ZyXEL Communications 4.04 manuale d’uso

www .zyxel.com ZyW ALL (ZyNOS) CLI Reference Guide Internet Security Appliance CLI Reference Guide V ersion 4.04 4/2008 Edition 1 DEFAULT LOGIN In-band IP Address http://1 92 .168.1.1 User Name admin Password 1234[...]

[...]

About This CLI Refere nc e Gu ide ZyWALL (ZyNOS) CLI Reference Guide 3 About This CLI Reference Guide Intended Audience This manual is intended for people who want to configure the ZyW ALL via Command Line Interface (CLI). Y ou should have at least a ba sic knowledge of TCP/IP netw orking concepts and topology . " This guide is intended as a c[...]

About This CLI Reference Guide ZyWALL (Zy NOS) CLI Re ference Gu ide 4 The T echnical W riting T eam, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, T aiwan. E-mail: techwriters@zyxel.com.tw[...]

Document Conventions ZyWALL (ZyNOS) CLI Reference Guide 5 Document Conventions W arnings and Notes W arnings and notes are indicat ed as follows in this guide. 1 W arnings tell you about thi ngs that could harm you or your device. See your User ’s Guide for product specific warnings. " Notes tell you other important informati on (for example[...]

Document Conventions ZyWALL (Zy NOS) CLI Re ference Gu ide 6 Command summary tables are organized as follows: The Ta b l e title identifies commands or the specifi c feature that the commands configure. The COMMAND column shows the syntax of the command. The DESCRIP TION column explains what the comman d do es. It may al so identify legal input val[...]

Document Conventions ZyWALL (ZyNOS) CLI Reference Guide 7 " Commands are case sens itive! Enter commands ex actly as seen in the command interface. Remember to al so include underscores if required. Copy and Paste Commands Y ou can copy an d paste commands directly from th is doc um ent into your terminal emulation console window (such as Hype[...]

Document Conventions ZyWALL (Zy NOS) CLI Re ference Gu ide 8 Icons Used in Figures Figures in this guide may use the following ge neric icons. The ZyW ALL icon is not an exact representation of your device. ZyW ALL Computer Notebook computer Server DSLAM Firewall T elephone Switch Router[...]

Contents Overview ZyWALL (ZyNOS) CLI Reference Guide 9 Contents Overview Introduction .......................................... ........................................................................ .......... 1 1 How to Access and Use the C LI ...... ................... ................ ................ ................ ................ .......[...]

Contents Overview ZyWALL (Zy NOS) CLI Re ference Gu ide 10[...]

11 P ART I Introduction How to Access and Use the CLI (13) Common Commands (17)[...]

12[...]

ZyWALL (ZyNOS) CLI Reference Guide 13 C HAPTER 1 How to Access and Use the CLI This chapter introduces the command line interface (CLI). 1.1 Accessing the CLI Use any of the following methods to access the CLI. 1.1.1 Console Port Y ou may use this method if your Zy W ALL has a conso l e port. 1 Connect your computer to the console port on the ZyW A[...]

Chapter 1 How to Access and Use the CLI ZyWALL (Zy NOS) CLI Re ference Gu ide 14 1.1.3 SSH Y ou may use this method if your Zy W ALL supports SSH connections . 1 Connect your computer to one of the Ethernet ports. 2 Use a SSH client program to access the ZyW A LL. If this is your first login, use the default values in T able 4 on page 13 and T able[...]

Chapter 1 How to Access and Use the CLI ZyWALL (ZyNOS) CLI Reference Guide 15 2 Ty p e help and press [ENTER]. A list comes up which shows all the commands available for this device. Abbreviations Commands can be abbreviated to the smallest un ique string that differentiates the command. For example sys version could be abbr eviated to s v . 1.4 Sa[...]

Chapter 1 How to Access and Use the CLI ZyWALL (Zy NOS) CLI Re ference Gu ide 16 1.5 Logging Out Enter exit to log out of the CLI. T able 7 Exit Command COMMAND DESCRIPTION M exit Logs you out of the CLI. R+B[...]

ZyWALL (ZyNOS) CLI Reference Guide 17 C HAPTER 2 Common Commands This chapter introduces some of the more commonly-used commands in the ZyW ALL. For more detailed usage, see the correspondi ng feature chapter in this guide. In the following examples, ras is the prompt as that is the default. If you configure a s ystem name, then that prompt will di[...]

