we 158 Sys rH nac none gS8QjU S qa des RE xo eee 158 sve ru Pingu aN vce oak at thew Masa he CA dE IN RO UN 158 sys DH Save odio odio oe otro oie iom eene bola 158 eos ergot
20. ACCU CERRAR D RES Rw 68 delete custol service lt entrye gt DodpD OOUe 421 92 3 Exe dbase bee dado VR KASS 68 delete c ston service x REC NOU E A 68 delete custom service ehtrfyye ID DEFOLOOOL Hee ee ERE Se RES 68 delete c SLon gervicB DANS 68 delete cu ston service sentry Page s Sed p 68 delete custom service lt entry gt user defined ip 68 delete c ston service CEDDIEW EO d ep X Re Ke vog del ede dic eRe ERE 68 gelsta Irenai SOLI 1g492900 9 deu d d Rue dida ice So Web aG 68 delere firewall strate BIDER cede Ra c Oye d DN eed xps ex ER ada dA PR IES 68 delete firewall attack aed esos eR Ea ERE UP DERE eR Sew 68 delete firewall attack masx i ncomplete higb E RR RS 68 delete firewall attack max iuncomplebte lOoW ieee ede RUE ee Oa 68 delete Firewall Attack mindbe high 02444 Sse X4 Rad SAKE E Ro RC 68 delete firewall QUCLck 2 ci dete nee AOR EOE RG 68 delete tiveywall attack send alerkt asec tals kx 4 x dee Seed DOR ACE ICA Gee Ro dea e eoe Raa 69 delete iirewall attack bog BE 222243 EY E 3 RO AG des AUR RUE o 69 delete firewall ad ee Bu WA du aA Rd edd eese se xe 69 delete firewall Hat quad DEO uoa dox dee SHAD DE ER EHH ECR E
21. BEGIN CERTIFICATE MIIBIZCCAUGgAwIBAgIEOlptnzANBgkqhkiG9wOBAQUFADA2MOswCOYDVQOGEwJU VzETMBEGAl1UEChMKbXktY29tcGFueTESMBAGA1UEAxMJY2VydC10ZXNOMBA4XDTAx MDEWODAxNDcxMVoXDTA2MDEWOTAxNDcxMVowN jJELMAkKGA1UEBhMCVF cxEzARBgNV BAoTCm15LWNvbXBhbnkxEjAOBgNVBAMTCWNlcnQtdGVzdDBcMAOGCSqGSIDb3DQEB AQUAAOSAMEgCOODmnKh6ZZ5xaPukE4 djC6bu0Uyjf5aQ OysD 4 Udv8xFOL DpT1 c3xnu8hkp RCFS3 fK6ALiLsoMCOUmqg5bdDAgMBAAGjNzA1MAA4GA1UdDwEBAAQE AwICpDAPBgNVHREECDAGhwSsFyXLMBIGAl1UdEwWEBAAOIMAYBAf8CAQEWwWDOYJKOZI hvcNAQEFBOQADQOC9hq27VCDTu6L2JsDgU8jXwYghDDKXzPR5PZ4 OoryX5PFILrtr rNLh2eTCExnyyEggaRhJO0B63Ucam7hG4k5xW ere em END CERTIFICATE I This example imports a VeriSign certificate as a trusted CA The CA certificate has to be PEM encoded Refer to Section 8 2 1 on page 59 for how to save a certificate in PEM encoded format ras certificates ca trusted import VeriSign Please paste the PEM encoded certificate onto the screen Press Ctrl D when finished or Ctrl C to cancel Note 9600 bps console port speed guarantees minimum transmission error rate END CERTIFICATE rTJXwT40Pjr0191X817 0WOgHz8UA ZHuO3ABC 8 2 1 Saving Certificates as PEM encoded Format Do the following to save a certificate in PEM encoded format ZyWALL ZyNOS CLI Reference Guide
22. failTolerance 120 seconds scoreTimeout 7 seconds 3 2 Command Examples Use this example to load the antispam module and configure it to filter email received from the WAN and addressed to a client on the LAN ras gt as enable 1 Anti spam enabled ras as dir WAN1 LAN on From To lan wanl dmz wan2 wlan vpn lan off off off off off off wanl on Off off off off dmz off off off off off off wan2 off off off off off off wlan off off off off off off vpn off off off off off off ras 34 ZyWALL ZyNOS CLI Reference Guide Antivirus Commands Use these commands to configure antivirus related settings on the ZyWALL 4 1 Command Summary The following table describes the values required for many antivirus av commands Other values are discussed with the corresponding commands Table 11 Command Input Values LABEL DESCRIPTION protocol Specifies a protocol The options are ftp http pop3 smtp interface Specifies an interface The options are lan wan1 dmz wlan vpn The following section lists the commands for this feature Table 12 av Commands COMMAND DESCRIPTION M av config decompress lt on off gt Enables or disables zip file decompression on the fly to one R B level of decompression TCP packet assembly checking also needs to be enabled to support this function Use av tune config 17 asm to enable TCP packet assembly checking if is not alr
23. ls wrr lt wanl weight gt wan2 Configures the Weighted Round Robin weight parameters for R weight the WAN1 and WANe interfaces The weight can be 0 10 ZyWALL ZyNOS CLI Reference Guide 198 Chapter 17 Load Balancing Commands 17 2 Command Examples This example sets Least Load First load balancing to distribute 100 Kbps of upstream traffic to WANI for every 200 Kbps of upstream traffic that goes through WAN2 The bandwidth measurement is averaged over 30 seconds Then it changes the load balancing method to Least Load First ras ls band up 100 200 ras ls mode 1 ras ls disp Load Sharing Active Yes Load Sharing dispatch outgoing traffic by Least Load First Method Upstream Upload traffic WAN1 100 WAN2 200 Download traffic WAN1 0 WAN2 0 ras ls timeframe 30 This example configures Weighted Round Robin load balancing to give a weight of 10 to WANI and a weight of 5 to WAN2 Then it changes the load balancing method to Weighted Round Robin ras ls wrr 10 5 ras ls mode 2 ras ls disp Load Sharing Active Yes Load Sharing dispatch outgoing traffic by Weighted Round Robin WAN1 weight 10 WAN2 weight 5 This example configures spillover load balancing to send traffic to the secondary WAN when the primary WAN bandwidth exceeds 100 Kbps Then it changes the load balancing method to spillover ras ls spillover 100 ras ls mode 3 ras ls d
24. 21 3 Date and Time Commands The following section lists the date and time commands Table 72 Date and Time Commands COMMAND DESCRIPTION M sys datetime date yyyy mm dd Sets or displays the system s current date in year month day R B format sys datetime period day Sets or displays the time period in days for how often the R B ZyWALL synchronizes with the time server ZyWALL ZyNOS CLI Reference Guide 151 Chapter 21 System Commands Table 72 Date and Time Commands continued COMMAND DESCRIPTION M Sys datetime sync Has the ZyWALL synchronize with the time server R B sys datetime time hh mm ss Sets or displays the system s current time in hour minute R B second format 21 4 Diagnostic Commands The following section lists the diagnostic commands Table 73 Diagnostic Commands COMMAND DESCRIPTION M sys diagnostic console Sends the diagnostic file through the console port R B sys diagnostic load Use this command to be able to use other commands to R B configure the ZyWALL s diagnostic settings sys diagnostic mail authEnable Enables or disables SMTP Simple Mail Transfer Protocol R B on off SMTP authentication sys diagnostic mail authPassword Sets the SMTP authentication password R B lt password gt sys diagnostic mail authUser Specifies or displays the user name up to 31 characters f
25. In this case if you want to send packets from network A to an overlapped IP ex 10 1 2 241 that is in the IP alias network M you have to set the swSkipOverlapIp command to on 16 3 Detect Zombie Tunnels in Tunnel or Gateway Mode The initial contact feature detects zombie tunnels and re establishes them right away For example in Figure 6 the ZyWALL X will have a zombie tunnel if ZyWALL Y suddenly turns off ZyWALL X still tries to send traffic through the VPN tunnel When ZyWALL Y turns back on it may have a new IP when it tries to establish the tunnel with ZyWALL X Enabling the initial contact feature on ZyWALL X makes the ZyWALL X delete the zombie tunnel upon receiving the initial contact from ZyWALL Y and establish a new tunnel Figure 6 Initial Contact example 1 em l I Internet l E kE e E I I I In addition assume there are three VPN tunnels using the two VPN gateways See Figure 7 VPN tunnel 1 Local network A Remote network B VPN tunnel 2 Local network C Remote network D VPN tunnel 3 Local network E Remote network F e When you use ipsec initContactMode gateway the initial contact sent from network B makes the ZyWALL X remove all three tunnels and re build new ones When you use ipsec initContactMode tunnel the initial contact sent from network B makes the ZyWALL X remove and re build only tunnel 1 Figure 7 Initial Contact Example 1 i x hterret ZyWALL
26. Table 61 Ipsec Commands continued COMMAND DESCRIPTION ipsec swSkipOverlapIp lt on off gt Turn this on to send packets destined for overlapping local and remote IP addresses to the local network you can access the local devices but not the remote devices Turn this off to send packets destined for overlapping local and remote IP addresses to the remote network you can access the remote devices but not the local devices R B ipsec swCfScan lt on off gt Enables or disables content filtering for IPSec packets R B ipsec adjTcpMss lt off auto user defined value The TCP packets are larger after VPN encryption Packets larger than a connection s MTU Maximum Transmit Unit are fragmented auto Automatically set the Maximum Segment Size MSS of the TCP packets that are to be encrypted by VPN based on the encapsulation type Recommended user defined value If fragmentation issues are affecting your network s throughput performance you can manually specify a smaller MSS 1 1460 bytes R B ipsec ha debug lt on off runtime spt gt Controls whether the HA debugging information is displayed or not on console Sets the runtime or spt with the command to display runtime data or the data stored in the ZyWALL s non volatile memory R B ipsec Drop policy index Disconnects the specified tunnel R B ipsec swSkipPPTP lt on off gt Set on to not forward PPTP pa
27. dmz wan2 wlan WN R B ether edit mtu value Sets the ethernet mtu size R B ther edit speed lt speed gt Sets the ethernet speed in Mbps and duplex speed auto 10 full 10 half 100 full 100 half R B ether edit save Saves the ethernet configuration R B ether dynamicPort set lt port gt lt type gt Sets the specified physical port mapping to DMZ WLAN or LAN port 1 4 type DMZ WLAN LAN R B ZyWALL ZyNOS CLI Reference Guide Chapter 12 Ethernet Commands 12 2 Command Examples This example changes the ZyWALL s WAN speed to 10 Mbps and full duplex ras ether edit load 2 ras ether edit speed 10 full ras ether edit save This example assigns the ZyWALL s physical port 4 to be DMZ ras ether dynamicPort set 4 DMZ ZyWALL ZyNOS CLI Reference Guide Firewall Commands Use these commands to configure firewall settings on the ZyWALL The following table describes input values for some of the firewall commands Other values are discussed with the corresponding commands 13 1 Command Summary Table 37 Firewall Command Input Values LABEL DESCRIPTION from A traffic source where the traffic enters the ZyWALL Use one of the following lan wanl wan2 dmz wlan vpn rule number The number of a specific firewall rule set number The number of a set of firewall rul
28. 2 Thenuse config edit custom service lt entry gt ip protocol user defined ip to enable setting the user defined IP protocol 3 You must use config edit custom service lt entry gt user defined ip 0 255 tosetthe IP protocol 4 After you save it you can add the custom service to a firewall rule config edit firewall set lt set gt Edits the rule to apply to a packet with a destination IP R B rule lt rule gt destaddr rang address which falls within the specified range start ip end ip config edit firewall set lt set gt Edits the rule to apply to a packet with the destination IP R B rule lt rule gt destaddr single ip address address gt config edit firewall set lt set gt Edits the rule to apply to a packet with the destination IP R B 74 ZyWALL ZyNOS CLI Reference Guide Chapter 10 Configuration Commands Table 27 config Command Summary continued COMMAND DESCRIPTION M config edit firewall set lt set gt Sets the desired TCP UDP custom port name R B rule lt rule gt destport custom 1 You must first configure a TCP UDP service name using string config edit custom service lt entry gt name lt string gt 2 Then specify the IP Protocol using config edit custom service lt entry gt ip protocol The options are TCP UDP or TCP UDP 3 Use config edit custom service lt entry gt range to set the port ra
29. 2 Increase the separation between the equipment and the receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio TV technician for help FCC Radiation Exposure Statement This transmitter must not be co located or operating in conjunction with any other antenna or transmitter For operation within 5 15 5 25GHz frequency range it is restricted to indoor environment IEEE 802 11b or 802 11g operation of this product in the U S A is firmware limited to channels 1 through 11 To comply with FCC RF exposure compliance requirements a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons a TEX zal ERTS SN PETERS BEST SSR RUNE CL RE ES JERESTHI gt cH BOE AW SAME A tS gt TUAE SS CR t s bE RE BS VME ER ERM AE HE Ss o FSP ETRE gt Nee ETHEEISEUS GOHREREESR HH MANANA RE PENE ARENA EIEN EE AGE BLE A R H EREA EER TE 1E 5250MHz 5350MHz Ads AEE Ze A
30. 69 delete firewall Nes sows aad hae qr dac d ob 69 delete firewall mari ete Serre cee kee qa Ead oed ge Yoda dE deiude gg 69 delete firewall Tac Me 2 Wendie ce xu dd Rua E SS d eS 69 delete firewall Marl DON U Buca RS d echa DR A eode e d oa eo e eer 69 delete firewall marl peturi erotiken E ded arbe vox eS 69 delete firewall marl SUE es uma Gobqddrxqdewed debxexePEs qdgdea de Rad e 69 delete firewall HR NC MEE CU ETE 69 delete firewall set connectlon timeoUL wie kk OCA RR 69 delete firewall set lt sete gt detault eQgtaON i420 ees a eed ea ee SOR or OR Ue d eR SS 69 delete firewall set fin walt timeoUEb de tad cee AUR enw eeu 69 delete firewall set lt et ccomp tYmneoWLb ressenti ein gee Re ee a HOE eae aOR ee dem RO 69 gelsta fives ger 108 26 SSG Ue d Buse eer dca 69 delete firewall set 5818 DENS si cos Rede e Suen A ees PERSeRReKER De Gade 69 delete firewall set lt set gt rule lt rule gt action 69 delete firewall set setf5 rule rulof ACTIVE lee eee kaca a ee ee Ge n 69 delete firewall ser rule lt rulef gt alert ee RES 70 delete firewall set lt set gt rule lt rule gt custom icmp 70 delete firewall set lt set gt rule lt rule gt
31. RC EORR CARA IR 152 diagnostic schedule policy hourly l1 da31y 2 weekly 3 n00n 4 re m n 152 diagnostice switch GAGE ssi3deeeed4dGeday d Rb de REOR RI EORR EROR GE a dg A RU RR WE 153 diagnostic bhreshocd 2233352943222 tee 3G 48 Rd e du Su We SESS x 153 domainname DOms amp JnemEeme 4334 x09 9 x E908 wm CRURA P am EA Birt rie Ae ea ORC ROC SOROR eve pee ae ms wh 162 ZyWALL ZyNOS CLI Reference Guide Index of Commands Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys BL hi aie uoi eae eR puede Rp ddp wes ideoque EM E deat Et d 162 cay eeack tad been Ea ROUEN R E KORR RC REOR Opi a CEA o LUC Cd ACC CHECA ROC CR 162 Lil ter netblos config D L05 Cn doe 162 SIL SD 4344 3 3o Ae RA oS RO e cad 162 Pivewall acl disp set numnber rgle nihDer l ess ee bee o do rne eC eee 88 Stive yes GC uacua wo ed qa RE QURE EORR CR ORE RACE A CE qe b EU Se CR 88 Cit CIA Lok oe Pee Cea eae Meee e MES pac e dob Ed EHE dE 88 Plea CNE Rie ocak eee awa AOS o Ra uS db dua dunes howe we qud d 88 Lilrewall Gee UISBEAE B1 a bas G2x x44 3 e ege qd roro Ka Pad
32. UR ur de RR NONU eked 163 2 oo Soe 532249 5 0 0d 9 2 hide a Sh xU 153 wlan chid 0 E 165 d Rd wee qon pius eee ewe ae r were ae 166 Clan ed be ex ok dedu te RON E dea dte OR de 165 wlan frathresdold JDB E IA ausge dS dnd ed S aded RUE RS eee dard BU SR ERREUR das 155 UMA BOI had a dui A EDO We dabo aded edes decia de deae Reo ab Rode ne oot ox 1455 ulen GUCDULDONEE AUS Lig qb ue RE weed pue vibe EME ORE a Eb qd ed a baci dd bd ib 155 wlan tadig 138 3 Onlu nace cksee beau KO X OX KR e Po Ra ER EESAN 155 wlan foemovesrA Siac ou staan secede Oed RR E OE ROS REOR 165 wlan POSSE prrs peace keds che CARER ONCE CE QUARC RC AG Re CR RRS CR IP OR RC 1455 wlan 4256 2340 2420460 e646 os a Si d pde me dew EERO eee d esee 155 RS SP uda dad quB Fh COS Aes dia ed d c E t 155 yilan dures gel Boedo skad a E ee ee nee ee ee ee ee ee ee 166 wlan gssdpururtile sep led edem Sg aa eed ces ban ad 165 1S SHOW exskseak a E ARE 165 wis OFT 552549294 5252559952 9982432954 9 9 9 0 8 248932 nd dx dd ee madrid S e xu 166 wwan card networkMode change networkmodeindex
33. 70 delete firewall set lt set gt rule lt rule gt destaddr range 70 delete firewall set lt set gt rule lt rule gt destaddr single 70 delete firewall set lt set gt rule lt rule gt destaddr subnet 70 delete firewall set lt set gt rule lt rule gt destport custom 70 delete firewall set sot rule rulers log RC RE EROR 70 delete firewall set lt set gt rule lt rule gt name 70 delete firewall set rule BrOLOGUGOlI linis E Rh EO BUR ad EORR 70 delete firewall set lt set gt rule lt rule gt srcaddr range e 70 delete firewall set lt set gt rule lt rule gt srcaddr single 70 delete firewall set lt set gt rule lt rule gt srcaddr subnet 70 delete firewall set lt set gt rule lt rule gt tcp destport any T delete firewall set lt set gt rule lt rule gt tcp destport range 70 delete firewall L set rule rulef gt top destpott single ie een es 70 delete firewall L Set4j r lef udp destport any l i Re rati 70 delete firewall t lt set gt rule lt rule gt udp destport range 70 delete firewall set lt set gt rule amp r ulo f kh EXT RAAGRRE X XA Ed x 69 delete firewall
34. UN ede a dee 2107 ip dns lan edit lt 0 1 2 gt 0 from ISP 1 user defined 2 DNS relay 3 none gt isp idx ip ad Sek eb SESS SORE 107 ip dns query address crp xudrasu 2esaaeme e9 ey me cR OR EUR SOROR DRUR aw 107 ip dis aeri rude NS duces bas du A ace 107 rp dns system cache disp O rinorease llidecrease eero awake ee 107 dme FIUS 144352949 we dae 107 ip dns system cache negaperiod lt 60 3600 gt L4xk Rh RRXURORORORGUOR EORR ORO OER ERE CR REOR EROR 107 ip dns system cache negative Ursdisable l iensble eue Ob Rea OR ee Ree ee SEU 107 ip dns system cache positive lt Q idisable ltenable gt ur n 103 ip dans syaLem cache LLL ed ccs Rob eek be kad ree COREE EOS EUR EE ERD ER A d cds 1907 ip dns system dela ck L4 A seen EAN EREE EENE UC CURA RON E AE 197 ip dne system delna CInUBX rare qe quede d eu dae 107 ar INE ES Ee aed ea deeded woe f dd eet d S RE dS 197 ip dns system edita index lt name gt lt 0 FQDN 1 wildcard gt 0 from ISP groupl l user defined Keep aG rene Oe TAO BASE ck cece eed bees se Rex EP S dde PAESE plui usus 108 ip dns system editns index lt domain name gt lt 0 from ISP 1 user defined public 2 user defined
35. Use these commands to configure dial up WAN connections such as PPPoE poe PPTP pne and auxilary aux calls using the modem connected to the auxiliary port if your ZyWALL has one 11 1 Overview A remote node is the remote gateway and the network behind the remote gateway across a WAN connection Remote node 1 may be your ISP for example You may configure multiple remote nodes in products with SMT menus or those with multiple WAN ports In products without SMT menus or multiple WAN ports a remote node is the ISP you configured in the web configurator A channel is a subset of an interface such as a LAN or WAN interface An interface may have more than one channel but it usually has just one The cnanne1 name is the encapsulation method used for the WAN dial up WAN link Table 34 Channel name Command Input Values LABEL DESCRIPTION channel nam poe0 poed is the PPPoE connection to WAN 1 poel poel is the PPPoE connection to WAN 2 if your ZyWALL has WAN 2 pne0 pned is the PPTP connection to WAN 1 pnel pnei is the PPTP connection to WAN 2 if your ZyWALL has WAN 2 aux0 aux0 is the connection using the modem connected to the auxiliary port if your ZyWALL has one all all includes all the above mentioned channels 11 2 Command Summary The following section lists the commands for this feature Table 35 device Command Summary COMMAND DESCRIPTION M device channel disp CHANNEL NAME Disp
36. ip ident on off Turn on this command to have the ZyWALL drop identification R B protocol packets RFC 1413 ip ifconfig interface ip Configures a network interface R B address mask bits broadcast mtu Sets the Maximum Transmission Unit address gt mtu value gt mss mss Sets the Maximum Segment Size value dynamic lt showoff gt dynamic Sets the interface to get an IP address via DHCP showoff Turns off the interface ip ping address Pings a remote host IP address or domain name R B ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands Table 59 Other ip Commands continued COMMAND DESCRIPTION M ip pingext target address n Pings a remote host R repeat value 1 data size c Validate the reply data w timeout value ip d data Data pattern The maximum length of data is 255 address interface v tos characters value c d data P Set DF flag min mtu max mtu interval 1 data size Datagram size in bytes with 28 bytes size Header v tos value Specify the value of TOS flag n repeat value The number of times to send a ECHO packet w timeout value Specify the value of Timeout in seconds o ip address interface Specify one IP address or interface to be the source IP address p min mtu max mtu interval size Sweep range of sizes ip telnet address
37. 0 No register MAC Displays the MAC address of the ZyWALL This is also the unique MAC address used for product registration on the registration server CF expired day Displays the due date that you can use the Content Filter service on this ZyWALL AS expired day Displays the due date that you can use the Anti Spam service on this ZyWALL 2In1 expired day Displays the due date that you can use the Anti Virus and IDP services on this ZyWALL Last update day Displays the most recent date that you updated the signatures for all services including CF AS AV and IDP This example displays the detailed service registration information of your ZyWALL ras sys myZyxelCom serviceDisplay Content Filter Service Actived Licenced Trial Anti Spam Service Actived Licenced Trial IDP Anti Virus Service Actived Licenced Trial ras Expired 2007 07 08 16 36 15 Expired 2007 09 06 16 36 18 Expired 2007 09 06 16 36 18 Table 66 sys myZyxelCom serviceDisplay Command Output FIELD NAME DESCRIPTION Content Filter Service Anti Spam Service IDP Anti Virus Service This is the service name Actived Displays if the service is enabled or not If the server has Non actived not activated yet it just displays non actived without further information as following fields Licenced Displays the service status Expired Trial Display
38. 00c618c0 0102fd4c 0102fd28 0102fd28 0001 iface enifO flags 00000000 query interval 125 sec max rsp time 100 1 10 sec group timeout 260 sec counter 0 query timer 0 sec vl host present timer 0 sec ttl threshold 1 multicast group B E snip iface enif5 1 flags 00000000 query interval 0 sec max rsp time 0 1 10 sec group timeout 0 sec counter 0 query timer 0 sec vl host present timer 0 sec ttl threshold 0 multicast group ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands The following table describes the labels in this display Table 53 ip igmp status Description LABEL DESCRIPTION Group This field displays group multicast IP addresses groupLink These fields are for debug purposes Send a screenshot of this screen to customer ifaceLink support if there are problems with IGMP snooping on the ZyWALL flags iface This is the ZyWALL interface flags 00000000 query interval This is the time period between sending IGMP Host Membership Queries max rsp time This is the IGMP maximum response time group timeout The IGMP group timeout counter The IGMP counter query timer This is how long a multicast router waits before deciding there is not another multicast router that should be the querier v1 host present timer How long the ZyWALL waits to detect the presence of another IGMPv1 router ttl threshold The IGMP gr
39. BU Lune Contig Teheran on Gliese eh sap RICO f G 9 ORE Rea ee be Shee d p dc E 36 gi tune contin 215x332 4 4 dA RE aU AN dob ACE CA GRECE NIE elc Roa Ve Kea wd 3 Bu Lune Contig JISHUDSSE XSORnboIEe 2 6 esate ea Oe Eee ewe eee e eee eee A GE Cne S SOLSV aca pag dd E RH ERE ed dad doa he dede lea d Ro Fre ER e De doce dob 3T av pune DEDE gh ce Bd Nd ai ano e Sui ay GUNG GAVE SE ERS um dad Lad Rx Ree Vid CSRS 37 av update config sutoupdate onm 24 EORONCK E RUP 9d ay update Conte tian lime 004 4 oes dx dece hoa diae Pup bd Le ard RUE Abas es wollen aue sco 37 av upu abe contig L9 E robo tetas da SEN E RR Nr qos dea os eq ide d A 37 or updabe Contig wedcloDav waudcdedsseccleadse ke e edd mud dxaaduadgR E S dre 3T au Update config wesklyTime lt 00 23F eta enced eee eee RC LU Foe eR CUL RC ee RC eRe eR ao gy Update es Q4 ISS CHECKED OAR EEE a BOSE eee eee oe 3T Update Ioan Qoa ck tataki Cae aa EY dore done d e Qe Werk d dg e pog doe o E 3d av ubdsbe SERERE serk Rd AC EUUEORCAOK EONOR ARRA CK CA qe Ee HOA OUR EORR RO Re 9e S7 bm class interface lt add del mod gt class number bandwidth lt bps gt name class name priority sme orron
40. ZyNOS CLI Reference Guide Chapter 16 IPSec Commands 16 4 Command Examples This example adds an IKE rule as follows IKE Rule Name VPN phl My IP Address 10 1 1 1 Secure Gateway Address 10 1 1 2 Authentication Pre Shared Key Pre Shared Key 12345678 ras ras ras ras ras ras ras ipsec ikeAdd ipsec ikeConfig name VPN phl ipsec ikeConfig myIpAddr 10 1 1 1 ipsec ikeConfig secureGwAddr 10 1 1 2 ipsec ikeConfig authMethod 0 ipsec ikeConfig preShareKey 12345678 ipsec ikeSave This example enables VPN HA on an existing IKE rule You need to load an IKE rule first by ikeAdd or ikeEdit before you configure IKE settings KE Rule index 1 The redundant secure gateway IP 10 1 1 5 Fall back detection Enable The time interval for fall back detection 180 seconds DPD for fail over detection Enable Output idle Timeout for fail over detection Enable ras ipsec ikeList Configure IKE number 1 Idx SPD Name Flags MyIP SecureGW 1 0 VPN phl 3 105 151 10 1 1 2 ras ipsec ikeEdit 1 ras ipsec ikeConfig ha enable on ras ipsec ikeConfig ha redunSecGwAddr 10 1 1 5 ras ipsec ikeConfig ha fallback enable on ras ipsec ikeConfig ha fallback interval 180 ras ipsec ikeConfig ha failover dpd on ras ipsec ikeConfig ha failover outputIdleTime on ras ipsec ikeConfig ha failover display Fail over detection methods Output Idle Time
41. config edit firewall attack minute Sets the threshold to stop deleting the old half opened R B low lt 0 255 gt session once a DOS attack has been detected and sufficient half opened sessions have been deleted This threshold is based on the number of half opened sessions per minute config edit firewall attack send This activates or deactivates notification by e mail of DoS R B alert lt yes no gt attacks detected by the firewall config edit firewall attack tcp Sets the threshold for DoS detection based on the R B max incomplete 0 255 maximum number of sessions allowed with the same destination host address config edit firewall e mail day Sets the day to send the log when the e mail policy is setto R B day weekly config edit firewall e mail e mail Sets the mail address to send the log R B to lt e mail gt config edit firewall e mail hour Sets the hour to send the log when the e mail policy is set to R B lt 0 23 gt daily or weekly config edit firewall e mail mail Sets the IP address of the mail server s used to send the R B server lt ip address gt alert config edit firewall e mail minute Sets the minute to send to log when the e mail policy is set R B lt 0 59 gt to daily or weekly config edit firewall e mail policy Sets the policy for when the firewall log is e mailed R B lt send email policy gt config edit firewall e mail return Sets the mail address for returning an e mail alert R B addr lt
42. config edit firewall set lt set gt rule lt rule gt destaddr single ip address 74 config edit firewall set lt set gt rule lt rule gt destaddr subnet ip address mask 74 config edit firewall set lt set gt rule lt rule gt destport custom string 75 config edit firewall set lt set gt rule lt rule gt log lt none match gt 75 config edit firewall set lt set gt rule lt rule gt name lt string gt TS contig edit firewall set setf rule r lef protocol 0 255 reke ERR REY TS config edit firewall set lt set gt rule lt rule gt srcaddr range lt start ip gt lt end ip gt TO config edit firewall set lt set gt rule lt rule gt srcaddr single ip address 13 config edit firewall set lt set gt rule lt rule gt srcaddr subnet ip address mask 19 config edit firewall set lt set gt rule lt rule gt tcp destport any config edit firewall set lt set gt rule lt rule gt tcp destport range start port endport 75 config edit firewall set lt set gt rule lt rule gt tcp destport single port T9 config edit firewall set lt set gt rule lt rule gt udp destport any 75 config edit firewall set lt set gt rule lt rule gt udp destport range start port endport To config edit firewall set lt set gt rule lt
43. dg beer Rae du 40 eee ete ide qae dae eee ac Pg eR e a mad E Ed ems 40 Pate o i 1o PERE Sod Rees BERLE x a tur RE Se qe d NR es RUE d Ca dE 40 Signal TORE 2 22 3 aca do edd do RR AGE Pe e Ce dc UR RE RO RU deat n 40 usta rlag HON acc eeeee cee aed eat eee o oe CREE RDS MP br Ree e dede d e x rice 40 DIpDPODDUDI active Son OiT ccna Qd mbar e NEN dex ALACRI ROCA SER RUE a KCN dod RR 38 contig proLocol dir interface interface on oT i em xe oo Rey 3 9x ROS 35 contig i probocn HLPA dba ktosia cd AR e AGUA RECEN o Ce Qe eR ee do a 39 conjdig Gegcoupress On OLE gt oceseecee eeu Sateen oa ee ee Be ROE Wa qc Ed ped or pa e eee ew a Contig ense Benes siida derana ndee Dates e ed add vd ee E Red E Weide diu E 35 config BLtpScsunAllMime on WELK cee oa a a a A 3 Contre Grev cib esana DS ede wn dd maces ee 329 Poe Sens lle Son QE E 4 aed dex c A OR CERCA RUDI e Icio CR RR em x e SUR e 35 config smtpescschllme usbldeXGee io Rd AR EGG RA he EB SS QUE RS BEG SESS 26 ELEC cn a rte pee E 36 LGA 243g RR FORE TEC Sed E TOES REESE TREO REARS Re a eee eee eee oe Sele 36 RO E AUR ACNURO QU CY 36 enig Soul Le eee 36 signature unt
44. firewall attack max incomplete high 0 255 100 firewall attack max incomplete low 0 255 80 firewall attack minute high 0 255 100 firewall attack minute low 0 255 80 firewall attack send alert lt yes no gt no 76 ZyWALL ZyNOS CLI Reference Guide Chapter 10 Configuration Commands Table 28 config Default Values VARIABLE DEFAULT VALUE firewall attack tcp mac incomplete 0 255 30 firewall e mail policy none icmp timeout 60 seconds tcp idle timeout 3600 seconds udp idle timeout 60 seconds 10 3 Command Examples 10 3 1 Firewall Example Type the following commands to setup a firewall rule in WAN to WAN direction with source IP 1 1 1 1 and destination IP 2 2 2 2 The configured service is SSH TCP 22 logging is enabled and the default action taken when a packet matches a rule is to permit the packet Save your settings and then display them for checking config insert firewall set 8 rule 1 config edit firewall set 8 rule 1 srcaddr single 1 1 1 1 config edit firewall set 8 rule 1 destaddr single 2 2 2 2 config edit firewall set 8 rule 1 tcp destport single 22 config edit firewall set 8 rule 1 log match config edit firewall set 8 rule 1 action permit config edit firewall set 8 rule 1 name SSH ras config display firewall set 8 ACL set number 8 WAN1 to WAN1 ZyWALL ACL set ACL s
45. orrori sex Rx RUE eae a he ee ee RSS du ded ds EI Cel iux uia ch dps desde ow 103 cf policy config CustomizedFlags filterList customize disableAllExceptTrusted un blockRWFToTrusted keywordBlock fullPath caseInsensitive fileName enable dis d Sd UP edt Ro 102 cf policy config customRule add trust untrust keyword index 101 er palio contig custombule delete Index xa xedgeesobEedoR RERO CRe SH Ee Rha RUN SOR Ga nee OR er polrtov coni ig GUSLODBUlS cee bee Por Rex queda eb edu eee eae edd 101 Gr policy config custemRule enable on Off 4 14 44 560540 ee soe KR ERE ERE REOR 101 er poliesy config ghoble On OIL 6 446564 ox eds eA DOR OD ES EUR RUP EORR ORO REE OS 102 cf policy config ipGroup add 1 Single 2 Subnet 3 Range lt ip addressi gt mask ip ere sias ee v4 3x wd OEE SR EONS ded X Ets mS EP edd 102 cL policy contig 2pGreup delete ke desea KONG SKE RS ADR TRAE NUR ROR Eee 102 er policy conil Lio XpDOPOUIE gum ced eke quA we Roi 102 pL Polio Sonra name 4 Sol qued ned de qe war anes Bud cob iR 102 Gr policy contig gehsculs dispibsy caused eect ERO RN EROR RR RR seed 102 cf policy config schedule eachDay timeSegl 1 7 weekday 0 24 start ho
46. port A protocol s port number ZyWALL ZyNOS CLI Reference Guide Document Conventions Table 2 Common Command Input Values continued LABEL DESCRIPTION interface An interface on the ZyWALL Use the following for a ZyWALL with a single WAN Ethernet interface enif0 LAN enif1 Ethernet WAN enif2 DMZ enif4 Ethernet WLAN wanif0 PPPoE or PPTP or 3G depending on which is connected first wanif1 PPPoE or PPTP or 3G depending on which is connected second Use the following for a ZyWALL with two WAN Ethernet interfaces enif0 LAN enif1 Ethernet WAN 1 enif2 DMZ enif3 Ethernet WAN 2 enif5 Ethernet WLAN wanif0 PPPoE or PPTP or 3G depending on which is connected first wanif1 PPPoE or PPTP or 3G depending on which is connected second For some commands you can also add a colon and a 0 or 1 to specify an IP alias This is only for the LAN DMZ and WLAN interfaces For example enif0 0 specifies LAN IP alias 1 and enif0 1 specifies LAN IP alias 2 hostname Hostname can be an IP address or domain name name Used for the name of a rule policy set group and so on number Used for a number for example 10 that you have to input Commands are case sensitive Enter commands exactly as seen in the command interface Remember to also include underscores if required Copy and Paste Commands You can copy and paste commands directly from this document into your terminal emula
47. 0 SNMP service Server Port 161 Access LAN WAN1 DMZ WLAN WAN2 Secure Ip 0 0 0 0 DNS service Server Port 53 Access LAN WAN1 DMZ WLAN WAN2 Secure Ip 0 0 0 0 21 9 Threat Report Commands The following section lists the threat report commands Table 77 Threat Report Commands COMMAND DESCRIPTION M sys threatReport as id IDP Displays the top anti spam statistic records by virus name R B ID src source IP dst destination source IP address or destination IP address IP gt sys threatReport as active Turns anti spam threat reports on or off R B sys threatReport as flush Discards all anti spam report data and updates the time stamp R B sys threatReport as summary Displays a summary of the anti spam statistics R B ZyWALL ZyNOS CLI Reference Guide Chapter 21 System Commands Table 77 Threat Report Commands continued COMMAND DESCRIPTION M sys threatReport av active Turns anti virus threat reports on or off R B lt yes no gt sys threatReport av flush Discards all anti virus report data and updates the time stamp R B sys threatReport av statistic Displays the top anti virus statistic records by virus name R B lt id AV ID src source source IP address or destination IP address IP dst destination IP gt sys threatReport av summary Displays a summary of the anti virus statisti
48. 10 hexadecimal characters 0 9 A F If you use a 128 bit WEP key enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F If you use a 152 bit WEP key enter 16 ASCII characters or 32 hexadecimal characters 0 9 A F ZyWALL ZyNOS CLI Reference Guide Chapter 22 Wireless Commands The following section lists the commands dealing with security profiles The ZyWALL supports multiple security profiles Only one security profile is active at one time Table 84 Wireless Security Profile Commands non volatile memory COMMAND DESCRIPTION M wcfg security 1 8 name name Sets the security profile name R B wcfg security 1 8 mode Sets the security mode for the specified security R B none wep 8021x only 8021x profile static64 8021x static128 wpa wpapsk wpa2 wpa2mix wp a2psk wpa2pskmix gt wcfg security 1 8 wep keysiz Sets the WEP key length in bits and encoding R B 64 128 152 asciilhex method of WEP encryption for the specified security profile ascii hex ASCII mode or Hex mode wcfg security 1 8 wep auth Sets the WEP authentication method for the R B shared auto specified security profile wcfg security 1 8 wep keyl key Sets the WEP key1 for the specified security profile R B Each security profile can use up to four keys key Refer to Table 83 on page 166 wc
49. 34 30 30 2f 56 34 32 62 Od Od 08 4e 4f 20 43 4400 V42b NO C 94013450 41 52 52 49 45 52 Od Oa 61 74 68 Od Od Oa 4f 4b ARRIER ath OK 94013860 Od 61 74 68 Od Od Oa 4f 4b Od Oa 61 74 26 66 73 ath OK at amp fs 94b13a70 30 3d 30 Od Od Oa 4f 4b Od Oa 61 74 64 30 2 34 020 0K atd0 4 94013880 30 35 30 38 38 38 38 Od Od 0a 43 4f 4e 4e 45 43 0508888 CONNEC 94013890 54 20 31 31 35 32 30 30 2f 56 2e 33 34 20 20 39 T 115200 V 34 9 94013880 36 30 30 2f 56 34 32 62 0d 00 00 00 00 00 00 00 600 V42b ZyWALL ZyNOS CLI Reference Guide Bandwidth Management Commands Use these commands to configure bandwidth management BWM settings on the ZyWALL 6 1 Command Summary The following table describes the values required for many commands Other values are discussed with the corresponding commands Table 19 Bm Class Command Input Values LABEL DESCRIPTION interface This is an interface name including lan wan wan1 dmz wan2 wlan name class name This is a class name Enter a descriptive name of up to 20 alphanumeric characters including spaces class number This is a class number Each class for each interface has an unique number The number format is Xx xXx xx xx xx and the range of xx is from 01 to 98 Each xx is a subclass And the length of xx xx xx xx is the depth of this class Different model supports different class depth ZyWALL ZyNOS
50. 4 0 0 0 0 0 5 0 0 0 0 0 6 0 0 0 0 0 7 0 0 0 0 0 8 0 0 0 0 0 9 0 0 0 0 0 10 0 0 0 0 0 11 0 0 0 0 0 12 0 0 0 0 0 13 0 0 0 0 0 14 0 0 0 0 0 15 0 0 0 0 0 16 0 0 0 0 0 0 0 0 0 0 18 0 0 0 0 0 19 0 0 0 0 0 20 0 0 0 0 0 The following table describes the labels in this display Table 17 aux rate auxO LABEL DESCRIPTION No The entry in the rate statistics TX byte Transmitted bytes Rx byte Received bytes TX Rate Transmission rate RX Rate Received rate TX Queue Number of packets waiting to be transmitted This example displays details about the dial backup port s signal DTR OFF DSR OFF RTS ras aux signal aux0 OFF CTS OFF DCD OFF The following table describes the labels in this display Table 18 aux rate aux0 LABEL DESCRIPTION DTR Data Terminal Ready The signal the ZyWALL sends to the modem to indicate the ZyWALL is ready to receive data DSR Data Set Ready The signal the modem sends to the ZyWALL to indicate the modem is ready to receive data ZyWALL ZyNOS CLI Reference Guide Chapter 5 Auxiliary Dial Backup Commands Table 18 aux rate aux0 continued LABEL DESCRIPTION RTS Request to Send The signal the ZyWALL sends to the modem to have the modem prepare to receive data CTS Clear to Send The signal the modem sends to the ZyWALL to acknowledge the ZyWALL and allow the Zy
51. Bones ee y sol 160 Sua tos DUSLPOSHOBE 2 amp ees ch eq DRE Kd a Oe OP ALES ER RR RUN qwe eR 160 BIS UB Sess Sr ose GIVE 2ualicadc3 9 3595 Ra RA ru e dd dq adde nates E RN ERIS 160 Sue bue penp IO DIS BLA sirake eak Ue Ra a doro 160 BIS bes LempposlimuBeUbk 859040 P 160 sys pos bbimeout ah Pu EQ EE qid AP Se SSS EID EA Eq d REA 160 pus bos timeout Er v d Shoe e eem d d 160 SYS Eos timeout esp Claon AR Lugo pk AW uo RR Eo ACE XA DEES QE eR ROS C d ees c 160 Sve bos Timeout gre 155038 dp P SPSEX RES PER a ade 160 ays bos timeout icmp l90529399 2 tava E X X UE bei URGERE RCRCRE IN Rode E RC OC RO 150 Bye bes timeout XI oii que woes erred eoo dp Mo eee ee UR as 160 ays bos timeout mall 16505039 dpat keun GaSe RR RR RON 151 Sve ECS DENERS ud4q4 RR 161 SVS RSs 2ck kee ees hades aye siege eh deere dd dde 161 gus COs ckimeoub topblm ODDO Luo acea ck de Ree ae dedi ee Gg Rc ard 151 ZyWALL ZyNOS CLI Reference Guide Index of Commands pus DOS Sine eu bepeyd SL Cella 234 xus d bopedke gs eR A wd P E p Saver d NE dE d E uad qd qd 161 Bue tos timeout udp os x ARE Ea o OR RC ICE ESR OSE REE e deer CR 151 Sys updateServer debug type 0 Disable l u