Chapter 2 Comm o n Com m a nd s ZyWALL (Zy NOS) CLI Re ference Gu ide 18 The first command in this example shows inform ation about the LAN port , for example, it has an IP address of 192.168.1.1. The second c ommand is used to change this IP address to 192.168.100 .100. " Afterwards, you have to use this new IP address to access the ZyW ALL v[...]

Chapter 2 Commo n Com m a nd s ZyWALL (ZyNOS) CLI Reference Guide 19 Use these commands to release and renew DHCP-assigned information on the specified interface. ras> ip dhcp enif1 client release ras> ip dhcp enif1 status DHCP on iface enif1 is client Hostname : zyxel.zyxel.com Domain Name : zyxel.com Server IP address: 0.0.0.0 Client IP add[...]

Chapter 2 Comm o n Com m a nd s ZyWALL (Zy NOS) CLI Re ference Gu ide 20 T o view the ARP table for the LAN port, enter ip arp status enif0 . Each ZyW ALL c an support a specific number of NA T sessions in total. Y ou can limit the number of NA T sessions allow ed per host by using the ip nat session command. In the following example, each host may[...]

Chapter 2 Commo n Com m a nd s ZyWALL (ZyNOS) CLI Reference Guide 21 2.3 Basic System Information Use the following sys version and sys atsh commands to view i n formation about your ZyW ALL. Use the following command to view CPU utilization. ras> sys version ZyNOS version: V4.03(XD.0)Preb2_080 2_1 | 08/03/2007 romRasSize: 3596736 system up time[...]

Chapter 2 Comm o n Com m a nd s ZyWALL (Zy NOS) CLI Re ference Gu ide 22 Use the following command to vi ew the ZyW ALL’ s time and date. Use the following command to restart your ZyW A LL right away . Use the following command to reset the ZyW ALL to the factory defaults. Make su re you back up your current configuration first (using th e web co[...]

Chapter 2 Commo n Com m a nd s ZyWALL (ZyNOS) CLI Reference Guide 23 " After you change the console port speed, you need to change it also on your terminal emulation software (such as HyperT erminal) in order to reconnect to the ZyW ALL. Use the following command to see whether the ZyW ALL is acting act as a bridge or router Use the following [...]

Chapter 2 Comm o n Com m a nd s ZyWALL (Zy NOS) CLI Re ference Gu ide 24 Use the following command to display all ZyW ALL logs. Logs are very useful for troubleshooting. If you are hav ing problems with your ZyW ALL, then customer support may request that you se nd them the logs. Use the following command to display all ZyW ALL error logs ras> s[...]

Chapter 2 Commo n Com m a nd s ZyWALL (ZyNOS) CLI Reference Guide 25 Use the following command s fo r system debugging. A con sole port speed of 1 1 5,200 bps is necessary to view packet traces on the ZyW ALL. The extended ping com ma nd is used to have the ZyW ALL ping IP address 172.16.1.2 02 five times in the following example. 2.4 UTM and myZyX[...]

Chapter 2 Comm o n Com m a nd s ZyWALL (Zy NOS) CLI Re ference Gu ide 26 Y ou need to create an account at my ZyXEL.co m in order to activate content filtering, anti- spam and anti-virus UTM (Unified Threat Management) services. See the myZyXEL.com chapter for information on the co untry code you shou ld use. This command displays your Zy W ALL’ [...]

Chapter 2 Commo n Com m a nd s ZyWALL (ZyNOS) CLI Reference Guide 27 Use these commands to enable anti-spam on the ZyW ALL for traffic going from W AN1 to LAN. Use the following commands to enable anti-vi rus on the ZyW ALL Y ou first need to use the load command. Use the following comman ds to enable content filtering on t he ZyW ALL, then on the [...]

Chapter 2 Comm o n Com m a nd s ZyWALL (Zy NOS) CLI Re ference Gu ide 28 ras> ip cf policy edit 1 ras> ip cf policy config webControl ena ble on ras> ip cf policy config webControl dis play The Categories: type 1 :Adult/Mature Content type 2 :Pornography type 3 :Sex Education type 4 :Intimate Apparel/Swimsui t type 5 :Nudity type 6 :Alcoho[...]

Chapter 2 Commo n Com m a nd s ZyWALL (ZyNOS) CLI Reference Guide 29 Y ou may also configure and schedule new policie s using commands as well as configure what to block using the external database. 2.5 Firewall Use the following command to enab le the firewall on the ZyW ALL. 2.6 VPN Use the following command to show what IP sec VPN tunnels are ac[...]

Chapter 2 Comm o n Com m a nd s ZyWALL (Zy NOS) CLI Re ference Gu ide 30 This example shows d ialing up remote node “W AN 1” using PP TP . ras> pptp dial "WAN 1" Start dialing for node <WAN 1>... ### Hit any key to continue.### ras>[...]

31 P ART II Reference Antispam Commands (3 3) Antivirus Commands (35) Auxiliary (Dial Back up) Commands (39) Bandwidth Management Command s (43) Bridge Commands (51) Certificates Comm ands (55) CNM Agent Commands (63) Configuration Commands (67 ) Device Related Commands (83) Ethernet Commands (85) Firewall Commands (87) IDP Commands (93) IP Command[...]

32[...]

ZyWALL (ZyNOS) CLI Reference Guide 33 C HAPTER 3 Antispam Commands Use these commands to configur e antispam settings on the ZyW ALL. 3.1 Command Summary The following table describes the valu es required for many antispam ( as ) commands. Othe r values are discussed with the corresponding commands. The following section lists th e commands for thi[...]

Chapter 3 Antispam Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 34 The following table shows a list of default values . 3.2 Command Examples Use this example to load the antispam modul e and configure it to fi lter email received from the WAN and addressed to a client on the LAN. as failTolerance [ timeout ] Set s the timeout interval for a ratin[...]

ZyWALL (ZyNOS) CLI Reference Guide 35 C HAPTER 4 Antivirus Commands Use these comm an ds to con f igu r e an tiv i rus related settings on the ZyW ALL. 4.1 Command Summary The following table describes the valu es required for many antivirus ( av ) commands. Other values are discussed with the corresponding commands. The following section lists th [...]

Chapter 4 Antivirus Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 36 av config smtpScanAllMime <on|off> Enables or disables scanning of ASCII files transferred usi ng SMTP (email), such as .txt, .html. By def ault, the ZyW ALL scans MIME type files, for ex ample,.doc, .ppt, .zip, .exe. R+B av display Shows the antivirus settings. R+B av load[...]

Chapter 4 Antivirus Commands ZyWALL (ZyNOS) CLI Reference Guide 37 The following table shows a list of default values . av tune config l7Pop3asm <on|off> Enables or disables TCP packet assembly checking for POP3. R+B av tune config l7Smtpasm <on|off> Enable or disable s TCP packet assembly checking for SMTP . R+B av tune display Display[...]

Chapter 4 Antivirus Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 38 4.2 Command Examples This example loads the antivirus signature, enables antivirus protection, zip file decompression, and virus scanning on SMTP traffic from the LAN to the W AN. 17...asm (packet order checking) on autoupdate of f T able 13 av Default Values V ARIABLE DEFAULT VA[...]

ZyWALL (ZyNOS) CLI Reference Guide 39 C HAPTER 5 Auxiliary (Dial Backup) Commands Use these commands to configure dial back up (auxiliary) port settings on the ZyW ALL. 5.1 Command Summary The following table describes th e values required for many dial backup commands. Other values are discussed with the corresponding commands. The following se ct[...]

Chapter 5 Auxiliary ( Dial Backup) Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 40 5.2 Command Examples This example displays up per layer packet information for the dial backup port. The following table describes the labels in this display . aux mstatus < aux-port > Displays the status of the modem’s last call. R aux mtype < aux-port [...]

Chapter 5 Auxiliary (Dial Backup) Commands ZyWALL (ZyNOS) CLI Reference Guide 41 This example displays the dia l back up port’ s transmit and receive rates. The following table describes the labels in this display . This example displays details abou t the dial backup po rt’ s signal. The following table describes the labels in this display . r[...]