52. CAMBODIA 37 CAMEROON 38 CANADA 39 CAPE VERDE 40 CAYMAN ISLANDS 41 CENTRAL AFRICAN REPUBLIC 42 CHAD 43 CHILE 44 CHINA 45 CHRISTMAS ISLAND 46 COCOS KEELING ISLANDS 47 COLOMBIA 48 COMOROS 49 CONGO DEMOCRATIC REPUBLIC OF THE 50 CONGO REPUB IC OF 51 COOK ISLANDS 52 COSTA RICA 53 COTE D 54 CROATIA_HRVATSKA 55 CYPRUS 56 CZECH_REPUBLIC 57 DENMARK 58 DJIBOUTI 59 DOMINICA 60 DOMINICAN_REPUBLIC 61 EAST_TIMOR 62 ECUADOR 63 EGYPT 64 EL_SALVADOR 65 EQUATORIAL_GUINEA 66 ERITREA 67 ESTONIA 68 ETHIOPIA 69 FALKLAND_ISLANDS_MALVINA 70 FAROE_ISLANDS 71 FIJI 72 FINLAND 73 ZyWALL ZyNOS CLI Reference Guide Chapter 18 myZyXEL com Commands Table 64 Country Codes COUNTRY NAME COUNTRY CODE FRANCE 74 FRANCE METROPOLITAN 75 FRENCH GUIANA 76 FRENCH POLYNESIA 77 FRENCH SOUTHERN TERRITORIES 78 GABON 79 GAMBIA 80 GEORGIA 81 GERMANY 82 GHANA 83 GIBRALTAR 84 GREAT BRITAIN 85 GREECE 86 GREENLAND 87 GRENADA 88 GUADELOUPE 89 GUAM 90 GUATEMALA 91 GUERNSEY 92 GUINEA 93 GUINEA BISSAU 94 GUYANA 95 HAITI 96 HEARD AND MCDONALD ISLANDS 97 HOLY SEE CITY VATICAN STATE 98 HONDURAS 99 HONG KONG 100 HUNGARY 101 ICELAND 102 INDIA 103 INDONESIA 104 IRELAND 105 ISLE OF MAN 106 ITALY 107 JAMAICA 108 JAPAN 109 JERSEY 110 JORDAN 111 ZyWALL ZyNOS CLI Reference Guide Chapter 18 myZyXEL com
53. CLI Reference Guide Chapter 6 Bandwidth Management Commands The following section lists the commands for this feature Table 20 Bm Interface Commands COMMAND DESCRIPTION bm interface interface lt enable disable gt bandwidth lt bps gt prr wrr efficient Enables or disables BWM for traffic going out of the specified interface bps The unit is bps and its minimum is 2000 You can alternatively type K or k to specify kbps while M or m to specify Mbps If you do not specify the bandwidth the default value is 100 Mbps prr wrr Sets the queuing mechanism to fairness based WRR or priority based PRR efficient Turns on the Maximum Bandwidth Usage option R B bm class lt interface gt lt add del mod gt class number bandwidth lt bps gt name lt class_name gt priority lt x gt borrow lt on off gt Adds deletes or modifies a class for the specified interface with the specified bandwidth You can also configure other options including name priority or bandwidth borrowing add del mod Adds deletes or modifies the class When you delete a class it also deletes its sub classes bandwidth lt bps gt Uses this command when you add or modify a class The unit is bps and its minimum is 2000 You can alternatively type K or k to specify kbps while M or m to specify Mbps name class name The name is for your information pri
54. Chapter 8 Certificates Commands 1 In Windows Explorer locate and double click the non PEM encoded certificate file a 11 CA Certificates VeriSign cer VeriSign cer Security Certificate Modified 5 11 2006 5 37 PM Size 568 bytes Attributes normal 2 Click Details and Copy to File zix General Details Certification Path Show ERUE Y Field Value version V1 E Serial number 02AD 667E 4E45 FESE 576F 3 E Signature algorithm md2RSA I prssuer Secure Server Certification Au valid from Wednesday November 09 19 E valid to Friday January 08 2010 7 59 E Subject Secure Server Certification Au IEpublic key RSA 1000 Bits x Edit Properties Copy to File ZyWALL ZyNOS CLI Reference Guide Chapter 8 Certificates Commands 3 Click Next in the welcome screen Select Base 64 encoded X 509 CER x Export File Format Certificates can be exported in a variety of file Formats Select the format you want to use DER encoded binary X 509 CER C Cryptographic Message Syntax Standard PKCS 7 Certificates P7B Include all certificates in the certification path if possible Personal Information Exchange PKCS 12 F Include all certificates in the certification path if possible F Enable strona protection requires IE 5 0 4 0 5P4 or above F Delete the private key if the export is s
55. D 52146 Wuerselen Germany Hungary Support E mail support 2 zyxel hu e Sales E mail info zyxel hu Telephone 36 1 3361649 Fax 36 1 3259100 Web www zyxel hu Regular Mail ZyXEL Hungary 48 Zoldlomb Str H 1025 Budapest Hungary India Support E mail support zyxel in e Sales E mail sales zyxel in Telephone 91 11 30888144 to 91 11 30888153 Fax 91 11 30888149 91 11 26810715 e Web http www zyxel in Regular Mail India ZyXEL Technology India Pvt Ltd II Floor F2 9 Okhla Phase 1 New Delhi 110020 India e Support E mail support zyxel co jp Sales E mail zyp zyxel co jp Telephone 81 3 6847 3700 Fax 81 3 6847 3705 Web www zyxel co jp Regular Mail ZyXEL Japan 3F Office T amp U 1 10 10 Higashi Gotanda Shinagawa ku Tokyo 141 0022 Japan Kazakhstan Support http zyxel kz support Sales E mail sales zyxel kz Telephone 7 3272 590 698 Fax 7 3272 590 689 Web www zyxel kz Regular Mail ZyXEL Kazakhstan 43 Dostyk Ave Office 414 Dostyk Business Centre 050010 Almaty Republic of Kazakhstan ZyWALL ZyNOS CLI Reference Guide Appendix B Customer Support Malaysia Support E mail support zyxel com my Sales E mail sales zyxel com my Telephone 603 8076 9933 Fax 603 8076 9833 Web http www zyxel com my Regular Mail ZyXEL Malaysia Sdn Bhd 1 02 amp 1 03 Jalan Kenari 17F Bandar Puchong Jaya 47100 Puchong Selango
56. DNS server setting 0 from ISP 1 user defined 2 DNS relay 3 none lf you set the server as from ISP 0 specify the number of the ISP If you set the server as user defined 1 specify the IP address isp idx ip address The number of the ISP the number of the remote node or the IP address of the DNS server ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands 15 1 10 DNS Command Examples The following example configures the DNS server settings the ZyWALL assigns to LAN DHCP clients In this case the first DNS server is the one assigned by ISP 1 The second DNS server is at IP address 192 168 1 5 No third DNS server is assigned ras ip dns lan edit 0 01 1 ras ip dns lan edit 1 1 192 168 1 5 ras ip dns lan edit 2 3 ras ip dns lan display Router assigned DNS servers to host First DNS server is from WAN 1 DNS server index 1 Second DNS server is user defined 192 168 1 5 Third DNS server is none This example does the following 1 Inserts a new DNS address record named example for www my company com example for the WAN 1 interface 2 Inserts a new DNS address record named example for a private DNS server for www my company 1 com example 3 Displays the system DNS server settings ras ip dns system inserta 1 www my company com example 0 0 1 ras ip dns system insertns 1 www mycompany 2 com example 2 10 0 0 5 ras ip dns system display System DNS HA and Proxy Servic
57. Displays the auxiliary port s signal R aux usrmdm flag 1 0 1 allows the ZyWALL to dial a US Robotics modem R connected to the dial backup port 5 2 Command Examples This example displays upper layer packet information for the dial backup port as gt aux netstat aux0 Name aux0 Dev type 3 Chann id 0 RX pkt 0 RX discard 0 RX error 0 RX octet 0 TX pkt 0 TX discard TX error TX octet 0 The following table describes the labels in this display Table 16 aux netstat auxO LABEL DESCRIPTION Name Name of the channel Dev type The type of auxiliary device there are several possibilities 0 NONE 1 56k modem 2 modems other than 56k 3 TA 4 X25_PAD 5 MultiProtocol over AAL5 6 PPP over Ethernet RFC 2516 7 PPTP 8 3G modem Chann id The number of the channel that the device is using RX pkt Received packets TX pkt Transmitted packets RX discard Received octets the ZyWALL discarded TX discard Transmitted octets the ZyWALL discarded RX error Received errored frames TX error Transmitted errored frames RX octet Received errored octets TX octet Transmitted errored octets ZyWALL ZyNOS CLI Reference Guide Chapter 5 Auxiliary Dial Backup Commands This example displays the dial backup port s transmit and receive rates ras aux rate aux0 No TX byte Rx byte TX Rate RX Rate TX Queue 1 0 0 0 0 0 2 0 0 0 0 0 3 0 0 0 0 0
58. Displays the consolidated messages R B ZyWALL ZyNOS CLI Reference Guide Chapter 21 System Commands Table 74 Logs Commands continued COMMAND DESCRIPTION M sys logs consolidate period 1 Sets the log consolidation period seconds R B 600 gt sys logs consolidate switch Enables or disables log consolidation R B Qvonll oftf sys logs display Displays all logs or specific categories of logs R B access attack error ipsec ike j avablocked mten packetfilter pki tcpreset urlblocked urlforward sys logs errlog clear Clears error logs R B sys logs errlog disp Displays error logs R B sys logs errlog online Turns the error log online display on or off R B sys logs lastAlert lt index gt Displays the last index alert in the centralized log R B sys logs load Loads the log settings for editing Use this command before R B you configure the log settings Use sys logs save after you configure the log settings sys logs mail alertAddr mail Sets the e mail address to which the ZyWALL sends alerts R B address sys logs mail auth Enables or disables SMTP Simple Mail Transfer Protocol R B 0 enable 1 disable SMTP authentication Sys logs mail clearLog Sets whether or not the ZyWALL clears the log after sending R B 0 nol 1 yes logs by e mail sys logs mail display Displays the settings for e mailing logs R B sys logs mail logAddr mai
59. R B disable packet header checks and packet assembly idp config tune save Saves the tune configuration R B idp display Displays whether or not IDP is enabled and what traffic flows R B the ZyWALL checks for intrusions ZyWALL ZyNOS CLI Reference Guide Chapter 14 IDP Commands Table 40 IDP Commands continued COMMAND DESCRIPTION M idp load Loads the enable setting and the protected traffic directions R B idp signature config action Sets the action the ZyWALL takes upon finding a match for the R B 1 6 signature 1 No Action The intrusion is detected but no action is taken 2 Drop Packet The packet is silently discarded 3 Drop Session When the firewall is enabled subsequent TCP IP packets belonging to the same connection are dropped Neither sender nor receiver are sent TCP RST packets If the firewall is not enabled only the packet that matched the signature is dropped 4 Reset Sender When the firewall is enabled the TCP IP connection is silently torn down Just the sender is sent TCP RST packets If the firewall is not enabled only the packet that matched the signature is dropped 5 Reset Receiver When the firewall is enabled the TCP IP connection is silently torn down Just the receiver is sent TCP RST packets If the firewall is not enabled only the packet that matched the signature is dropped 6 Reset Both When the firewall is enabled t
60. RUSSIAN FEDERATION 177 RWANDA 178 SAINT KITTS AND NEVIS 179 SAINT LUCIA 180 SAINT VINCENT AND THE GRENADINES 181 MARINO 182 SAO TOME AND PRINCIPE 183 SAUDI_ARABIA 184 SENEGAL 185 SEYCHELLES 186 SIERRA LEONE 187 ZyWALL ZyNOS CLI Reference Guide Chapter 18 myZyXEL com Commands Table 64 Country Codes COUNTRY NAME COUNTRY CODE SINGAPORE 188 SLOVAK REPUBLIC 189 SLOVENIA 190 SOLOMON ISLANDS 191 SOMALIA 192 SOUTH AFRICA 193 SOUTH GEORGIA AND THE SOUTH SANDWICH ISLANDS 194 SPAIN 195 SRI LANKA 196 ST PIERRE AND MIQUELON 197 ST HELENA 198 SURINAME 199 SVALBARD AND JAN MAYEN ISLANDS 200 SWAZILAND 201 SWEDEN 202 SWITZERLAND 203 TAIWAN 204 TAJIKISTAN 205 TANZANIA 206 THAILAND 207 TOGO 208 TOKELAU 209 TONGA 210 TRINIDAD AND TOBAGO 211 TUNISIA 212 TURKEY 213 TURKMENISTAN 214 TURKS AND CAICOS ISLANDS 215 TUVALU 216 US MINOR OUTLYING ISLANDS 217 UGANDA 218 UKRAINE 219 UNITED ARAB EMIRATES 220 UNITED KINGDOM 221 UNITED STATES 222 URUGUAY 223 UZBEKISTAN 224 VANUATU 225 ZyWALL ZyNOS CLI Reference Guide Chapter 18 myZyXEL com Commands Table 64 Country Codes COUNTRY NAME COUNTRY CODE VENEZUELA 226 VIETNAM 227 VIRGIN ISLANDS BRITISH 228 VIRGIN ISLANDS USA 229 WALLIS AND FUTUNA ISLANDS 230 WESTERN SAHARA 231 WESTERN SAMO
61. Redirect Commands The following section lists the traffic redirect commands Table 58 Traffic Redirect Commands COMMAND DESCRIPTION M ip tredir active lt on off gt Enables or disables traffic redirect R ip tredir checktime period Sets the number of seconds 0 255 ZyWALL waits between R attempts to connect to the target ip tredir disp Displays the traffic redirect configuration R ip tredir failcount count Sets the number of times that ZyWALL can ping the target R without a response before forwarding traffic to the backup gateway ip tredir partner ip address Sets the traffic redirect backup gateway IP address R ip tredir save Saves traffic redirect configuration R ip tredir target lt ip address gt Sets the IP address that ZyWALL uses to test WAN R accessibility ip tredir timeout timeout Sets the maximum number of seconds 0 255 ZyWALL waits R for a response from the target 15 1 23 Other IP Commands The following section lists miscellaneous IP commands Table 59 Other ip Commands COMMAND DESCRIPTION M ip aliasdis 0 1 Disables or enables routing between the alias networks R ip dropFrag onloff Turn on this command to have the ZyWALL drop IP fragment R B packets The ZyWALL does not save the setting for this command in the non volatile memory ip dropIcmp 0 1 Sets whether or not the ZyWALL drops ICMP fragment R B packets
62. Ree em ep ice Rc 122 adi M Edd ei d eda e ip e aeq weed 122 HUE a eese ded esee We dede uide v Rr d e qd dme e sim 122 ipee posLE Speer race IGNORE cee eee es x 2 du RE dd Bed Pd eau d aA 121 Ipsec shou rune ine V 121 SPON PONTING Y eed wq eS d du ded pa qs 121 ipee SNOW SOS jis ieee iawn X EUR RE qol d ORO GEO Soule 121 Ipese tiner DUE GARD mele aquae qoe abdo er ERO AA OE a polea I EES 121 dee tiner Chk XN XO ISSN dud Rd OE Qo dE do REO de dares GRO QE ba dec 122 ipeo timer Update Deer Shier po ces LEER GP X PS EV Rd Eu Y X Eee dd E e b POE dq bs ed esa wg 128 ipsc 221daaxa A ER ERROR RU GE Ree Rack ON QR CE NR REO dor SRT deb eR ee Ro 122 ls band up down 4Wanl bandwridth wanz Dand widChe scrret arike ke s Ron Kem eR e Ree on 133 qu ED goods pP puede ox Eu deae deis dre aca d wide perd Sd 133 is HeostBase enable O drsabls i senskl amp g 24 9x4 x Ko RCEHXRCRURONCR NU eR CROACIE RAO R CR Re ESE 133 l5 Peete SNe Los s adeb ARE Rd o qe S Redes aa eA dd dea dide epu dd 133 Le hostBasd Limeuub uu rack aree i doa boo S ele ie eb oe See a oan ah wig Rae a 123 ls mode 1 etapa L bomen E NONE 1c ab eee tue ee ee ee EROS CA CE DER wee Rae 1233 IDE Sboillgwee
63. Reference Guide WWAN Commands Use these commands to configure wireless WAN settings on the ZyWALL 23 1 Command Summary The following table describes the values required for many wwan commands Other values are discussed with the relevant commands Table 85 wwan Command Input Values LABEL DESCRIPTION networkmodeindex Specifies the index number of a listed network mode You can find a list of network types by entering the command wwan card networkMode show string Enter a name with lt 31 ASCII characters unless otherwise specified The following section lists the commands for this feature Table 86 wwan Command Summary COMMAND DESCRIPTION wwan card networkMode networkmodeindex hange Changes the network type wwan card networkMode NOW Shows a numbered list of available network types The network type available depends on the type of 3G card installed for example UMTS HSDPA GPRS EDGE GSM wwan card serviceProv networkmodeindex hange Changes the service provider wwan card serviceProv NOW Scans for and shows a numbered list of the available cellular service providers wwan card slot Shows information on the slot interface for example PCMCIA wwan config apn lt string gt Sets the Access Point Name APN for an access point on a GSM network wwan config authType 1121314 Sets the PPP a
64. SO cor RETE TUTTI 158 Sys roadrunner debug U dssabie lienable 2222 ON eR RAI SRE SESE OS ESE 153 Bis roadrunner SDLSDIAV E POE ESI ak ide 183 Sus roadrunner restart eIOGLO TTSOB Lig x x eae ewe ACE E ROS xk RO EROR XC 163 R QR qud do WV Pu dedu dd qe deve Ex qu qd dei i es 1 3 SyS server access telnet ftp ssh http https icmp sn iBpgnseeban wanllwanz sme wlan on DI if csc sence cen OY RE 158 ays server sub client lt bhttps gt pon orf oika EOE E RR ACCURRIT e AC 158 SYS Server certificate lt hitps ssh gt LcertzfQicate name i Roh x x9 Eu 158 pus Server Vier ides deuda AES CA addc ad dd SaaS Rudd EA SERS 158 sus Server LOS 26604494 Akar AG E RCRD RORTA AR TUR TR NUR RURAR ERREUR SSURDE CR OE RIDE HRCRC RUD ROR OEE 158 Sys Server port telnet ftpissh http https srnmpo port 9 Ta 158 Sys Server SHE eru auae dos UR A RS ead Ko ete IUD do o CR ORO RR QU NOB EUR E a OR d UR p Redde d 158 sys server secureip telnet ftp ssh http https icmp snmp dns ip 158 BUB BOSESE Ea XO ACE REOR RECO Me ACC Ra RO e CORE Re e RC KC Re de c 163 BUE Stdio qi4444 9 45 4G Eu Res bidder bed QE Pd e XE KP dm PEG dq dede Ea qs 163 sys EhfestEDDOBL SS BOC ERE qd Rd OE CRECEN eR CARO VU qud 159 Sve DEPOQGLESDOPt a
65. Use this to be able to configure the R B server settings sys server port Sets the server port number R B telnet ftp ssh http https snmp port SyS server save Saves the server settings R B sys server secureip Sets the IP address of a trusted computer that is allowed to R B telnet ftp ssh http https icmp communicate with the ZyWALL using this service snmp dns gt lt ip gt 158 ZyWALL ZyNOS CLI Reference Guide Chapter 21 System Commands 21 8 Remote Management Commands Example The following example allows HTTPS management access to the ZyWALL through WAN1 from IP address 2 2 2 2 and displays the server access settings ras sys server load ras Sys server access https wanl on ras sys server secureip https 2 2 2 2 ras sys server save ras sys server disp TELNET server Server Port 23 Access LAN WAN1 DMZ WLAN WAN2 Secure Ip 0 0 0 0 FTP server Server Port 21 Access LAN WAN1 DMZ WLAN WAN2 Secure Ip 0 0 0 0 SSH server Certificate auto generated self signed cert Server Port 22 Access LAN WAN1 DMZ WLAN WAN2 Secure Ip 0 0 0 0 HTTPS server Certificate auto generated self signed cert Authenticate Client Certificates No Server Port 443 Access LAN WAN1 DMZ WLAN WAN2 Secure Ip 2 2 2 2 HTTP server Server Port 80 Access LAN WAN1 DMZ WLAN WAN2 Secure Ip 0 0 0 0 ICMP ping Access LAN WAN1 DMZ WLAN WAN2 Secure Ip 0 0 0
66. User Defined IP Protocol not m 3 both 0 0 0 0 0 0 0 0 1 0 68 Type defined 0 0 0 ZyWALL ZyNOS CLI Reference Guide Chapter 13 Firewall Commands ZyWALL ZyNOS CLI Reference Guide Chapter 13 Firewall Commands ZyWALL ZyNOS CLI Reference Guide Commands Use these commands to configure IDP Intrusion Detection and Prevention settings on the ZyWALL 14 1 Command Summary The following section lists the commands for this feature Table 40 IDP Commands COMMAND DESCRIPTION M idp config clean Clears out all the IDP matrix settings R B idp config dir dmz dmz on off Configures the protected traffic direction setting R B idp config dir dmz lan on off Configures the protected traffic direction setting R B idp config dir dmz wan lt on off gt Configures the protected traffic direction setting R B idp config dir dmz wan2 lt on off gt Configures the protected traffic direction setting R B idp config dir dmz wlan lt on off gt Configures the protected traffic direction setting R B idp config dir lan dmz on off Configures the protected traffic direction setting R B idp config dir lan lan lt on off gt Configures the protected traffic direction setting R B idp config dir lan wan lt on off gt Configures the protected traffic direction setting R B idp config dir lan wa
67. any key to enter debug mode within 3 seconds Use the following command to change the console port speed A higher console port speed is recommended when uploading firmware via the console port A console port speed of 115 200 bps is necessary to view CNM debug messages and packet traces on the ZyWALL ras gt sys baud Usage baud lt 1 5 gt 1 38400 2 19200 3 9600 4 57600 5 115200 ras gt sys baud 5 Saving to ROM Please wait Change Console Speed to 115200 Then hit any key to continue ras gt ZyWALL ZyNOS CLI Reference Guide Chapter 2 Common Commands After you change the console port speed you need to change it also on your terminal emulation software such as HyperTerminal in order to reconnect to the ZyWALL Use the following command to see whether the Zy WALL is acting act as a bridge or router ras sys mode Device mode router ras Use the following command to change the ZyWALL mode bridge or router Usage sys mode router bridge ras sys mode router Device mode router ras ZyWALL ZyNOS CLI Reference Guide 23 Chapter 2 Common Commands Use the following command to display all Zy WALL logs Logs are very useful for troubleshooting If you are having problems with your Zy WALL then customer support may request that you send them the logs ras sys logs display time not
68. appropriate cable 2 Use terminal emulation software with the following settings Table 3 Default Settings for the Console Port SETTING DEFAULT VALUE Terminal Emulation VT100 Baud Rate 9600 bps Parity None Number of Data Bits 8 Number of Stop Bits 1 Flow Control None 3 Press ENTER to open the login screen 1 1 2 Telnet 4 Open a Telnet session to the ZyWALL s IP address If this is your first login use the default values Table 4 Default Management IP Address SETTING DEFAULT VALUE IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Make sure your computer IP address is in the same subnet unless you are accessing the ZyWALL through one or more routers In the latter case make sure remote management of the ZyWALL is allowed via Telnet ZyWALL ZyNOS CLI Reference Guide 13 Chapter 1 How to Access and Use the CLI 1 1 3 SSH You may use this method if your ZyWALL supports SSH connections 1 Connect your computer to one of the Ethernet ports 2 Usea SSH client program to access the ZyWALL If this is your first login use the default values in Table 4 on page 13 and Table 5 on page 14 Make sure your computer IP address is in the same subnet unless you are accessing the Zy WALL through one or more routers 1 2 Logging in Use the administrator username and password If this is your first login use the default values in some ZyWALLs you may not need
69. bandwidth 0 bps Class 99 Name Default Class depth 1 priority 0 filter setting Yes queue 0 30 borrow class 0 parent class 0 Root Class total bandwidth 50M bps allocated bandwidth 0 bps This example adds one LAN subclass using following settings and displays what we configured then Class number 1 5 subclass 5 under the class 1 Bandwidth 600 000 bps Class Name LAN FTP Priority 3 ZyWALL ZyNOS CLI Reference Guide 47 Chapter 6 Bandwidth Management Commands Enable the Borrowing option No ras bm config load ras bm class lan add 1 5 bandwidth 600k name LAN FTP priority 3 borrow off ras bm config save ras bm show class lan Class 0 Name Root Class depth 0 priority 0 filter setting No queue 0 30 borrow class No parent class No total bandwidth 100M bps allocated bandwidth 50M bps Class 1 Name LAN classl depth 1 priority 2 filter setting No queue 0 30 borrow class 1 parent class 0 Root Class total bandwidth 50M bps allocated bandwidth 600K bps Class 1 5 Name LAN FTP depth 2 priority 3 filter setting No queue 0 30 borrow class No parent class 1 LAN class1 total bandwidth 600K bps allocated bandwidth 0 bps Class 99 Name Default Class depth 1 priority 0 filter setting Yes queue 0 30 borrow class 0 parent class 0 Root Class total bandwidth 50M bps all
70. can see only one user defined class 1 The root class 0 displays total traffic amount for the WAN interface The current bandwidth usage matching to the class 1 rule is 500Kb For traffic that doesn t match any user defined class rule it is counted in the default class 99 ras bm monitor wan WAN 0 500Kb 1 500Kb 99 WAN 0 500Kb 1 500Kb 99 WAN 0 500Kb 1 500Kb 99 WAN 0 900Kb 1 500Kb 99 WAN 0 900Kb 1 500Kb 99 0b 0b 0b 400b 400b ZyWALL ZyNOS CLI Reference Guide Chapter 6 Bandwidth Management Commands ZyWALL ZyNOS CLI Reference Guide Bridge Commands Use these commands to configure bridge settings on the ZyWALL 7 1 Command Summary The following table describes the values required for many bridge commands Other values are discussed with the corresponding commands Table 24 Bridge Command Input Values LABEL DESCRIPTION interface This identifies an interface 1 WAN1 2 WAN2 3 LAN 4 Wireless card 5 DVZ 6 WLAN ports in WLAN port role The following section lists the bridge commands Table 22 Bridge Commands COMMAND DESCRIPTION bridge block Blocks IPX PoE IP ARP BPDU and or unknown Ethernet B lt ipx poe ip arp bpdu unknow gt frames from passing through in bridge mode lt on off gt bridge cnt clear Resets the bridging statistics counter R B bridge cnt disp Displays the brid
71. chapter introduces some of the more commonly used commands in the ZyWALL For more detailed usage see the corresponding feature chapter in this guide In the following examples ras is the prompt as that is the default If you configure a system name then that prompt will display as the system name you configured For example change the system name to zyxel using the sys hostname zyxel command the command prompt will then display as zyxel gt 2 1 Change the Idle Timeout By default the ZyWALL automatically logs you out of the management interface after five minutes of inactivity Use the sys stdio command to extend the idle timeout The following example extends the idle timeout to 120 minutes ras sys stdio 120 Stdio Timeout 120 minutes ras 2 2 Interface Information ZyWALL interfaces are defined as shown in Table 2 on page 6 ZyWALL ZyNOS CLI Reference Guide Chapter 2 Common Commands The first command in this example shows information about the LAN port for example it has an IP address of 192 168 1 1 The second command is used to change this IP address to 192 168 100 100 ras ip ifconfig enif0 enif0 mtu 1500 mss 1460 inet 192 168 1 1 netmask Oxffffff00 broadcast 192 168 1 255 RIP RX Ver 1 amp 2 TX Ver 1 InOctets 0 InUnicast 0 InMulticast 0 InDiscards 0 InErrors 0 InUnknownProtos 0 OutOctets 156 OutUnicast 0 OutMulticast 3 OutDiscards 0 OutErrors 0
72. content filtering categories the policy allows or R B category lt block forward gt blocks based on the external database service s rating Use 1 61 All ip cf policy config webControl display to see the available categories ip cf policy config webControl Displays the policy s current external database categories R B display ip cf policy config webControl Turns the external database service content filtering category R B enable lt on off gt based content filtering on or off ip cf policy config webFeature Sets the content filtering policy to block or not block ActiveX R B lt block nonblock gt controls Java applets cookies and disable web proxies lt activex java cookie webproxy gt ip cf policy delete lt index gt Removes the specified content filtering policy R B ip cf policy display lt index gt Displays information about the specified content filtering policy R B ip cf policy displayAll Lists the content filtering policies R B ip cf policy edit index Lets you edit the specified content filtering policy R B ip cf policy insert lt index gt Adds a content filtering policy at the specified number You R B must use this or the edit command before you can use the ip cf policy config commands ip cf policy save Saves and applies the content filtering policy R B ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands 15 1 6 Content Filtering Command Examples
73. ded 94 Loe ene Le enable XOR EEEE Laexa4xA34eu4es d Eam Cac PN RN e we vd dip dence eir e 94 BM Eur d ene dubai us Le es bee ace RA An d fae Saas ques 94 DOM Contig cune soni ig IZScpmSuck Son SES Sad areae rie eee pe a Roe em duo 94 igp Config Lune Gesfrg Lien eum ConleP f e 35293 m do RE bal qu 94 idp Config Lune config COR PES 26k Qe Re sete URN Eu KC RARE SH Ra dK a ERE eee ses 94 Lop config tulle conlig JITIGpOksuN ok tenes cou O56 AKA GONE CERT REOR SOR 94 rdp config tune config l4lIopwitdowck sane evaded beac aiseee s aaa 94 idp config tune contig JIJUGpoksum E gt PORC Rep ee RO E CR 94 bdp config tunes IJ7Ftpasm 1 04 amen be See CUR KORR CACK RC CORR RR 94 idp Config tune gconfiig IJFLpdatsasm sOn Git zdascerioeck er eeu ORDER STR E ECC A OY ee RSE ADU 94 tdp Contig tune config on SLES ipaq pA NUR RUE CURE RC Rea Re RC 94 DUE mune contig SO NOR de a A RR S D 94 igp gonfag Cune ITPOpSusm Hon OLE ceeded ae E Rb SOR Cees NOR GR NUR US 94 idp config tune QOIS excess ee RA HORACE EAD CRAM UR TRAD E AL CR RU OR RAO OR ORM SR ES 94 Dp OORE uus DOE Ls odas wd Pup ibd beard NE M dca dr ob Nee 94 ig COME Qe Cave 22 RR X Eee xxx x eese ed qa d iex Ede quedes ide d m 94 mp verte i266 4 Ma
74. edit firewall active Activates or deactivates the saved firewall settings R B lt yes no gt config edit firewall attack block Select yes to block traffic when it exceeds the tcp max R B lt yes no gt incomplete threshold Select no to delete the oldest half open session when the number of half opened sessions exceeds the tcp max incomplete threshold config edit firewall attack block Sets the time a session is blocked once an attack is R B minute lt 0 255 gt detected This command is only valid when block is set to yes The unit is minute 72 ZyWALL ZyNOS CLI Reference Guide Chapter 10 Configuration Commands Table 27 config Command Summary continued COMMAND DESCRIPTION M config edit firewall attack max Sets the threshold for DOS detection based on the R B incomplete high lt 0 255 gt maximum number of half opened sessions allowed Half opened sessions will be deleted after this level is reached to bring the number down to max incomplete low config edit firewall attack max Sets the level at which the firewall will stop deleting half R B incomplete low lt 0 255 gt opened sessions once a DOS attack has been detected config edit firewall attack minute Sets the threshold to start deleting the old half opened R B high lt 0 255 gt sessions based on the number of half opened sessions per minute
75. ex 255 255 255 0 R B ZyWALL ZyNOS CLI Reference Guide Chapter 6 Bandwidth Management Commands Table 20 Bm Interface Commands continued COMMAND DESCRIPTION M bm filter interface del class Deletes a filter for the specified class R B number gt bm show Displays interface setting class filter setting or statistics R B lt interface class filter statistics gt for the specified interface lt interface gt bm moveFilter interface from to Changes the BWM filter order R B from to A filter index number bm config load save clear Loads saves clears BWM configuration from to the non R B volatile memory bm vpnTraffic on off Sets the BWM classifier to use the outer IP header of R B encrypted VPN traffic when sets on or the IP header of unencrypted VPN traffic when sets off bm packetBased lt on off gt Sets the BWM classifier operation to be session based or R B packet based By default it is session based 6 2 Managing the Bandwidth of VPN Traffic Syntax bm vpnTraffic on off By default the ZyWALL uses the outer source and destination IP addresses of encrypted VPN packets in managing the bandwidth of the VPN traffic when using on with this command These are the IP addresses of the ZyWALL and the remote IPSec router The following figure shows an example of this The ZyWALL uses the IP addresses of the ZyWALL X i
76. for example doc ppt zip exe av display Shows the antivirus settings R B av load Loads the antivirus settings R B av save Saves the antivirus settings R B av signature load lt signature Loads the specified signature So you can configure it R B id gt signature id Each intrusion signature has a unique identification number This number may be searched at myZyXEL com for more detailed information av signature config active Turns the signature you loaded on or off R B lt on off gt av signature config alert Enables or disables alerts for the signature you loaded R B lt on off gt av signature config destroyFile Enables or disables the destruction of files that match the R B lt on off gt virus signature you loaded av signature config log Enables or disables logs for packets that match the signature R B lt on off gt you loaded av signature config sendWinMsg Enables or disables a pop up message in Windows notifying R B lt on off gt the detection of a file that matches the virus signature you loaded av signature display Displays the currently loaded signature s settings R B av signature reset Resets all of the antivirus signatures to their default settings R B av signature save Saves your configuration changes for the signature you R B loaded av tune config 14Icmpcjsum Use the following av tune config commands to configure R B lt on off gt tune settings such as checksum checki
77. information If you have loaded a remote R node entry use 0 to display it sys rn load lt entry gt Loads remote node information R Sys rn mtu 576 1500 Sets the Maximum Transmission Unit number of bytes for the R remote node entry sys rn nailup lt no yes gt Configures the remote node s nailed up setting R Sys rn nat Configures the NAT type for the remote node entry R none sua full feature sys rn pingDrop 1 WAN1 2 WAN2 Drop the connection if the ping check fails R on off sys rn save index Saves remote node s settings R sys rn trigger lt on off gt Enables or disables trigger dial for the remote node R 21 7 Remote Management Commands The following section lists the server remote management commands Table 76 Remote Management Commands COMMAND DESCRIPTION M Sys server access Enables or disables the access type on the specified interface R B telnet ftp ssh http https icmp snmp dns lan wanl wan2 dmz wlan gt lt on off gt sys server auth_client lt https gt Specifies whether the ZyWALL authenticates the client for the R B on off specified service s sessions sys server certificate Sets the server certificate the ZyWALL uses to identify itself for R B lt https ssh gt certificate name the specified service s sessions sys server disp Display s the ZyWALL s server access settings R B sys server load Loads server information
78. ip binding lt enifx gt exempt active Sets whether or not the ZyWALL packets from a range of R B lt yes no gt source IP addresses that were not assigned by the ZyWALL ip binding lt enifx gt exempt range Sets the range of IP addresses that are exempt from IP to R B start ip end ip MAC address binding on the specified interface ip binding lt enifx gt status Displays the IP MAC binding settings for the specified R B interface 15 1 5 Content Filtering Commands The following section lists the content filtering commands Table 45 Content Filtering Commands COMMAND DESCRIPTION M ip cf bypass LAN DMZ WAN Sets content filtering to ignore an interface s web traffic R B on off ip cf common denymsg message Sets or displays the content filtering denied access message R B ip cf common display Shows the general content filtering settings R B ip cf common enable lt on off gt Turns content filtering on or off R B ip cf common redirurl url Pa or displays the content filtering denied access redirect R B ip cf externalDB cache delete Removes an individual entry from the cache of URLs rated by R B entry number All the external content filter server or clears the entire cache ip cf externalDB cache display Displays the category ratings of URLs that the ZyWALL has R B received from the external content filter server ip cf externalDB cache timeout Sets
79. iprivatebp sBp group i0x udns seXverf iD 2 ces de ses dawes hee dodea cRNA 108 ip dns system inserta before record idx 1 new lt name gt 0 FODN 1 wildcard 0 from ISP group lisuser Getined gt f5sp grcUub 2gdX rgp adllesd9 alg hee eh ee eee ede X UE UE 108 ip dns system insertns before record idx 1 new domain name 0 from ISP 1 user de fined public 2 user defined private gt isp group idx dns server ip 108 ip dns system Boves ingex e DOQNM Lia ERR ECC RO HRK SRE RE PES Rd 108 ip dns System Moyens 86S 2 445544 6454 SSE RUE EG E E RU doE R POUR o de de SERS ER BEES 108 xp dns RISO Case ae Labb d x4 ew red d Ya ed Red Raps see eb ER Mcr dE que Ohad n o oe Ro 108 ip dns wlan edit 0 1 2 0 from ISP 1 user defined 2 DNS relay 3 none isp idx ip ad DreSEI Medes eke ee Sa S EE AER d ROE REA MEN Rud E yd E 108 xpo Heer ras 3 kx dE RR IE ERU ee das aedes x eee dece mde eh Ly co peepee Olt hae wed eras watae 2b wide eee hae ome wae eee a 117 ip hEepC lient debug SOn loii au c dee dock dee a ee a de regedit us ie b 109 Ip ELpOlrsnE acu sb 4 4 eS ee eet eae Ses eEs eens m bones Redes aba d dud 109 denuo lut equ quake da ER ASREC AO on bak ARRAS RR GREC OR Ro SER RC TR 109 ip icip discovery lt 2nteri are DODIGPI uwbudsdki dtes katkes COE OB UP RO YOUR EROR ae ES aS IIg
80. lt ra encr gt ll name ca ca cert ra sign auth key subject key length immediately online using SCEP protocol ra sign specifies the name of the RA Registration Authority signing certificate If it is not required type to leave it blank ra encr specifies the name of the RA encryption certificate If it is not required type to leave it blank ZyWALL ZyNOS CLI Reference Guide Chapter 8 Certificates Commands Table 24 Certificates Commands continued COMMAND DESCRIPTION M certificates my cert creat Creates a certificate request and enroll for a certificate R B cmp_enroll lt name gt lt ca address gt immediately online using CMP protocol ca cert auth key subject key length certificates my cert creat Creates a certificate request and saves it on the ZyWALL for later R B request name subject key manual enrollment length certificates my cert creat Creates a self signed local host certificate R B self_signed lt name gt lt subject gt key length specifies the key size Valid options are 0 512 key length validity period 768 1024 1536 and 20468 bits O applies the default value of 1024 validity period specifies the validity period in years Valid range is 1 30 The default is 3 certificates my cert Sets the specified self signed certific
81. oe ee eR ee eae Ra 23 idp config dift v n von Com Obl sors eh de eee eee Ode eee 93 idp coniro Hirt Son 433x445 ceded eee ee hoe oe Ke Sed RC SER 923 agp Car vand Wlan SOBEOIES ee Ua REOR alia ese A UN RUE AUS OE EE UR OR eee Swe 93 00 Contig Mir Wane Qaeda deed Rea dak ZAR DOR OX E C Roe dea c e doce Read 93 idp config Bar vorn 4134 443 GG RE See bes EA WIN d ex x dup de AR dee 93 idp Centos gar quu clam Ore os to bes bo bas een SS RA SAGE AS dd Rd ee EAR Bee we ASS 93 idp config gir weuedean QUEE EOG Ru are dex qoo eon co Recon 93 ZyWALL ZyNOS CLI Reference Guide Index of Commands Dp Snr dur Bennie ON dr eer da dac qas dodici 93 tdp Config dif laaoderq kd nba vate eG RENE SREY REM RECOGE 93 idp config dir Wancewlamn On Ch de RE ee CREE OTEK OER OER E 93 tdp contig Air wlan dmeg eon otZ issis x RO REOGORORN RGbRAcH CC 94 Lop Config dit vlan lon 225 4 eh dsc ew S TOENS SHEET SO Ped Ee ap dd d EET es 94 bdo contag dir wWias wWsH on Otf Rok AURA Ee Sken ee ECCO COCA RO eden RR RO Re ad 94 Lop Config dir wlanewasz on off 26 feces aed mde RUE ACE ROC EGE ARR EOS RUE Er YO 94 dip er Wian wian Sen Cele ze ygbe decanum KR ER EE eases heres eau a wed qun
82. port Creates a Telnet connection to the specified host R B ip traceroute address ttl Sends ICMP packets to trace the route of a remote host R B wait queries ttl Time to live in seconds 0 255 wait Timeout in seconds 0 255 queries The number of ICMP packets to use 1 5 15 1 24 Interface Command Example The following example sets the WAN 1 interface to use IP address 172 16 2 2 and subnet mask 255 255 0 0 ras ip ifconfig enifl 172 16 2 2 16 enifl mtu 1500 mss 1460 inet 172 16 2 2 netmask Oxffff0000 broadcast 172 16 255 255 RIP RX None TX None InOctets 197396 InUnicast 621 InMulticast 982 InDiscards 72 InErrors 0 InUnknownProtos 72 OutOctets 89305 OutUnicast 629 OutMulticast 0 OutDiscards 0 OutErrors 0 ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands 15 1 25 Ping Command Example The following command has the ZyWALL ping IP address 172 16 2 56 5 times ras ip pingext 172 16 2 56 n 5 Resolving 172 16 2 56 172 16 2 56 sent rcvd size rtt avg max min 1 1 36 0 0 0 0 2 2 36 0 0 0 0 3 3 36 0 0 0 0 4 4 36 0 0 0 0 5 5 36 0 0 0 0 Extended Ping From device to 172 16 2 56 Packets Sent 5 Received 5 Lost 0 0 loss Approximate Round Trip Times in milli seconds RTT Average Oms Maximum Oms Minimum Oms ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands ZyWALL ZyNOS CLI R
83. rule lt rule gt tcp destport single with the specified destination port config delete firewall set lt set gt Deletes the rule applying to a UDP packet with any R B rule lt rule gt udp destport any destination port config delete firewall set lt set gt Deletes the port range setting for a rule applying to a UDP R B rule lt rule gt udp destport range packet with a destination port falling within the specified range config delete firewall set lt set gt Deletes the timeout for an idle TCP session before it is R B tcp idle timeout terminated This command has no effect on firewall settings To configure timeout values use tos commands config delete firewall set lt set gt Deletes the timeout for an idle UDP session before it is R B ZyWALL ZyNOS CLI Reference Guide Chapter 10 Configuration Commands Table 27 config Command Summary continued COMMAND DESCRIPTION M config display anti spam Displays all the antispam settings R B config display custom service Displays all configured custom services See Table 26 on R B page 67 for a list of custom service parameters config display custom service Displays the custom service for the entry number given R B lt entry gt 1 100 config display firewall Displays all the firewall settings for all firewall sets R B Available firewall sub commands are active e mail attack Set config display firew
84. sales zyxel co uk Telephone 44 1344 303044 0845 122 0301 UK only Fax 44 1344 303034 Web www zyxel co uk Regular Mail ZyXEL Communications UK Ltd 11 The Courtyard Eastern Road Bracknell Berkshire RG12 2XB United Kingdom UK ZyWALL ZyNOS CLI Reference Guide Index of Commands Index of Commands 3 Use of undocumented commands or misconfiguration can damage the unit as as as as as as as as as as as as as as as aux aux aux aux aux aux aux aux aux aux aux aux aux aux aux aux av av av av av av av av av av av av and possibly render it unusable 3x dena dde Es Ace rM mee Ee ON Me OR RUE I C d dice Ara A OC Ro eria 33 delete blackRule number start number end number 23 delete whiteRule number start number end number 23 Hie incer ace sinter ace Gn OEE 2er dox es dpe CR NR a RU E CN UR A OROA CR 33 ER du dae RE dod dd uiid 33 display runtimedata lt all black white gt all ip mime email subject E dub go eh C eee eee ELO Cd E Caw od ee ob awa 33 enable 6 x oh RAR Ew E Y DECURSU EAE RO OR RERO CREER AR ae Pacitelerance LINSSON ha Sh AS Ow HE Re SORE E WORAC E RE e KR M OY 34
85. schedule sys restart timer lt minute gt Has the ZyWALL restart after the specified number of minutes sys roadrunner debug Enables or disables the Roadrunner service R 0 disable 1 enable sys roadrunner display Displays roadrunner information for the specified interface R interface enifO0 or wanif0 Sys roadrunner restart Restarts the Roadrunner service on the specified interface R interface Sys romreset Restores the default romfile configuration R B sys socket Displays the system socket s ID type control block address R B PCB IP address and port number of peer device connected to the socket Remote Socket and task control block Owner Sys stdio minute Sets the management session inactivity timeout value R B sys updateServer debug type Turns the update server debug flags on or off R B 0 Disable l updateServer 0 Disables both update server debug flags lt on off gt 2 httpClient 1 Enables or disables the update server debug flag lt on off gt 3 Al1 gt 2 Enables or disables the HTTP client debug flag 3 Enables both update server debug flags sys updateServer display Shows the address and path of the update server for updating R B the anti virus and IDP signatures sys updateServer signatureUpdate Update the anti virus and IDP signatures R B sys upnp active 0 nol 1 yes Activates or deactivates the saved UPnP settings R sys upnp config Allow users to make configuration changes through UPnP R 0 den
86. set setf top idle timeoutb 2 war RR TE reU 70 delete firewall set lt set gt udp idle timeout 70 delete firewall PC S CR 69 ZyWALL ZyNOS CLI Reference Guide Index of Commands config config Gonflg config contig config Gonilg config Gontlg config config config config contig config contig config config config config Gontig config config config config config config config config config config config config config config config contig config config config config config Gontig config config config config Gonilsg config config config config config Gontflg config ebnrig Creoles qa UA wicuee knkea aug d hocq rie dca e eee etn d dca ped qui dude GUStON SOTWIOO CEDE CUN 25a LR ACER E AH AURA Re ee OR CA ACER Ro ERROR 71 QUSDONSSDIVISD aa pce qos owe dog cede eee a Oh eee eed Pee ee ee ee 7L display Tirevall DUTI soca seh e d be ded FI IXrewell 56a Co rari eE ee a ER NA 71 display firewall set sety rule 2 occ c seen uk OR Ox RO EROR E EErEE l SOL Seo exea dora p display Gol teh Rea Gre PN Rx de ers Eq ya dde pure geI pn H
87. sharing commands Table 62 Load Balancing Commands COMMAND DESCRIPTION M ls band lt up down gt lt wanl Configures Least Load First load balancing to measure R bandwidth wan2 bandwidth upstream or downstream traffic and how many Kbps to distribute to each WAN interface ls disp Displays the load balancing configuration R ls hostBase enable Enables or disables the WAN Interface to local host mapping 0 disable 1 enable timeout Enable it to have the ZyWALL send all of a local computer s traffic through the same WAN interface for the period of time that you specify using the 1s hostBase timeout command ls hostBase runtime Displays whether WAN Interface to local host mapping is enabled or disabled ls hostBase timeout 1 600 Sets the timeout value for WAN Interface to local host mapping 17600 seconds ls mode Sets the load balancing method R Xl1 LLF 2 WRR 3 5pillover 255 Non 1 Least Load First dynamic load balancing 67 2 Weighted Round Robin 3 Spillover 255 disable load balancing ls spillover bandwidth Configures the spillover upper bandwidth of the primary WAN R For example Is spillover 100 has the ZyWALL send traffic to the secondary WAN when the primary WAN bandwidth exceeds 100 Kbps ls timeframe 10 600 With Least Load First or spillover load balancing set the R ZyWALL to measure bandwidth using the average bandwidth during the specified time interval 10 600 seconds
88. the antispam ACL Access Control R B lt all black white gt List structure all ip mime email subject as display serverlist Displays the list of rating servers The rating server provides R B a score for each mail on how likely it is to be spam or not as enable 0 1 Enables 1 or disables 0 antispam R B ZyWALL ZyNOS CLI Reference Guide Chapter 3 Antispam Commands Table 9 as Commands continued COMMAND DESCRIPTION M as failTolerance timeout Sets the timeout interval for a rating server If the rating R B server times out a second time this server is removed from server list Minimum timeout value is 0 and has no upper limit as freeSession Frees deletes all mail sessions R B as getServerList y n Sends a request for a server list manually R B as rtnct clear Clears the record of non routed emails R as rtnct disp Counts how many emails were not routed and records the R reason for not routing as scoreTimeout timeout Sets a timeout period for a query to a rating server for an R B antispam score timeout value is 0 30 seconds as xtag lt tag gt lt content gt Sets a message xtag in the mail header The tag depends R B on the mail application used Examples are lt X Mailer gt or lt X MimeOLE gt tag content The following table shows a list of default values Table 10 as Default Values VARIABLE DEFAULT VALUE asAction 1 antispam disabled
89. the destination MAC address This is used to determine if any other hosts on the network are using the same IP address as the sending host The other hosts in the network can also update their ARP table IP address to MAC address mappings with this host s MAC address The ip arp ackGratuitous commands set how the ZyWALL handles gratuitous ARP requests e Use ip arp ackGratuitous active no to have the ZyWALL ignore gratuitous ARP requests e Use ip arp ackGratuitous active yes to have the ZyWALL respond to gratuitous ARP requests ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands For example say the regular gateway goes down and a backup gateway sends a gratuitous ARP request If the request is for an IP address that is not already in the ZyWALL s ARP table the ZyWALL sends an ARP request to ask which host is using the IP address After the ZyWALL receives a reply from the backup gateway it adds an ARP table entry If the ZyWALL s ARP table already has an entry for the IP address the ZyWALL s response depends on how you configure the ip arp ackGratuitous forceUpdate command e Use ip arp ackGratuitous forceUpdate on to have the ZyWALL update the MAC address in the ARP entry e Use ip arp ackGratuitous forceUpdate off to have the ZyWALL not update the MAC address in the ARP entry A backup gateway as in the following graphic is an example of when you might want to turn on the forced update for gratuitous
90. to the dial backup port aux cnt clear aux port Clears the auxiliary port s counter information aux cnt disp aux port Displays the auxiliary port s counter information aux dial aux port phone number Has the ZyWALL dial the modem Include a symbol at the beginning of the phone number as required aux disableDSRCheck The LG 340 wireless modem does not send a DSR when it is ready Use this command with a LG 340 wireless modem to have the ZyWALL not check for a DSR signal aux dqtest aux port Sends the AT command to the WAN device aux drop aux port Disconnects the auxiliary port s connection aux enableDSRCheck Has the ZyWALL check for a DSR signal from the modem Use this command if you have stopped using a LG 340 wireless modem and want to change to a regular modem that sends a DSR when it is ready aux init aux port Initializes the auxiliary port s connection ZyWALL ZyNOS CLI Reference Guide Chapter 5 Auxiliary Dial Backup Commands Table 15 Dial Backup Commands continued COMMAND DESCRIPTION M aux mstatus lt aux port gt Displays the status of the modem s last call R aux mtype aux port Displays the type of modem connected to the auxiliary port R aux netstat lt aux port gt Displays upper layer packet information for the specified R device aux rate lt aux port gt Displays the transmit and receive rates R aux signal aux port
91. to enter the user name Table 5 Default User Name and Password SETTING DEFAULT VALUE User Name admin Password 1234 The ZyWALL automatically logs you out of the management interface after five minutes of inactivity If this happens to you simply log back in again Usethe sys stdio command to extend the idle timeout For example the ZyWALL automatically logs you out of the management interface after 60 minutes of inactivity after you usethe sys stdio 60 command 1 3 Using Shortcuts and Getting Help This table identifies some shortcuts in the CLI as well as how to get help Table 6 CLI Shortcuts and Help COMMAND KEY S DESCRIPTION up down arrow keys Scrolls through the list of recently used commands You can edit any command or press ENTER to run it again CTRL U Clears the current command Displays the keywords and or input values that are allowed in place of the help Displays the full commands that are allowed in place of help Use the help command to view the available commands on the ZyWALL Follow these steps to create a list of supported commands 1 Log into the CLI ZyWALL ZyNOS CLI Reference Guide Chapter 1 How to Access and Use the CLI 2 Type help and press ENTER A list comes up which shows all the commands available for this device ras help Valid commands are sys exit ether aux config wwan wlan ip ipse
92. update day 2007 07 12 14 58 19 This command displays Zy WALL service registration details ras sys myZyxelCom serviceDisplay Content Filter Service Actived Licenced Trial Expired 2007 07 08 16 36 15 Anti Spam Service Actived Licenced Trial Expired 2007 09 06 16 36 18 IDP Anti Virus Service Actived Licenced Trial Expired 2007 09 06 16 36 18 ras ZyWALL ZyNOS CLI Reference Guide Chapter 2 Common Commands Use these commands to enable anti spam on the ZyWALL for traffic going from WANI to LAN ras as enable 1 Anti spam enabled ras as dir wanl lan on From To lan wanl dmz wan2 wlan vpn lan off off off off off off wanl on off off off off off dmz off Off otf off ott off wan2 Off Off e OLE SOLE ort off wlan off otf otf off off off vpn off off off off off off ras Use the following commands to enable anti virus on the ZyWALL You first need to use the load command ras ras ras ras AV av av av av load config enable on save disp Enable AV Forward Over ZIP Session AV Forward Over ZIP Session On Off Off Use the following commands to enable content filtering on the ZyWALL then on the external database DB and then display the default policy ras ip cf common enable on ras ip cf externalDB enable on ras ip cf policy displayAll index Name Active IP Group Start A
93. 0 00 43 1472882 0 00 44 1472882 0 00 45 1472882 0 00 46 1472882 0 00 47 1472882 0 00 48 1472882 0 00 49 1472882 0 00 50 1472882 0 00 51 1472882 0 00 52 1472882 0 00 53 1472882 0 00 54 1459578 0 90 55 1472882 0 00 56 1472882 0 00 57 1472882 0 00 58 1472882 0 00 59 1472882 0 00 60 1472882 0 00 61 1472882 0 00 62 1472882 0 00 Average CPU Load 3 5 ras ZyWALL ZyNOS CLI Reference Guide Chapter 2 Common Commands Use the following command to view the ZyWALL s time and date ras sys datetime time Current time is 08 26 56 ras sys datetime date Current date is Wed 2007 08 08 ras Use the following command to restart your ZyWALL right away ras sys reboot Bootbase Version V1 08 01 28 2005 14 47 16 RAM Size 32 Mbytes FLASH Intel 64M ZyNOS Version V4 03 XD 0 Preb2_0802_1 08 03 2007 16 48 04 Press any key to enter debug mode within 3 seconds Use the following command to reset the ZyWALL to the factory defaults Make sure you back up your current configuration first using the web configurator or SMT The ZyWALL will restart and the console port speed will also reset to 9 600 bps ras gt sys romreset Do you want to restore default ROM file y n y System Restart Console speed will be changed to 9600 bps Bootbase Version V1 08 01 30 2005 14 41 51 RAM Size 64 Mbytes FLASH Intel 128M ZyNOS Version V4 03 WZ 0 Preb2_0803 08 03 2007 11 08 13 Press
94. 0 don t show debug type 1 show debug type Records Call Detail Record logs R B Sys logs category display Displays the log settings for the categories of logs R B sys logs category error O none 1 log 2 alert 3 both 0 don t show debug type 1 show debug type Records system error logs and or sends alerts R B Sys logs category icmp 0 none 1 109g Records ICMP logs R B Sys logs category idp 0 none 1 10g 2 alert 3 both 0 don t show debug type 1 show debug type Records IDP logs and or sends alerts R B Sys logs category ike 0 none 1 10g 2 alert 3 both 0 don t show debug type 1 show debug type Records IKE logs and or sends alerts ZyWALL ZyNOS CLI Reference Guide Chapter 21 System Commands Table 74 Logs Commands continued COMMAND DESCRIPTION Sys logs category ipsec 0 none 1 10g 2 alert 3 both 0 don t show debug type 1 show debug type Records IPSec logs and or sends alerts Sys logs category javablocked 0 none 1 10g 2 alert 3 both 0 don t show debug type 1 show debug type Records blocked web feature logs and or sends alerts R B sys logs category mten O none 1 log 0 don t show debug type 1l show debug type Records system maintenance logs R B sys logs category packetfilter O none 1l log 0 don t show debug type 1 show debug type Records packet filter logs R B sys logs c
95. 0f fe 0a 2d 3b 41 enifo 172 16 1 30 10 Mb Ethernet 270 00 60 53 45 2b c5 41 enifo 172 16 1 53 10 Mb Ethernet 210 00 16 d3 b8 3d la 41 enifo VID 108 92 10 Mb Ethernet 160 00 16 36 10 26 2d 41 enifo 172 16441 2 10 Mb Ethernet 130 00 16 d3 37 c7 33 41 enifo 172 16 1 42 10 Mb Ethernet 150 00 00 e8 71 e3 f9 41 enifo 172 16 1 14 10 Mb Ethernet 250 00 13 49 50 99 16 41 enifo 172 165 1 7 10 Mb Ethernet 190 00 0d 60 cb fd 08 41 enifo 172 16 1 52 10 Mb Ethernet 130 00 0f fe 32 b4 12 41 enifo num of arp entries 13 Each ZyWALL can support a specific number of NAT sessions in total You can limit the number of NAT sessions allowed per host by using the ip nat session command In the following example each host may have up to 4000 NAT sessions open at one time The total number of NAT sessions must not exceed the number for your ZyWALL ras gt ip nat session 4000 ip nat session NAT session number per host 4000 ras gt To see the IP routing table enter the following command ras gt ip route status Dest FF Len Device Gateway Metric stat Timer Use 192 168 1 0 00 24 enetO 192 168 1 1 1 0410 0 0 192 168 100 0 00 24 enetO 192 168 100 100 1 041b 0 0 default 00 0 Idle WAN 2 102 002b 0 0 ras ZyWALL ZyNOS CLI Reference Guide Chapter 2 Common Commands 2 3 Basic System Information Usethefollowing sys version and sys atsh commands to view information about your ZyWALL ras sys version ZyNOS
96. 10 2 2 36 530 520 530 510 3 3 36 850 630 850 510 4 4 36 1030 730 1030 510 5 5 36 1070 798 1070 510 Extended Ping From device to 172 16 1 202 Packets Sent 5 Received 5 Lost 0 0 loss Approximate Round Trip Times in milli seconds RTT Average 798ms Maximum 1070ms Minimum 510ms ras gt 2 4 UTM and myZyXEL com BS Use these commands to create an account at myZyXEL com and view what services you have activated Ensure your ZyWALL is connected to the Internet before you use the following commands ZyWALL ZyNOS CLI Reference Guide Chapter 2 Common Commands You need to create an account at my ZyXEL com in order to activate content filtering anti spam and anti virus UTM Unified Threat Management services See the myZyXEL com chapter for information on the country code you should use ras sys myZyxelCom register username password email countryCode This command displays your ZyWALL s registration information ras sys myZyxelCom display register server address www myzyxel com register server path register registration username aseawfasf password aaaaaa email aa aa aa aa sku CFRT 1 amp CFST 319 amp ZASS 469 amp ISUS 469 amp ZAVS 4 69 country code 204 register state 1 register MAC 0000AA220765 CF expired day 2008 05 26 14 58 19 AS expired day 2008 10 23 14 58 19 2Inl expired day 2008 10 23 14 58 19 Last
97. 15 icmpOutErrors 0 3 icmpInDestUnreachs 0 16 icmpOutDestUnreachs 0 4 icmpInTimeExcds 0 17 icmpOutTimeExcds 0 5 icmpInParmProbs 0 18 icmpOutParmProbs 0 6 icmpInSrcQuenchs 0 19 icmpOutSrcQuenchs 0 7 icmpInRedirects 0 20 icmpOutRedirects 0 8 icmpInEchos 0 21 icmpOutEchos 1614 9 icmpInEchoReps 0 22 icmpOutEchoReps 0 10 icmpInTimestamps 0 23 icmpOutTimestamps 0 11 icmpInTimestampReps 0 24 icmpOutTimestampReps 0 12 icmpInAddrMasks 0 25 icmpOutAddrMasks 0 13 icmpInAddrMaskReps 0 26 icmpOutAddrMaskReps 0 The following table descri bes the labels in this display Table 51 ip icmp status Description LABEL DESCRIPTION icmpInMsgs The number of ICMP messages received on the interface icmplnErrors The number of ICMP messages with an error received on the interface icmpInDestUnreachs The number of ICMP Destination Unreachable messages received on the interface icmplnTimeExcds The number of ICMP Time Exceeded messages received on the interface icmpInParmProbs The number of ICMP Parameter Problem messages received on the interface icmpInSrcQuenchs The number of ICMP Source Quench messages received on the interface icmpInRedirects The number of ICMP Redirect messages received on the interface icmplnEchos The number of ICMP Echo request messages received on the interface icmpInEchoReps The number of ICMP Echo Reply messages r
98. 2 Command Examples This example shows how to configure save and display the settings of a wireless security profile This example uses the following settings ZyWALL ZyNOS CLI Reference Guide Chapter 22 Wireless Commands Security profile name Sec 01 Security mode WPA2 with Pre Shared Key Group key update time interval every 600 seconds Passphrase aaaaaaaa ras ras ras wcfg wcfg wcfg security security security ras wcfg security ras wcfg security 1 save Security policy 1 saved ras wcfg security 1 show 1 1 M 1 name Sec 01 mode wpa2psk groupkeytime 600 passphrase aaaaaaaa Index 1 Name Security Mode 8021x WPA WPA2 setting ReAuthentication timer Idle timeout WPA groupkey update timer Pre shared key Sec 01 wpa2psk 1800 3600 600 aaaaaaaa ras This example shows how to configure save and display the settings of a wireless SSID profile This example uses the following settings SSID profile name SSID 01 SSID name ZyWALL Security profile name Sec 01 Mac filter disable ras wcfg ssid 1 name SSID 01 ras wcfg ssid 1 ssid ZyWALL ras wcfg ssid 1 security Sec 01 ras wcfg ssid 1 macfilter disable ras wcfg ssid 1 save SSID policy 1 saved ras wcfg ssid 1 show Index 1 ame SSID 01 SSID ZyWALL Ext Security QoS Mode ug 1 Sec 01 Security policy index name ras ZyWALL ZyNOS CLI
99. 4 2 Command Examples This example loads the antivirus signature enables antivirus protection zip file decompression and virus scanning on SMTP traffic from the LAN to the WAN ras av load ras av config enable on ras av config decompress on ras av config smtp active on ras av config smtp dir lan wanl on From To lan wanl dmz wlan vpn lan off on off off off wanl off off off obf dmz off off off off off wlan off off off off off vpn off off off off off ras av save ZyWALL ZyNOS CLI Reference Guide 9 1 Auxiliary Dial Backup Commands Use these commands to configure dial backup auxiliary port settings on the ZyWALL Command Summary The following table describes the values required for many dial backup commands Other values are discussed with the corresponding commands Table 14 Dial Backup Command Input Values LABEL DESCRIPTION aux port This identifies the channel device for dial backup aux0 This is the dial backup port aux1 This is the 3G WAN connection This only applies to devices with a 3G WAN connection The following section lists the aux commands Table 15 Dial Backup Commands COMMAND DESCRIPTION aux atring aux port Shows the AT command strings that the ZyWALL has sent to the WAN device and the responses aux cdmamdm flag 110 1 allows the ZyWALL to dial a CDMA modem connected
100. A 232 YEMEN 233 YUGOSLAVIA 234 ZAMBIA 235 ZIMBABWE 236 18 3 Command Examples This example displays your ZyWALL s registration information ras sys myZyxelCom display register server address www myzyxel com register server path register registration username aseawfasf password aaaaaa email aa aa aa aa sku CFRT 1 amp CFST 319 amp 2ASS 469 amp ISUS 469 amp 2AVS 4069 country code 204 register state 1 register MAC 0000AA220765 CF expired day 2008 05 26 14 58 19 AS expired day 2008 10 23 14 58 19 2Inl expired day 2008 10 23 14 58 19 Last update day 2007 07 12 14 58 19 Table 65 sys myZyxelCom display Command Output FIELD NAME DESCRIPTION register server Displays the URL of the registration server address register server Displays the path storing your ZyWALL s registration information on path the registration server username Displays the registered username ZyWALL ZyNOS CLI Reference Guide Chapter 18 myZyXEL com Commands Table 65 sys myZyxelCom display Command Output FIELD NAME DESCRIPTION password Displays the registered password email Displays the registered e mail address sku This is a string the registration server uses to validate your ZyWALL country code Displays the registered country code register state Displays whether the ZyWALL has completed the product registration 1 Yes
101. ARP requests One day gateway A shuts down and the backup gateway B comes online using the same static IP address as gateway A Gateway B broadcasts a gratuitous ARP request to ask which host is using its IP address If ackGratuitous is on and set to force updates the ZyWALL receives the gratuitous ARP request and updates its ARP table This way the ZyWALL has a correct gateway ARP entry to forward packets through the backup gateway If ackGratuitous is off or not set to force updates the ZyWALL will not update the gateway ARP entry and cannot forward packets through gateway B Figure 3 Backup Gateway LAN WAN Updating the ARP entries could increase the danger of spoofing attacks It is only recommended that you turn on ackGratuitous and force update if you need it like in the previous backup gateway example Turning on the force updates option is more dangerous than leaving it off because the ZyWALL updates the ARP table even when there is an existing entry ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands 15 1 4 Binding Commands The following section lists the commands for having a non WAN Ethernet interface filter packets based on IP address to MAC address binding Table 44 Binding Commands COMMAND DESCRIPTION M ip binding lt enifx gt active Enable this to have the specified interface accept traffic only R B lt yes no gt from devices which have received an IP address from the ZyWALL
102. AllExceptTrusted Block all web access except the listed trusted web sites unblockRWFToTrusted Allows access to restricted web features only on trusted web sites kewordBlock Block access to websites with URLs that contain specified keywords in the domain name or IP address fullPath Full path has the ZyWALL check all characters that come before the last slash in the URL For example with the URL www zyxel com tw news pressroom php full path URL checking searches for keywords within www zyxel com tw news caseInsensitive Sets whether or not the content filtering policy s customized settings are case sensitive fileName Filename URL checking has the ZyWALL check all of the characters in the URL For example filename URL checking searches for keywords within the URL www zyxel com tw news pressroom php enable disable Turn the content filtering policy or its customized settings on or off ip cf policy config enable Turns the content filtering policy on or off R B on off ip cf policy config ipGroup add Adds an IP group to the policy R B 1 Single 2 Subnet 3 Range ip addressi mask ip address2 ip cf policy config ipGroup Removes an IP group from the policy R B delete lt index gt ip cf policy config ipGroup Displays the content filtering policy s IP groups R B display ip cf policy config name lt name gt Sets the content filtering policy s name You must use ip cf R B policy insert Orip cf policy edit command befo
103. B G 4 A Only 1 802 11b mode only 2 802 11g mode only 3 802 11b 802 11g modes 4 802 11a mode only wlan rtsThreshold lt 256 2346 gt Sets the RTS CTS threshold value R B wlan removeSTA mac address Disconnects a connected wireless station with the R B specified MAC address wlan reset Resets the ZyWALL s wireless module R B wlan scan Scans the environment and displays a R B recommended RF channel which is not used by other wireless APs in that area This command works only when your wireless card is activated wlan ssidprofile set profile name Sets the wireless card to use the specified SSID R B profile wlan ssidprofile show Displays the currently active SSID profile R B ZyWALL ZyNOS CLI Reference Guide Chapter 22 Wireless Commands Table 81 General Wireless Commands continued COMMAND DESCRIPTION M wlan version Displays the driver version number of the wireless R B card wlan showBandInfo Displays the radio frequency band the wireless card R B is currently using wlan counter Displays driver status R B The following section lists the commands deal with SSID profiles ZyWALL supports 8 SSID profiles Only one SSID profile is active at the same time Table 82 Wireless SSID Profile Commands COMMAND DESCRIPTION M wcfg ssid 1 8 name lt name gt Sets the name for the specified SSID profile R B wcfg ssid 1 8
104. CLI Reference Guide Chapter 10 Configuration Commands Table 27 config Command Summary continued udp idle timeout terminated This command has no effect on firewall settings To configure timeout values use tos commands COMMAND DESCRIPTION M config delete firewall set lt set gt Deletes whether or not there is notification of a DoS attack R B rule lt rule gt alert or a violation of the alert settings config delete firewall set lt set gt Deletes the desired ICMP custom service R B rule lt rule gt custom icmp config delete firewall set lt set gt Deletes the desired user defined IP Protocol custom R B rule lt rule gt custom ip service config delete firewall set lt set gt Deletes the IP address range setting in a rule applying toa R B rule lt rule gt destaddr rang packet with a destination IP address which falls within the specified range config delete firewall set lt set gt Deletes the IP address setting for a rule applying to a R B rule lt rule gt destaddr singl packet with the destination IP address config delete firewall set lt set gt Deletes the IP address and subnet mask settings for a rule R B rule lt rule gt destaddr subnet applying to a packet with the destination IP address and subnet mask config delete firewall se
105. Commands Table 64 Country Codes COUNTRY NAME COUNTRY CODE KAZAKHSTAN 112 KENYA 113 KIRIBATI 114 KOREA REPUBLIC OF 115 KUWAIT 116 KYRGYZSTAN 117 LAO PEOPLE s DEMOCRATIC REPUBLIC OF 118 LATVIA 119 LEBANON 120 LESOTHO 121 LIBERIA 122 LIECHTENSTEIN 123 LITHUANIA 124 LUXEMBOURG 125 MACAU 126 MACEDONIA FORMER YUGOSLAV REPUBLIC 127 MADAGASCAR 128 MALAWI 129 MALAYSIA 130 MALDIVES 131 MALI 132 MALTA 133 MARSHALL ISLANDS 134 MARTINIQUE 135 MAURITANIA 136 MAURITIUS 137 MAYOTTE 138 MEXICO 139 MICRONESIA FEDERAL STATE OF 140 MOLDOVA REPUBLIC OF 141 MONACO 142 MONGOLIA 143 MONTSERRAT 144 MOROCCO 145 MOZAMBIQUE 146 NAMIBIA 147 NAURU 148 NEPAL 149 ZyWALL ZyNOS CLI Reference Guide Chapter 18 myZyXEL com Commands Table 64 Country Codes COUNTRY NAME COUNTRY CODE NETHERLANDS 150 NETHERLANDS ANTILLES 151 NEW CALEDONIA 152 NEW_ZEALAND 153 NICARAGUA 154 NIGER 155 NIGERIA 156 NIUE 157 NORFOLK_ISLAND 158 NORTHERN MARIANA ISLANDS 159 NORWAY 160 NOT DETERMINED 161 OMAN 162 PAKISTAN 163 PALAU 164 PANAMA 164 PAPUA NEW GUINEA 166 PARAGUAY 167 PERU 168 PHILIPPINES 169 PITCAIRN ISLAND 170 POLAND 171 PORTUGAL 172 PUERTO RICO 178 QATAR 174 REUNION ISLAND 175 ROMANIA 176
106. EE Odd 63 enin deum beset RUE uA EN EG da at 63 enm Gnery Inoneldes sdes Dev suas eaten RES 63 Gui Respalive Geo 2 43dacex d 63 enm mana Lnedesqsqea dcs Rd Rd Wa du eR vea adiu e adque d qa de de o 63 Sith BESS rakad ee ud qd Ee dud SA DS bees d ee Ede rx S S d E da ew RR A HERE ERAS E 63 E aio ae Resa cee 63 ZyWALL ZyNOS CLI Reference Guide Index of Commands cnm version config config config config config Gonilg config config config config config config contig config config config config config config config config config config config config config config contig config contig config config config config config config config config config config config config config config config config config config config Gonilg config config config config config config config config pes eran EG ene Pee ee eee qb d t urea E aug d ced d qd E eases 63 DLE cco PAG qd Ead Rd d Eq d pe ardet ES UR VN V AK CN E Eq Rd x rU Ea da 68 delpgre smtrvespaen ACLS d REOR EO NUES AUC eK ADR E P ole ee REOR e 68 delete anti span whoteBule i quA pa den RO dE
107. G Card Configuration Traffic Redirect ISP Parameters for Internet Access WAN IP Address Assignment gi ZyWALL ZyNOS CLI Reference Guide Chapter 23 WWAN Commands Figure 11 WWAN configuration example Advanced Setup Downioadtinsd Z mi 9 8 ho en fo C ae ZyWALL ZyNOS CLI Reference Guide Chapter 22 WWAN Commands ZyWALL ZyNOS CLI Reference Guide PART III Appendices and Index of Commands ormation 177 ustomer Support 181 mmands 187 Legal Information Copyright Copyright 2008 by ZyXEL Communications Corporation The contents of this publication may not be reproduced in any part or as a whole transcribed stored in a retrieval system translated into any language or transmitted in any form or by any means electronic mechanical magnetic optical chemical photocopying manual or otherwise without the prior written permission of ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks Zy
108. High 0 TCP Max Incomplete 0 ACL name ACL Default Set Blocks 0 inute High 0 ax Incomplete High 0 TCP Max Incomplete 0 ACL name ACL Default Set Blocks 0 inute High 0 ax Incomplete High 0 TCP Max Incomplete 0 ACL name ACL Default Set Blocks 0 inute High 0 ax Incomplete High 0 TCP Max Incomplete 0 ACL name ACL Default Set Blocks 0 inute High 0 ax Incomplete High 0 TCP Max Incomplete 0 ACL name ACL Default Set Blocks 0 inute High 0 ax Incomplete High 0 TCP Max Incomplete 0 ACL name ACL Default Set Blocks 0 inute High 0 ax Incomplete High 0 TCP Max Incomplete 0 ACL name ACL Default Set Blocks 0 inute High 0 ax Incomplete High 0 TCP Max Incomplete 0 ACL name ACL Default Set Blocks 0 inute High 0 ax Incomplete High 0 TCP Max Incomplete 0 ACL name ACL Default Set Blocks 0 inute High 0 ax Incomplete High 0 TCP Max Incomplete 0 ZyWALL ZyNOS CLI Reference Guide Chapter 13 Firewall Commands This example loads a firewall schedule for LAN to WAN firewall rule 1 and sets the schedule to apply the rule on all days of the week except Saturday and saves the schedule ras sys Schedul schedule load l yes 0 firewall 21 Active 0 no ras gt sys Sun 1 Schedule ras gt sys firewall schedule week Mon 0 Tue 1 Wed 1 Enable All Day On firewall schedule save Thu Save sch ras gt sys dule successful firewall acl disp 2 1 ACL Ru
109. IG ee Sih wh 152 dune debug 20 tort essorer ittas rR EEr Fe wed wx uo FEE Red ES ee due eae 162 dune Crap lay da p ees een Bane Ee hee ale adi a e M dod ed 162 Guns restart ee OE A EORR COE AA CE OF RR 162 Didguostsis COInSQTIE css acne bed ed x Pos Ap E EU do EHLERS DEORE RR ERG Ee pc USO o RR 152 disgos Cig OS 21443 4 4 8 d EE REC Eb d edF Pb d PRX PRSE edd xe b dde d Rd be dux s 152 disgnostro mari authEndble ponloff eei adGeAa Rede XX KR Oe do CROP E Rene Re 152 diagnostic maril sGLBESSSEWGPO CEEBWOZQE quss ewe seme ee Robo coe ae e RO CR REOR ae ario d 152 diagnostic etl scbHUsET Rue Ropa Ce Ade dos p cR SE 152 griagnescic Mat merlblsplsi Edd 152 diagnestic mail iarlRecerver ip adcgress domarn name ad aaa XOT 155 diagnostic mail marilSender 7p sddress domeimn name eoozeswn oo kn yon mh RR Rom 152 diagnostic mail iarloerver lt ip scdress Sides Cae ad ew SRO 152 disgnostio maril m allsubject omaJl sHDJ8OU0t is skews AERE E gatas 152 dion INS BON Qu db PI DES Ee Ed SAMOS ead pace RE ee d os 152 UiGgmostes SONO Qaa dXX RN bap RR E ERE ON EO doo CA URL ea Shes M 152 Gcegmostis dioply oes s 64 sao EE d ei Edessa eee eS 152 disgnostrc schedule Dour 4 he ee ele barriro SMRS REE HOES 152 Orognostis Schedule minute
110. II characters mail timeout This is measured in seconds between 0 4294967295 seconds Editing deleting or inserting these values has no effect To configure these timeout values use tos commands as these are global settings The following section lists the commands for this feature Table 27 config Command Summary COMMAND DESCRIPTION M config cli Displays the features you can configure with the config R B command config delete anti spam blackRule Removes the antispam blacklist The blacklist is a list of IP R B addresses of known spammers to be blocked config delete anti spam whiteRule Removes the antispam whitelist The whitelist is a list of IP R B addresses known to be safe config delete custom service Deletes the specified custom service entry R B lt entry gt config delete custom service Deletes the ICMP code This field is optional for ICMP The R B lt entry gt icmp code code and type of an ICMP packet together indicate the purpose of the packet config delete custom service Deletes the ICMP type R B lt entry gt icmp type config delete custom service Deletes the IP protocol for a selected custom service R B lt entry gt ip protocol config delete custom service Deletes the name of the selected custom service R B lt entry gt name config delete custom service Deletes the port range setting for the custom service R B lt entry g
111. NOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners Certifications Federal Communications Commission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the following two conditions This device may not cause harmful interference This device must accept any interference received including interference that may cause undesired operations This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This device generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation ZyWALL ZyNOS CLI Reference Guide Appendix A Legal Information If this device does cause harmful interference to radio television reception which can be determined by turning the device off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna
112. OLPOR SOR 1 54 wacca eicRR3 Redux NSS Ree dde Seeded qe eed es Fu Sate woblespam blsckRube OQ ES 2222 ex ead eek dl a eC Ree har ede de T Burt atl Beers SQUE 2123 d aw e d duci erar oS wh dd qnd d Fi edit actiespam mpsrkobritcg SSpamebsg enims sdb N see ees T edit Anti spam phishingsLrieg SphISBIBg LSOS Saba dope RE eee TY edil Oe eae Rae 31 edit anti spam ho sSDaN SCOZO LOQU Lu EPOR TY edit anti spam rule lt rule gt email 1 whitelist 2 blacklist active 0 dis able non rzesr o numberrenable data e meil 22 9 RE E RSE Y VOR RO OS Ta edit anti spam rule lt rule gt ip 1 whitelist 2 blacklist active 0 disable non zero number enable address ip address netmask mask po edit anti spam rule lt rule gt mime 1 whitelist 2 blacklist active 0 disable non zero number enable header lt mime header gt value lt mime value gt T2 Burt CV ce SUE IO qeu dedo Na dice whaoe T2 edit antiespam Threshold RERS RRR CREE ESS T2 Burt whrtebule 2212981324333 x E Rd Ru RU or QR Had hea Eg RS 72 edit custom servicdce entry iomp oode eUe2559 72 edit ouUsLoN Service entrygs Poempstype ee eS qa edit custom service lt en