Chapter 5 Auxiliary ( Dial Backup) Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 42 This example shows the A T command string s that the ZyW ALL has sent to the modem connected to the dial back up port and the responses. RTS Request to Send: The signal the ZyWALL sends to the modem to have the modem prepa re to rece i v e da t a. CTS Clear to Send[...]

ZyWALL (ZyNOS) CLI Reference Guide 43 C HAPTER 6 Bandwidth Management Commands Use these comm an ds to configure bandwidt h management (BWM) settings on the ZyW ALL. 6.1 Command Summary The following table describes the values required for many commands . Other va lues are discussed with the c orresponding commands. T able 19 Bm Class Com mand Inpu[...]

Chapter 6 Bandwid th Management Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 44 The following section lists the commands for this feature. T able 20 Bm Interface Commands COMMAND DESCRIPTION M bm interface < interface > <enable|disable> [bandwidth < bps >] [prr|wrr] [efficient] Enables or disables BWM for traffic going out of th[...]

Chapter 6 Bandwidth Ma nag ement Commands ZyWALL (ZyNOS) CLI Reference Guide 45 6.2 Managing the Bandwid th of VPN T raffic By default the ZyW ALL us es the outer source and destination IP addresses of encrypted VPN packets in managing the bandwidth of the VPN traffic (when using " on " with this command). These are the IP addresses of th[...]

Chapter 6 Bandwid th Management Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 46 Figure 2 Managing the Bandwid th of VPN traffic between host s How you configure this comm an d affects how you can implemen t bandwidt h management as follows. • Leave this command set to off to be able to create band width management groups for individual unencryp[...]

Chapter 6 Bandwidth Ma nag ement Commands ZyWALL (ZyNOS) CLI Reference Guide 47 This example modifies one existing LAN class us ing following settings and displays what we configured then. • Class number: 1 • Bandwidth: 50,00 0,000 bps • Priority:2 • Enable the Borrowing option: Y es This example adds one LAN subclass using following settin[...]

Chapter 6 Bandwid th Management Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 48 • Enable the Borrowing option: No This example modifies one existing L AN subclass using following settings. • Class number: 1.5 • Bandwidth: 8 00 ,000 bps. • Enable the Borrowing option: Y es ras> bm config load ras> bm class lan add 1.5 bandwidth 600k [...]

Chapter 6 Bandwidth Ma nag ement Commands ZyWALL (ZyNOS) CLI Reference Guide 49 This example adds a filter on the LAN subclass using following settings. • Class number: 1.5 • Destination address: Sing le, 10 .1 . 1.2 0, FTP ports from 20 to 21. • Source address: Subnet, 192.168.1.0/24, any port. • Protocol: any protocol. This example monito[...]

Chapter 6 Bandwid th Management Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 50[...]

ZyWALL (ZyNOS) CLI Reference Guide 51 C HAPTER 7 Bridge Commands Use these comm an ds to con figure bridge settings on the ZyW ALL. 7.1 Command Summary The following table describes th e values required for many bridge commands. Other values are discussed with the co rresponding commands. The following se ction lists the bridge comma nd s. T able 2[...]

Chapter 7 Br idge Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 52 bridge rstp bridge enable T urns on RSTP (Rapid Sp anning Tree Protocol). B bridge rstp bridge forwardDelay [ forwarding-delay ] Sets the RSTP forwarding delay (4~30). This is the number of seconds a bridge remains in the listening and learning port states. The default is 15 second[...]

Chapter 7 Bridge Comman ds ZyWALL (ZyNOS) CLI Reference Guide 53 7.2 Command Examples This example enables RSTP on the ZyW ALL; en ables RSTP on the W AN and displays the RSTP settings. ras> bridge rstp bridge enable ras> bridge rstp port enable 3 ras> bridge rstp disp Bridge Info: (a)BridgeID: 8000 -0000aa100586 (b)TimeSinceTopoChange: 74[...]

Chapter 7 Br idge Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 54[...]

ZyWALL (ZyNOS) CLI Reference Guide 55 C HAPTER 8 Certificates Commands Use these comm an ds to con figu r e ce rtific a te s. 8.1 Command Summary The following table describes th e values required for many certificates commands. Other values are discussed with the corresponding commands. T able 23 Certificates Commands Input Values LABEL DESCRIPTIO[...]