113. ON M sys logs mail user smtp Specifies or displays the user name up to 31 characters for R B username the e mail account the ZyWALL uses for e mailing logs sys logs save Saves the log settings to non volatile memory R B sys logs switch asmlog Enables or disables asymmetrical route logs R B lt O no l yes gt sys logs switch bmlog Enables or disables broadcast and multicast logs R B lt O no l yes gt sys logs switch display Displays the switch log settings R B sys logs switch dynacllog Enables or disables dynamic firewall logs R B lt O no l yes gt sys logs syslog active Enables or disables the UNIX syslog R B O no l yes sys logs syslog display Displays the syslog settings R B sys logs syslog facility lt 1 7 gt Logs the messages to different files R B sys logs syslog server domain This sets the domain name and IP address for the syslog R B name ip address server to send the logs sys logs updateSvrIP minute Sets how often to resolve the mail and syslog server domain R B name to an IP address 21 5 Configuring What You Want the ZyWALL to Log 1 Use the sys logs load command to load the log settings for editing Then you can configure which logs the ZyWALL is to record 2 Use sys logs category to view a list of the log categories Figure 8 Displaying Log Categories Example ras gt sys logs category 8021x access error icmp javablocked mten cdr pki tcpreset traffic urlforward wireless a
114. Open Image Media Search type36 Chat Instant Messaging type37 Email type38 Blogs Newsgroups type39 Religion type40 Social Networking type41 Online Storage type42 Remote Access Tools type43 Shopping type44 Auctions type45 Real Estate type46 Society Lifestyle type47 Sexuality Alternative Lifestyles type48 Restaurants Dining Food type49 Sports Recreation Hobbies type50 Travel type51 Vehicles type52 Humor Jokes type53 Software Downloads type54 Pay to Surf type55 Peer to Peer type56 Streaming Media MP3s type57 Proxy Avoidance type58 For Kids type59 Web Advertisements type60 Web Hosting type61 Unrated ras ip cf policy config webControl category block 2 The Categories type 1 Adult Mature Content type 2 block Pornography ras ip cf policy save ras ZyWALL ZyNOS CLI Reference Guide Chapter 2 Common Commands You may also configure and schedule new policies using commands as well as configure what to block using the external database 2 5 Firewall Use the following command to enable the firewall on the ZyWALL ras sys firewall active yes ras 2 6 VPN Use the following command to show what IPsec VPN tunnels are active on your Zy WALL ras ipsec show runtime sa Runtime SA status No phase 1 IKE SA exist No phase 2 IPSec SA exist Active SA pair 0 ras Use the following command to manually bring up a previously c
115. R A ERROR GR D a d 156 Jos Save ob beu xo ETERS Se Oa d dd EP wx ere bue ede due ee pde 156 Legs swith ssmiog dx band kee Se dew eed 156 togs Suwlbsh bmlog S0200 181 88 5 uc ARERR SO des o rici 156 los switch 4x33 dge3cR EG A X REOR RR EU qoa E ee De E ed o e RR RC DR D CN 156 Logs Sitech eue uice Re P eee eos 156 legs syslog active pDinolltyes caua dead Rua eR ARCADE 156 legs Sud xd SEDAN a 6 qos er ser oe R qo oxOR pel Ke Ree cd on diede died atn Ux p pni wie ea ee 156 Tegs nsus Sue dopo aue a RR wu d dca xx dr dob w d 156 logs syslog server Dcdomarin name zp address ER 15 Dogs eISULGUG222 533 4023 2 9 359 2 Ba ER NBC eA qure dd Eri ed abd wai 1565 NE dE rp 162 mode router Er de Sere gucci Ronde kaw asad sed wae eee uae 52 I EGXelICOONL GXILEDUAS Lega kA eb x Ro EA E RIF RCM ER CR d EAR PRAE de xA 135 myZyxelCom register username password email countrycode 135 munuxelCcCoN sSerwicsDISpLlO RACE EH doa RO Reed REOR CAL Ro dob 1395 My AVEBICON Serviceke res steed x pa Cea Ca FECI d Ea y ORES EELS SEES EGO ee 1 38 myzexelCowm sServiceUDpOQrade ITIoence IW Locate cee kaw edhan eee ee a dad bod wee ee 135 X SEMIS cuu
116. RARI Oa ie 53 GgrtiTicaleE my Gert poll teg CORRE REESE eS Pr P RC ub d Edi ub dc EN Ee ES 57 certificates my cert rename old name ne Ww Hame ek ea Rea eee ee c perticicates my cert Peplere PSQtO Y aad dox VOR Ia d 57 Certificates My cert verify lt name gt PLImeOGULILT daas edo E B CerLiticetes MY Gert View Cal BN e rd d Ed Ede ede Eee iP bd dod bd de E E ee 5T certif cates remote Crusted delete hane i a poe RR MAAN OO OAD OO ERD ST certificates remote trusted export lt Hanie gt 4 0c seen ee Oke dad p SR on ge cdd eae a wee 58 certificates remote trusted http import lt name gt PEOXV UrI danaa 58 pertifiostes remote trusted AMpoOre lt Ha ERROR OR RN RUE eee Rx HERR HESS 58 per rftoostss remocre Lrusbced List uauacEG4G4443G4 Y eee Mee SORES Be eroe UE eNOS he ee ee E 58 certificates remote trusted rename old name new name 58 certificates remote trusted verify lt name gt timeout sss was dala ROBUR ad ewe dau ed 58 gertir eates reote trusted Vion Anale x a4 sarnkadd de ee ee waa ICON RE ge bo a iS 58 enm actives A CXR ERE SE OER TOMES CE CARO SSS EER ACE ON AER 63 gui c ye eRe eR dO RE 4 M a OU RC RC E CR 563 cnm alstngueue SOUU addc d xe eu SOHO M Ed ad ex bdo edere S pu Eder PE due de
117. RR 98 ip arp attr Up e ce qr a a d imr b ipae 98 ZyWALL ZyNOS CLI Reference Guide Index of Commands ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip gru porem Sen lore 6253 Bard S Exc RE S ERAI ARR cR tek Sce 98 BID gratuitous Son Stk n lcu ead Xx ed ARE d qu ERN du AA RAE oon eed dx Ed Bawa 98 arp an edf5 eikeed xxm ee ee EEEE a R OR ERROR ORT 98 arp sratus lt 2 her rere Bx pu Sha ERE p daa d dox ARN Owe ke een RUE wq 98 binding active NG rr bud ERN Pd E REESE SOO Vd Xe d E ER 100 binding lt enifk gt exempt active yes o A RC EROS 100 binding enitx oxenpt range start ip eek deeded db AC OY ee new OA red 100 SOULS i43 xr d eb eee wee eee dici atau aes ede o 100 GL PLAN 4234 ke GRE A I RR OR CUR RC aa ei s 100 Gr Gormon envied NesSOOEI 22266285 ba eub RU dr WR d 100 Cl BOM o d i e ke Ree ee eos ee ear ae 100 Ct common enable EURO ON A Y RR RO RO ADA 6 ROS a 100 CI gomman recrirur LUZ soe Sede ceeded Go ORA CR
118. Som Pier au 324a ORBRG Eq di aul dots fog radi Sad ebeaatekss 44 bm filter interface add class number service lt type gt lt single range subnet gt dst start ip dst end ip lt dport gt dportend single range subnet src start ip Erpesnig rn SEBDIIO SSpereend C DEODOQUUDE 25 4 6565 Ex de d dx RR Rd ERE EXE 44 iu filer del 0las S n GS EGER che da des e de aod 45 bm interface interface enable disable bandwidth lt bps gt prrlwrr efficient 44 bridge block ipxipoe iplarplbpdu unknow on ORf iex e ce e ok mk Gee ea des ox 51 Prine SHE Cheat 2s late ad PER A doe mV ebd X AERE AR EE E RAN Rx AL Kc a Re ol rec qeu Me ur ret aes Ae Soe ee ee Ee re ceo ee ed tree iftace peta ye ve5 TU ois ad x dor A UE Rede e dea x ox dew AR o aca Sede eae p pridge itaca address Iip addres ass cids tet eea aaa ieee 51 Louie QISDIBM x3 ald ose d RERO deo XH bridges irade Ons Ipesco reme ansa p npe es ee Re edo dee i cle de p A emi ideae pode oeil 51 peidos 68 Dus nes de wee o tease dup Ie UP 51 bridge race udus3 lzpeudioreeel 2 34949 Y cated oye NU a de Ro ose Rd d eb bade 51 brrgus 2racS gasbewac TasbewAYTOLIB busanani x re debe ph eub dca BLA 51 bridge Ilace mask Mask cite ca area adenine O
119. The following commands configure example content filtering trusted and untrusted web site objects and keyword objects ras ip cf object add trust www good com ras ip cf object add untrust www bad com ras ip cf object add keyword porn ras ip cf object add keyword hacking ras ip cf object display Object list Trusted domain 1 www good com 2 www my company example com Untrusted domain 1 www bad com 2 www hacking example com Keyword 1 porn 2 hacking ras ip cf object save ras ip cf object add trust www my company example com ras ip cf object add untrust www hacking example com The following example enables content filtering loads content filtering policy one configures it with the following settings and saves it Content Filtering Enabled Policy Enabled IP Group IP addresses 192 168 1 33 192 168 1 66 Customized Rule Enforcement Enabled Customized Rule Untrusted www hacking example com Web Feature Blocking Block java Schedule Enabled Schedule Type Everyday ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands Schedule Period 9 00 A M to 5 30 P M ras ip cf common enable on ras ip cf policy insert 1 ras ip cf policy config enable on ras ip cf policy config customRule enable on ras ip cf object display Object list Trusted domain 1 www good com 2 www my company example com Untrusted d
120. WALL ZyNOS CLI Reference Guide Chapter 19 PPPoE Commands ZyWALL ZyNOS CLI Reference Guide PPTP Commands Use these commands to configure PPTP settings on the ZyWALL 20 1 Command Summary A remote node is the remote gateway and the network behind the remote gateway across a WAN connection Remote node 1 may be your ISP for example You may configure multiple remote nodes in products with SMT menus or those with multiple WAN ports In products without SMT menus or multiple WAN ports a remote node is the ISP you configured in the web configurator The following section lists the commands for this feature Table 69 pptp Command Summary COMMAND DESCRIPTION pptp debug ON OFF Activates deactivates the PPTP debug flag H R pptp dial lt remote Initiates a PPTP tunnel to the specified remote node R node name pptp drop remote node Drops a PPTP tunnel to the specified remote node R name pptp tunnel lt tunnel id gt Displays the status of the specified PPTP tunnel The status is either active R or not active tunnel id Options are 1 or 2 pptp enque size This command is used for flow control It limits the number of packets R queued for transmission to the number you enter here Extra packets are dropped size Enter a number between 1 and 2147483647 pptp chapv1LM on off Activates or deactivates MS CHAP v1 LAN Manager Authentication This R procedure authenticates a
121. WALL to transmit data DCD Data Carrier Detect The signal the modem sends to the ZyWALL when the modem has a connection with the remote device This example shows the AT command strings that the ZyWALL has sent to the modem connected to the dial backup port and the responses ras aux atring aux0 00 01 02 03 04 05 06 07 08 09 0A OB OC OD OE OF 94013960 02 Od Oc 00 be af 00 00 00 00 08 00 61 74 680d J ath 94513970 Od 08 4f 4b Od Oa 61 74 26 66 73 30 3d 30 0d 0d OK at amp fs0 0 945013980 Oa 4f 4b Od Oa 61 74 64 30 2c 34 30 35 30 38 38 OK atd0 405088 94013990 38 38 Od Od Oa 42 55 53 59 Od Oa 61 74 64 30 2c 88 BUSY atd0 94013940 34 30 35 30 38 38 38 38 Od Od 08 52 49 4e 47 49 40508888 RINGI 94013950 4e 47 Od Oa Od Oa 42 55 53 59 Od Oa 61 74 64 30 NG BUSY atd0 94b139c0 2c 34 30 35 30 38 38 38 38 Od 0d 0a 43 4f 4e 4e 40508888 CONN 94013940 45 43 54 20 31 31 35 32 30 30 2f 56 2e 33 34 20 ECT 115200 V 34 94013960 31 36 38 30 30 2f 56 34 32 62 Od Od Oa 4e 4f 20 16800 V42b NO 94013950 43 41 52 52 49 45 52 Od Oa 61 74 68 Od Od Oa 4f CARRIER ath O 94013800 4b Od 61 74 68 Od Od Oa 4f 4b Od Oa 61 74 26 66 K ath OK at amp f 94013810 73 30 3d 30 Od Od 0a 4f 4b Od Oa 61 74 64 30 2c s0 0 OK atd0 94b13a20 34 30 35 30 38 38 38 38 0d Od 08 43 4f 4e 4e 45 40508888 CONNE 94013830 43 54 20 31 31 35 32 30 30 2f 56 2e 33 34 20 31 CT 115200 V 34 1 94013840 34
122. Xia Rd Shanghai Web http www zyxel cn Costa Rica Support E mail soporte zyxel co cr Sales E mail sales zyxel co cr Telephone 506 2017878 Fax 506 2015098 Web www zyxel co cr Regular Mail ZyXEL Costa Rica Plaza Roble Escaz Etapa El Patio Tercer Piso San Jos Costa Rica Czech Republic E mail info cz zyxel com Telephone 420 241 091 350 Fax 420 241 091 359 Web www zyxel cz Regular Mail ZyXEL Communications Czech s r o Modransk 621 143 01 Praha 4 Modrany Cesk Republika Denmark Support E mail support zyxel dk Sales E mail sales zyxel dk Telephone 45 39 55 07 00 Fax 45 39 55 07 07 Web www zyxel dk Regular Mail ZyXEL Communications A S Columbusvej 2860 Soeborg Denmark Finland Support E mail support zyxel fi Sales E mail sales zyxel fi Telephone 358 9 4780 8411 Fax 358 9 4780 8448 Web www zyxel fi Regular Mail ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland France E mail info zyxel fr Telephone 33 4 72 52 97 97 Fax 33 4 72 52 19 20 Web www zyxel fr Regular Mail ZyXEL France 1 rue des Vergers Bat 1 C 69760 Limonest France ZyWALL ZyNOS CLI Reference Guide Appendix B Customer Support Germany Support E mail support zyxel de Sales E mail sales zyxel de Telephone 49 2405 6909 69 Fax 49 2405 6909 99 Web www zyxel de Regular Mail ZyXEL Deutschland GmbH Adenauerstr 20 A2
123. Yes DPD Yes Ping Check No ras ipsec ikeSave ZyWALL ZyNOS CLI Reference Guide Chapter 16 IPSec Commands This example adds an IPSec rule as follows 1 ONO BW N 9 The IPSec Rule Index 1 Rule Name VPN ph2 Active Link the IPSec settings with which IKE index rule 1 The VPN protocol ESP Local Network Type Subnet Local Network Address Start 192 168 1 0 Local Network Address End 255 255 255 0 Remote Network Type Single 10 Remote Network Address 192 168 2 250 11 Key Management IKE 12 Negotiation Mode Main 13 Authentication Method Pre Shared Key 14 Pre Shared Key 12345678 ras gt ras gt ras gt ras gt ras gt ras gt ras gt ras gt ras gt ras gt ras gt ras gt ipsec ipsec ipsec ipsec ipsec ipsec ipsec ipsec ipsec ipsec ipsec ipsec ipsecAdd ipsecConfig name VPN ph2 ipsecConfig active Yes ipsecConfig saIndex 1 ipsecConfig activeProtocol 1 ipsecConfig encap 0 ipsecConfig lcAdd ipsecConfig lcAdd ipsecConfig lcAdd ipsecConfig rmAdd ipsecConfig rmAddrStart 192 168 2 250 ipsecSave Type 2 Start 192 168 1 1 EndMask 255 255 255 0 Type 0 ZyWALL ZyNOS CLI Reference Guide Chapter 16 IPSec Commands 132 ZyWALL ZyNOS CLI Reference Guide Load Balancing Commands Use these commands to configure load sharing load balancing settings on the ZyWALL 17 1 Command Summary The following section lists the load
124. ZYWALL ZyNOS CLI Reference Guide Internet Security Appliance CLI Reference Guide Version 4 04 4 2008 Edition 1 DEFAULT LOGIN In band IP Address http 192 168 1 1 User Name admin Password 1234 ZyXEL www zyxel com About This CLI Reference Guide About This CLI Reference Guide Intended Audience This manual is intended for people who want to configure the ZyWALL via Command Line Interface CLI You should have at least a basic knowledge of TCP IP networking concepts and topology BS This guide is intended as a command reference for a series of products Therefore many commands in this guide may not be available in your product See your User s Guide for a list of supported features and details about feature implementation Please refer to www zyxel com or your product s CD for product specific User Guides and product certifications How To Use This Guide Read Chapter 1 on page 13 for an overview of various ways you can get to the command interface on your ZyWALL Read Chapter 2 on page 17 for an introduction to some of the more commonly used commands BS It is highly recommended that you read at least these two chapters The other chapters in this guide are arranged according to the CLI structure Each chapter describes commands related to a feature See your ZyWALL s User Guide for feature background information To find specific information in this guide use the Con
125. ag shows it is enabled 10 3 3 Custom Service Example This example shows how to configure a custom service named PERMITTED ICMP using ICMP protocol of type 3 and code 1 name PERMITTED ICMP ip protocol icmp type 3 code 1 ras config edit custom servic ras config edit custom servic ras config edit custom servic ras config edit custom servic ras config save custom service 1 ras config display custom service 1 PR Custom Service 1 Custom Service Name PERMITTED ICMP Custom Service Type ICMP Custom Service ICMP Type 3 Custom Service ICMP Code 1 The following table describes the fields displayed using the config display custom service command in the example above Table 33 config display custom service LABEL DESCRIPTION Custom Service Name Shows the name for the service you have configured Custom Service Type Shows the TCP IP protocol selected for this service Custom Service ICMP Type Shows the ICMP type ICMP messages are assigned a type to indicate their use For example destination unreachable ICMP packets are identified by the value 3 in the type field Custom Service ICMP Code Shows the ICMP code The ICMP type can be further specified by the ICMP code For example type 3 code 3 ICMP packets indicate the host is unreachable ZyWALL ZyNOS CLI Reference Guide Device Related Commands
126. ake dds ER CR GR e SRR Ree EE CRT 112 igp BDOD ER A x eck Mio eee opa ed 112 lop iface fnterface til 20 214 TAS 3647S 2 12243 Gn RR caw danas HORROR VOR OK AGRAR CR ADR 112 face ernterfaecs vloompat GHEE dar cua Geddes doc Guceaseecu dha RC 112 Tonge queue FONOTI ddnde ees deena wena ch B E ee woe eel da ee du wed dae S TIS lone fobusthess Ue o dir 112 None ue deba ad ake eae adduci ca dea dou e deu aruit een Aes ce med pedi i12 nec heshbagls eSnpitX e vDESIDQUE cbudec es anien hu RU DOOR I RUSO 113 not NMISCori ICAO ikarea See dba vb dc eic qd EN ak qub dd ed Red e Ed e E 113 nat Ree SRE RES Re a QURE TW T e dedo oi Io 11 8 nat BSSSCOGr 4 4 3 4 due d Po Qua Redde SESE deut qe d despues PE due eee Oe 3 nat routing OLANI DMZ DOiDOO EpiveS uda ok ob Is DeL BEPUBPE gledr d Lea og Oe A reale OR 113 nat Server disp IdF pud AR Sed RE ACA CR 113 nat server sedit lngex active ys POM 25x39 Xx ee awk Oot dae Server Bib Codes led x22 2443 ee Seka d Ee Sees edu d d ERA 113 nat servber edit index forwardipb Ip augressS 24 0 6 eGnarenns Dae eee anew oe RI Hack Server edit lt indexz gt intport start port Desd Bort edness danse rara neraka 114 Hat server
127. al timeout value in seconds R B 1 2147483647 sys tos timeout ah lt 1 65535 gt Sets the AH session idle timeout value used in IPsec in R B seconds sys tos timeout display Displays all TOS Temporarily Open Session timeout R B information sys tos timeout esp lt 1 65535 gt Sets the ESP session idle timeout value used in IPsec in R B seconds sys tos timeout gre lt 1 65535 gt Sets the GRE session idle timeout value in seconds R B sys tos timeout icmp lt 1 65535 gt Sets the ICMP session idle timeout value in seconds R B sys tos timeout igmp lt 1 65535 gt Sets the IGMP session idle timeout value in seconds R B 160 ZyWALL ZyNOS CLI Reference Guide Chapter 21 System Commands Table 78 TOS Commands continued COMMAND DESCRIPTION M Sys tos timeout mail 1 465535 Sets the e mail session idle timeout value in seconds R B sys tos timeout others lt 1 65535 gt Sets the idle timeout value for other sessions in seconds R B sys tos timeout tcp lt 1 65535 gt Sets the TCP session idle timeout value in seconds R B sys tos timeout tcpfin lt 1 65535 gt Sets the TCP FIN session idle timeout value in seconds R B sys tos timeout tcpsyn lt 1 65535 gt Sets the SYN TCP session idle timeout value in seconds R B sys tos timeout udp lt 1 65535 gt Sets the UDP session idle timeout value in seconds R B 21 10 1 UPnP Commands The following section lists t
128. all attack Displays all the attack alert settings These are R B send alert block minute high minute low max incomplete high max incomplete low tcp max incomplete config display firewall buffer Displays the firewall ACL Access Control List buffer size R B The size is product dependent and cannot be changed config display firewall e mail Displays all the firewall e mail log settings These are R B mail server return addr email to subject policy config display firewall set lt set gt Displays current entries of a set See Table 26 on page 67 R B for a list of set parameters config display firewall set lt set gt Displays the current entries of a rule in a set See Table 26 R B rule lt rule gt on page 67 for a list of rule parameters config edit anti spam action 0 1 Sets the action for spam R B 0 add a tag 1 discard mail config edit anti spam blackRule Enables 1 or disables 0 the antispam blacklist filter R B lt O 1 gt config edit anti spam externDB Enables 1 or disables 0 the external database query R B lt 0 1 gt feature Queries are sent to an external database to check whether an e mail is likely to be spam config edit anti spam markString Sets the Spam tag string lt 16 chars This tag is added to R B spam tag the subject of spam mail config edit anti spam Sets the phishing tag string 16 chars This tag is added R B phishingString phishing tag to the subject of spam mail co
129. arp add lt ip address gt ether Adds ARP information R B lt mac address gt ip arp attpret lt on off gt Allows or disallows ZyWALL to receive ARP from a different R B network or not ip arp force lt on off gt Enables or disables the ARP timeout function R B ip arp gratuitous lt on off gt Turns duplicate IP address detection based on gratuitous R B ARPs on or off ip arp status interface Displays an interface s ARP status R B ip arp reqUpdateTable lt on off gt Sets whether or not the ZyWALL updates its ARP table based R B on the source IP address and MAC address of received ARP request packets This is off by default If you turn this on the setting changes back to off when the ZyWALL restarts 15 1 3 ARP Behavior and the ARP ackGratuitous Command Details The ZyWALL does not accept ARP reply information if the ZyWALL did not send out a corresponding request This helps prevent the ZyWALL from updating its ARP table with an incorrect IP address to MAC address mapping due to a spoofed ARP An incorrect IP to MAC address mapping in the ZyWALL s ARP table could cause the ZyWALL to send packets to the wrong device 15 1 3 1 Commands for Using or Ignoring Gratuitous ARP Requests A gratuitous ARP request is an ARP request that a host sends to resolve its own IP address The packet uses the host s own IP address as the source and destination IP address The packet uses the Ethernet broadcast address FF FF FF FF FF FF as
130. ate as the default self signed R B def selfsigned name certificate If you do not specify a name the name of the current self signed certificate displays certificates my cert delet Removes the specified local host certificate R B lt name gt certificates my_cert export Exports the PEM encoded certificate to your CLI session window R B lt name gt for you to copy and paste certificates my_cert Imports the specified certificate file from the specified remote web R B http_import lt url gt lt name gt server as the device s own certificate The certificate file must be proxy url in one of the following formats 1 Binary X 509 2 PEM encoded 509 3 Binary PKCS 7 and 4 PEM encoded PKCS 7 A certification request corresponding to the imported certificate must already exist The certification request is automatically deleted after the importation certificates my cert import Imports the PEM encoded certificate from your CLI session A R B name corresponding certification request must already exist on the ZyWALL The certification request is automatically deleted after the importation The name is optional if you do not specify one the certificate adopts the name of the certification request After you enter the command copy and paste the PEM encoded certificate into your CLI session window With some terminal emulation software you may need to move your mouse around to get the transfer going certificates my cert l
131. ategory pki 0 none 1 10g 2 alert 3 both 0 don t show debug type 1 show debug type Records certificate logs R B sys logs category ppp O none 1 log 0 don t show debug type 1 show debug type Records PPP logs sys logs category remote 0 none 1 10og 0 don t show debug type 1 show debug type Records remote management logs R B sys logs category tepreset 0 none 1 10og 0 don t show debug type 1 show debug type Records TCP reset logs R B sys logs category tls 0 none 1 10g 2 alert 3 both 0 don t show debug type 1 show debug type Records TLS HTTPS logs R B sys logs category traffic O none 1 log 0 don t show debug type 1 show debug type Records traffic logs R B sys logs category upnp 0 none 1 10og 0 don t show debug type 1l show debug type Records UPnP logs Sys logs category urlblocked 0 none 1 10g 2 alert 3 both 0 don t show debug type 1 show debug type Records blocked web access logs and or sends alerts R B sys logs category urlforward 0 none 1 10g 0 don t show debug type 1l show debug type Records forwarded web access logs and or sends alerts R B Sys logs category wireless 0 none 1 10g 0 don t show debug type 1 show debug type Records wireless logs R B Sys logs clear Clears all logs R B Sys logs consolidate msglist
132. ble 86 wwan Command Summary continued COMMAND DESCRIPTION M wwan config nailUp onloff Enables a nailed up always on connection R wwan config nat on off Enables NAT Network Address Translation R wwan config password lt string gt Sets the password for PPP authentication R wwan config phoneNumber string Sets the phone number for access to a cellular network R wwan config pin lt string gt Sets the PIN code 4 8 digits fora GSM SIM card R wwan config username lt string gt Sets the user name for PPP authentication R wwan config wanIpAddr ip Sets the IP address of the WAN The WAN IP address must R first be set to fixed wwan config wanIpAssign 112 Sets whether the WAN IP address is 1 automatically R obtained or 2 fixed wwan load Loads the original configuration of the device from the ROM R This must be done before the device can be configured and or saved wwan profile select index A 3G card must be installed to use this command Specifies the R profile of settings in the installed 3G card to use for the 3G connection 0 disables profile selection so the ZyWALL uses the APN username and password configured in the web configurator WAN2 screen wwan profile show A 3G card must be installed to use this command Displays the R profile settings in the installed 3G card wwan save Saves the configuration R The following table shows a list of defa
133. c bridge bm certificates 8021x radius radserv wcfg ras Abbreviations Commands can be abbreviated to the smallest unique string that differentiates the command For example sys version could be abbreviated to 5 v ras sys version ZyNOS version V4 03 XD 0 Preb2 0802 1 08 03 2007 romRasSize 3596736 system up time 42 41 02 ea784b ticks bootbase version V1 08 01 28 2005 CPU chip revision 1 CPU chip clock 266MHz CPU core revision 0 ras s v ZyNOS version V4 03 XD 0 Preb2 0802 1 08 03 2007 romRasSize 3596736 system up time 42 41 05 ea796a ticks bootbase version V1 08 01 28 2005 CPU chip revision 1 CPU chip clock 266MHz CPU core revision 0 ras 1 4 Saving Your Configuration In the ZyWALL some commands are saved as you run them and others require you to run a save command For example type ip stroute save to save the static route rule in non volatile memory See the related section of this guide to see if a save command is required Unsaved configuration changes to commands that require you to run a save command are lost once you restart the ZyWALL ZyWALL ZyNOS CLI Reference Guide 15 Chapter 1 How to Access and Use the CLI 1 5 Logging Out Enter exit to log out of the CLI Table 7 Exit Command COMMAND DESCRIPTION M exit Logs you out of the CLI R B ZyWALL ZyNOS CLI Reference Guide Common Commands This
134. c diagnostic files R B lt O hourly 1 e gt daily 2 weekly 3 non ZyWALL ZyNOS CLI Reference Guide Chapter 21 System Commands Table 73 Diagnostic Commands continued COMMAND DESCRIPTION sys diagnostic switch on off Turns the diagnostic feature on or off R B sys diagnostic threshold CPU Sets the ZyWALL to generate and send a diagnostic file every R B 0 100 time the CPU usage exceeds the specified percent for more than 60 seconds 0 disables generation and sending of diagnostic files based on CPU usage 21 4 1 Logs Commands The following section lists the logs commands Table 74 Logs Commands COMMAND DESCRIPTION sys logs category 8021x 0 none 1 10g 0 don t show debug type 1 show debug type Records logs for IEEE 802 1X R B sys logs category access 0 none 1 10g 2 alert 3 both 0 don t show debug type 1 show debug type Records access control logs and or sends alerts R B sys logs category as O none 1 log Records anti spam logs and or sends alerts R B sys logs category attack 0 none 1 10g 2 alert 3 both 0 don t show debug type 1 show debug type Records firewall attack logs and or sends alerts R B sys logs category av O none 1 log 2 alert 3 both O don t show debug type 1 show debug type Records anti virus logs and or sends alerts R B sys logs category cdr 0 none 1 10g
135. c opa 67 Device Related Commands suocise te oss rud ege bU EI dde 83 Siig eta ss Gel S DDR iss ete oC HIS ete cee sepe I d luta 85 Firewall Commands ERE TT ED DO T TET PE 87 IDE OG Om ape etus eate eiat ee aate x EE bb eU MORENO ded e DOR 93 IF eap pO rn oa CER ER EE XE dat FE EE Sh 97 HARRIS EE TT QT 121 Lod Balanci beige e m 133 QM FA dim BESTIA E NET D tree 135 PPP GONE sc pie t tiis n trt iru au tios i a M ERU M 145 PITE A ODIO dace inse EcL IRAM RISE 149 Bs Dem lb Me Baca a aaa bos a bcnc bebo Fa aca Fa boca opone erage 151 bulo Commands aes o es 165 E E LE qu E 169 Appendices and Index of Commands cccssseeeeesseeeeeesseeeeeeeseneeeeensseeeeesenseeeeseseeneeseseens 175 ZyWALL ZyNOS CLI Reference Guide 9 Contents Overview ZyWALL ZyNOS CLI Reference Guide PART Introduction Access and Use the CLI 13 mon Commands 17 How to Access and Use the CLI This chapter introduces the command line interface CLI 1 1 Accessing the CLI Use any of the following methods to access the CLI 1 1 1 Console Port You may use this method if your ZyWALL has a console port 1 Connect your computer to the console port on the ZyWALL using the
136. ck This has R B l4Tcpwindowck lt on off gt the ZyWALL not check invalid packets which can reduce the number of false alarms idp config tune config Enables or disables the UDP packet header checksum check R B 14Udpcksum lt on off gt This has the ZyWALL not check invalid packets which can reduce the number of false alarms idp config tune config 17Ftpasm Enables or disables TCP assembly for FTP Disabling packet R B lt on off gt assembly can enhance throughput but may allow more intrusions to go undetected idp config tune config Enables or disables TCP assembly for FTPDATA Disabling R B l7Ftpdataasm lt on off gt packet assembly can enhance throughput but may allow more intrusions to go undetected idp config tune config 17Httpasm Enables or disables TCP assembly for HTTP Disabling packet R B lt on off gt assembly can enhance throughput but may allow more intrusions to go undetected idp config tune config Enables or disables TCP assembly for other protocols R B 170therasm lt on off gt Disabling packet assembly can enhance throughput but may allow more intrusions to go undetected idp config tune config 17Pop3asm Enables or disables TCP assembly for POP3 Disabling packet R B lt on off gt assembly can enhance throughput but may allow more intrusions to go undetected idp config tune display Displays the tune configuration R B idp config tune load Loads the tune configuration IDP tuning allows you to enable or
137. ckets to an IPSec tunnel R B ipsec initContactMode tunnel gateway Enables initial contact based on tunnel or gateway mode In gateway mode the ZyWALL would disconnect all tunnels behind a same NAT router after receiving a notify of initial contact In the same case the ZyWALL just disconnect one tunnel ipsec pingCheckDropEnable on off Turn this on to drop a tunnel if the number of VPN ping check packet retries reaches its limit even when VPN HA is not enabled Turn this off to have the device only do this when VPN HA is enabled R B ipsec pingPeriod 10 600 Sets how many seconds the ZyWALL waits for a reply to a VPN ping check before dropping the tunnel R B ipsec pingRetryCnt 1 10 Sets the number of retries for a VPN ping check R B ipsec swDevTri lt on off gt Enables the ZyWALL to forward traffic from itself through a VPN tunnel The traffic includes time zone update AV IDP signature updates WAN connectivity ping checks VPN connectivity ping checks and remote management R B ZyWALL ZyNOS CLI Reference Guide Chapter 16 IPSec Commands 16 2 swSkipOverlaplp Normally we don t configure the local VPN policy rule s IP addresses to overlap with the remote VPN policy rule s IP addresses For example we don t configure both with 192 168 1 0 However overlapping local and remote network IP addresses can occur in the following cases 1 Y
138. cs R B sys threatReport debug lt yes no gt Turns the threat reports debug flag on or off R B sys threatReport idp active Turns IDP threat reports on or off R B yes no sys threatReport idp flush Discards all IDP report data and updates the time stamp R B sys threatReport idp statistic Displays the top IDP statistic records by signature ID source R B lt id IDP ID src source IP address or destination IP address IP dst destination IP gt sys threatReport idp summary Displays a summary of the IDP statistics R B 21 10 Temporarily Open Session Commands The following section lists the Temporarily Open Session TOS commands Table 78 TOS Commands COMMAND DESCRIPTION M sys tos allow FinPshAck lt on off gt Turn this on to allow packets with a PSH or ACK flag R B sys tos debug lt on off gt Turns TOS debug message on or off R B sys tos display Shows all runtime Temporarily Open Sessions R B sys tos fwSchedule active Applies the firewall schedule policy to existing sessions R B on off sys tos fwSchedule debug Turns fwSchedule debug messages on or off R B on off sys tos listPerHost Displays the session count for each host R B sys tos sessPerHost lt 1 10000 gt Sets the temporary open sessions per host limit R B sys tos tempTOSDisplay Displays the temporal TOS records R B sys tos tempTOSTimeout Sets or displays the tempor
139. d WLAN 7 Between DMZ and WLAN 8 Between WAN2 and LAN 9 Between WAN2 and DMZ 10 Between WAN2 and WLAN Use on to block NetBIOS traffic flowing in the specified direction or off to allow it sys filter netbios disp Displays the NetBIOS filter status R B sys firewall See Chapter 13 on page 87 for details on the these R B commands sys hostname hostname Sets or displays the system hostname R B sys md5 lt string gt Hashes the string using MD5 The maximum length of the R B string is 64 sys mode router bridge zero Sets the ZyWALL to router bridge or zero configuration mode R B zero configuration mode applies to the ZyWALL P1 sys myZyxelCom See Chapter 18 on page 135 for details on these commands sys probeType icmp arp Sets the DHCP server probing type R B ZyWALL ZyNOS CLI Reference Guide Chapter 21 System Commands Table 80 Other sys Commands continued COMMAND DESCRIPTION M sys pwderrtm minute Sets or displays the password error blocking timeout value R B Brute force password guessing protection allows you to specify a wait time that must expire before entering a fourth password after three incorrect passwords have been entered Sys reboot Restarts the ZyWALL R B sys restart daily lt hour gt Sets the ZyWALL to restart every day at the specified hour 24 hour format sys restart display Shows the ZyWALL s restart
140. d or not WhiteList Shows whether the whitelist service is enabled or not BlackList Shows whether the blacklist function is enabled or not ANTI SPAM SPAM Mail Tag Shows the tag the antispam service attaches to mail identified as spam ANTI SPAM Phishing Mail Tag Shows the tag the antispam service attaches to mail identified as phishing mail ANTI SPAM Action Shows the action taken when the antispam service identifies mail as spam ANTI SPAM Disable External Shows whether an external database of known spam Database characteristics is used or not ANTI SPAM Action for Query Shows the action taken when a query to an external database timeout times out ZyWALL ZyNOS CLI Reference Guide Chapter 10 Configuration Commands Table 32 config display set lt entry gt LABEL DESCRIPTION ANTI SPAM ACL rule number Shows the index number of a rule in the set A set may only have two rules ANTI SPAM ACL rule Shows whether a rule in the set is based on a white or blacklist ANTI SPAM Index XX flags XX Shows the email addresses IP address subnet masks or IP XXX XXX XXX XXX Netmask MIME types values that are included in the whitelist and blacklists of each rule This example shows an IP address subnet mask based rule The index shows the index number of an email address IP address subnet mask or MIME type value entry A 0 flag indicates the rule is disabled a non zero fl
141. day entry Specifies which custom service from 1 100 A custom service allows you to configure a port for specific applications such as P2P applications The available sub fields are name lt string gt range start port end port ip protocol icmp tcp udpl tcp udp user defined user defined ip 1 255 icmp type 0 255 icmp code 0 255 mask Describes a subnet mask in dotted decimal notation non zero number A non zero number used to indicate a black or white filter rule is enabled rule Specifies which rule from in a set A rule is used to describe an action to be taken when a packet matches the rule description The number of rules available depends on the product See Section 10 3 2 on page 81 for a detailed description of the parameters rule action Specifies the action to take when a rule applies to a packet The options are permit drop reject send email policy Specifies when to send an e mail Options are full hourly daily weekly none set Specifies which set A set is a named set of rules and actions applying to packets with a specified source and destination interface Set numbers go from 1 255 See Section 10 3 1 on page 77 for a detailed description of the parameters ZyWALL ZyNOS CLI Reference Guide Chapter 10 Configuration Commands Table 26 config Command Input Values LABEL DESCRIPTION string e 31 ASC
142. dd de ee e apad mdi dde es 88 firewall dos ignore lt lan wanl wan2 dmz wlan vpn gt onloff 88 Firewall Sos GINE eee cckenox dae a ae hon we A pop dog awd Guana aie 88 Ireweall gdynomicruLle tineodut wets 22 243 88 Firewall ignores logBroadcsst from o Gn SEES XU Sede ee ER 88 Litowagll Denote triangle ead medi desea ed ood Ode E RO RUE d SESH EO 88 Libowsll Schedule display c REGGgok3 G4 RU AGUA E ERASE KG Oxo e Re x o c DE 88 Firewall schedule load set number fgle huNbDOT Loquo ed 4 94 9 9 93 do 88 LIfowall Schedule save oi P 4e REGIE AERA EE E qoaa x ur ME 88 Firewall schedule tiumneOrDay always hhimm ON MA gt se eee CY Ae 88 firewall schedule week sllweek i e RES ee eR ACA 88 Firewall schedule week ridar rO ra Ea 3 Y Rue OR RR e RR CRUR RON Roe E B 88 lrewall schedule week monday oBloff snc as cee canna eet ds SOROR 88 Firewall schedule week saturday Rx Rm Rx Ree x eds 88 Irswall schedule week sumiar z sxuaeXue Gens dos gor dose d Knees 88 Firewall schedule week thursday On OLE eee eek Roe ey ede ges 88 lrewall schedule week tussday ouloff zisekasRR RE X E RU RUE dade roce dU RR OR Soares 88 Firewall schedule week wednesday onoff RA RR
143. ddr End Addr 1 Default Policy 0 0 0 0 0 0 0 0 The default policy does not actually block anything Use the following commands to edit the default policy turn the external database service content filtering category based content filtering see what the categories are block a category 92 in the following example and then save the policy ZyWALL ZyNOS CLI Reference Guide 27 Chapter 2 Common Commands ras ip cf policy edit 1 ras ip cf policy config webControl enable on ras ip cf policy config webControl display The Categories type 1 Adult Mature Content type 2 Pornography type 3 Sex Education type 4 Intimate Apparel Swimsuit type 5 Nudity type 6 Alcohol Tobacco type 7 Illegal Questionable type 8 Gambling type 9 Violence Hate Racism typelO Weapons typell Abortion typel2 Hacking typel3 Phishing typel4 Arts Entertainment typel5 Business Economy typel6 Alternative Spirituality Occult typel7 Illegal Drugs typel8 Education typel9 Cultural Charitable Organization type20 Financial Services type21 Brokerage Trading type22 Online Games type23 Government Legal type24 Military type25 Political Activist Groups type26 Health type27 Computers Internet type28 Search Engines Portals type29 Spyware Malware Sources type30 Spyware Effects Privacy Concerns type31 Job Search Careers type32 News Media type33 Personals Dating type34 Reference type35
144. display Displays the tune configuration R B av tune load Loads the tune configuration R B av tune save Saves the tune configuration R B av update config autoupdate Enables or disables the signature autoupdate R B lt on off gt av update config dailyTime 00 Configures the signature update time of day R B 23 gt av update config method lt 1 3 gt Configures the signature update method R B 1 hourly 2 daily 3 weekly av update config weeklyDay 1 Configures which day of the week the signature is updated R B 7 1 sun 2 mon 3 tue 4 wed 5 thu 6 fri 7 sat av update config weeklyTime Configures which hour of the day the signature is updated R B 00 23 av update display Shows the signature information and the update settings R B av update load Loads the signature update setting R B av update save Saves the signature update setting R B av update start Starts the signature update R B The following table shows a list of default values Table 13 av Default Values VARIABLE DEFAULT VALUE decompress on av on or off off av protocol off av alert on av breakfile on log on sendmsg popup on overZipSession off ScanAllMime off checksum off ZyWALL ZyNOS CLI Reference Guide Chapter 4 Antivirus Commands Table 13 av Default Values VARIABLE DEFAULT VALUE 17 asm packet on order checking autoupdate off
145. dmz on off Configures the protected traffic direction setting R B idp config dir wlan lan lt on off gt Configures the protected traffic direction setting R B idp config dir wlan wan on off Configures the protected traffic direction setting R B idp config dir wlan wan2 Configures the protected traffic direction setting R B lt on off gt idp config dir wlan wlan Configures the protected traffic direction setting R B lt on off gt idp config enable lt on off gt Turns IDP on or off R B idp config save Saves the enable setting and the protected traffic directions R B idp config tune config 14cpmssck Enables or disables the TCP packet header MSS check This R B lt on off gt has the ZyWALL not check invalid packets which can reduce the number of false alarms idp config tune config Enables or disables the ICMP packet header checksum check R B 14Icmpcjsum lt on off gt This has the ZyWALL not check invalid packets which can reduce the number of false alarms idp config tune config 14Smtpasm Enables or disables TCP assembly for SMTP Disabling packet R B lt on off gt assembly can enhance throughput but may allow more intrusions to go undetected idp config tune config Enables or disables the TCP packet header checksum check R B l4Tcpcksum lt on off gt This has the ZyWALL not check invalid packets which can reduce the number of false alarms idp config tune config Enables or disables the TCP packet window che
146. ds to wait for a response ip dns query name domain name Displays the IP address of a domain name R ip dns system cache disp 0 5 Displays the DNS cache table Select which criteria to sort the R B 0 increase 1 decrease entries by 0 Displays the entries by the time they were created 1 Sorts the entries by domain name or URL 2 Sorts the entries by type positive or negative 3 Sorts the entries by IP address 4 Sorts the entries by the number of times the entry was used 5 Sorts the entries by Time To Live number of seconds left before the DNS resolution entry is discarded from the cache 0 increase 1 decrease Specify ascending or descending order ip dns system cache flush Clears the DNS cache R B ip dns system cache negaperiod Sets the number of seconds negative DNS entries stay inthe R B lt 60 3600 gt cache ip dns system cache negativ Enables or disables the DNS negative cache R B 0 disable 1 enable ip dns system cache positive Enables or disables the DNS positive cache R B 0 disable 1 enable ip dns system cache ttl 60 3600 Sets the positive DNS cache maximum TTL Time To Live R B ip dns system dela lt index gt Removes the specified DNS address record entry R B ip dns system delns lt index gt Removes the specified DNS name server record entry R B ip dns system display Shows the system DNS server settings R B ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Co
147. e ZyWALL ZyNOS CLI Reference Guide Chapter 16 IPSec Commands Table 61 Ipsec Commands continued COMMAND DESCRIPTION M ipsec ikeConfig authMethod Sets the authentication method R B lt 0 PreSharedKey 1 RSASignature 2 pre ShareKey XAUTH 3 RSASignature XAUTH gt ipsec ikeConfig preShareKey Sets the pre shared key R B ascii 0Oxhex ascii 0xhex Enter characters in ASCII or in hexadecimal format The minimum length is 8 ipsec ikeConfig certificate Specifies the certificate the ZyWALL uses for R B certificate name authentication ipsec ikeConfig encryAlgo Sets the phase 1 encryption algorithm R B lt 0 DES 1 3DES 2 AES gt ipsec ikeConfig authAlgo Sets the phase 1 authentication algorithm R B lt 0 MD5 1 SHA1 gt ipsec ikeConfig saLifeTime lt seconds gt Sets the phase 1 IKE SA life time R B ipsec ikeConfig keyGroup Sets the phase 1 IKE SA key group R B 0 DH1 1 DH2 ipsec ikeConfig xauth type 0 client Sets the ZyWALL in client or server mode for R B mode 1 server mode extended authentication Xauth ipsec ikeConfig xauth username name Sets the user name for Xauth This uses the R B ZyWALL s local user database to authenticate the remote user ipsec ikeConfig xauth password Sets the password for Xauth R B lt password gt ipsec ikeConfig xauth radius Sets the RADIUS server user name and password R B lt username
148. e Source Single IP address Shows the source IP address of packets to which the rule applies Source IP address Shows the source IP address and subnet mask of packets to subnet mask which the rule applies ZyWALL ZyNOS CLI Reference Guide Chapter 10 Configuration Commands Table 30 config display set index rule lt rule gt LABEL DESCRIPTION Source Starting IP address Ending IP address Shows the range of source IP addresses of packets to which the rule applies Destination Single IP address Shows the destination IP address of packets to which the rule applies Destination IP address subnet mask Shows the destination IP address and subnet mask of packets to which the rule applies Destination Starting IP address Ending IP address Shows the range of source IP addresses of packets to which the rule applies TCP destination port number s Shows the destination TCP port of packets to which the rule applies TCP destination port range s Shows the range of destination TCP port of packets to which the rule applies UDP destination port number s Shows the destination UDP port of packets to which the rule applies UDP destination port range s Shows the range of destination UDP ports of packets to which the rule applies Custom dest TCP UDP port name Shows the name of the custom destination port Custom IP pro
149. e query Sends an IGMP query on the specified interface or IP alias on R an interface ip igmp iface interface Sets the IGMP response time in tenths 1 10 of a second for R rsptime 100 255 the specified interface or IP alias on an interface ip igmp iface interface start Turns on IGMP on the specified interface or IP alias on an R interface ip igmp iface interface stop Turns off IGMP on the specified interface or IP alias on an R interface ip igmp iface interface ttl Sets the IGMP Time To Live threshold for the specified R 072147483647 interface or IP alias on an interface ip igmp iface interface Turns IGMP version 1 compatibility on or off for the specified R vicompat on off interface or IP alias on an interface ip igmp querier onloff Turns the IGMP stop query flag on or off R ip igmp robustness Sets the number of times that the ZyWALL sends IGMP group R 2 2147483647 no specific queries before declaring a group to no longer have any members on an interface RFC 2236 no restores the default value 2 ip igmp status Displays the IGMP status R 15 1 15 IGMP Command Example The following example displays the IGMP status ras gt ip igmp status Group groupLink ifaceLink flags 224 0 0 12 0102 d80 00c618c0 0102fdc4 0102f dc4 0003 224 0 0 9 0102fd4c 0102f db4 0102fd90 0102fd90 0001 224 0 0 2 0102 d18 0102fd80 0102fd5c 0102f d5c 0001 224 0 0 1
150. e 1 enable Controls whether the debugging information is displayed on the console You must change the baud rate to 115200 bps before enabling the CNM debug mode R B cnm reset Resets the CNM service to the initial status on the ZyWALL The ZyWALL will register itself to the CNM server again if the service is enabled R B cnm encry none des 3des key Displays or sets the encryption mode and key The encryption key is 8 characters when the encryption mode is set to DES The encryption key is 24 characters when the encryption mode is set to 3DES R B cnm keepalive 10 90 Sets how often in seconds the ZyWALL sends a keepalive packet to inform the CNM server of its existence R B cnm version Displays the CNM agent version R B cnm alarmqueue display Displays the alert messages waiting to be sent to the CNM server R B cnm alarmqueue send Sends all alert messages in the queue to the CNM server immediately and clears the queue R B ZyWALL ZyNOS CLI Reference Guide Chapter 9 Agent Commands 9 2 Command Examples This example displays the CNM agent version on the ZyWALL ras cnm version cnm version 2 0 2 AGZ 1 bl This example configures the CNM settings and activates the service on the ZyWALL using the following settings CNM server IP address 10 1 1 252 Encryption mode DES Encryp
151. e Configuration Rule Summary A Record 001 record type A Record ISP WAN 1 FODN www my company com example Rule Summary NS Record 001 record type NS Record DNS server 10 0 0 5 private Domain Name www mycompany 2 com exampl 15 1 11 HTTP Commands The following section lists the HTTP commands Table 49 HTTP Commands COMMAND DESCRIPTION M ip httpClient debug on off Turns the HTTP client debug messages on or off R B ip httpClient display Displays the system HTTP client state R B ip httpd debug onloff Displays or sets the web configurator debug flag R B ZyWALL ZyNOS CLI Reference Guide 109 Chapter 15 IP Commands 15 1 12 ICMP Commands The following section lists the ICMP commands Table 50 ICMP Commands COMMAND DESCRIPTION M ip icmp discovery interface on off Turns ICMP discovery ICMP type 10 RFC 1256 off or on for R B the specified interface or IP alias on an interface ip icmp sourcequench on off Displays or sets the ignore ICMP source quench packets flag R Enable the ignore ICMP source quench packets flag to have the ZyWALL not log ICMP source quench packets ip icmp status Displays the ICMP statistics counter R B 15 1 13 ICMP Command Example The following example displays the ICMP status ras gt ip icmp status 1 icmpInMsgs 0 14 icmpOutMsgs 1628 2 icmpInErrors 0
152. e O 159 REGS Dee enaa 554 See eee a SAGE cae dua d Sa ee Mg dod Wu 155 logs mall alertAgddr meil sqUPese eese 9m oh CRUR MORCECE ACER REE DORN ER TE SET 155 bogs tend sm e 0sensbLsl sse anae Eon E Eder aie DNE GUAE wo x odia 155 loge mail slesched IUISOIELSYySS eek cs RU ya Kop Obes ede enakuecy RR RU 155 is baad hae dub xu RS sewer ba ad dab 1559 logs math logsddpe maerii adGress ceed UC ORO ee koe ee RSS Rd RAD E 155 logs mail passwd Lsmtp user passwoid excgcesed uae3 kk 339 E CRE E SURE cac ok Roe eR Ee ES 155 loge dal Pere Pere anis web eR kx E Ep cde Rr REO RE ORC RC ACC ICA Roe a RC CM ode pde 1553 logo Toil sSchogOle Gisela ther 159 logs mail sched ale Nour lt 0 23 gt Lia cel RR RU ROGER ACA ERA REGERE RC ae 155 loss Mail schedule minute 0298959 2466044 cede tee gee eee ke eh Pd p d dE eus 158 logs mail schedule policy lt 0 full l hourly 2 daily 3 weekly 4 none gt 155 logs mail schedule week 0 sun 1 mon 2 tue 3 wed 4 thu 5 fril 6 sat 155 togs mail smnlbpriddr uk ug dos aes Bowes wae ai a E erik 155 lege mail server UNE ORC C 1585 logs mail Sues 2221969229933 ea RA Ad ROBA Sheds HR aub E RC caw 155 logs mall wuwser bLsmntpeustcbIame l qdqedesk e ee wa Se dei Ec HORE RR O
153. e mail gt config edit firewall e mail subject Sets the e mail subject R B mail subject config edit firewall set lt set gt Sets the connection timeout for traffic to which a rule in the R B connection timeout timeout set applies This command has no effect on firewall settings To configure t imeout values use tos commands config edit firewall set sett Sets the default action for traffic for which the set applies R B default action lt rule action gt config edit firewall set lt set gt Sets the wait time for FIN when concluding a TCP session R B fin wait timeout timeout before it is terminated This command has no effect on firewall settings To configure timeout values use tos commands config edit firewall set lt set gt Sets the timeout for an idle ICMP session before it is R B icmp timeout timeout terminated This command has no effect on firewall settings To configure timeout values use tos commands ZyWALL ZyNOS CLI Reference Guide Chapter 10 Configuration Commands Table 27 config Command Summary continued rul address mask lt rule gt destaddr subnet ip address and subnet mask COMMAND DESCRIPTION M config edit firewall set lt set gt log Edits whether a log of sessions for which the set applies is R B yes no sent config edit firewall set lt set gt Edits the name for a
154. e solved by using this manual you should contact your vendor If you cannot contact your vendor then contact a ZyXEL office for the region in which you bought the device Regional offices are listed below see also http www zyxel com web contact us php Please have the following information ready when you contact an office Required Information 66 0 Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it is the prefix number you dial to make an international telephone call Corporate Headquarters Worldwide Support E mail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 3 578 3942 Fax 886 3 578 2439 Web www zyxel com Regular Mail ZyXEL Communications Corp 6 Innovation Road II Science Park Hsinchu 300 Taiwan China ZyXEL Communications Beijing Corp Support E mail cso zycn Q zyxel cn Sales E mail sales 9 zyxel cn Telephone 86 010 82800646 Fax 86 010 82800587 Address 902 Unit B Horizon Building No 6 Zhichun Str Haidian District Beijing Web http www zyxel cn China ZyXEL Communications Shanghai Corp Support E mail cso zycn Q zyxel cn Sales E mail sales 9 zyxel cn Telephone 86 021 61199055 Fax 86 021 52069033 ZyWALL ZyNOS CLI Reference Guide Appendix B Customer Support Address 10058 ShengGao International Tower No 137 Xian
155. e waits to get a Hello BPDU from the root bridge bridge rstp bridge priority Sets the ZyWALL s RSTP bridge priority 0761440 The lower B priority the number the higher the priority Bridge priority determines the root bridge which in turn determines Hello Time Max Age and Forward Delay bridge rstp bridge version Sets the ZyWALL to use STP or RSTP B lt STP 0 RSTP 2 gt bridge rstp disp Displays RSTP information bridge rstp port disable Turns off RSTP on the specified port lt interface gt bridge rstp port edgePort Sets the specified port to be an edge or non edge port B lt interface gt lt True 1 False 0 gt bridge rstp port enable Turns on RSTP on the specified port B lt interface gt bridge rstp port mcheck Sets migrate check on this port B lt interface gt bridge rstp port p2pLink Sets a point to point link on the specified port B lt interface gt lt Auto 2 True 1 False 0 gt bridge rstp port pathCost Sets the RSTP path cost on the specified port B lt interface gt path cost bridge rstp port priority Sets the RSTP priority on the specified port B lt interface gt priority bridge rstp state Displays general RSTP status information B bridge rstp trace Turns on RSTP debug trace messages B bridge stat clear Resets the bridging packet statistics counter R B bridge stat disp Displays the bridging packet statistics table R B ZyWALL ZyNOS CLI Reference Guide Chapter 7 Bridge Commands 7 2 C
156. eS EE VRAC MR dk dd A edo A 145 moster casy DONDIQEE a3 3 91 Hees Os OS ESE S EORR UEHEGE WO HUE AO HO PERO SE Sees 145 m ster promcsceuomes PONE 333434 Ra E RE Fe RE Moa deo ER AC ee c o De e cae 145 pade LIMIT era P3 Eb cee de Ee e ooh ees 146 peony scrive ONOFF zxadkosmaub ak EC AGUA SEER hae 146 proxy debug TIGONDQEE RC SS REECE EORR UE ESR OR OE E ADR ONU Roe EO 146 DEO US soc bisa cette eee area ee esues tone eear aenes Tm 146 Prose CGS SEE EE eee ee eee eia eee e dl Rae eee Se 146 uud 323353 B duce B Rol Rau iba d CEG Chae ee iia ae Ded ome as RN 146 proxy time cen dao po eoi qo eae hae dde peg Ab pag db dvi us 146 recre mp dE E Boke ed dx ade Rd ed wg dud 146 becky RARO SG bees ador DOR ep dea iod ea 146 servich Add SERVICE NANE 221923549 0 hee EE 146 SIMA OSEE E END NAE Y QE d abc en Ke CR ea x e CN 146 etatis ace ea f PA EES ORE Ead E ESLER E SES 145 Lage ERR Red RO XC QC RUE ROSE d ACD CRGA C Nob a NC 145 sca aes cee tees Se he OR OE ECA GE RO GR UR eee Oe eee eee UE 149 debug ON OPE savin cece e bape ae bea wed CR qox x HRK cde e ERE ERE ERE ee dece 149 gial
157. eady enabled av config enable lt on off gt Enables or disables the antivirus function R B av config protocol active Enables or disables the antivirus function for the specified R B lt on off gt protocol av config protocol dir Configures antivirus protection for the specified protocol R B interface interface on off based on the source and destination of traffic av config protocol display Shows the antivirus setting for the specified protocol R B av config httpScanAllMime Enables or disables scanning of ASCII files transferred using R B lt on off gt HTTP such as txt html By default the ZyWALL scans MIME type files for example doc ppt zip exe av config overZipSession 0 1 Blocks 0 or forwards 1 a mail with an attached zip file R B when the maximum number of received zip files has been exceeded av config pop3ScanAllMime Enables or disables scanning of ASCII files transferred using R B lt on off gt POP3 email such as txt html By default the ZyWALL scans MIME type files for example doc ppt zip exe ZyWALL ZyNOS CLI Reference Guide 35 Chapter 4 Antivirus Commands Table 12 av Commands continued COMMAND DESCRIPTION M av config smtpScanAllMime Enables or disables scanning of ASCII files transferred using R B lt on off gt SMTP email such as txt html By default the ZyWALL scans MIME type files
158. eceived on the interface icmplnTimestamps The number of ICMP Timestamp messages received on the interface ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands Table 51 ip icmp status Description LABEL DESCRIPTION icmpInTimestampReps The number of ICMP Timestamp Reply messages received on the interface icmplnAddrMasks The number of ICMP Address Mask Request messages received on the interface icmpInAddrMaskReps The number of ICMP Address Mask Reply messages received on the interface icmpOutMsgs The number of ICMP messages received sent through the interface icmpOutErrors The number of ICMP messages with an error sent through the interface icmpOutDestUnreach The number of ICMP Destination Unreachable messages sent through the interface icmpOutTimeExcds The number of ICMP Time Exceeded messages sent through the interface icmpOutParmProbs The number of ICMP Parameter Problem messages sent through the interface icmpOutSrcQuench The number of ICMP Source Quench messages sent through the interface icmpOutRedirects The number of ICMP Redirect messages sent through the interface icmpOutEchos The number of ICMP Echo request messages sent through the interface icmpOutEchoReps The number of ICMP Echo Reply messages sent through the interface icmpOutTimestamps The number of ICMP Timestamp messages sent through the
159. eference Guide IPSec Commands Use these commands to configure IPSec settings on the ZyWALL 16 1 Command Summary The following table describes the values required for many commands Other values are discussed with the corresponding commands Table 60 BM Class Command Input Values LABEL DESCRIPTION interface This is an interface name including lan wan wan1 dmz wan2 wlan The following section lists the commands for this feature Table 61 Ipsec Commands COMMAND DESCRIPTION M ipsec debug type Controls whether the specified debugging R B lt 0 Disable 1 Original lt on off gt 2 IKE_ information is displayed on the console on off 3 IPSec SPI lt on off gt 4 XAUTH lt on off gt 5 CERT lt on off gt 6 Al11 gt ipsec debug level Sets the debugging level The higher the number R B 0 None 1 User 2 Low 3 High specified the more detail displays ipsec debug display Displays all debugging settings R B ipsec route interface on off After IPSec processes a packet that will be sentto R the specified interface this switch controls whether or not the packets can be forwarded to another IPSec tunnel ipsec show runtime sa Displays active IKE and IPSec SAs R B ipsec show_runtime spd Displays the local and remote network address R B pairs used to differentiate the connected dynamic VPN tunnels ipsec show_runtime list Displays active VPN tunnels R B ipsec ti
160. ence Guide Index of Commands EO COD mE Meneses das debe dea Eu eq dpud eura dud idis 115 bp telnet UR D S44 KEES EERE CRESS 118 ig address gt watt cca cciet cece den seca eka ee eek 118 ap PesIS active sonori ga aq baa s RRR MEARE e ded de RR RC dee a ep Rab ee be D a CR JL an Credir chacktine period srooot eae eed eue ed d ud bec Se ees 117 io Credir QUE d eid x dd a CAR ae VR GR RR CR Ae e MERE Oo ECC CAO RR bed Sede diee Rt IIF ip credir Cad LlpgcuND SOOU 24054008 doe oe dog ee het Ae ek eed ae ee E eE 117 XO wea ees epis uda dac qupd dra d dap ak aede dpi d LLY i SUCRE Gare qGusesuns bo Ru DEN Xx dd E cee eek tad eds dac Pa Ma X e wee d pde o de ee 117 Weenie tarder dope DONE aed bead dena x 117 IB redir timeout XE IISQUE Qgoeidessckeedeuoseosau epe do oa oki ea eb d Kon lio reca 117 Epp dE UN ues epe ed ru d wae es 115 Ipse Leos SIS Ea Ree RE e d Y ag RIP ed Ret iex dddd dede ad ademit 121 ipeec debug level sDiNoDel tsUser zstow 3HliqRB i268 hase cee ee OR ECC HOS Ee OMS eR AS ipsec debug type lt 0 Disable 1 Original lt on off gt 2 IKE on off 3 IPSec SPI zonlorfrrs arxAUTHB sonl oTi san otf E TALI ass ves eee x OX X XO OR x 151 Ip
161. er Displays the IP addresses connected to the specified R B interface that sent and received the most traffic ip rpt srv 0 lan 1 dmz Displays the most heavily used protocols or service ports R B number ip rpt start 0 lan 1 dmz Starts recording reports data for the specified port s traffic R B ip rpt stop 0 lan 1 dmz Stops recording reports data for the specified port s traffic R B ip rpt url 0 lan 1 dmz Displays the specified port s most visited Web sites R B number ip status Displays IP statistic counters R B ip tcp status Displays the TCP statistics counters R B ip udp status Displays the UDP status R B 15 1 20 Static Route Commands The following section lists the static route commands Table 57 Static Route Commands COMMAND DESCRIPTION M ip stroute config active Enables or disables a static route rule You must use the load R lt yes no gt command before you can configure a static route ip stroute config destination Sets a static route s destination IP address and gateway R dest ip address mask bits gateway ip lt metric gt ip stroute config gateway ip Sets a static route s gateway IP address R ip stroute config mask mask Sets a static route s subnet mask R ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands Table 57 Static Route Commands continued COMMAND DESCRIPTION M ip stroute config metric Sets a static route s
162. es The firewall rules are grouped in sets by packet direction Refer to Table 38 on page 87 for which set number to use for each firewall direction to following lan wanl wan2 dmz wlan vpn A traffic destination where the traffic leaves the ZyWALL Use one of the Table 38 Firewall Set Numbers FIREWALL SET FIREWALL SET FIREWALL SET DIRECTION NUMBER DIRECTION NUMBER DIRECTION NUMBER LAN to WAN 1 WLAN to WAN 13 WANe to WLAN 25 WAN to LAN 2 DMZ to WLAN 14 LAN to VPN 26 DMZ to LAN 3 WLAN to DMZ 15 VPN to LAN 27 DMZ to WAN 4 WLAN to WLAN 16 WAN to VPN 28 WAN to DMZ 5 LAN to WAN2 17 VPN to WAN 29 LAN to DMZ 6 WANe to LAN 18 WANe to VPN 30 LAN to LAN 7 WAN to WAN2 19 VPN to WAN2 31 WAN to WAN 8 WAN2 to WAN 20 DMZ to VPN 32 DMZ to DMZ 9 WAN2 to WAN2 21 VPN to DMZ 33 LAN to WLAN 10 DMZ to WAN2 22 WLAN to VPN 34 WLAN to LAN 11 WAN2 to DMZ 23 VPN to WLAN 35 WAN to WLAN 12 WLAN to WAN2 24 VPN to VPN 36 ZyWALL ZyNOS CLI Reference Guide Chapter 13 Firewall Commands The following section lists the firewall commands Table 39 Firewall Commands COMMAND DESCRIPTION M sys firewall acl disp set Displays all of the firewall rules rules for a specific direction of R B number rule number packet travel or a a specific rule sys firewall active l
163. es source destination message 0 2007 08 16 09 39 27 WAN1 WAN interface gets IP 172 16 17 48 1 2007 08 16 09 38 40 User admin Successful SMT login 2 2007 08 16 09 38 37 User admin SMT login failed password error 3 2007 08 16 09 35 10 80 85 129 103 123 172 16 17 48 1135 Time set from NTP server 0 pool ntp org offset 208949688 sec 4 2001 01 01 00 00 18 WAN1 WAN interface gets IP 172 16 17 48 5 2001 01 01 00 00 16 WAN1 WAN1 connection is up 6 2001 01 01 00 00 16 WAN2 WAN2 connection is down ras gt Use the following command to display all ZyWALL error logs ras gt 47 48 52 53 54 55 56 57 60 61 62 63 Clea sys logs err on Jan 0 on Jan 0 on Jan 0 on Jan 0 on Jan 0 on Jan 0 on Jan 0 on Jan 0 on Jan 0 on Jan 0 on Jan 0 on Jan 0 on Jan 1 0 r Error Log log disp 0 00 03 0 00 25 0 00 25 0 00 25 301 553 05 1 5538 0215325 0251 55 0 51 53 0 751 2097 05153 Qus 0252231 y n 2001 PINI INFO Channel 0 ok 2001 PPOe INFO LAN promiscuous mode 0 2001 PINI INFO main init completed 2001 PP22 INFO o DNS server available 2001 PINI INFO Last errorlog repeat 114 Times 2001 PINI INFO SMT Session Begin 2001 PP22 INFO o DNS server available 2001 PINI INFO Channel 0 ok 2001 PPOe INFO LAN promiscuous mode 0 2001 PINI INFO main init completed 2001 PP22 INFO o DNS server available 2001 PINI INFO SMT Session Begin 2001 PPlc INFO o DNS server available
164. et ACL set nam Cmz Rules number of rules 1 default action drop ACL pnc enable no ACL log enable no ACL logone enable no ACL set timeout values ICMP idle timeout s 60 UDP idle timeout s 60 TCP connection timeout s 30 TCP FIN wait timeout s 60 TCP idle timeout s 3600 Free space remaining in ACL buffer 161160 ras config display set 8 rule 1 ACL rule number 1 ACL rule active yes ACL rule action permit ACL rule protocol ACL rule log match ACL rule alert no Source Single IP address 1 1 1 1 Destination Single IP address 2 2 2 2 TCP destination port number s 22 ACL rule name SSH ras config save firewall ZyWALL ZyNOS CLI Reference Guide T7 Chapter 10 Configuration Commands The following table describes the fields displayed using the config display set command in the example above Table 29 config display set LABEL DESCRIPTION ACL set number Shows the index number of this set and the interfaces it applies to See ACL set name Shows the name of this set ACL set number of rules Shows the number of rules in this set ACL set default action Shows the default action when a packet matches a rule in the set The options are permit drop reject ACL pnc enable Shows whether the pnc service is enabled This service is currently not available ACL log enable Shows whether the log is enabled or not ACL logone enable Shows whether l
165. ete firewall set lt set gt Deletes the setting for the connection time out for traffic to R B connection timeout which this set applies This command has no effect on firewall settings To configure timeout values use tos commands config delete firewall set lt set gt Deletes the setting for the default action for traffic to which R B default action this set applies config delete firewall set lt set gt Deletes the setting for the wait time for FIN when R B fin wait timeout concluding a TCP session before it is terminated This command has no effect on firewall settings To configure timeout values use tos commands config delete firewall set lt set gt Deletes the setting for the timeout for an idle ICMP session R B icmp timeout before it is terminated This command has no effect on firewall settings To configure timeout values use tos commands config delete firewall set lt set gt Deletes the log of traffic to which this set applies R B log config delete firewall set lt set gt Deletes the name of a set R B name config delete firewall set lt set gt Removes a specified rule in a set from the firewall R B rule lt rule gt configuration config delete firewall set lt set gt Deletes whether a packet is permitted dropped or rejected R B rule lt rule gt action when it matches this rule config delete firewall set lt set gt Deletes whether a rule is enabled or not R B rule lt rule gt active ZyWALL ZyNOS
166. etrieveStoreSucc opType 2 opCode 3 sendSgmpRegisterSuccess sgmpd state SGMP STATE ACTIVE No Alarms Exist sgmpAgentRx iface p b04088 cnt 1 sgmpRxEventProcess opType 9 SessionID is modified by Vantage to 478043139 tUint 4110 Amount Item 1 nUnit 1 prociInquireData FORWARD COMPATIBILITY Device 1555 unsupport CNM Forward Compatibility Fail to send Forward Comp Information to CNM call sendSgmpInquireSuccess sendSgmpInquireSuccess opType 9 opCode 4 sessionID 1909254747 Send SGMP KA Trap IP 10 1 1 252 life 0 interval 90 secs No Alarms Exist Send SGMP KA Trap IP 10 1 1 252 life 90 interval 90 secs No Alarms Exist ZyWALL ZyNOS CLI Reference Guide Chapter 9 Agent Commands ZyWALL ZyNOS CLI Reference Guide Configuration Commands Use these commands to configure your configuration settings on the Zy WALL Many of these commands are also available in the web configurator 10 1 Command Summary The following table describes the values required for many config commands Other values are discussed with the corresponding commands Table 26 config Command Input Values LABEL DESCRIPTION day Specifies which day Options are sunday monday tuesday wednesday thursday friday satur
167. fg security 1 8 wep key2 key Sets the WEP key2 for the specified security profile R B key Refer to Table 83 on page 166 wcfg security 1 8 wep key3 key Sets the WEP key3 for the specified security profile R B key Refer to Table 83 on page 166 wcfg security 1 8 wep key4 key Sets the WEP key4 for the specified security profile R B key Refer to Table 83 on page 166 wcfg security 1 8 wep keyindex 1 Activates one of the four WEP keys to encrypt R B 4 gt wireless data transmission wcfg security 1 8 reauthtime Sets the time interval for wireless re authentication R B value for the specified security profile wcfg security 1 8 idletime value Setsthe idle time before a forced de association R B wcfg security 1 8 groupkeytime Sets the time interval for the WPA or WPA2 group R B value key update value 600 65535 seconds wcfg security 1 8 passphrase Sets the passphrase when you selected security R B lt value gt mode using wpapsk wpa2psk wpa2pskmix value 8 63 alphanumeric characters wcfg security 1 8 clear Sets the specified profile to its default value R B wcfg security 1 8 save Saves the specified profile s configuration R B wcfg security 1 8 show Displays the specified profile s configuration R B wcfg security display Displays all runtime security profile settings R B wcfg security saveall Saves all runtime wireless security settings to the R B 22
168. ficates Commands Input Values LABEL DESCRIPTION auth key Specifies the certificate s key for user authentication If the key contains spaces put it in quotes To leave it blank type ca address The IP address or domain name of the CA Certification Authority server ca coert The name of the CA certificate ip address port Specifies the server address required and port optional The format is server address port The default port is 389 key length The length of the key to use in creating a certificate or certificate request Valid options are 512 768 1024 1536 and 2048 bits login pswd The login name and password for the directory server if required The format is login password name The identifying name of a certificate or certification request Use up to 31 characters to identify a certificate You may use any character not including spaces proxyurl The address and port of an optional HTTP proxy to use server name A descriptive name for a directory server Use up to 31 ASCII characters spaces are not permitted subject A certificate s subject name and alternative name Both are required The format is subject name dn ip dns email value Example 1 CN ZyWALL OU CPE SW2 0 ZyXEL C TW ip 172 21 177 79 Example 2 CN ZyWALL O ZyXEL C TW dns www zyxel com Example 3 CN ZyWALL O ZyXEL C TW email dummy zyxel com tw If the name conta
169. ging statistics table R B bridge iface active lt yes no gt Sets the ZyWALL to bridge mode or router mode R B bridge iface address ip Sets the bridge mode management IP address B address bridge iface display Displays the bridge mode interface settings B bridge iface dnsl ip address Sets the bridge mode first system DNS server IP address B bridge iface dns2 ip address Sets the bridge mode second system DNS server IP address B bridge iface dns3 ip address Sets the bridge mode third system DNS server IP address B bridge iface gateway gateway Sets the bridge mode default gateway B ip bridge iface mask mask Sets the bridge mode network mask bridge rstp bridge disable Turns off RSTP ZyWALL ZyNOS CLI Reference Guide E Chapter 7 Bridge Commands Table 22 Bridge Commands continued COMMAND DESCRIPTION M bridge rstp bridge enable Turns on RSTP Rapid Spanning Tree Protocol bridge rstp bridge forwardDelay Setsthe RSTP forwarding delay 4 30 This is the number of forwarding delay seconds a bridge remains in the listening and learning port states The default is 15 seconds bridge rstp bridge helloTime Sets the RSTP hello time 1 10 in seconds the root bridge B hello time waits before sending a hello packet bridge rstp bridge maxAge max Sets the RSTP max age 6 40 This is how many secondsa B age bridg
170. gt lt password gt ipsec ikeConfig ha enable lt on off gt Enables IPSec high availability HA R B ipsec ikeConfig ha redunSecGwAddr Sets the redundant remote gateway address to the R B ip address domain name specified IP address or domain name ipsec ikeConfig ha fallback enable Enables fall back for IPSec HA R B lt on off gt ipsec ikeConfig ha fallback interval Enables a time interval for how often the ZyWALL R B lt time gt checks the availability of primary remote gateway for fall back detection time 180 86400 seconds ipsec ikeConfig ha failover display Displays fail over detection method R B ipsec ikeConfig ha failover dpd Enables or disables fail over detection by Dead R B lt on off gt Peer Detection DPD ipsec ikeConfig ha failover Enables or disables fail over detection by output idle R B outputIdleTime lt on off gt timer If the time is up and there is no reply traffic the ZyWALL disconnects the tunnel and negotiates a new tunnel with the redundant remote VPN gateway ipsec ikeConfig ha failover pingCheck Enables or disables fail over detection by ping R B lt on off gt check If the ZyWALL cannot ping the pre configured IP address for several retries the ZyWALL disconnects the tunnel and negotiates a new tunnel with the redundant remote VPN gateway ZyWALL ZyNOS CLI Reference Guide Chapter 16 IPSec Commands
171. he TCP IP connection is silently torn down Both sender and receiver are sent TCP RST packets If the firewall is not enabled only the packet that matched the signature is dropped idp signature config active Enables or disables the signature R B lt on off gt idp signature config alert Enables or disables the sending of an alert e mail when a R B lt on off gt match is found for the signature idp signature config log Enables or disables log generation when a match is found for R B lt on off gt the signature idp signature display Displays the currently loaded signature s settings R B idp signature load signature Loads the specified signature so you can configure it R B id gt signature id Each intrusion signature has a unique identification number This number may be searched at myZyXEL com for more detailed information idp signature reset Resets the signature setting to its default settings R B idp signature save Saves the signatures settings R B idp update config autoupdate Enables or disables automatic updating of IDP signatures R B lt on off gt idp update config dailyTime Sets the hour for daily updates R B lt 00 23 gt idp update config method lt 1 3 gt Sets how often to update the IDP signatures R B 1 hourly 2 daily 3 weekly idp update config weeklyDay Sets the day for weekly updates R B 157 idp update config weeklyTime Sets the hour for weekly updates R B lt 00 23 gt idp update display Shows signature i
172. he UPnP commands Table 79 UPnP Commands COMMAND DESCRIPTION M sys upnp active 0 no 1 yes Turns UPnP on or off R sys upnp config 0 no 1 yes Allow UPnP to configure NAT rules or not R sys upnp debug onloff Turns UPnP debug message on or off R sys upnp display Displays the UPnP configuration R sys upnp firewall Allow UPnP to pass through the firewall R 0 denyl 1 pass Loads the UPnP settings for editing Use this command tobe R able to configure the settings Use sys upnp save after you configure the settings sys upnp load sys upnp reserve Retain UPnP created NAT rules even after restarting R 0 deny 1 permit sys upnp save Saves the UPnP settings to the non volatile memory R 21 10 2 UPnP Commands Example The following example turns on UPnP and sets the ZyWALL to allow UPnP to create firewall rules and keep UPnP created NAT rules even after restarting load active 1 config 1 reserve 1 save display ras ras ras ras ras ras Sys Sys Sys Sys sys sys upnp upnp upnp upnp upnp upnp Active Yes Reserve UPnP NAT rules in flash Yes Configuration through UPnP Permit Pass through Firewall Deny ZyWALL ZyNOS CLI Reference Guide Chapter 21 System Commands 21 10 3 Other System Commands The following section lists miscellaneous system commands Table 80 Other sys Commands
173. how many hours a categorized web site address remains R B hours in the cache ip cf externalDB enable on off Turns the external database checking on or off R B ip cf externalDB enableLog Turns content filtering external database logs on or off R B on off ip cf externalDB exDblogserver Sets the address for content filtering external database logs R B server address ip cf externalDB matchweb none Sets the log and block action for websites that match a R B log block both category in the content filtering external database configuration 100 ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands Table 45 Content Filtering Commands continued COMMAND DESCRIPTION M ip cf externalDB queryURL Checks whether or not the content filter policy currently blocks R B index url any given web page Server localCache Server Test whether or not the web site above is saved in the external content filter server s database of restricted web pages localCache test whether or not the web site above is saved in the ZyWALL s database of restricted web pages ip cf externalDB reginfo display Displays the content filtering external database registration R B information ip cf externalDB reginfo refresh Refreshes and displays the content filtering external database R B registration license ip cf externalDB serverList Displa