Chapter 8 Certif icat es Com man ds ZyWALL (Zy NOS) CLI Re ference Gu ide 56 The following se ction lists the certificates comm an ds . T able 24 Certificates Commands COMMAND DESCRIPTION M certificates ca_trusted crl_issuer < name > [on|off] Specifies whether or not the specified CA issues a CRL. on|off : specifies whether or not the CA issu[...]

Chapter 8 Certificates Commands ZyWALL (ZyNOS) CLI Reference Guide 57 certificates my_cert create cmp_enroll < name > < ca-address > < ca-cert > < auth-key > < subject > [ key-length ] Creates a certificate request and enroll for a certificate immediately online using CMP protocol. R+B certificates my_cert create reque[...]

Chapter 8 Certif icat es Com man ds ZyWALL (Zy NOS) CLI Re ference Gu ide 58 8.2 Command Examples This example creates and displays a self signed certificate named “test” with a subject alternative common name of “cert-test” organi zation of “my-company”, country of “TW”, and IP 172.16.2.2. It u ses a 512 bit key and is valid for 5 [...]

Chapter 8 Certificates Commands ZyWALL (ZyNOS) CLI Reference Guide 59 This example displays the certificate that th e ZyW ALL is using as th e default self-signed certificate. Then it has the ZyW ALL use the sel f signed certificate named “test” as the default self-signed certificate. This example exports the self signed certificate na med “t[...]

Chapter 8 Certif icat es Com man ds ZyWALL (Zy NOS) CLI Re ference Gu ide 60 1 In W indows Explorer, locate and double-click the (non PEM-encoded) certific ate file. 2 Click Details and Copy to File .[...]

Chapter 8 Certificates Commands ZyWALL (ZyNOS) CLI Reference Guide 61 3 Click Next in the welcome screen. Select Base-64 encoded X.509 (.CER) . 4 T ype a file name (or browse for one).[...]

Chapter 8 Certif icat es Com man ds ZyWALL (Zy NOS) CLI Re ference Gu ide 62 5 Click Finish . 6 Open the newly created file in a text editor ( like Notepad) to be ab le to copy and paste the certificate into your CLI session.[...]

ZyWALL (ZyNOS) CLI Reference Guide 63 C HAPTER 9 CNM Agent Commands Use these commands to configure CNM agent settings on the ZyW ALL. 9.1 Command Summary The following section lists the commands for this feature. T able 25 CNM Commands COMMAND DESCRIPTION M cnm active [0:disable|1:enable] Enables or disables the CNM service on the ZyWALL. After en[...]

Chapter 9 CNM Agent Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 64 9.2 Command Examples This example displays the CNM agent version on the ZyW A LL. This example configures the CNM settings and activates the service on the ZyW ALL using the following settings. • CNM server IP address: 10.1.1 .252 • Encryption mode: DES • Encryption key: 12[...]

Chapter 9 CNM Agent Commands ZyWALL (ZyNOS) CLI Reference Guide 65 This example displays the CNM debug messages. It's useful for monitoring register or keepalive packets the ZyW ALL sends and receives to and from the CNM server . ras> cnm debug 1 cnm debug 1 <0:Disable 1:Enable> CNM debug messg es can only be printed at 115200 baud ra[...]

Chapter 9 CNM Agent Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 66[...]

ZyWALL (ZyNOS) CLI Reference Guide 67 C HAPTER 10 Configuration Commands Use these commands to configur e your configuration settings on the ZyW ALL. Many of these commands are also availabl e in the web configurator . 10.1 Command Summary The following table describes th e values required for many config commands. Other values are discussed with t[...]

Chapter 10 Config uration Co mmands ZyWALL (Zy NOS) CLI Re ference Gu ide 68 The following section lists th e commands for this feature. string, e- mail < 31 ASCII characters. timeout This is measured in second s between 0~ 4294967295 seconds. Editing , deleting or inserting these values has no effect. T o configure these timeout values use tos [...]

Chapter 10 Configuration Commands ZyWALL (ZyNOS) CLI Reference Guide 69 config delete firewall attack send- alert Deletes the setting for whether an alert should be se nt on registering an attack. R+B config delete firewall attack tcp- max-incomplete Deletes the setting for DOS detection b ased on the maximum number of sessions allowed with the sam[...]

Chapter 10 Config uration Co mmands ZyWALL (Zy NOS) CLI Re ference Gu ide 70 config delete firewall set < set# > rule < rule# > alert Deletes whether or not there is notification of a DoS attack or a violation of the alert settings. R+B config delete firewall set < set# > rule < rule# > custom-icmp Deletes the desired ICMP c[...]

Chapter 10 Configuration Commands ZyWALL (ZyNOS) CLI Reference Guide 71 config display anti-spam Displays all the antispam settings. R+B config display custom-service Displays all configured custom services. See T able 26 on pag e 6 7 for a list of custom-service parameters. R+B config display custom-service < entry# > Displays the custom ser[...]

Chapter 10 Config uration Co mmands ZyWALL (Zy NOS) CLI Re ference Gu ide 72 config edit anti-spam rule < rule# > email <1:whitelist|2:blacklist> active <0:disable| non-zero- number :enable> data < e-mail > Sets an antispam rule based on the e-mail address on a black or white list filter . e-mail : should be < 64 chars. R[...]

Chapter 10 Configuration Commands ZyWALL (ZyNOS) CLI Reference Guide 73 config edit firewall attack max- incomplete-high <0~255> Sets the threshold for DOS detection based on the maximum number of half-opened sessions allowed . Half- opened sessions will b e deleted after this level is reached to bring the number down to max-inco mplete-low .[...]

Chapter 10 Config uration Co mmands ZyWALL (Zy NOS) CLI Re ference Gu ide 74 config edit firewall set < set# > log <yes|no> Edits whether a log of sessions for which the set applies is sent. R+B config edit firewall set < set# > name < string > Edits the name for a set. R+B config edit firewall set < set# > rule < r[...]

Chapter 10 Configuration Commands ZyWALL (ZyNOS) CLI Reference Guide 75 config edit firewall set < set# > rule < rule# > destport-custom < string > Sets the desired TCP/UDP custom port name. 1. Y ou mu st first configure a TCP/UDP service na me using config edit custom-service < entry# > n ame < string > . 2. Then spec[...]

Chapter 10 Config uration Co mmands ZyWALL (Zy NOS) CLI Re ference Gu ide 76 10.2 Default V alues The following table shows a list of default values . config edit firewall set < set# > udp-idle-timeout < timeout > Edits the timeout for an idle UDP session before it is terminated. This command has no effect on firewall setting s . T o co[...]

Chapter 10 Configuration Commands ZyWALL (ZyNOS) CLI Reference Guide 77 10.3 Command Examples 10.3.1 Firewall Example T ype the following commands to setup a firewall rule in W AN to W A N direction, with source IP = 1.1.1.1 and destination IP = 2.2.2.2. The configured service is SSH(TCP:22), logging is enabled, and the default action taken when a [...]

Chapter 10 Config uration Co mmands ZyWALL (Zy NOS) CLI Re ference Gu ide 78 The following table describes th e fields displayed using the config display set command in the example above. The following table describes th e fields displayed using the config displ a y set < index > rule command in the example above, as well as other related fie[...]

Chapter 10 Configuration Commands ZyWALL (ZyNOS) CLI Reference Guide 79 The following table shows the interfaces assigne d to each set number . Source Starting IP address, Ending IP address Shows the range of source IP addresses of packets to which the rule applies. Destination Single IP address Shows the destination IP add ress of packets to which[...]

Chapter 10 Config uration Co mmands ZyWALL (Zy NOS) CLI Re ference Gu ide 80 16 WLAN to WLAN 17 LAN to W AN2 18 WA N 2 t o L A N 19 WA N 1 t o WA N 2 20 WA N 2 t o WA N 21 WA N 2 t o WA N 2 22 DMZ to W AN2 23 WA N 2 t o D M Z 24 WLAN to W AN2 25 W AN2 to WLAN 26 LAN to VPN 27 VPN to LAN 28 W AN1 to VPN 29 VPN to W AN 30 W AN2 to VPN 31 VPN to W AN2[...]

Chapter 10 Configuration Commands ZyWALL (ZyNOS) CLI Reference Guide 81 10.3.2 Anti-sp am Example This example shows how to set up an anti-spam bl acklist filter , wh ich is set to active, with an IP address of 192 .168.1.33, and subnet mask of 255.255.25 5.255. The following table describes th e fields displayed using the config displ a y set comm[...]