174. ig alt booed ERR de Re exo ede CIA 38 ZyWALL ZyNOS CLI Reference Guide Index of Commands au Signature contro gesbrovErlie luz dence Pu C eb Nod gode 36 ay 109 sca eder xA CN E ALACRES KA REOR SEU 36 Bu XO GI COE ce ee Se 58 AL PIEN 42444443 eke ERE REX ER e o 08 o RU RU debe de eoe p Ra ee Co e e ORC 38 signature E OP B LEE Led be ead 36 ay dignatur XXX xcd de dd Na wd M Ro 36 or 320 ADU NR CI 2615 0 36 ay Lune dena JSIOWmDOCTISUN SOR oTi eade dee head edu fusci Reps dawned Baw we WR unl id 36 av CUNS contig 950 l9EE Rack NU hues 36 ay Cune Contra ISTUpusRDE CODIQGIE 121S9 2 2 BG Rc EK Ad Sd Rad xa wee REM Ed SE 26 av Sune Contig JSTocpwindowek ON 224427 dade eo we Rn cir dee 26 ay tune ented DSUpcbsum onlo 2 224 5 d x oda d guber ter Rod ea ed we aq ard 36 av tuNB cpg lTStpassm SON OLiS nen deed Gees Venda eee Gs Ret x dee dee deep ada dde P sese 36 BU tine Contig PIFLbBdetoush ONDE equ dee 9 06b CASS Ok eee eee E 36 ay tune contig JYTSCtLlpaesm SoBDG ES sce kd X Gk e XOEOAGECRON A E ACER eee CERCA CR CR Ra e Ro CUR 38
175. ig saLifeTime Sets the phase 2 IPSec SA life time R B lt seconds gt ipsec ipsecConfig encap Sets the phase 2 encapsulation mode R B lt 0 Tunnel 1 Transport gt ipsec ipsecConfig pfs Sets the Perfect Forward Secrecy group for phase R B lt 0 None 1 DH1 2 DH2 gt 2 ipsec ipsecConfig antiReplay Yes No Enables or disables replay detection R B ipsec ipsecConfig controlPing Enables or disables the IPSec tunnel connectivity R B lt Yes No gt check ipsec ipsecConfig logControlPing Enables or disables logging for the ping check R B lt Yes No gt events including pings sent and responses ipsec ipsecConfig controlPingAddr Sets the destination address for ping check R B ip address ipsec ipsecConfig protocol Sets the traffic protocol that can trigger the VPN R B lt 1 ICMP 6 TCP 17 UDP gt tunnel and be forwarded through it ipsec ipsecConfig lcAddrType Sets the address type for the local network R B 0 single l range 2 subnet ipsec ipsecConfig lcAddrStart ip Sets the local network starting IP address R B address gt ipsec ipsecConfig lcAddrEndMask ip Sets the local network ending IP address for a R B address subnet mask gt range or the subnet mask for a subnet ZyWALL ZyNOS CLI Reference Guide Chapter 16 IPSec Commands Table 61 Ipsec Commands continued COMMAND DESCRIPTION M ipsec ipsecC
176. ins spaces put it in quotes timeout The verification timeout value in seconds optional The default timeout value is 20 seconds url The location of a certificate to be imported ZyWALL ZyNOS CLI Reference Guide 35 Chapter 8 Certificates Commands The following section lists the certificates commands Table 24 Certificates Commands COMMAND DESCRIPTION M certificates ca trusted Specifies whether or not the specified CA issues a CRL R B crl issuer lt name gt on off on off specifies whether or not the CA issues CRL If on off is not specified the current CRL issuer status of the CA displays certificates ca_trusted delete Removes the specified trusted CA certificate R B lt name gt certificates ca_trusted export Exports the specified PEM encoded certificate to your CLI R B lt name gt session s window for you to copy and paste certificates ca_trusted Imports the specified certificate file from the specified remote web R B http_import lt url gt lt name gt server as a trusted CA The certificate file must be in one of the proxyurl following formats 1 Binary X 509 2 PEM encoded X 509 3 Binary PKCS 7 and 4 PEM encoded PKCS 7 certificates ca trusted import Imports the specified PEM encoded CA certificate from your CLI R B name session After you enter the command copy and paste the PEM encoded certificate into y
177. interface icmpOutTimestampReps The number of ICMP Timestamp Reply messages sent through the interface icmpOutAddrMasks The number of ICMP Address Mask Request messages sent through the interface icmpOutAddrMaskReps The number of ICMP Address Mask Reply messages sent through the interface 15 1 14 IGMP Commands The following section lists the IGMP commands Table 52 IGMP Commands COMMAND DESCRIPTION M ip igmp debug Sets the IGMP debug level R 0 off 1 normal 2 detailed ip igmp forwardall onloff Activates or deactivates IGMP forwarding to all interfaces R ip igmp iface interface Sets the IGMP group timeout in seconds for the specified R grouptm lt 260 2147483647 gt interface or IP alias on an interface ip igmp iface lt interface gt interval lt 125 2147483647 gt Sets the IGMP query interval in seconds for the specified R interface or IP alias on an interface ip igmp iface lt interface gt join Adds the specified interface or IP alias on an interface to the R lt group gt specified IGMP group ip igmp iface lt interface gt leav Removes the specified interface or IP alias on an interface R lt group gt from the specified IGMP group ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands Table 52 IGMP Commands continued COMMAND DESCRIPTION M ip igmp iface interfac
178. ir servic dit server name lt ip address port gt login pswd 56 pcertrtjicatas dris service LIS 231xackacen Rx ROROVRCROEORON R R UR Rs SORCACYCEURCRERONCKCRUNCECNCR ERG OR DSRS RSS 56 certificates dir service rename old server name new server name 56 certificates dit service View Server name gt CR ORO OX CX ER EN ERC RES HOGS 56 certificates my cert create cmp enroll name ca address ca cert auth key sub E e RUE E ed p ec ob RO o EL dr dodi Ce se Moa ai 57 certificates my cert create request name subject key length 57 certificates my cert create scep enroll name ca address lt ca cert gt lt ra sign gt lt ra encr gt Reve soun ecte wey Od ROGER BOE SUE ER Dow ee Ree dix P AO RE R RT 56 certificates my cert create self signed name subject key length validity period ES certificates my cert def selcisvgneg nane 2 64 06 B a4 R de RR Due EE Ede URB U as eases rae GT gertzficspes My cest delete Daner ae ok go oe Kou o eae Rod cre dos x 5T cerci iocateS Wu Care eaxDSrL SISSE oven dao ek s UB Bouse acea eod 57 certificates My cert http import url lt name gt proxy uri l esce x R9 RR ERR 53 My cest Lese sesionin red iess hidan dd D Nub aced da nee 57 cerci tates My ce JE os aoi aes QC a cer e po
179. isp Load Sharing Active Yes Load Sharing dispatch outgoing traffic by Spillover Send traffic to secondary WAN when primary WAN bandwidth exceeds 100 Kbps 194 ZyWALL ZyNOS CLI Reference Guide myZyXEL com Commands Use these commands to configure user product or service registration settings on your ZyWALL Your Zy WALL needs to connect to the registration server default is http www myZyXEL com Ensure your ZyWALL is connected to the Internet and the registration server before you use the following commands 18 1 Command Summary The following section lists the commands for this feature Table 63 MyZyXEL Commands COMMAND DESCRIPTION M sys myZyxelCom checkUserName Checks whether the specified user name exists or R username not in the myZyXEL com database sys myZyxelCom register username Sends the specified registration information to R password email countrycode myZyXEL com including user name password email and country code countrycode This is a number that represents the country you are from Refer to table Table 64 on page 136 sys myZyxelCom trialService service Activates the trial services to myZyXEL com R service 1 Content Filtering CF 2 Anti Spam AS Intrusion Detection Protection IDP Anti Virus AV 3 CF AS IDP AV sys myZyxelCom serviceUpgrad Registers a license key to myZyXEL com R licence key
180. ist Displays all my certificate names and basic information R B certificates my cert poll req Queries an SCEP server about a certification request that is R B lt name gt pending in an SCEP server s queue certificates my_cert renam Renames the specified my certificate R B old name new name certificates my cert Creates a certificate using your device MAC address that is R B replace_factory specific to this device The factory default certificate is a common default certificate for all ZyWALL models certificates my_cert verify Has the ZyWALL verify the certification path of the specified local R B lt name gt timeout host certificate certificates my_cert view Displays information about the specified local host certificate R B lt name gt certificates remote_trusted Removes the specified trusted remote host certificate R B delete lt name gt ZyWALL ZyNOS CLI Reference Guide Chapter 8 Certificates Commands Table 24 Certificates Commands continued COMMAND DESCRIPTION M certificates remote trusted Exports the PEM encoded certificate to your CLI session s R B export lt name gt window for you to copy and paste certificates remote_trusted Imports the specified certificate file from the specified remote web R B http_import lt url gt lt name gt server as the device s trusted remote host The certificate file proxy url must be in one of the f
181. l Sets or displays the e mail address to send logs to R B address sys logs mail passwd smtp user Sets the SMTP authentication password R B password sys logs mail port port Sets the port number for sending log e mails R B sys logs mail schedule display Displays the log e mail schedule R B sys logs mail schedule hour lt 0 Sets the hour to send the logs R B 23 gt sys logs mail schedule minute 0 Sets the minute to send the logs R B 59 gt sys logs mail schedule policy Sets how often the ZyWALL sends log e mails R B 0 full 1 hourly 2 daily 3 weekl y 4 none gt sys logs mail schedule week Sets the day of the week to send the e mail log R B 0 sun 1 mon 2 tue 3 wed 4 thu 5 fri 6 sat gt sys logs mail senderAddr mail Specifies the e mail address in the from sender line of thelog R B address e mail message that the ZyWALL sends If you activate SMTP authentication the e mail address must be able to be authenticated by the mail server sys logs mail server domain Specifies the server name or the IP address of the mail server R B name ip gt for the e mail address specified as the mail sender sys logs mail subject lt mail Specifies the title in the subject line of the diagnostic e mail R B subject gt message that the ZyWALL sends ZyWALL ZyNOS CLI Reference Guide Chapter 21 System Commands Table 74 Logs Commands continued COMMAND DESCRIPTI
182. l e mail policy send amali DOlicy9 52454499 x kp EUR A E RUE age T3 edit firewall ugsqas wu a PU ob T3 edit firewall e mall subject masrl subJBGL px edit firewall set lt set gt connection timeout timeout cee cn wea RR n 43 edit firewall set defanlt action rfgl actiOof 2 02 24 9 Geb ERA RE E BARS T3 edit firewall set lt set gt fin wait timeout timeout T3 egit firewall set lt set gt icmp timeout lt Limegut gt wick sd ced wanna ee bane de eee 73 puit Firewall set seti log lt 7es NO gt 3644 9 RE LONG dew RE Ere 74 edit faivewall set sef c nene StPLB99 Lakes RARO caw dundee wad OR OR SERS eS 74 edit firewall set lt set gt rule lt rule gt action rule action 74 edit firewall set lt set gt rule lt rule gt active 74 edit firewall set lt set gt rule lt rule gt alert lt yes no gt 74 edit firewall set lt set gt rule lt rule gt custom icmp string 74 edit firewall set setf rule lt rulef gt custom ip lt string gt l2 onm on 74 ZyWALL ZyNOS CLI Reference Guide Index of Commands config edit firewall set lt set gt rule lt rule gt destaddr range start ip end ip 74
183. lar Mail ZyXEL Communications Arte 21 5 planta 28033 Madrid Spain Sweden Support E mail support 2 zyxel se e Sales E mail sales zyxel se Telephone 46 31 744 7700 Fax 46 31 744 7701 Web www zyxel se Regular Mail ZyXEL Communications A S Sj porten 4 41764 G teborg Sweden Taiwan e Support E mail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 2 27399889 Fax 886 2 27353220 Web http www zyxel com tw e Address Room B 21 No 333 Sec 2 Dunhua S Rd Da an District Taipei Thailand Support E mail support zyxel co th e Sales E mail sales zyxel co th e Telephone 4 662 831 5315 Fax 4 662 831 5395 Web http www zyxel co th Regular Mail ZyXEL Thailand Co Ltd 1 1 Moo 2 Ratchaphruk Road Bangrak Noi Muang Nonthaburi 11000 Thailand ZyWALL ZyNOS CLI Reference Guide Appendix B Customer Support Turkey Support E mail cso zyxel com tr Telephone 90 212 222 55 22 Fax 90 212 220 2526 Web http www zyxel com tr Address Kaptanpasa Mahallesi Piyalepasa Bulvari Ortadogu Plaza N 14 13 K 6 Okmeydani Sisli Istanbul Turkey Ukraine United Support E mail support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 Fax 380 44 494 49 32 Web www ua zyxel com Regular Mail ZyXEL Ukraine 13 Pimonenko Str Kiev 04050 Ukraine Kingdom Support E mail support zyxel co uk Sales E mail
184. lays details on the specified channel for example H R B LEVEL device channel drop channel name Drops the specified channel R B channel name The options are poe0 poel pneO pnellaux0 all device channel name lt ALL USE gt Lists names of all channels or the names of the H R B channels used ZyWALL ZyNOS CLI Reference Guide Chapter 11 Device Related Commands Table 35 device Command Summary COMMAND DESCRIPTION M device channel threshold Sets the channel threshold H R B lt channel_name gt NUMBER device dial lt node gt Dials to a remote node Enter sys rn dispto display R a list of remote nodes to dial 11 3 Command Example This example triggers a call to the ISP ras device dial 1 Start dialing for node lt MyISP gt ZyWALL ZyNOS CLI Reference Guide Ethernet Commands Use these commands to configure the settings of ethernet ports on ZyWALL 12 1 Command Summary The following section lists the commands for this feature Table 36 Ethernet Commands COMMAND DESCRIPTION ether edit load ether number Loads the ethernet configuration for the specified interface ether number Use the following for a ZyWALL with a single WAN Ethernet interface 1 lan 2 wan 3 dmz 4 wlan Use the following for a ZyWALL with two WAN Ethernet interfaces 1 lan wan
185. le through a specific interface An example of when you may want to use this is if you have servers with public IP addresses connected to the LAN DMZ or WLAN By default the ZyWALL routes traffic that does not match a NAT rule out through the DMZ interface The following command example sets the ZyWALL to route traffic that does not match a NAT rule through the WLAN interface ras ip nat routing 2 1 Routing can work in NAT when no NAT rule match LAN no DMZ yes WLAN yes ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands 15 1 18 Route Commands The following section lists the route commands Table 55 Route Commands COMMAND DESCRIPTION M ip route add Adds a route The route is runtime only it is not kept in non R dest address default mask volatile memory bits gt gateway ip lt metric gt ip route addiface dest ip Adds an entry to the routing table for the specified interface R address mask bits interface lt metric gt ip route drop ip address Drops a route R mask bits ip route status Displays the routing table R 15 1 19 Report and Status Commands The following section lists the report and status commands Table 56 Report and Status Commands COMMAND DESCRIPTION M ip rpt active 0 no l yes Enables or disables the system reports R B ip rpt ip 0 lan 1 dmz numb
186. load an IKE rule before using this command ipsec ikeAdd Allocates a working buffer to add an IKE rule R B ipsec ikeEdit lt rule number gt Loads the specified IKE rule for editing R B ipsec ikeSave Saves the IKE rule settings from buffer to memory R B ipsec ikeList Lists all IKE rules R B ipsec ikeDelete rule number Deletes the specified IKE rule R B ipsec ikeConfig name string Sets the IKE rule name R B string Up to 31 characters ipsec ikeConfig negotiationMode Sets the negotiation mode R B lt 0 Main 1 Aggressive gt ipsec ikeConfig natTraversal Yes Turns NAT traversal on or off R B No gt ipsec ikeConfig multiPro Yes No Turns multiple proposal on or off R B ipsec ikeConfig lcIdType Sets the local ID type R B lt 0 IP 1 DNS 2 Email gt ipsec ikeConfig lcIdContent lt content gt Sets the local ID content with the specified IP R B address domain name or e mail address Use up to 31 characters ipsec ikeConfig myIpAddr ip Sets the local VPN gateway with the specified IP R address domain name address or domain name ipsec ikeConfig peerIdType Sets the peer ID type R B lt 0 IP 1 DNS 2 Email gt ipsec ikeConfig peerIdContent Sets the peer ID content with the specified IP R B lt string gt address domain name or e mail address Use up to 31 characters ipsec ikeConfig secureGwAddr lt ip Sets the remote gateway address with the specified R B address domain name gt IP address or domain nam
187. log on off wwan config budgetCtrl lowLimit Sets a data level at which to send an alert or log before the maximum data limit is reached wwan config budgetCtrl lowLimit Sends an alert if the warning level is reached alert on off wwan config budgetCtrl lowLimit Sets a warning level as a percentage of the data limit data lt gt wwan config budgetCtrl lowLimit Sends a log if the warning level is exceeded log on off wwan config budgetCtrl lowLimit Sets a time for a warning as a percentage of the Internet time access time limit wwan config budgetCtrl resetDay Sets the day of each month to reset the budget counter day wwan config budgetCtrl time Enables the recording of time spent accessing the Internet for enable on off budget control time in hours wwan config budgetCtrl time quota Sets the time limit for Internet access in hours Maximum is 672 hours wwan config enable on off Enables 3G Wireless WAN lt time_in_seconds gt wwan config idleTimeout Sets the maximum period the connection may remain idle before disconnection t ime_in_seconds may be 1 9999 seconds on off wwan config multicast enable Enables multicast for 3G wireless WAN 112 wwan config multicast version Sets multicast to IGMP Internet Group Management Protocol version 1 or 2 1 IGMPv1 2 IGMPv2 ZyWALL ZyNOS CLI Reference Guide Chapter 23 WWAN Commands Ta
188. lt 0 Tunnel 1 Transport gt protocol in the manual rule ipsec manualConfig ah spi lt decimal gt Sets the SPI information when using AH protocol in R B the manual rule decimal The maximum length is 9 ipsec manualConfig ah authAlgo Sets the authentication algorithm when using AH R B 0 MD5 1 SHA1 protocol in the manual rule ipsec manualConfig ah authKey ascii Sets the authentication key when using AH protocol R B in the manual rule ipsec manualConfig esp encap Sets the encapsulation mode when using ESP R B lt 0 Tunnel 1 Transport gt protocol in the manual rule ipsec manualConfig esp spi decimal Sets the SPI when using ESP protocol in the R B manual rule decimal The maximum length is 9 ipsec manualConfig esp encryAlgo Sets the encryption algorithm when using ESP R B 0 Null 1 DES 2 3DES protocol in the manual rule ipsec manualConfig esp encryKey Sets the encryption key when using ESP protocol in R B string the manual rule ipsec manualConfig esp authAlgo Sets the authentication algorithm when using ESP R B 0 MD5 1 SHA1 protocol in the manual rule ipsec manualConfig esp authKey Sets the authentication key when using ESP R B string protocol in the manual rule ipsec manualPolicyList Lists all manual policy rules R B ipsec CRYPTIC_1141 lt on off gt Turns one of the ZyWALL s hardware VPN R B accelerators on or off ZyWALL ZyNOS CLI Reference Guide Chapter 16 IPSec Commands
189. lt index gt protocol TCP UDP ALLS q2324 e 4e3 114 nat server edit lt index gt remotehost lt stert ip gt Snd 2P ilie 114 nat server edit lt index gt rulename lt name gt cease ERRARE kode ESETE A E ERRER 114 nat server edit lt ridex gt sVEDOPL lt start port gt end DOSL dene eee nd 114 het server Load L0 g09 kiker kine Cans EPObG ONE 114 nat SEEUOP SEU dc reheat eee SOMOS CERES E RC YO EO EMC HE 114 por Serv ree s IS ee ca wp GC QOO Ae eae 8 Je HEC ee D eh ee ee RE 114 tet Service IEC E Oe doge EOS 118 Hab Service ies ees dese 114 nat service Mie are a i o8 ae Re teh e Rd oe Re eR AI wea ae o 114 nat gecsin 114 pug dex ee xe dee dead e uade bes IIT pingext target address n repeat value 1 data size w timeout value ip address interface v tos value c d data f p meul TISLOSUAI SISO 265 3h ye x RACE EGER S PUE Wero d eR CC REM 118 route add dest address default mask bits gateway ip metric 115 route addiface dest ip address mask bits interface lt metric gt 115 route drop Demesk lulc89 arridet deg X Ra Fu ORG O3 E A ACRI Red dad 115
190. mer chk_conn lt time gt The ZyWALL disconnects a VPN tunnel if there is R B no reply traffic for this number of minutes This is also called the output idle timer time 120 3600 seconds The default is 120 seconds ZyWALL ZyNOS CLI Reference Guide Chapter 16 IPSec Commands Table 61 Ipsec Commands continued COMMAND DESCRIPTION M ipsec timer update peer time For IPSec rules with a domain name as the local or R B remote gateway address this command sets the interval in minutes for resolving the domain name and updating the rules time 2 60 minutes The default is 5 minutes 0 disables the updates ipsec timer chk input time The ZyWALL disconnects any IPSec connection R B that has no inbound traffic for this number of seconds This is also called the input idle timer time 30 3600 seconds 0 disables the check this is the default setting ipsec updatePeerIp If you use a domain name as the local or remote R B gateway address this command forces the ZyWALL to resolve the domain name and update the IPSec rules right away ipsec dial lt policy index gt Dials the specified IPSec policy manually R B ipsec enable on off Enables or disables all IPSec rules R B ipsec ikeDisplay lt rule number gt Displays the specified IKE rule Or displays all R B runtime IKE rules without specifying a rule Use ikeAdd or ikeEdit to
191. metric number R metric ip stroute config name site Sets the name for a static route R name ip stroute display index buf Displays the list of static routes or detailed information on a R specified rule ip stroute load index Loads the specified static route rule for editing R ip stroute save Saves a rule in the non volatile memory R 15 1 21 Static Route Command Example The following example configures a static route named Example that sends all traffic for IP address 2 2 2 2 to a gateway at 192 168 1 9 and has a metric of 3 ras ip stroute load 3 Routing Rule in Buffer Route number 3 Route Name Active No Destination IP Address 0 0 0 0 IP Subnet Mask 0 0 0 0 Gateway IP Address 0 0 0 0 Metric 0 Private No ras ip stroute config name Example Change Route Name to Example ras ip stroute config destination 2 2 2 2 192 168 1 9 3 Change Destination IP Address to 2 2 2 2 Change Gateway IP Address to 192 168 1 9 Change Subnet Mask to 255 0 0 0 ras ip stroute config active yes Setting Active to Yes ras ip stroute save Routing Rule Setting Route number 3 Route Name Example Active Yes Destination IP Address 2 2 2 2 IP Subnet Mask 255 0 0 0 Gateway IP Address 192 168 1 9 etric 3 Private No ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands 15 1 22 Traffic
192. mmands Table 48 DNS Commands continued COMMAND DESCRIPTION ip dns system edita index name 0 FQDN 1 wildcard 0 from ISP group 1 user defined isp group idx ip address Edits the specified DNS address record R B ip dns system editns index domain name 0 from ISP l user defined public 2 user defined private gt isp group idx dns server ip Edits the specified DNS name server record R B ip dns system inserta lt befor record idx 1 new lt name gt lt 0 FQDN 1 wildcard gt 0 from ISP group l user defined isp group idx ip address Inserts a DNS address record R B ip dns system insertns before record idx 1 new domain name 0 from ISP l user defined public 2 user defined private isp group idx dns server ip Inserts a DNS name server record R B ip dns system movea index index Moves the specified DNS address record entry to the specified entry number R B ip dns system movens index index Moves the specified DNS name server record entry to the specified entry number R B ip dns wlan display Shows the WLAN DHCP DNS server settings ip dns wlan edit 1 2 0 from ISP 1 user defined 2 DNS relay 3 none isp idx ip address Configures the DNS server settings the ZyWALL assigns to wlan DHCP clients 0 1 2 Configures the first second or third
193. n OTE baa eee eae 170 ywan contig budgetoLrl lowLimit data 99 iila b kescR3 kaw ede coe ee SERED RE Re 170 nwan montis budgetctrel JowL imdk Dog OD GEI aea cena ee ORE RC See 179 wwan contig bu dgetUotrl lowLimdit time lt 75 gt srisiasr isi yi OE CK RR ORO ERS ERR RE ACORN 170 Wiel Contig budugetCErl e 43x44 39 ceo ech ROROR UR HR COR e XR BOR AR RC de CR Re a 170 WWE contis resetDay AUB dace ds CARS A cawe 170 Www config budgetCtrl time enable 2ae ueesxesck e ek Gare rh XR Rise a Hele we eR ed 178 ZyWALL ZyNOS CLI Reference Guide Index of Commands wwan wwan wwan wwan wwan wwan wwan wwan wwan wwan wwan wwan wwan wwan wwan wwan wwan euntis Badgetcotrli time cuore time 25 Fess EC E RA A 170 pontig enable iaxcakaue 4 3X X34 RORRRORACEONUE ORO Rn EEN CC CREER CR EMH EERS 179 DONT idler meg t Line Jh 4 2 64 4 9 ARORAORACEdKROR YCECK Ar RC ORO ACCRUE CU 139 Contig muUbtticsst enable ROC OR Re CR 170 pontis multicast version LEE AER IE ee ee eee ees 170 conf on 3G denk d x cA dE XquE SEERA EWES drea oe de ee Ce 171 nac fonli 3e 3k eoe woo dE RO RUE C POR Wo Bak eed ew Sees ee 171 GUI TI Passwort SEDI IBS ons nate Opp aie Meca S ar Mond desde qup Aa RR 174 conto phoneNumbeX SEF
194. n the figure and the remote IPSec router Y to manage the bandwidth of the VPN traffic Figure 1 Managing the Bandwidth of an IPSec tunnel Use on with this command to be able to create a single bandwidth management group that includes all of the phase 2 IPSec SAs that are connecting through the same remote IPSec router With this setting the bandwidth management applies to ESP or AH packets so you can only specify IP addresses in the BWM filter settings ZyWALL ZyNOS CLI Reference Guide Chapter 6 Bandwidth Management Commands Figure 2 Managing the Bandwidth of VPN traffic between hosts IPSec SA How you configure this command affects how you can implement bandwidth management as follows Leave this command set to off to be able to create bandwidth management groups for individual unencrypted VPN traffic that are connecting through the same remote IPSec router With this setting you can also specify the type of traffic either using the service list like SIP or FTP or by specifying port numbers in BWM filter settings Use of f with this command to set the ZyWALL uses the source and destination IP addresses of unencrypted VPN packets in managing the bandwidth of the VPN traffic This means that it looks at the IP address of the computer that sent the packets and the IP address of the computer to which it is sending the packets The following figure shows an example of this The ZyWALL uses the IP addresses of compute
195. n2 lt on off gt Configures the protected traffic direction setting R B idp config dir lan wlan lt on off gt Configures the protected traffic direction setting R B idp config dir wan2 lan lt on off gt Configures the protected traffic direction setting R B idp config dir wan2 wan lt on off gt Configures the protected traffic direction setting R B idp config dir wan2 wan2 Configures the protected traffic direction setting R B lt on off gt idp config dir wan2 wlan Configures the protected traffic direction setting R B lt on off gt idp config dir wan dmz lt on off gt Configures the protected traffic direction setting R B idp config dir wan dmz lt on off gt Configures the protected traffic direction setting R B idp config dir wan lan lt on off gt Configures the protected traffic direction setting R B idp config dir wan lan on off Configures the protected traffic direction setting R B idp config dir wan wan lt on off gt Configures the protected traffic direction setting R B idp config dir wan wan2 lt on off gt Configures the protected traffic direction setting R B idp config dir wan wlan lt on off gt Configures the protected traffic direction setting R B ZyWALL ZyNOS CLI Reference Guide Chapter 14 IDP Commands Table 40 IDP Commands continued COMMAND DESCRIPTION M idp config dir wlan
196. nfig edit anti spam query 0 1 Sets the action for mail which receives a no spam score R B 0 add a tag 1 discard mail config edit anti spam queryString Sets the tag string 16 chars for mail which receives a no R B no spam score tag spam score This tag is added to the subject of spam mail ZyWALL ZyNOS CLI Reference Guide Chapter 10 Configuration Commands Table 27 config Command Summary continued COMMAND DESCRIPTION M config edit anti spam rule lt rule gt Sets an antispam rule based on the e mail address on a R B email 1 whitelist 2 blacklist black or white list filter active 0 disable non zero e mail should be lt 64 chars number enable data e mail config edit anti spam rule lt rule gt Sets an antispam rule based on the IP address and subnet R B ip 1 whitelist 2 blacklist mask on a black or white list filter active 0 disable non zero number enable address ip address netmask mask config edit anti spam rule lt rule gt Sets an antispam rules based on the MIME type on a black R B mime 1 whitelist 2 blacklist or white list filter active 0 disable non zero mime header This indicates the MIME type number enable header mim mime value This is a user defined tag attached to header value lt mime value gt emails config edit anti spam switch 0 1 Enables 1 or di
197. nformation and the update setting R B idp update load Loads the signature update settings R B ZyWALL ZyNOS CLI Reference Guide Chapter 14 IDP Commands Table 40 IDP Commands continued COMMAND DESCRIPTION M idp update save Saves the signature update settings R B idp update start Starts the signature update R B 14 2 Command Examples This example loads signature 1051222 and displays its current settings Then it sets the ZyWALL to send an alert upon finding a match for the signature Finally it saves the signature s settings ras gt idp signature load 1051222 ras gt idp signature display RuleID 1051222 AttackType SPAM Platform Windows UNIX NetworkDevice Severity Name SPAM Drug Active On Log On Alert Off Action Drop Session ras gt idp signature config alert on ras gt idp signature display RuleID 1051222 AttackType SPAM Platform Windows UNIX NetworkDevice Severity Name SPAM Drug Active On Log On Alert On Action Drop Session ras gt idp signature save Medium Medium ZyWALL ZyNOS CLI Reference Guide Commands Use these commands to configure IP settings on the ZyWALL 15 1 Command Summary The following table describes input values for some of the ip commands Other values are discussed with the corresponding commands Table 41 P Command Input Values LABEL DESCRIPTION isp gro
198. ng and packet ordering for IDP Anti Virus Anti Spam protection While these features improve security there is a tradeoff in performance Enables or disables ICMP checksum checking av tune config 14Tcpcksum Enables or disables TCP checksum checking R B lt on off gt av tune config l4Tcpmssck Enables or disables TCP MSS Maximum Segment Size R B lt on off gt checking av tune config 14Tcpwindowck Enables or disables TCP window checking R B lt on off gt av tune config 14Udpcksum Enables or disables UDP checksum checking R B lt on off gt av tune config 17Ftpasm Enables or disables TCP packet assembly checking for FTP R B lt on off gt traffic av tune config 17Ftpdataasm Enables or disables TCP packet assembly checking for R B lt on off gt FTPDATA av tune config 17Httpasm Enables or disables TCP packet assembly checking for R B lt on off gt HTTP av tune config 170therasm Enables or disables TCP packet assembly checking for other R B lt on off gt protocols 36 ZyWALL ZyNOS CLI Reference Guide Chapter 4 Antivirus Commands Table 12 av Commands continued COMMAND DESCRIPTION M av tune config 17Pop3asm Enables or disables TCP packet assembly checking for R B lt on off gt POP3 av tune config 17Smtpasm Enable or disables TCP packet assembly checking for R B lt on off gt SMTP av tune
199. nge s of the custom service 4 After you save it you can add the custom service to a firewall rule config edit firewall set lt set gt Sends a log for a rule when the packet matches the rule R B rule lt rule gt log lt none match gt config edit firewall set lt set gt Edits the rule name R B rule lt rule gt name lt string gt config edit firewall set lt set gt Edits the protocol number for a rule R B rule lt rule gt protocol 0 255 config edit firewall set lt set gt Edits the rule to apply to a packet with a source IP address R B rule lt rule gt srcaddr range start that falls within the specified range ip gt lt end ip gt config edit firewall set lt set gt Edits the rule to apply to a packet with the specified source R B rule lt rule gt srcaddr single lt ip IP address address gt config edit firewall set lt set gt Edits the rule to apply to a packet with any source IP R B rule lt rule gt srcaddr subnet ip address and subnet mask address gt lt mask gt config edit firewall set lt set gt Edits the rule to apply to a TCP packet with any destination R B rule lt rule gt tcp destport any port When using with this command the system crashes config edit firewall set lt set gt Edits the rule to apply to a TCP packet with a destination R B rule lt rule gt tcp destport range port falling within the specified range start port endport For non consecutive port numbers u
200. ntime Data Number of Ru ACL defa ICMP Idle Ti UDP Idle Tim TCP SYN Wait TCP FIN Wait TCP Idle DNS Idle Runtime Rule Name W2 Schedul Timeout Timeout for ACL Set Number les 2 ult action meout 0 eout 0 Timeout Timeout 0 0 Number L Rule 1 0 Drop 0 0 1 Sun 1 Schedule Action 0 disabl O no l yes 1 Mon 0 Tue 1 Wed Enable All Day On 0 block 1 permit Active 2 reject monday off lo Ext l2 Sate ls 2 l Permit 2 Reject 0 02no l yes 0 1 Thus Ty Erke ly Sati d 1 l enabl 2 0 Log Alert 0 Protocol Source I Dest IP Dest IP Dest IP Dest IP TCP Sour TCP Sour TCP Sour UDP Sour UDP Sour UDP Sour TCP Dest TCP Dest TCP Dest UDP Dest UDP Dest UDP Dest Dest Source IE Source IE Source IE no 0 0 P Any 1 P Number of Single Number of Range Number of Subnet Any 1 umber of Single umber of Range umber of Subnet ce Port Any 1 ce Port Number ce Port Number ce Port Any 1 ce Port Number ce Port Number Port Any 0 Port Number Port Number Port Any 0 Port Number Port Number Port Single l yes D D 0 0 0 ct ct ct ct ct cf 0 of Single of Range of Single of Range of Single of Range of Single of Range Port 1 ICMP Custom Service Number with only ICMP Custom Service Number with both Type and Code defined Number of
201. oad Cetnar ed GHERE RUN Na C B5 heehee RIA ERE Pu added SR ELE ES 25 erher Sdit Lu gee Wp dede dede dec MR Ro dolo p ow Ae Rae ede aco We Rae 55 ther adit Speed SDEDBU 14449494 WX p qeu RR ERREUR qe dd Se ms de E Ve eS 85 rcc 16 GI saws Genes be ho ae TEMS EERE ek eS hee ee ee ae TTE 14 idp Conte GIGS bald he dae BAe eee eh qoae e od 23 ap contig dir gueggee Somme caer dod ee ee Gee do pd PEPPER eap ded 93 idp coniro Haie Wieden eom Qite ungue a is RU E ax OA ALCUN RC 23 i oe MEO ou i 42a oxo Ree eve eo S3 ago guns err quss doo D 46 2 wc Ron uic aoa Geran ees ica db 93 mdp One Le Hir 6H eb 22444 upra do deve ePi des gd 23 idp ar we gar E cursa E Rd ed bag eae SR Sr a ede v aes qe Sees 93 idp config gie dmmelan QU REE xolg ei eta Rew oe Roo HE Redon Rh cni tii eee eq bob eode dep iride 23 penis qar lames SO i Qu iE xd coca dre DP a tea ed dr idu d 93 His Somn loti 220 kx E ARSGGqgERARRaCEX de XE R RARE Eq E RAPERE RAS 23 idp config dir len rlan OnO LF ocixeaadudbemidetkE ORARE SMES x EG EA UR 93 idp Conta Gas Wane alan Sor OPES sac ewe REE eee ees
202. ocated bandwidth 0 bps This example modifies one existing LAN subclass using following settings Class number 1 5 Bandwidth 800 000 bps Enable the Borrowing option Yes ras bm config load ras bm class lan mod 1 5 bandwidth 800k borrow on ras bm config save ras ZyWALL ZyNOS CLI Reference Guide Chapter 6 Bandwidth Management Commands This example adds a filter on the LAN subclass using following settings Class number 1 5 Destination address Single 10 1 1 20 FTP ports from 20 to 21 Source address Subnet 192 168 1 0 24 any port Protocol any protocol ras bm config load ras bm filter lan add 1 5 single 10 1 1 20 20 21 subnet 192 168 1 0 255 255 25540 Filter setting is done ras bm config save ras bm show filter lan Class 1 5 Name Protocol 0 Destination type Destination address Destination port 20 21 Source type SUBNET Source address 192 168 1 0 255 255 255 0 Source port 0 0 LAN FTP SINGLE 10 1 1 20 10 1 1 20 Class 99 Name Protocol 0 Destination type Destination address Destination port Source type SINGLE Source address Source port 0 0 Default Class SINGLI 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ras This example monitors the runtime situation for all WAN classes Each interface has one root class 0 and one default class 99 In this example you
203. odifies or adds a new customized port rule for FTP H 323 or R B name FTP H323 SIP start port SIP traffic end port index The number of a customized port rule 1 12 ip customizePort delete index Deletes the specified customized port rule R B ip customizePort display Displays all customized port rules R B 15 1 8 DHCP Commands The following section lists the DHCP commands Table 47 DHCP Commands COMMAND DESCRIPTION M ip dhcp lt interface gt client Releases the specified interface s DHCP client IP address R release The interface must be a DHCP client to use this command ip dhcp interface client renew Renews the DHCP client IP address The interface must bea R DHCP client to use this command ip dhcp lt interface gt status Displays the DHCP status of the specified interface R 15 1 9 DNS Commands The following section lists DNS commands Table 48 DNS Commands COMMAND DESCRIPTION M ip dns dmz display Shows the DNS server settings the ZyWALL assigns to DMZ R DHCP clients ip dns dmz edit lt 0 1 2 gt 0 from Configures the DNS server settings the ZyWALL assigns to R ISP 1 user defined 2 DNS DMZ DHCP clients relay 3 none gt isp idx ip 0 12 Specifies the first second or third DNS server setting address isp idx ip address If you set the server as from ISP 0 specify the number of the ISP the number of the remote node If you set the server as user defined 1 specify the IP address ip dns lan di
204. ogone is enabled or not This function is currently not available ICMP idle timeout s Shows the timeout for an idle ICMP session before it is terminated UDP idle timeout s Shows the timeout for an idle UDP session before it is terminated connection timeout s Shows the connection timeout for traffic to which a rule in the set applies TCP FIN wait timeout s Shows the wait time for FIN when concluding a TCP session before it is terminated TCP idle timeout s Shows the timeout for an idle TCP session before it is terminated The following table describes the fields displayed using the config display set index rule command in the example above as well as other related fields that may appear when configuring a rule using this command Table 30 config display set index rule lt rule gt LABEL DESCRIPTION ACL rule number Shows the index number of this rule ACL rule active Shows whether this rule is active or not ACL rule action Shows the action taken when a packet matches a rule The options are permit drop reject ACL rule protocol Shows the protocol number this rule applies to They range from 0 255 For example 1 ICMP 6 17 UDP see RFC791 ACL rule log Shows whether the logging of packets matching the rule is enabled or not ACL rule alert Shows whether or not an alert is sent when a packet matches the rul