Chapter 10 Config uration Co mmands ZyWALL (Zy NOS) CLI Re ference Gu ide 82 10.3.3 Custom Service Example This example shows how to configure a custom service named “PERMITTED_ICMP”, using ICMP protocol, of type 3 and code 1. The following table describes th e fields displayed using the config displ a y custom- service command in the example a[...]

ZyWALL (ZyNOS) CLI Reference Guide 83 C HAPTER 11 Device Related Commands Use these comm an ds to configure dial-up WAN connect ions such as PPPoE (poe), PPTP (pne) and auxilary (aux) calls using the modem connected to the auxiliary port (if your ZyW ALL has one). 1 1.1 Overview A remote node is the remote ga teway (and the network behind the remot[...]

Chapter 11 Device Related Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 84 1 1.3 Command Example This example triggers a call to the ISP . device channel threshold <channel_name> [NUMBER] Sets the channel threshold. H+R +B device dial < node# > Dials to a remote node. En ter sys rn disp to display a list of remote nodes to dial. R T ab[...]

ZyWALL (ZyNOS) CLI Reference Guide 85 C HAPTER 12 Ethernet Commands Use these commands to configure the settings of ethernet ports on ZyW ALL. 12.1 Command Summary The following section lists th e commands for this feature. T able 36 Ethernet Commands COMMAND DESCRIPTION M ether edit load < ether-number > Loads the ethernet configur ation for[...]

Chapter 12 Ethern e t Com m ands ZyWALL (Zy NOS) CLI Re ference Gu ide 86 12.2 Command Examples This example chan ge s the ZyW ALL’ s W AN speed to 10 Mbps and full duplex. This example assigns the ZyW ALL’ s physical port 4 to be DMZ. ras> ether edit load 2 ras> ether edit speed 10/full ras> ether edit save ras> ether dynamicPort s[...]

ZyWALL (ZyNOS) CLI Reference Guide 87 C HAPTER 13 Firewall Commands Use these commands to configure firewall settings on the ZyW ALL. 13.1 Command Summary The following table describes input values for some of the firewall co mmands. Other values are discussed with the corresponding commands. T able 37 Firewall Command Input Values LABEL DESCRIPTIO[...]

Chapter 13 Firewall Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 88 The following se ction lists the firewall commands. T able 39 Firewall Commands COMMAND DESCRIPTION M sys firewall acl disp [ set- number ] [ rule-number ] Displays all of the firewall rules, rules for a specific direction of packet travel, or a a specific rule. R+B sys firewall [...]

Chapter 13 Fire wall Commands ZyWALL (ZyNOS) CLI Reference Guide 89 13.2 Command Examples This example displays the fi rewall log type and count. ras> sys firewall cnt disp ICMP Idle Timeout: 0 U DP Idle Timeout: 0 TCP Idle Timeout: 0 T CP SYN Idle Timeout: 0 TCP FIN Idle Timeout: 0 Land Attack: 0 I P Spoof Attack: 0 ICMP Echo Attack: 0 I CMP At[...]

Chapter 13 Firewall Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 90 This example loads a firewall schedule for LAN to W AN firewa ll rule 1 and sets the schedule to apply the rule on all days of the we ek except Saturday and saves the schedule. ras> sys firewall schedule load 2 1 Schedule Active(0=no, 1=yes): 0 ras> sys firewall schedule we[...]

Chapter 13 Fire wall Commands ZyWALL (ZyNOS) CLI Reference Guide 91[...]

Chapter 13 Firewall Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 92[...]

ZyWALL (ZyNOS) CLI Reference Guide 93 C HAPTER 14 IDP Commands Use these commands to configure IDP (Intrusio n Detection and Prevention) settings on the ZyW ALL. 14.1 Command Summary The following section lists th e commands for this feature. T able 40 IDP Commands COMMAND DESCRIPTION M idp config clean Clears out all the IDP matrix settings. R+B i[...]