205. ollowing formats 1 Binary X 509 2 PEM encoded X 509 3 Binary PKCS 7 and 4 PEM encoded PKCS 7 proxy url Specifies the location of the certificate to be imported certificates remote_trusted Imports the specified PEM encoded remote host certificate from R B import lt name gt your CLI session After you enter the command copy and paste the PEM encoded certificate into your CLI session window With some terminal emulation software you may need to move your mouse around to get the transfer going certificates remote_trusted Displays all trusted remote host certificate names and their basic R B list information certificates remote_trusted Renames the specified trusted remote host certificate R B rename old name new name certificates remote trusted Has the ZyWALL verify the certification path of the specified R B verify name timeout trusted remote host certificate certificates remote trusted Displays information about the specified trusted remote host R B view lt name gt certificate 8 2 Command Examples This example creates and displays a self signed certificate named test with a subject alternative common name of cert test organization of my company country of TW and IP 172 16 2 2 It uses a 512 bit key and is valid for 5 years ras gt certificates my_cert creat company C TW ip 172 16 2 2 512 5 The self signed certificate has b ras gt certificate
206. omain 1 www bad com 2 www hacking example com Keyword 1 porn 2 hacking ras ip cf policy config customRule add untrust 2 ras ip cf policy config webFeature block java Resrict Web Feature ActiveX Forward Java Block Cookie Forward Proxy Forward ras gt ip cf policy config schedule enable on ras gt ip cf policy config schedule type 2 ras gt ip cf policy save Usage block nonblock activex java cookie webproxy ras gt ip cf policy config ipGroup add 3 192 168 1 33 192 168 1 66 ras ip cf policy config schedule everyday timeSegl 9 00 17 30 The following example changes the schedule to policies for each day and applies it only on Mondays ras gt ip cf policy edit 1 ras gt ip cf policy config schedule type 3 ras gt ip cf policy config schedule eachDay timeSegl 2 9 00 17 30 ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands The following command removes the policy s customized rule entry for www hacking example com Usage index Index 1 Type Not Trust Domain ras ip cf policy config customRule delete 1 as ip cf policy config customRule delete Name www hacking example com 15 1 7 Custom Port Commands The following section lists the custom port commands Table 46 Custom Port Commands COMMAND DESCRIPTION M ip customizePort config index M
207. ommand Examples This example enables RSTP on the ZyWALL enables RSTP on the WAN and displays the RSTP settings ras bridge rstp bridge enable ras bridge rstp port enable 3 ras bridge rstp disp Bridge Info a BridgeID 8000 0000aa100586 b TimeSinceTopoChange 745 c TopoChangeCount 0 d TopoChange 0 e DesignatedRoot 8000 0000aa100586 RootPathCost 0 6 RootPort 0x0000 h MaxAge 20 seconds i HelloTime 2 seconds j ForwardDelay 15 seconds k BridgeMaxAge 20 seconds 1 BridgeHelloTime 2 seconds m BridgeForwardDelay T5 seconds n TransmissionLimit 3 ForceVersion 2 Port 03 Info a Uptime 746 seconds b State FORWARDING c PortID 0x8003 d PathCost 250 e DesignatedRoot 8000 0000aa100586 f DesignatedCost 0 g DesignatedBridg 8000 0000aa100586 h DesignatedPort 0x8003 i TopoChangeAck False j adminEdgePort True k operEdgePort True Operational True n adminPointToPointMAC operPointToPointMAC True rx cfg bpdu 0 rx tcn bpdu 0 rx rstp bpdu 0 ZyWALL ZyNOS CLI Reference Guide Chapter 7 Bridge Commands ZyWALL ZyNOS CLI Reference Guide Certificates Commands Use these commands to configure certificates 8 1 Command Summary The following table describes the values required for many certificates commands Other values are discussed with the corresponding commands Table 23 Certi
208. onfig lcPortStart lt port gt Sets the starting port for local network traffic Only R B traffic using the specified ports can go through the VPN tunnel ipsec ipsecConfig lcPortEnd port Sets the ending port for local network traffic R B ipsec ipsecConfig rmAddrType Sets the address type for the remote network R B 0 single l range 2 subnet ipsec ipsecConfig rmAddrStart ip Sets the remote network starting IP address R B address ipsec ipsecConfig rmAddrEndMask ip Sets the remote network ending IP address for a R B address subnet mask range or the subnet mask for a subnet ipsec ipsecConfig rmPortStart port Sets the starting port for remote network traffic Only R B traffic using the specified ports can go through the VPN tunnel ipsec ipsecConfig rmPortEnd port Sets the ending port for remote network traffic R B ipsec ipsecConfig activeZero Yes No Turns Zero Configuration mode on or off R B ipsec ipsecConfig natActive lt Yes No gt Turns NAT over IPSec on or off R B ipsec ipsecConfig natType lt 0 One to Sets the NAT mapping types R B One 1 Many to One 2 Many One to One ipsec ipsecConfig natPrivateStart Sets the private network starting IP address when R B lt ip address gt you enable NAT over IPSEC ipsec ipsecConfig natPrivateEnd ip Sets the private network ending IP address when R B address gt you enable NAT over IPSEC ipsec policyList Lists all IPSec policy rules R B ipsec manualDispla
209. onfigured VPN tunnel ras ipsec dial 1 Start dialing for tunnel rules 1 2 7 Dialing PPPoE and PPTP Connections This example shows dialing up remote node WAN 1 using PPPoE ras poe dial WAN 1 Start dialing for node WAN 1 Hit any key to continue didd DIALING dev 6 ch 0 OUTGOING CALL phone CALL CONNECT speed 100000000 type lt 6 gt chan 0 LCP opened PAP sending user pswd IPCP negotiation started IPCP neg Primary DNS 192 168 30 1 IPCP neg Primary DNS 172 16 5 2 IPCP opened ZyWALL ZyNOS CLI Reference Guide 29 Chapter 2 Common Commands This example shows dialing up remote node WAN 1 using PPTP ras gt pptp dial WAN 1 Start dialing for node WAN 1 Hit any key to continue didid ras ZyWALL ZyNOS CLI Reference Guide PART Il Reference Antispam Commands 33 Antivirus Commands 35 Auxiliary Dial Backup Commands 39 Bandwidth Management Commands 43 Bridge Commands 51 Certificates Commands 55 CNM Agent Commands 63 Configuration Commands 67 Device Related Commands 83 Ethernet Commands 85 Firewall Commands 87 IDP Commands 93 IP Commands 97 IPSec Commands 121 Load Balancing Commands 133 myZyXEL com Commands 135 PPPoE Commands 145 PPTP Commands 149 System Commands 151 Wireless Commands 165
210. ontinued COMMAND DESCRIPTION M ip nat server edit index Sets the port or port range the NAT port forwarding rule uses R intport start port end port when forwarding traffic port translation ip nat server edit index Sets the NAT port forwarding rule s protocol R protocol lt TCP UDP ALL gt ip nat server edit index Sets the source IP address or IP address range for traffic to R remotehost start ip end ip which the NAT port forwarding rule applies ip nat server edit index Sets the name of the NAT port forwarding rule R rulename name ip nat server edit index Sets the NAT port forwarding rule s listening incoming port or R svrport start port end port port range ip nat server load index Loads the NAT port forwarding entry for editing R ip nat server save Saves NAT port forwarding settings to the non volatile R memory ip nat service aol onloff Turns the AOL ALG on or off R ip nat service irc onloff Turns the IRC ALG on or off R ip nat service ldap on off Turns the LDAP ALG on or off R ip nat service xboxlive on off Turns the Xbox Live ALG on or off R ip nat session sessions per Sets the allowed number of NAT sessions per host R host 15 1 17 NAT Routing Command Example Syntax ip nat routing 0 LAN 1 DMZ 2 WLAN 0 nol1 yes Use this command to set the ZyWALL to route traffic that does not match a NAT ru
211. or R B lt username gt the e mail account the ZyWALL uses for e mailing diagnostic files sys diagnostic mail mailDisplay Shows the currently saved diagnostic e mail settings R B sys diagnostic mail mailReceiver Specifies or displays the e mail address to which the R B ip address domain name ZyWALL sends the diagnostic files Sys diagnostic mail mailSender Specifies or displays the address in the from sender line of R B ip address domain name the diagnostic e mail message that the ZyWALL sends If you activate SMTP authentication the e mail address must be able to be authenticated by the mail server sys diagnostic mail mailServer Specifies or displays the server name or the IP address of the R B ip address domain name mail server for the e mail address specified as the mail sender sys diagnostic mail mailSubject Specifies the title in the subject line of the diagnostic e mail R B email subject message that the ZyWALL sends sys diagnostic mail send Generates and sends a diagnostic e mail R B sys diagnostic save Saves the diagnostic settings you configured to non volatile R B memory sys diagnostic schedule display Shows the current schedule for sending diagnostic files R B sys diagnostic schedule hour Sets the hour for sending diagnostic files R B 0 23 Sys diagnostic schedule minute Sets the minute for sending diagnostic files R B lt 0 59 gt sys diagnostic schedule policy Sets how often the ZyWALL sends periodi
212. orario rtt dos Ced rie d Ry IE CR A PORK DR EC Arbol o OR 103 lp mr polnov Rex TE QURE ER dox RO GU RAE UR UR ROC RO Ro e CC 103 lp sr pollewy edic CINCO ri Xx euam Pp 103 ip gr poliey 1msprt cade htad beeen A RR RU EUR REPENS Ee ENEAN ESN 103 Lp BL pollo HOVe 262 44 26 eos 40S 56 KOS gode e doe dubai ado ed Rr pao perdue dd d donde 103 ip customizePort config index name lt FTP H323 SIP gt start port lt end port gt 106 ip gustonmixsPEarb Gelete eee OTR ERE ORR ecce 106 qo ch hee c Odds sq hacked xd xem dcus i dade dada eS 106 ip Sep IBDOrIacH Client eleg ad esed oboe Gere ne exer NOR Konoha pego aede ae pa ns 118 ip dhep client PEDON 025290942 E EORAU EAR U ERR d ERR SURE AG RR A RU dod Ro 196 Ie MOO Rag esed des ep Bode dopo Ko BOR oig SC A d Rei ee eA Gee 106 a dao Mite QUIS ESPERE EE do eure d TER SS peque dE bd a Pee dou 106 ip dns dmz edit lt 0 1 2 gt 0 from ISP 1 user defined 2 DNS relay 3 none gt isp idx ip ad DIES eed 4 99 d EG E Ime E P ex ESI E 106 ate itis dua id ba RA atar E ae a qo dod CAE Ede 106 ip dns lan edit lt 0 1 2 gt 0 from ISP 1 user defined 2 DNS relay 3 none gt isp idx ip ad OPERAE dut ar oa od Noa io e RON EET o
213. ority lt x gt Sets the class priority ranging from 0 the lowest to 7 the highest borrow on off The class can borrow bandwidth from its parent class when the borrow is set on and vice versa R B bm monitor interface class number Displays the bandwidth usage of the specified interface or its class The first time you use the command turns it on the second time turns it off and so on R B bm filter interface add class number service lt type gt single range subnet dst start ip dst end ip lt dport gt lt dportend gt lt single range subnet gt src start ip src end ip sport lt sportend gt protocol Adds a filter for the specified class The filter contains destination address netmask destination port source address netmask source port and protocol Use 0 to not include items in the filter service type This is service type including ftp sip or h323 in lower cases Following are the settings for filter rule s destination address single range subnet dst start ip dst end ip dport dportend Following are the settings for filter rule s source address single range subnet src start ip src end ip sport sportend dst end ip src end ip When you configure a single address you don t need to specify these options When you configure a range address these are network ending IP address When you configure a subnet these are subnet mask
214. ouconfigure a dynamic VPN rule for a remote site See Figure 4 on page 128 For example when you configure the ZyWALL X you configure the local network as 192 168 1 0 and the remote network as any 0 0 0 0 The any includes all possible IP addresses It will forward traffic from network A to network B even if both the sender ex 192 168 1 8 and the receiver ex 192 168 1 9 are in network A Figure 4 Dynamic VPN Rule EN CN Q2 1 Ou B B ic a EL Internet l Using the command ipsec swSkipOverlapIp on has ZyWALL X check if a packet s destination is also at the local network before forwarding the packet If it is the ZyWALL sends the traffic to the local network Setting ipsec swSkipOverlapIp to off disables the checking for local network IP addresses 2 You configure an IP alias network that overlaps with the VPN remote network See Figure 5 For example you have an IP alias network M 10 1 2 0 24 in ZyWALL X s LAN For the VPN rule you configure the VPN network as follows Local IP address start 192 168 1 1 end 192 168 1 254 Remote IP address start 10 1 2 240 end 10 1 2 254 IP address 10 1 2 240 to 10 1 2 254 overlap Figure 5 IP Alias A B ps eee amp go i I EN i I ig EN l l Internet GC 5 S Y ma PiS Ex es m l 10 1 2 024 8 5 ZyWALL ZyNOS CLI Reference Guide Chapter 16 IPSec Commands
215. oup time to live threshold multicast group This field lists any multicast groups to which the interface belongs 15 1 16 NAT Commands The following section lists the NAT commands Table 54 NAT Commands COMMAND DESCRIPTION M ip nat hashtable lt enifx gt vpn Displays the NAT hash table of the specified Ethernet interface R index or IP alias on an interface enif0 The LAN interface enif1 The WAN Ethernet interface enif2 The DMZ interface enif3 The WLAN interface ip nat historicalCHigh Displays the current historical highest count of concurrent NAT R sessions ip nat historicalHigh Displays the current historical highest count of NAT sessions R used by a single host ip nat resetport Resets all NAT server table entries R ip nat routing 0 LAN 1 DMZ Turns NAT routing on or off for the specified interface R O no l yes ip nat server clear lt index gt Clears NAT port forwarding settings R ip nat server disp index Displays the NAT server table R ip nat server edit lt index gt active Turns the NAT port forwarding rule on or off R lt yes no gt ip nat server edit lt index gt clear Clears the NAT port forwarding rule R ip nat server edit lt index gt Sets the IP address to which the NAT port forwarding rule R forwardip ip address forwards traffic ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands Table 54 NAT Commands c
216. our CLI session window With some terminal emulation software you may need to move your mouse around to get the transfer going certificates ca trusted list Displays all trusted CA certificate names and their basic R B information certificates ca trusted rename Renames the specified trusted CA certificate R B old name new name certificates ca trusted verify Hasthe ZyWALL verify the certification path of the specified R B name timeout trusted CA certificate certificates ca trusted view Displays details about the specified trusted CA certificate R B name certificates cert manager Re initializes the certificate manager R B reinit certificates dir_service add Adds a new directory server entry R B server name lt ip address port gt login pswd certificates dir_service Removes the specified directory server entry R B delete server name certificates dir service edit Edits the specified directory server entry R B server name ip address port login pswd certificates dir service list Displays all directory server entry names and their basic R B information certificates dir_service Renames the specified directory server entry R B rename old server name new server name certificates dir service view Displays details about the specified directory server entry R B server name certificates my cert creat Creates a certificate request and enrolls for a certificate R B scep_enro address gt
217. ow these conventions e Commands are in courier new font e Required input values are in angle brackets lt gt for example ping ip address means that you must specify an IP address for this command Optional fields are in square brackets for instance show logins name the name field is optional The following is an example of a required field within an optional field snmp server contact system contact gt the contact field is optional However if you use contact then you must provide the system contact information e The bar symbol means or e italic terms represent user defined input values for example in sys datetime date year month date year month date can be replaced by the actual year month and date that you want to set for example 2007 08 15 A key stroke is denoted by square brackets and uppercase text for example ENTER means the Enter or Return key on your keyboard cr means press the ENTER key e An arrow indicates that this line is a continuation of the previous line ZyWALL ZyNOS CLI Reference Guide 5 Document Conventions Command summary tables are organized as follows Table1 Table Title COMMAND DESCRIPTION M ip alg disable Turns off the specified ALG Application Layer Gateway R B lt ALG_FTP ALG_H323 ALG_SIP gt ip alg disp Shows whether the ALG is enabled or disabled R B ip alg enable Turns on the
218. p a Roo Ro n cid an boe oko ooi ed cde pus dios dee 51 peidos Eere Drone SIUS Q1 d dod E Gp orc adr eames a aar m d dC d was wan udo di 51 pridge Sno Deidge A Ex ae44e b atoan No RE ES d RE Edad 52 bridge rstp bridge Iorwardbelay forwarding OBlS8y csrssresrctarte ede eek OE ARCU Eae 52 bridge rstp bridge helloTins p hello time seda shag Y brrdge bridge nax age vice ead xv d Pavo ER Ede d Rd Fee 52 bridge ssro Drerdge priority DSEeIOSItV aXdqddadkeb hne 3 EACH OE XOROE C Re 52 Preto Dridge version 24 keane Sea eh d oe MO AEREE Oe ee eee 52 prides ESO GE aua da paco IR od had E Ro Ro E quado eke kee A de dide e qo esee eRe ek 52 bridge Costo Porce 6 sSINDDGUSCBO BAG v RUE 52 bridge rstp port edgePort interface lt True il Palse 0 gt ccccncdedesaavacdasaudavae 5 bridge retp port enable rnterfscB oe e dee he ae d ode aw Ge doro 52 188 ZyWALL ZyNOS CLI Reference Guide Index of Commands bridge 20 notb meHechb Hiner rece qx doe kc queat dO AUR ou bridge rstp port p2pLink interface Auto iZ True l FalsSe 05 kn o xn 52 bpridge rosto port 9cerfacs excea ge ew dew rakas 52 bridge brstp port priority Znte
219. p dua d edite a ance Red eee Shade 94 BO ROS aa aco ot eb qe ab pd cd deca DU ero p e p 5 ID signature QOLIOR Sloe hes E E edd ved e 23 Ls Signature config On CEE ADR EAE RN Re e ERAS 95 tdp signat yes Contig alert On PEt odobi hrai ees R A RAN NER PE dnb dos dod ok d Eee 23 idp Signature config Ime RO X e Eee er HANE UR de oC c CR CU Ca o ca 25 lp Segiet yes Stee ee ded SS EES Ee Ee ee dace 29 psp pignacore Lood SSi ee B BU dra he wed 99 idp pego pop E Re o UR Ree d Bete Vee SX Lada d aes 95 pup update coniig autoupdate 9e xx Oy E Ra DOO bed des qr d RR CR dea 95 idp update Bente SS Roe QE AEG Se RSS 99 idp update config Seth opo one i ne Up E OA 99 tap update contig oratra Pa RU ee EHE P Ee d eade dpa ved e ip Update coniig weeklyTame D MESO oa ented coke ced se ken Rd ACE AO E RUE E Re eR CK DR CRE OS 95 Dopo Upa Ee QA SU apaa s aera Ir o bdo bed ME E Eee dadas Ee eh Se 29 Hap Update load vere p ed EU dear E oi ER Re qoo e d ace 25 20D Upare Bare ok bei ese See e ee eee bie sew ee eed eee eae beatae 6h bse 96 DOS
220. pdateServer lt on off gt 2 httpClient 4523880 2 759 2 3 PER ROEDERER E E ee oe RRR 163 sye update rycer display ns PE RE ebd eu PP 163 SUS updeteserver sr0natubeloQBEE xxu aeg do dki k AC Ge eR C POR e eoe RA 163 sus phe active RUE S Hen ee ex ans iR Rok EROR 161 soo abire eg eee shoes Bau aA we No ud 163 sys upip contig bOrgenvlIlinsgSmoE 2444645 ba eG eee p eee Gud 163 sys upnp config tno lives exaeaum conde eves 15d aoe ONCE qoo ae oen go Rb d eq oec id 151 pues UPOR Hie elas Jerks S d de dedu 161 sys upip firewall pDDrdenvllepmsel zaeue3ex 4rne Son bk EU ad o DOR Ree d RR ee deua qd ead ws 161 Bum YON DOA ud e ackuedek e de dom ee SOMOS EK odd E E ERU ER ERO RE e e dE Ed Oe See 161 Sus uphp reserve I pernit sssri niri ee 3 4 REGE SE nee ROCHE RACE Shades eds Rae 1451 SVS UDHD SSVS uo X Habd ew TORE SOE FEED b x ee 161 Bud VUES XO karbad Ed RICE EU REG ES Ed quidquid qo qd a M dub ERE Ade Ede deo c OR 163 Br meus SE DEN aod Sik d dde eee opcm ap d d alc dea dp e ee Oe dob 163 eve wdos cnt 163 Sys Woo dager XE ERE Gh dake deae e ios Or OC
221. r Darul Ehsan Malaysia North America Support E mail support zyxel com Support Telephone 1 800 978 7222 Sales E mail sales zyxel com Sales Telephone 1 714 632 0882 Fax 1 714 632 0858 Web www zyxel com Regular Mail ZyXEL Communications Inc 1130 N Miller St Anaheim CA 92806 2001 U S A Norway Support E mail support zyxel no Sales E mail sales zyxel no Telephone 47 22 80 61 80 Fax 47 22 80 61 81 Web www zyxel no Regular Mail ZyXEL Communications A S Nils Hansens vei 13 0667 Oslo Norway Poland E mail info pl zyxel com Telephone 48 22 333 8250 Fax 48 22 333 8251 Web www pl zyxel com Regular Mail ZyXEL Communications ul Okrzei 1A 03 715 Warszawa Poland Russia Support http zyxel ru support Sales E mail sales zyxel ru Telephone 7 095 542 89 29 Fax 7 095 542 89 25 Web www zyxel ru Regular Mail ZyXEL Russia Ostrovityanova 37a Str Moscow 117279 Russia ZyWALL ZyNOS CLI Reference Guide Appendix B Customer Support Singapore e Support E mail support zyxel com sg Sales E mail sales zyxel com sg Telephone 65 6899 6678 Fax 65 6899 8887 Web http www zyxel com sg Regular Mail ZyXEL Singapore Pte Ltd No 2 International Business Park The Strategy 3103 28 Singapore 609930 Support E mail support zyxel es e Sales E mail sales zyxel es Telephone 34 902 195 420 Fax 34 913 005 345 Web www zyxel es Regu
222. rac EAE ABREEAE RE BAS SR REF ENEH WWD TEMG a ZOE Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This device has been designed for the WLAN 2 4 GHz and 5 GHz networks throughout the EC region and Switzerland with restrictions in France This device has been designed for the WLAN 2 4 GHz network throughout the EC region and Switzerland with restrictions in France ZyWALL ZyNOS CLI Reference Guide Appendix A Legal Information This device has been designed for the WLAN 5 GHz network throughout the EC region and Switzerland with restrictions in France This Class B digital apparatus complies with Canadian ICES 003 Cet appareil num rique de la classe B est conforme la norme NMB 003 du Canada Viewing Certifications 1 Goto http www zyxel com 2 Select your product on the ZyXEL home page to go to that product s page 3 Select the certification you wish to view from this page ZyXEL Limited Warranty ZyXEL warrants to the original end user purchaser that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workman
223. ras ip ifconfig enifO 192 168 100 100 24 enif0 mtu 1500 mss 1460 inet 192 168 100 100 netmask Oxffffff00 broadcast 192 168 100 255 RIP RX Ver 1 amp 2 TX Ver 1 InOctets 0 InUnicast 0 InMulticast 0 InDiscards 0 InErrors 0 InUnknownProtos 0 OutOctets 728 OutUnicast 0 OutMulticast 14 OutDiscards 0 OutErrors 0 ras Afterwards you have to use this new IP address to access the ZyWALL via the LAN port To view information on all interfaces enter ip ifconfig To view DHCP information on the LAN port enter ip dhcp enif0O status ras ip dhcp enifO status DHCP on iface enifO is server Start assigned IP address 192 168 1 33 24 Number of IP addresses reserved 128 Hostname prefix dhcppc DNS server 0 0 0 0 0 0 0 0 0 0 0 0 WINS server 0 0 0 0 0 0 0 0 Domain Name Default gateway 192 168 1 1 Lease time 259200 seconds Renewal time 129600 seconds Rebind time 226800 seconds Probing count 4 Probing type ICMP slot state timer type hardware address hostname 0 UNCERTAIN 0 0 00 1 UNCERTAIN 0 0 00 ZyWALL ZyNOS CLI Reference Guide Chapter 2 Common Commands Use these commands to release and renew DHCP assigned information on the specified interface ras ip dhcp enifl client release ras ip dhcp enifl status DHCP on iface enifl is client Hostnam zyxel zyxel com Domain Name zyxel com Server IP address Client IP address DNS server
224. re you can use the config commands ip cf policy config schedule Displays the content filtering policy s schedule configuration R B display ip cf policy config schedule Sets the content filtering policy s individual day schedule s first R B eachDay timeSegl 1 7 weekday time segment 0 24 start hour lt 0 59 start minute 0 24 end hour 0 59 end minute ip cf policy config schedule Sets the content filtering policy s individual day schedule s R B ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands Table 45 Content Filtering Commands continued COMMAND DESCRIPTION M ip cf policy config schedule Turns the content filtering policy s schedule on or off R B enable lt on off gt ip cf policy config schedule Sets the content filtering policy s everyday schedule s first time R B everyday timeSegl 0 24 start segment hour 0 59 start minute 0 24 end hour lt 0 59 end minute ip cf policy config schedule Sets the content filtering policy s everyday schedule s second R B everyday timeSeg2 0 24 start time segment hour 0 59 start minute 0 24 end hour lt 0 59 end minute ip cf policy config schedule Sets the content filtering policy s schedule to apply everyday or R B type 1 always 2 everyday 3 polic only during specific time interval s of specific day s ies for each day ip cf policy config webControl Sets which
225. rfavce priority oue 92 DEMIS eee eee aa 52 Ka Rid SA Edo X ac eA EO AK dc A 52 Brooge SEC OLEA 2x4 EPOR qubd eE Ane do 52 bridge erae Hee 32d 5 iara aaae Beebe Eg uda raa aa Hunc MU A 52 gerti icates ca trusted crl issuer lt name gt 40 xx teere eea 5b certificates ca trust delete bs owe a RA Y mr d Ede va b db e E E 56 Gertrficabds om trusted expost DB e ea See Gr credi oce ede do pire ion ae 5b certificates ca trusted http import enam proxy i22eexkgre Coe edwee XR o 56 peertifiostes ga Lrusced Inport 46k ss Ggee oss Rp x RR NEN IE od e pe UR 5b certi cales O3 Erised 19ST 23 2443 bees NOE Ae RC AGRO KOC KC HESS C ON I eR EEA OOS 56 certificates ca trust rename odd name new ndame ack 56 Certificates cs trusted Verity lt name gt DILImeosSLt eeu eens eed awa et S OR hr gne dee eee 56 qe cb SEDES ViOn Re a YO OR ACORN os ACORN PU RC S OPEN ode CR 56 DBPLUTITIOSBULBSE Corl Manager CeIn xducdcmmAcRSCHd ee E REO ee teres EU o EE M deb ORE OR Sees 56 certificates dir service add server name lt ip address port gt login pswd 56 certificates dir service delete server name 5b certificates d
226. roxy time Sets the time out interval it s a count Actual time is count 5 seconds R INTERVAL poe retry count COUNT Sets displays the PPPoE retry count H R poe retry interval Sets displays the PPPoE retry interval H R INTERVAL poe service add Adds a PPPoE service H R lt SERVICE NAME gt poe service show Shows a PPPoE service H R The following table shows a list of default values Table 68 poe Default Values VARIABLE DEFAULT VALUE EtherType rfc rfc 3com 19 2 Command Examples This example shows the status of channel Specifically it will show how many incoming and outgoing packets octets bytes and control packets packets used to set up or tear down the link there are ras poe status poe0 chann poe0 state 0 bad pkt 0 I C pkt 0 octet 0 ctrl pkt 0 O G pkt 0 octet 0 ctrl pkt 0 ZyWALL ZyNOS CLI Reference Guide Chapter 19 PPPoE Commands This example shows dialing up remote node wan 1 using ttt 999 53 ras gt poe dial WAN_1 Start dialing for node WAN 1 Hit any key to continue DIALING dev 6 ch 0 OUTGOING CALL phone CALL CONNECT speed lt 100000000 gt type lt 6 gt chan 0 LCP opened PAP sending user pswd IPCP negotiation started IPCP neg Primary DNS 192 168 30 1 IPCP neg Primary DNS 172 23 5 2 IPCP opened Zy
227. rs A and B to manage the bandwidth of the VPN traffic 6 3 Command Examples This example displays the LAN interface s BWM settings and then configures the LAN interface using bandwidth 10 000 bps and the priority based queuing method ras bm show interface lan Interface LAN Enabled bandwidth 100M bps allocated bandwidth 0 bps MTU 1500 byte ras gt bm interface iface lan enable bandwidth 10000 prr This example adds one LAN class using following settings Class number 1 Bandwidth 5 000 000 bps Class Name LAN class1 ras bm config load ras bm class lan add 1 bandwidth 5M name LAN class1 ras bm config save ZyWALL ZyNOS CLI Reference Guide Chapter 6 Bandwidth Management Commands This example modifies one existing LAN class using following settings and displays what we configured then Class number 1 Bandwidth 50 000 000 bps Priority 2 Enable the Borrowing option Yes ras bm config load ras bm class lan mod 1 bandwidth 50M ras bm config save ras bm show class lan Class 0 Name Root Class depth 0 priority 0 filter setting No queue 0 30 borrow class No parent class No total bandwidth 100M bps allocated bandwidth 50M bps Class 1 Name LAN classl depth 1 priority 2 filter setting No queue 0 30 borrow class 1 parent class 0 Root Class total bandwidth 50M bps allocated
228. rule gt udp destport single port 75 config edit firewall set lt set gt top idle timeout timeout rh nun 75 config edit firewall set sotj udp idle timeout LimeouLto lo o Rr hee Gees 76 config insert firewall set sot rule ies coined RAO EGRE CR ADAE ORONUR AGE ORUS KC dongs 76 ceni ig Fetyleve EROR AUR RADARS ROACROR ERAS 76 contig Qustclm sBEVTIdg Saree odes Sense neu Nus I Saw donee Rr SR 76 coni ig retrieve X dp toe eh x eee Pedes 76 Coney Sie a Shae S 76 Sontag Soye a ox RO E Ro RR dec ANS e ORC 76 Ganfid Seve CUBTONSSErVIGe Que du s deme d ede Pd E EEG EH P Pra ed dede uve T6 poni sve Trival insa xA We Sede Sa KARE RC d did cca o oo Oke ie MALAE RU odes E eee etka we 76 device channel Wisp lt CBANNEL NAME gt DEVEL ihedeqbeekdex4nECRO Gd KR EUR OE GR ROS ea ee eae ER SOROR e 83 device channel drop onabenpl name gt Lia uod a E Xa EORR ROC EUER CAE do OG 83 device channel name eds oe ee eee 83 devices channel threshold charnnel name NUMBER SOS RO m aw oe amp 84 device co o M 84 Port seb 62527 Iq eed darc soeur Bou auk woo ada 85 Scher edit l
229. s ras d at BLOCK BLOCK BLOCK BLOCK BLOCK BLOCK Sys Sys Sys Sys ime Firewal Firewal Firewal Firewal Firewal Firewal logs logs logs logs message 0 06 08 2004 05 58 load category access 3 Save display access ll default 1 06 08 2004 05 58 ll default 2 06 08 2004 05 58 ll default 3 06 08 2004 05 58 ll default 4 06 08 2004 05 58 ll default 5 06 08 2004 05 58 ll default 21 pol 20 pol 720 pol 20 pol 20 po 20 po source 132 21 icy IG 172 21 icy IG icy IG icy IG licy IG 12221 licy UD 1425 21 172 21 172 21 4 154 P W to W ZW 13 65 46 P W to W ZW 0 2 P W to W ZW 3 191 P W to W ZW 0 254 P W to W ZW 4 187 137 P W to W ZW destination 224 0 1 24 299 255 255 250 239 255 255 254 1224 0 1 22 224 0 0 1 172 21 255 25595197 n ACCI ACCI ACCI ACCI ACC ACCI otes ESS ESS ESS ESS ESS ESS ZyWALL ZyNOS CLI Reference Guide Chapter 21 System Commands 21 6 Remote Node Commands The following section lists the remote node commands Table 75 Remote Node Commands COMMAND DESCRIPTION M sys rn accessblock Blocks or allows access to the remote node R 0 disable 1 enable sys rn disp lt entry gt Displays remote node
230. s LEDUSD erroreren r ireen NOE E NA dE e EOD 159 ays threatReport as SUMMOEXV Qu pac ERR ERS Che eS OR Rc 159 sys LhfestReport as IdIIDP ID sfPe so rfgsge IP dst destinotion IPC 3 9 hog 159 sve Ebreatbenort aw 2asde4d94xeaeSRGeRaRh d Rd Rod fua dee wa ae RR cd ada 160 ame ok o ae e oh die ee idee rius 160 sys threatRsport av Statistic id AV ID src source IP dst destination IP 4 160 Sus Threat kepOre sv SENDEN sd ee de UR Re E 160 SYS thredgtospoxt Cebus Eyed once ees So dec MOS RA RUE NUR RO Rd dd d E DO des Rd 160 sys threat Report dp active CvesmnOS ga kom oe Gri duh OR ORE UR pc ORCI Ul eg 160 Bus DEESBSLESDOPL tie Clue ia eee ee 0 Eu Ed qi d pax Pac E eid E heuer d Fa d ed eed eus 160 Sys threatReport idp statistic id IDP ID src source IP dst destination IP 160 pus threat port IIS BUDMDPPY 2 9 oe dap op X p ap Reale AR og red o dob og cR A en 160 Sys Dos milsw ErsuEShhok eocmhotb 9 oka ndo x cube eee CAE CN OR de Roo 160 SVE dos dab 5 999 PX HECK wu wee x d eee d EI d EE REGE 160 BUS Pos QUSS e ead ws VR Edo acid Abdo X EAM See ee Lada 160 sys Los Ewodchedule active exegenere3s eno om m RR Rome oboe EORR Rog p Dn I cte ee 160 prs DOS Ey meus OMOTE Ge dnce Ree ROR WO RC US QI dees i occ
231. s my_cert list PKI Storage Space in Us 2 self signed test CN cert test O my n successfully generated Certificate Name Type Subject Name Issuer Name From To auto generated self signed cert SELF CN ZyWALL 70 CN ZyWALL 70 2000 2030 test SELF CN cert test CN cert test 2007 2012 Total number of certificates 2 Legends NYV Not Yet Valid EXPD Expired EXPG Expiring CERT Certificate REQ Certification Request SELF Self signed Certificate SELF Default Self signed Certificate ZyWALL ZyNOS CLI Reference Guide Chapter 8 Certificates Commands This example displays the certificate that the Zy WALL is using as the default self signed certificate Then it has the ZyWALL use the self signed certificate named test as the default self signed certificate ras certificates my cert def self signed The default self signed certificate auto generated self signed cert ras certificates my cert def self signed test Would you like to make test as the default self signed certificate y n y ras certificates my cert def self signed The default self signed certificate test This example exports the self signed certificate named test After the certificate displays on the screen copy and paste it into a text editor like Notepad and save it as a crt or cer file ras certificates my cert export test
232. s the service license type Standard Expired date Displays the expiration date of the service ZyWALL ZyNOS CLI Reference Guide Chapter 18 myZyXEL com Commands ZyWALL ZyNOS CLI Reference Guide PPPoE Commands Use these commands to configure PPPoE settings on the ZyWALL 19 1 Command Summary A remote node is the remote gateway and the network behind the remote gateway across a WAN connection Remote node 1 may be your ISP for example You may configure multiple remote nodes in products with SMT menus or those with multiple WAN ports In products without SMT menus or multiple WAN ports a remote node is the ISP you configured in the web configurator A channel is a subset of an interface such as a LAN or WAN interface An interface may have more than one channel but it usually has just one The channel name is the encapsulation method used for the WAN dial up WAN link The following section lists the commands for this feature Table 67 poe Command Summary COMMAND DESCRIPTION M poe channel disable Disables a PPPoE channel H R CHANNEL poe channel enabl Enables a channel to carry PPPoE traffic H R lt CHANNEL gt poe channel show Shows the PPPoE channels available H R poe debug ON OFF Switches the PPPoE debug function on or off H R poe status Shows the status of the ZyWALL PPoE channels R poe stat
233. sables 0 the antispam function R B config edit anti spam threshold Sets the spam score threshold If the spam score is higher R B lt threshold gt than this threshold this mail is judged as spam mail threshold A number from 1 100 config edit anti spam whiteRule Enables 1 or disables 0 the antispam whitelist filter R B 0112 config edit custom service Configures the ICMP code This field is optional for ICMP R B lt entry gt icmp code lt 0 255 gt The code and type of an ICMP packet together indicate the purpose of the packet Use config edit custom service lt entry gt icmp type to configure the ICMP type first config edit custom service Configures the ICMP type R B lt entry gt icmp type lt 0 255 gt config edit custom service Configures the IP protocol for a selected custom service R B lt entry gt ip protocol lt icmp tcp udp tcp udp user defined gt config edit custom service Sets the name of the selected custom service R B lt entry gt name lt string gt config edit custom service When the IP protocol is set to TCP and or UDP this R B lt entry gt range start command configures the port range for a specified custom port endport service entry For single port configuration the start port is equal to the end port config edit custom service When the IP protocol is set to user defined this command R B lt entry gt user defined ip 1 255 configures the user defined IP protocol config
234. schedule on or off for Mondays R B monday on off sys firewall schedule week Turns the firewall schedule on or off for Saturdays R B saturday on off sys firewall schedule week Turns the firewall schedule on or off for Sundays R B sunday on off sys firewall schedule week Turns the firewall schedule on or off for Thursdays R B thursday on off sys firewall schedule week Turns the firewall schedule on or off for Tuesdays R B tuesday on off sys firewall schedule week Turns the firewall schedule on or off for Wednesdays R B wednesday on off ZyWALL ZyNOS CLI Reference Guide Chapter 13 Firewall Commands 13 2 Command Examples This example displays the firewall log type and count ras sys firewall cnt disp ICMP Idle Timeout O0 UDP Idle Timeout 0 TCP Idle Timeout 0 TCP SYN Idle Timeout 0 TCP FIN Idle Timeout 0 Land Attack 0 IP Spoof Attack 0 ICMP Echo Attack 0 ICMP Attack 0 Netbios Attack 0 Trace Route Attack 0 Tear Drop Attack 0 Syn Flood Attack 0 SMTP Attack 0 ACL name ACL Default Set Blocks 0 inute High 0 ax Incomplete High 0 TCP Max Incomplete 0 ACL name ACL Default Set Blocks 0 inute High 0 ax Incomplete High 0 TCP Max Incomplete 0 ACL name ACL Default Set Blocks 0 inute High 0 ax Incomplete High 0 TCP Max Incomplete 0 ACL name ACL Default Set Blocks 0 inute High 0 ax Incomplete
235. se Indek LaL A Lag RUE dep X RC hoe a ORC odia 122 pees enone pane e rai dur dus arde o d EO icu ede dg 122 ines SES nia Reh ER RR CE RR ale e de Sc a d Re dea Re Ud Me ee bate D b M o 122 ipse TkheConfig ohRbent exu EO RR OY chee S e eSEE RR nu TRE d 122 Lpeee TrkeCconriwy IcrdTupe Lada Rs4Qe med P dGoc qx BOWES SER SE Re 122 Ipsec ikeCanflg multiPro YBES NO een TO KERERRT RES RR EROR UR UR OSE eK 122 bipeec rketConrig Raed Sowa EA 122 Ipsec IkeCani ig WANS os dd Chao eee ARS E o e GaSe aoe Sea hee RES a 122 Ipsec natlrswersal Ye5 Nor i12 x 440 ROCK RO nw eed ae dtee saves NOR oe Lew ae ow 122 ipsec ikeConfig negotiationMode lt 0 Main I Aggressive 122 Ek6canpfIlg peerTdOGULenc sou oid eh Ue Ge Reda EO Pared ede EE 122 ipsec 3keconflg peerlIdType Kanne edd Rha See eee 122 ipsec ikeConfig secureGwAddr ip address domain name reti ki 122 ipsec ikeConfig xauth type 0 client mode l server mode nn 123 ipese EheDelete cruls HUDDOF cases 44 ba Skee ES d Eg EERIE LORS d bod d a dis 122 SES COA REAR SS Dua dd SdH OSE wee 122 IULLSDHEHEBRDBES ao dexxee
236. sers may repeat this command line to enter the multiple port numbers config edit firewall set lt set gt Edits the rule to apply to a TCP packet with the specified R B rule lt rule gt tcp destport singl destination port port config edit firewall set lt set gt Edits the rule to apply to a UDP packet with any destination R B rule lt rule gt udp destport any port config edit firewall set lt set gt Edits the rule to apply to a UDP packet with a destination R B rule lt rule gt udp destport range port falling within the specified range start port endport For non consecutive port numbers users may repeat this command line to enter the multiple port numbers config edit firewall set lt set gt Edits the rule to apply to a UDP packet with the specified R B rule lt rule gt udp destport singl destination port lt port gt config edit firewall set lt set gt Edits the timeout for an idle TCP session before it is R B tcp idle timeout lt timeout gt terminated This command has no effect on firewall settings To configure timeout values use tos commands ZyWALL ZyNOS CLI Reference Guide Chapter 10 Configuration Commands Table 27 config Command Summary continued COMMAND DESCRIPTION M config edit firewall set lt set gt Edits the timeout for an idle UDP session before it is R B udp idle timeout lt timeout gt terminated This command has no effect on firewall
237. set R B name lt string gt config edit firewall set lt set gt Edits whether a packet is permitted dropped or rejected R B rule lt rule gt action lt rule action gt when it matches this rule config edit firewall set lt set gt Edits whether a rule is enabled or not R B rule lt rule gt active lt yes no gt config edit firewall set lt set gt Activates or deactivates notification of a DoS attack or if R B rule lt rule gt alert lt yes no gt there is a violation of any alert settings When a DoS attack is detected the function will send an e mail to the SMTP destination address and log an alert config edit firewall set lt set gt Sets the desired ICMP custom service R B rule lt rule gt custom icmp lt string gt 1 You must first configure a ICMP service name using config edit custom service lt entry gt name lt string gt 2 Thenuse config edit custom service lt entry gt ip protocol icmp to set the protocol to ICMP 3 Then use config edit custom service lt entry gt icmp type to specify the ICMP type 4 Thenuse config edit custom service lt entry gt icmp code to specify the ICMP code 5 After you save it you can add the custom service to a firewall rule config edit firewall set lt set gt Sets the desired user defined IP Protocol custom service R B rule lt rule gt custom ip lt string gt 1 You must first configure an IP protocol name using config edit custom service lt entry gt name lt string gt
238. settings To configure t imeout values use tos commands config insert firewall set lt set gt Inserts s new rule into a set Use config edit commands R B rule lt rule gt to edit the rule and set subfields config retrieve anti spam Retrieves the current saved anti spam settings R B config retrieve custom service Retrieves the custom service entry specified by lt entry gt R B lt entry gt config retrieve firewall Retrieves current saved firewall settings R B config save all Saves users configurations into flash memory R B config save anti spam Saves the current antispam settings R B config save custom service Saves the custom service entry specified by lt entry gt R B lt entry gt config save firewall Saves the current firewall settings R B 10 2 Default Values The following table shows a list of default values Table 28 config Default Values VARIABLE DEFAULT VALUE ACL set name ACL Default Set anti spam action 0 1 1 anti spam blackRule 0 1 0 anti spam markString spam tag SPAM anti spam phishingString phishing tag PHISHING anti spam query 0112 anti spam switch 0 1 0 anti spam threshold threshold 90 anti spam whiteRule 0112 0 connection timeout 30 seconds fin wait timeout 60 seconds firewall active lt yes no gt yes Firewall attack block lt yes no gt no firewall attack block minute 0 255 10
239. ship and or materials Zy XEL will at its discretion repair or replace the defective products or components without charge for either parts or labor and to whatever extent it shall deem necessary to restore the product or components to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product has been modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact your vendor You may also refer to the warranty policy for the region in which you bought the device at http www zyxel com web support warranty info php Registration Register your product online to receive e mail notices of firmware upgrades and information at www zyxel com ZyWALL ZyNOS CLI Reference Guide Appendix A Legal Information ZyWALL ZyNOS CLI Reference Guide Customer Support In the event of problems that cannot b
240. specified ALG R B lt ALG_FTP ALG_H323 ALG_SIP gt ip alg ftpPortNum port Sets the FTP ALG to support a different port number instead of the R B default ip alg siptimeout lt timeout gt Sets the SIP timeout in seconds 0 means no timeout R B ip alias lt interface gt Sets an alias for the specified interface R The Table title identifies commands or the specific feature that the commands configure The COMMAND column shows the syntax of the command The DESCRIPTION column explains what the command does It may also identify legal input values The M column identifies the mode in which you run the command R The command is available in router mode B The command is available in bridge mode e R B The command is available in both router and bridge modes A long list of pre defined values may be replaced by a command input value variable so as to avoid a very long command in the description table Refer to the command input values table if you are unsure of what to enter Table 2 Common Command Input Values LABEL DESCRIPTION description Used when a command has a description field in order to add more detail ip address An IP address in dotted decimal notation For example 192 168 1 3 mask The subnet mask in dotted decimal notation for example 255 255 255 0 mask bits The number of bits in an address s subnet mask For example type 24 for a subnet mask of 255 255 255 0
241. splay Shows the LAN DHCP DNS server settings R ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands Table 48 DNS Commands continued COMMAND DESCRIPTION M ip dns lan edit lt 0 1 2 gt 0 from Configures the DNS server settings the ZyWALL assigns to R ISP 1 user defined 2 DNS LAN DHCP clients relay 3 none isp idx ip 0 12 Configures the first second or third DNS server address setting 0 from ISP 1 user defined 2 DNS relay 3 none lf you set the server as from ISP 0 specify the number of the ISP If you set the server as user defined 1 specify the IP address isp idx ip address The number of the ISP the number of the remote node or the IP address of the DNS server ip dns lan edit lt 0 1 2 gt 0 from Configures the DNS server settings the ZyWALL assigns to R ISP l user defined 2 DNS LAN DHCP clients relay 3 none isp idx ip 0 1 2 Configures the first second or third DNS server address setting 0 from ISP 1 user defined 2 DNS relay 3 none lf you set the server as from ISP 0 specify the number of the ISP If you set the server as user defined 1 specify the IP address isp idx ip address The number of the ISP the number of the remote node or the IP address of the DNS server ip dns query address ip Displays the domain name of an IP address R address timeout timeout The maximum number of secon
242. ssid lt ssid gt Sets the SSID for the specified SSID profile R B wcfg ssid 1 8 hidenssid lt enable disable gt Sets whether the specified SSID profile s SSID is R B hidden not broadcasted wcfg ssid 1 8 security security Binds the security profile with the specified SSID R B profile name profile wcfg ssid 1 8 macfilter Enable or disable the MAC filter for the specified R B lt enable disable gt SSID profile wcfg ssid 1 8 clear Resets the specified SSID profile to its default R B settings wcfg ssid 1 8 save Saves the specified SSID profile configuration to the R B non volatile memory wcfg ssid 1 8 show Displays the configuration for the specified SSID R B profile wcfg ssid display Displays all runtime SSID profile configuration R B wcfg ssid spdisplay Displays all SSID profile configuration in the non R B volatile memory wcfg ssid saveall Saves all runtime SSID profile configuration to the R B non volatile memory The following table describes the values required for many wireless WEP key setting commands Other values are discussed with the relevant commands Table 83 Wireless WEP Key Command Input Values LABEL DESCRIPTION lt key gt This is a WEP key You would have a different key length depending on the type of WEP key size you selected If you use a 64 bit WEP key enter 5 ASCII characters or
243. st filter which is set to active with an IP address of 192 168 1 33 and subnet mask of 255 255 255 255 ras config edit anti spam rule 2 ip 2 active 1 address 192 168 1 33 netmask 255725542597299 ras gt config save anti spam ras gt config display anti spam ACL set header information ANTI SPA ACL set number 1 ANTI SPA ACL set number of rules 2 ANTI SPA ACL set name Anti Spam ACL set ANTI SPAM Information ANTI SPA ANTI SPAM DISABLE WhiteList DISABLE BlackList DISABLE ANTI SPA SPAM Mail Tag SPAM ANTI SPA Phishing Mail Tag PHISHING ANTI SPA Action Add Tag to SMTP POP3 SPAM Mail ANTI SPA Disable External Database ANTI SPA Action for Query timeout Add Tag to SMTP POP3 SPAM Mail ACL rule header information ANTI SPA ACL rule number 1 ANTI SPA ACL rule White Rule ACL rule header information ANTI SPA ACL rule number 2 ANTI SPA ACL rule Black Rule ANTI SPA Index 0 flags 1 IP 192 168 1 33 Netmask 255 255 255 255 The following table describes the fields displayed using the config display set command in the example above Table 32 config display set lt entry gt LABEL DESCRIPTION ANTI SPAM ACL set number Shows the index of this set ANTI SPAM ACL set number of Shows the number of rules in this set rules ANTI SPAM ACL set name Shows the name of the set ANTI SPAM Shows whether the anti spam function is enable
244. t lt set gt Deletes the desired TCP UDP custom port name R B rule lt rule gt destport custom config delete firewall set lt set gt Deletes a log for a rule when the packet matches the rule R B rule lt rule gt log config delete firewall set lt set gt Deletes the rule name R B rule lt rule gt nam config delete firewall set lt set gt Deletes the protocol number for a rule R B rule lt rule gt protocol config delete firewall set lt set gt Deletes the IP address range for a rule applying to a packet R B rule lt rule gt srcaddr range with a source IP address that falls within a specified range config delete firewall set lt set gt Deletes the IP address setting in a rule applying to a packet R B rule lt rule gt srcaddr single with a specified source IP address config delete firewall set lt set gt Deletes the IP address and subnet mask setting in a rule R B rule lt rule gt srcaddr subnet applying to a packet with a specified source IP address and subnet mask config delete firewall set lt set gt Deletes the rule applying to a TCP packet with any R B rule lt rule gt tcp destport any destination port config delete firewall set lt set gt Deletes the port setting for a rule applying to a TCP packet R B rule lt rule gt tcp destport range with a destination port falling within the specified range config delete firewall set lt set gt Deletes the port setting for a rule applying to a TCP packet R B
245. t range config delete custom service Deletes the IP protocol setting for the custom service R B lt entry gt user defined ip config delete firewall active Deletes the active setting in the firewall rule configuration R B config delete firewall attack block Deletes the block setting in the firewall rule configuration R B config delete firewall attack Deletes the block attack in minutes setting in the firewall R B block minute rule configuration config delete firewall attack max Deletes the setting for DOS Denial of Service detection R B incomplete high based on the maximum number of sessions allowed config delete firewall attack max When the ZyWALL detects a DOS attack it begins to delete R B incomplete low half open sessions until it reaches a specified number of half open sessions This commands deletes this set number config delete firewall attack Deletes the setting for DOS detection based on the R B minute high maximum number of sessions allowed per minute config delete firewall attack When the ZyWALL detects a DOS attack it begins to delete R B minute low half open sessions until it reaches a specified number of half open sessions per minute This commands deletes this set number 68 ZyWALL ZyNOS CLI Reference Guide Chapter 10 Configuration Commands Table 27 config Command Summary continued
246. t yes no gt Enables or disables the firewall R B sys firewall cnt clear Clears the firewall log count R B sys firewall cnt disp Displays the firewall log type and count R B sys firewall dos display Displays the SMTP DoS defender setting R B sys firewall dos ignore Sets whether or not the firewall ignores DoS attacks on the R B lt lan wanl wan2 dmz wlan vpn gt specified interface on off sys firewall dos smtp Enables or disables the SMTP Denial of Service DoS R B defender sys firewall dynamicrule timeout Sets the dynamic rule timeout value in seconds The value R B value must be 8 or higher sys firewall ignore logBroadcast Sets whether or not the firewall ignores log broadcasts R B lt from gt lt to gt lt on off gt sys firewall ignore triangle Sets if the firewall ignores triangle route packets on the LAN or R B WAN sys firewall schedule display Displays the firewall schedule R B sys firewall schedule load set Loads the firewall schedule by rule R B number rule number gt sys firewall schedule save Saves and applies the firewall schedule R B sys firewall schedule timeOfDay Sets what time the firewall schedule applies to R B always hh mm hh mm gt sys firewall schedule week Turns the firewall schedule on or off for all week R B allweek on off sys firewall schedule week Turns the firewall schedule on or off for Fridays R B friday on off sys firewall schedule week Turns the firewall
247. tents Overview the Index of Commands or search the PDF file E mail techwriters 9 zyxel com tw if you cannot find the information you require CLI Reference Guide Feedback Help us help you Send all guide related comments questions or suggestions for improvement to the following address or use e mail instead Thank you ZyWALL ZyNOS CLI Reference Guide 3 About This CLI Reference Guide The Technical Writing Team ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 Taiwan E mail techwriters 9 zyxel com tw a ZyWALL ZyNOS CLI Reference Guide Document Conventions Document Conventions Warnings and Notes Warnings and notes are indicated as follows in this guide lt gt Warnings tell you about things that could harm you or your device See your User s Guide for product specific warnings Notes tell you other important information for example other things you may need to configure or helpful tips or recommendations Syntax Conventions This manual follows these general conventions e ZyWALLs may also be referred to as the device the ZyXEL device the system or the product in this guide Units of measurement may denote the metric value or the scientific value For example k for kilo may denote 1000 or 1024 M for mega may denote 1000000 or 1048576 and so on Command descriptions foll
248. the command without any parameters displays the global list of objects ip cf policy config customRule Removes the specified customized content filter policy from R B delete index the policy Enter the command without specifying a customized content filter policy to see the customized content filter policy numbers ip cf policy config customRule Displays the policy s customized content filter policies R B display ip cf policy config customRule Turns the policy s customized content filter policies on or off R B enable lt on off gt ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands Table 45 Content Filtering Commands continued eachDay timeSeg2 1 7 weekday 0 24 start hour lt 0 59 start minute 0 24 end hour 0 59 end minute second time segment COMMAND DESCRIPTION M ip cf policy config Turns the content filtering policy on or off and sets its R B CustomizedFlags customized settings filterList customize disableAll filterList Use this to enable or disable the content filtering ExceptTrusted unblockRWFToTruste policy d keywordBlock fullPath caseInse customize Sets whether or not to filter web access based on nsitive fileName the policy s list of trusted and forbidden web sites and enable disable forbidden key words Content filter list customization may be enabled and disabled without re entering these site names disable
249. tion console window such as HyperTerminal Use right click not ctrl v to paste your command into the console window as shown next ras sus trcdisp enitU bothway_ Send File Receive File Print Paste to Host Ctrl V Select All ZyWALL ZyNOS CLI Reference Guide Document Conventions Icons Used in Figures Figures in this guide may use the following generic icons The ZyWALL icon is not an exact representation of your device ZyWALL Computer Notebook computer Ne Server Firewall XN 5 aan ae SS I GES guru e li um Ele ug I deri amm es ee Telephone Switch Router ZyWALL ZyNOS CLI Reference Guide Contents Overview Contents Overview c 11 Flow Io Access and Use The CUI 22s erii ott Rr er Et b ENE PELO RE t ec a t 13 SE TETTE EINEN eme 1f PTE SINGS LT Mn 31 nach NE E TD EOD T 33 uui CONS anoa e 35 Fabia Dial Backup Commands ies ia seas inre dec eiaasd Fam nise aeaiia brc Desa aad 39 Bandwidih Management Commands codasiectetegunteveindueb ross tdi bn er Ud deb ros iuo egt bes va du be R dada 43 Endas Peer ITI METERS 51 Certificates Commands 58 CNM Ageri COMING ET UD LEER 63 Gomanraion Command S sinirika pc n a arg x p p
250. tion key 12345678 How often to send a keepalive packet to the CNM server every 60 seconds ras cnm managerIp 10 1 1 252 managerIp 10 1 1 252 ras cnm encry des 12345678 cnm encry des 12345678 ras cnm keepalive 60 cnm keepalive 60ras cnm active 1 cnm active 1 Last Register Time 0 0 0 0 0 0 ZyWALL ZyNOS CLI Reference Guide Chapter 9 CNM Agent Commands This example displays the CNM debug messages It s useful for monitoring register or keepalive packets the ZyWALL sends and receives to and from the CNM server ras cnm debug 1 cnm debug 1 lt 0 Disable 1 Enable gt CNM debug messges can only be printed at 115200 baud rate ras agentIpAddr 10 1 1 252 CNM protocol version 1 sendSgmpRegisterRequest sessionID 0 sgmpAgentRx iface p b04088 cnt 1 sgmpRxEventProcess opType 1 procAgentRegister SessionID is modified by Vantage to 0 received SGMP T REGISTER SGMP C RESPONSE Error tUnit 4096 sendSgmpRegisterAck ackCode 9 procAgentRetriev vent SGMP EVENT REGISTER RESP sendSgmpRetrieveStoreRequest opType 2 sgmpd state SGMP STATE REGISTERING sgmpAgentRx iface_p b04088 cnt 1 sgmpRxEventProcess opType 2 procAgentRetrieve agentState 1 SessionID is modified by Vantage to 0 received SGMP T RETRIEVE SGMP C RESPONSE sendSgmpRetrieveStoreAck opType 2 ackCode 9 procAgentRetriev vent SGMP EVENT RETRIEVE RESP sgmpd state SGMP STATE RETRIEVE INIT event SGMP EVENT RETRIEVE SUCCESS sendR
251. tocol name Shows the name of a custom IP service Custom ICMP protocol name Shows the name of a custom ICMP service ACL rule name Shows the name of this rule The following table shows the interfaces assigned to each set number Table 31 Set Interface Assignments SET NUMBER INTERFACE LAN to WANI WANI to LAN DMZ to LAN DMZ to WANI WANI to DMZ LAN to DMZ LAN to LAN WANI to WANI oello u Aola AJ ooj N FR DMZ to DMZ LAN to WLAN WLAN to LAN WANI to WLAN WLAN to WAN1 DMZ to WLAN ws o WLAN to DMZ ZyWALL ZyNOS CLI Reference Guide Chapter 10 Configuration Commands Table 31 Set Interface Assignments SET NUMBER INTERFACE 16 WLAN to WLAN 17 LAN to WAN2 18 WAN2 to LAN 19 WANI to WAN2 20 WAN2 to WAN 21 WAN2 to WAN2 22 DMZ to WAN2 23 WAN to DMZ 24 WLAN to WAN2 25 WAN2 to WLAN 26 LAN to VPN 27 VPN to LAN 28 WANI to VPN 29 VPN to WAN 30 WAN2 to VPN 31 VPN to WAN2 32 DMZ to VPN 33 VPN to DMZ 34 WLAN to VPN 35 VPN to WLAN 36 VPN to VPN ZyWALL ZyNOS CLI Reference Guide Chapter 10 Configuration Commands 10 3 2 Anti spam Example This example shows how to set up an anti spam blackli
252. try gt ip protocol lt icmp tcp udp tcp udp user defined gt 72 edit custon servlce entryyo name sLEISQE 64 ODE OREO ERRORS OES 72 edit custom service entryy range start port enuport i 9 X canes 72 edit custom service lt entryy gt user defined lp 152555 ERROR 72 edie cirbwall active xi eS 72 gdire firewall attack DLOGE yes we d Rode Ta edie firewall attack biodc udin be nee anea sariei da 24008 A 72 edit firewall attack max incomnplete high e092555 73 edit firewall attack mex 3hncomplete ilow 24 c4282ce0 bee QUE dead PEG 8 wom 73 edit firewall attack minute high ere m RR Rm rk bie Ta puit firewall attack matute low De2889 serora eee Se eee RA E ped kp ru due dope v d e T3 edit firewall sttaeck sesd salert hen SAKES Re Re RS RSS 73 edit firewall attack top max incompleLe lt lt side tee Gwen RO E EORR ORC CAR enit Iibewall email day gave dua pade dax R3 RUE UR Red Ac ERROR ee das eh CR EC d oa eels T3 edit firewall mail 664456 Ok dede dd des pae 73 egit ficewall e maili SUA ees Ree Ree eee DA RC e dc ea SR Cok ae 13 edit firewall e mall mail server Ip addresB a a d RR CR T3 edit Cireyall garl minute A Rd ee ELO ROSE T3 Sait firewal
253. ttack display ike ipsec packetfilter ppp tls remote upnp urlblocked 3 Use sys logs category followed by a log category to display the parameters that are available for the category Figure 9 Displaying Log Parameters Example ras gt sys logs category a Usage 0 none 1 10g 2 a type CCess lert 3 both 0 don t show debug type 1 show debug ZyWALL ZyNOS CLI Reference Guide Chapter 21 System Commands 4 Use sys logs category followed by a log category and a parameter to decide what to record U this in order to record logs 21 5 1 Displaying Logs se 0 to not record logs for that category 1 to record only logs for that category 2 to record only alerts for that category and 3 to record both logs and alerts for that category Not every parameter is available with every category 5 U se the sys logs save command to store the settings in the ZyWALL you must do e Use the sys logs display command to show all of the logs in the ZyWALL s log Usethe sys logs category display command to show the log settings for all of the Usethe sys Usethe sys log categories 21 5 2 Log Command Example logs clear command to erase all of the ZyWALL s logs logs display log category command to show the logs in an individual ZyWALL log category This example shows how to set the ZyWALL to record the access logs and alerts and then view the results ras ras ra
254. uccessful lt Back Cancel 4 Type a file name or browse for one Certificate Export Wizard x File to Export Specify the name of the file you want to export File name Back Next gt Cancel ZyWALL ZyNOS CLI Reference Guide Chapter 8 Certificates Commands 5 Click Finish Certificate Export Wizard 3 x Completing the Certificate Export Wizard You have successfully completed the Certificate Export wizard You have specified the following settings File Name D stev Export Keys No Include all certificates in the certification path No File Format Base64 lt Back 6 Open the newly created file in a text editor like Notepad to be able to copy and paste the certificate into your CLI session ZyWALL ZyNOS CLI Reference Guide 9 1 Command Summary CNM Agent Commands Use these commands to configure CNM agent settings on the ZyWALL The following section lists the commands for this feature Table 25 CNM Commands COMMAND DESCRIPTION cnm active 0 disable 1 enable Enables or disables the CNM service on the ZyWALL After enabled the ZyWALL communicates with the CNM server through ZyWALL s WAN R B cnm sgid Displays the unique ID received from the CNM server after the ZyWALL registered successfully R B cnm managerIp Displays the CNM server s IP address R B cnm debug 0 disabl
255. ult values Table 87 wwan Default Values VARIABLE DEFAULT VALUE 3G WWAN off Budget control enabled 3 TxAndRx budgetCtrl data enable off budgetCtrl time enable off idle Timeout 100 seconds nail Up off NAT on PPP authentication type None WAN IP address obtain 1 Auto wanIPAddress 0 0 0 0 WWAN multicast enabled off ZyWALL ZyNOS CLI Reference Guide Chapter 22 WWAN Commands 23 2 Command Examples If using 3G cards such as the AC850 AC875 E612 E620 or OptionGT HSDPA 7 2 type the commands below to configure 3G WWAN ras wwan ras wwan ras wwan ras wwan ras wwan ras wwan ras wwan ras wwan ras wwan ras wwan ras wwan ras wwan ras wwan ras wwan ras wwan ras wwan ras wwan ras wwan load config config config config config config config config config config config config config config config config save apn internet authType 3 enable nat on nailUp phoneNumber 99 pin 0000 wanlpAssign 1 budge budge budge budge budge budge budge budge Gh set pp xr on off enable on time enable on time quota 10 highLimit log on lowLimit timePercent lowLimit timePercent 60 lowLimit log on resetDay 6 The following screens show the same configuration using the web configurator Figure 10 WWAN configuration example General WAN2 Setup 3
256. up idx The number of an ISP configuration on the ZyWALL For example the ISP configured for the WAN 1 interface is ISP group index 1 0 number The number of system report records to display For example if you specify 10 the top 10 report entries display 15 1 1 ALG Commands The following section lists the ALG commands Table 42 ALG Commands COMMAND DESCRIPTION M ip alg disable Turns off the specified ALG Application Layer Gateway R B lt ALG_FTP ALG_H323 ALG_SIP gt ip alg disp Shows whether the ALG is enabled or disabled R B ip alg enable Turns on the specified ALG R B lt ALG_FTP ALG_H323 ALG_SIP gt ip alg ftpPortNum port Sets the FTP ALG to support a different port number instead R B of the default ip alg siptimeout lt timeout gt Sets the SIP timeout in seconds 0 means no timeout R B ZyWALL ZyNOS CLI Reference Guide Chapter 15 IP Commands 15 1 2 ARP Commands The following section lists the ARP commands Table 43 ARP Commands COMMAND DESCRIPTION M ip arp ackGratuitous active Turns the acceptance of gratuitous ARP Address Resolution R B yes no Protocol packets on or off See Section 15 1 3 on page 98 for details ip arp ackGratuitous forceUpdate Has the ZyWALL update an existing ARP entry for which a R B on off gratuitous request was received See Section 15 1 3 on page 98 for details ip
257. ur lt 0 59 start minube gt O24 send hours MING sessie ee thaw oe Rom nmn ge e e a eade 102 cf policy config schedule eachDay timeSeg2 1 7 weekday 0 24 start hour lt 0 59 start minute gt lt O 24iend ho t 0e39 G6ngd minute RRARRE E P E OR BOR ARCA 102 er policy cantly schedule enable ck Ree Rok ORO E OR EORR ECC DER TERS 103 cf policy config schedule everyday timeSegl 0 24 start hour lt 0 59 start minute SDe24 end hour B9 end MINUTS x eR REG HER Rap EK SOR 103 cf policy config schedule everyday timeSeg2 lt 0 24 start hour lt 0 59 start minute s024 rend hour lt 0 59rend MINICE 224 66k se DEW X CR NOR ONCE CR HE RSE OE ROE DER TORR 103 cf policy config schedule type l1 always 2 everyday 3 policies for each day 103 cet policy contig webControl category bloack forwards l9bl ALYI errre tortet 193 er pole Config weboonDLrOLl 124232323354 x80 Bd RA hs ER dde RUE Ad bbe Boas 193 St polio Contig webb ontrel enable lt n OLE gt Ba d lt ec cre td pe Siew Hal a CR pu ne oe CR A IR ane 103 ZyWALL ZyNOS CLI Reference Guide Index of Commands ip cf policy config webFeature block nonblock activex java cookie webproxy 103 lp gr policy delete In003X uk qe REN XU ER ARNESE EORR ACEOR RON XC AC Rod ACE 103 Ap pL polley display SISUGE
258. us channel Displays the status of packets on a specified PPoE channel R name channel name Channel names are poeO or poe poe drop lt channel gt Drops a PPPoE link to the specified channel for example poeO R poe dial node Dials a link to the specified remote node for example WAN 1 R poe ether rfc 3com Sets or displays the EtherType The EtherType indicates which R protocol a packet uses You can set the EtherType so that either RFC or 3Com protocols are used poe inout lt NODE_NAME gt Sets the call direction between ZyWALL and a node to both H R poe ippool IP CNT Sets or displays PPPoE IP pool information H R poe master easy ON OFF Switches the response for a no service name request on or off H R poe master promiscuous Provides a PPPoE server list to clients H R ON OFF ZyWALL ZyNOS CLI Reference Guide Chapter 19 PPPoE Commands Table 67 poe Command Summary continued COMMAND DESCRIPTION M poe padt LIMIT Sets displays the PPPoE PADT limit H R poe proxy active Turns the PPPoE proxy function on off R ON OFF Note proxy commands will be removed poe proxy debug ON OFF Turns the PPPoE proxy debug function on off R poe proxy disp Displays the PPPoE proxy client session table R poe proxy flush Clears the PPPoE proxy client session table R poe proxy init Initializes the PPPoE proxy client session table R poe p
259. user when connecting to an ISP The following table shows a list of default values Table 70 pptp Default Values VARIABLE DEFAULT VALUE chapv1LM on off off enque size 10 ZyWALL ZyNOS CLI Reference Guide Chapter 20 PPTP Commands 20 2 Command Examples This example limits the number of packets queued for transmission to 11 Packets 12 and above in the queue will be dropped ras pptp enque 11 PPTP max en queue size flow control 11 ZyWALL ZyNOS CLI Reference Guide System Commands Use these commands to configure system related settings on the ZyWALL 21 1 Local User Database Commands The following section lists the local user database commands Table 71 Local User Database Commands COMMAND DESCRIPTION M sys authserver localuser disp Displays the local user database R B all index sys authserver localuser edit Edits the local user database R B index 0 inactivel l active username password sys authserver localuser load Loads local user database information R B sys authserver localuser save Saves the local user database R B 21 2 Local User Database Commands Example The following example configures a local user account with username example and password test ras gt sys authserver localuser load ras gt sys authserver localuser edit 1 1 example test ras gt sys authserver localuser save
260. uthentication type 1 None 2 CHAP only 3 PAP only 4 CHAP or PAP If 1 None is selected no password or user name is required ZyWALL ZyNOS CLI Reference Guide Chapter 23 WWAN Commands Table 86 wwan Command Summary continued COMMAND DESCRIPTION 11213 wwan config budgetCtrl data dir Sets whether either transmitted Tx or received Rx or both Tx Rx data should be counted for budget purposes 1 Tx 2 Rx 3 Tx and Rx enable on off wwan config budgetCtrl data Enables the recording of the amount of Tx Rx data This information is used for budget management data quota wwan config budgetCtrl data quota Sets the data limit measured in megabytes data quota may be between 1 Mb to 100 Gb on off wwan config budgetCtrl enable Enables budget control wwan config budgetCtrl highLimit Sets the upper limit for the data budget alert on off wwan config budgetCtrl highLimit Sends an alert if the data limit is exceeded AllowNewConn on off wwan config budgetCtrl highLimit Allows new 3G connections to be established when the data limit is exceeded KeepCurrConn on off wwan config budgetCtrl highLimit Keeps the current 3G connection ON or drops it OFF if the data limit is exceeded wwan config budgetCtrl highLimit Sends a log if the data limit is exceeded
261. version V4 03 XD 0 Preb2 0802 1 romRasSize 3596736 system up time 23 51 53 831816 ticks bootbase version V1 08 01 28 2005 CPU chip revision 1 CPU chip clock 266MHz CPU core revision 0 08 03 2007 ras sys atsh ZyNOS version V4 03 XD 0 Preb2 0802 1 08 03 2007 Ram Size 32768 Kbytes Flash Size Intel 64M 1 romRasSize 3596736 bootbase version V1 08 01 28 2005 Vendor Name ZyXEL Communications Corp Product Model ZyWALL 5 MAC Address 001349000001 Default Country Code FF Boot Module Debug Flag 0 RomFile Version 38 RomFile Checksum b4fc Use the following command to view CPU utilization ras gt sys cpu display CPU usage status baseline 1472882 ticks sec ticks load sec ticks load sec ticks load sec ticks load 0 1393404 5 39 1 1472882 0 00 2 1472882 0 00 3 1472882 0 00 4 1097036 25 51 5 1455444 1 18 6 1460440 0 84 7 1469623 0 222 8 1472882 0 00 9 1458718 0 96 10 15369 98 96 11 721711 51 00 12 1462602 0 69 13 1465369 0 51 14 1464771 0 55 15 1469584 0 22 16 1472882 0 00 17 1472882 0 00 18 1465200 0 52 19 1459341 0 91 20 1457914 A 30 21 1454838 1 20 22 1472882 0 00 23 1472882 0 00 24 1458275 0 99 25 1472882 0 00 26 1472882 0 00 27 1472882 0 00 28 1472882 0 00 29 1472882 0 00 30 1472882 0 00 31 1472882 0 00 32 1472882 0 00 33 1472882 0 00 34 1472882 0 00 35 1472882 0 00 36 1472882 0 00 37 1472882 0 00 38 1472882 0 00 39 1460334 0 85 40 1472882 0 00 41 1472882 0 00 42 1472882
262. y lt rule number gt Displays the specified manual rule Or displays all R B runtime manual rules without specifying a rule Use manualAdd or manualEdit to load a manual rule before using this command ipsec manualAdd Allocates a working buffer to add an manual rule R B ipsec manualEdit lt rule number gt Loads the specified manual rule for editing R B ipsec manualSave Saves the manual rule settings from the working R B buffer to the non volatile memory ipsec manualList Lists all manual rules R B ipsec manualDelete lt rule number gt Deletes the specified manual rule R B ipsec manualConfig name lt string gt Sets the manual rule name R B lt string gt Up to 31 characters ipsec manualConfig active lt Yes No gt Activates the manual rule R B ipsec manualConfig myIpAddr ip Sets the local gateway address to the specified IP R address domain name address or domain name ipsec manualConfig secureGwAddr ip Sets the remote gateway address to the specified IP R B address domain name address or domain name ipsec manualConfig protocol Sets the traffic protocol that can trigger the VPN R B lt 1 ICMP 6 TCP 17 UDP gt tunnel and be forwarded through it ipsec manualConfig lcAddrType Sets the local address type R B 0 single l range 2 subnet ZyWALL ZyNOS CLI Reference Guide Chapter 16 IPSec Commands
263. y 1 permit Sys version Displays the firmware and bootbase versions R B sys view lt filename gt Displays the specified text file R B sys wdog cnt value Sets 0 34463 or displays the current watchdog count in 1 6 R B second units sys wdog switch onloff Turns the watchdog firmware protection feature on or off R B ZyWALL ZyNOS CLI Reference Guide Chapter 21 System Commands ZyWALL ZyNOS CLI Reference Guide Wireless Commands Use these commands to configure wireless settings on the ZyWALL 22 1 Command Summary The following section lists the commands for this feature Table 81 General Wireless Commands COMMAND DESCRIPTION M wlan active 1 0on 0 off Sets 1 to activate the wireless card R B wlan association Displays the wireless client association list R B wlan chid lt channel id gt Sets the operating frequency channel depending on R B your particular region channe1l id This is a three digit number For example 001 means the channel 1 while 010 means the channel 10 wlan essid lt essid gt Sets the wireless AP s SSID R B wlan fraThreshold lt 256 2346 gt Sets the fragmentation threshold value R B wlan iapp Displays the Inter Access Point Protocol IAPP R B information wlan outputpower lt 0 4 gt Sets the output power level from 0 highest power R B to 4 lowest power wlan radio lt 1 B Only 2 G Sets the wireless radio mode R B Only 3
264. y ike 0 none 1 10g 2 alert 3 both 0 don t show debug typell show debug awa Ge eee ae mIT Uer T OTT TE 153 logs category ipsec 0 none 1 10g 2 alert 3 both 0 don t show debug type 1 show penu ES una a Rd ui 3 edr 3 9 e eee ou e aH deber d ard f ce RR E sw esa AUR 154 logs category javablocked 0 none 1 10g 2 alert 3 both 0 don t show debug Bem Qe uddggey qne RE EE uuu BM Ear du ee MIROR QUE eur eaae 154 logs category mten 0 none 1 10g 0 don t show debug type 1 show debug type 154 logs category packetfilter 0 none 1 10g 0 don t show debug type 1 show debug type 154 logs category pki 0 none 1 10g 2 alert 3 both 0 don t show debug type 1 show debug uda R RO OC KORR CODEC AO ACE e CUR debo DUE OG C AC 154 logs category ppp 0 none 1 10g 0 don t show debug type 1 show debug type 154 logs category remote O none 1 log 0 don t show debug typell show debug type 154 logs category tcpreset 0 none 1 10g 0 don t show debug typell show debug type 154 logs category tls 0 none 1 10g 2 alert 3 both 0 don t show debug type 1 show debug ZyWALL ZyNOS CLI Reference Guide Index of Commands Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys Sys S
265. ys Sys Sys Sys Sys Sys Sys s bie nee Oe ee ek wee noe d do ae deir e 158 logs category traffic 0 none 1 10g 0 don t show debug typell show debug type 154 logs category upnp O none 1l log 0 don t show debug typell show debug type 154 logs category urlblocked 0 none 1 10g 2 alert 3 both 0 don t show debug txpelirshow debug type okies dean eX RR EACH RCK EESE ECARE CAE ORG ORA CRGO RE e 154 logs category urlforward 0O none 1 log 0 don t show debug type 1 show debug type 154 logs category wireless 0 none 1 10g 0 don t show debug type 1 show debug type 154 loog Tipar D 154 Togs Sous ieee qp adu Ee ac S dude edu ees ecd decor Se dae 154 legs consolidate period L 5040 bd kis San ean ed ses Ue Mosa dd QULA IA RR RR TRI Shae 155 Dots consolidare rotis Qai qo E 1585 logs display access attack error ipsec ike javablocked mten packetfil ter pk qoe EXPE been do AC REO 155 togs SPP log Cesk os ok ese wp EX m LIANA ES OH RARESE ERS RA RRACR CORO Ae Wo E RE ACE RC EDO 155 togs Wk dab d bod acr dca an RE pd OS quo dre o d adito abbas 159 Legs hL TE cerie d d oA eda oie 155 lege SIMER x eR RA
266. ys the list of external database content filtering servers R B display ip cf externalDB serverList Updates and displays the list of external database content R B refresh filtering servers ip cf externalDB Sets the log and block action for when there is no response R B serverunavailable from the content filtering external database configuration none log block both ip cf externalDB unratedweb Sets the log and block action for websites that are note rated R B none log block both by the content filtering external database configuration ip cf externalDB waitingTime Specifies a number of seconds 1 80 for the ZyWALL to wait R B seconds for a response from the external content filtering server The server is considered unavailable it there is still no response by the time this period expires ip cf object add Creates a content filtering object R B trust untrust keyword string ip cf object delete Removes the specified content filtering object Subsequent R B trust untrust keyword index objects move up one ip cf object display Displays the content filtering objects R B ip cf object save Saves the content filtering object configuration R B ip cf policy config customRule Adds a customized content filter policy to the policy First use R B add trust untrust keyword the ip cf object commands to create the global list of index trusted and untrusted websites and keywords that you can use in individual policies Entering
Download Pdf Manuals
Related Search