Chapter 14 IDP Comm an ds ZyWALL (Zy NOS) CLI Re ference Gu ide 94 idp config dir wlan-dmz <on|off> Configures the protected tr affic direction setting. R+B idp config dir wlan-lan <on|off> Configures the protected tr affic direction setting. R+B idp config dir wlan-wan <on|off> Configures the protected tr affic direction setting.[...]

Chapter 14 IDP Commands ZyWALL (ZyNOS) CLI Reference Guide 95 idp load Loads the enable setting and the pr otecte d traffic directions. R+B idp signature config action <1~6> Sets the action the ZyWALL t akes upon finding a match for the signature. 1 : No Action. The intrusion is detected but no action is taken. 2 : Drop Packet. The p acke t i[...]

Chapter 14 IDP Comm an ds ZyWALL (Zy NOS) CLI Re ference Gu ide 96 14.2 Command Examples This example loads signature 1051222 and displays its current settings. Then it sets the ZyW ALL to send an alert upon finding a matc h for the signature. Finally it saves the signature’ s settings . idp update save Saves the signature update settings. R+B id[...]

ZyWALL (ZyNOS) CLI Reference Guide 97 C HAPTER 15 IP Commands Use these commands to config ure IP settings on the ZyW ALL. 15.1 Command Summary The following table describes input values for some of the ip commands. Other values are discussed with the c orresponding commands. 15.1.1 ALG Commands The following section lis ts the AL G commands. T abl[...]

Chapter 15 IP Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 98 15.1.2 ARP Commands The following section lis ts the ARP commands. 15.1.3 ARP Behavior and the ARP ackGratuitous Command Det ails The ZyW ALL does not accept ARP repl y information if the ZyW ALL did not send out a corresponding request. This he lps prevent the ZyW ALL from updating it[...]

Chapter 15 IP Commands ZyWALL (ZyNOS) CLI Reference Guide 99 For example, say the regular gateway goes down and a backup gateway sends a gratuitous ARP request. If the request is for an IP address that is not already in the ZyW ALL’ s ARP table, the ZyW ALL sends an ARP request to ask which host is using the IP address. After the ZyW ALL receives[...]

Chapter 15 IP Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 100 15.1.4 Binding Commands The following section lis ts the commands f or having a (n on-W AN) Ethernet interface filter packets based on IP address to MAC address binding. 15.1.5 Content Filtering Commands The following section lists th e content filtering commands. T able 44 Binding Co[...]

Chapter 15 IP Commands ZyWALL (ZyNOS) CLI Reference Guide 101 ip cf externalDB queryURL < index > < url > <Server|localCache> Checks whether or not the content filter po licy currently blocks any given web page. Server : T est whether or not the web site above is saved in the external content filter serv er ’s database of restri[...]

Chapter 15 IP Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 102 ip cf policy config CustomizedFlags [filterList|customize|disableAll ExceptTrusted|unblockRWFToTruste d|keywordBlock|fullPath|caseInse nsitive|fileName] [enable|disable] T urns the content filtering policy on or off and sets its customized settings. filterList : Use this to enable or [...]

Chapter 15 IP Commands ZyWALL (ZyNOS) CLI Reference Guide 103 ip cf policy config schedule enable <on|off> T urns the content filtering po licy’s schedule on or of f. R+B ip cf policy config schedule everyday timeSeg1 <0~24:start hour> <0~59:start minute> <0~24:end hour> <0~59:end minute> Sets the content filtering p[...]

Chapter 15 IP Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 104 15.1.6 Content Filt ering Command Examples The following commands configure example content filtering trusted and untrusted web site objects and keyword objects. The following example enables content filtering, loads content filtering policy one, configures it with the following setti[...]

Chapter 15 IP Commands ZyWALL (ZyNOS) CLI Reference Guide 105 • Schedule Period: 9:00 A.M. to 5:30 P .M. The following example changes th e schedule to policies for each day and applies it only on Mondays. ras> ip cf common enable on ras> ip cf policy insert 1 ras> ip cf policy config enable on ras> ip cf policy config ipGroup add 3 1[...]

Chapter 15 IP Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 106 The following command removes the policy’ s customized rule entry for www .hacking- example.com. 15.1.7 Custom Port Commands The following section lists the custom port commands. 15.1.8 DHCP Commands The following section lis ts the DH CP co mm an ds . 15.1.9 DNS Commands The follow[...]

Chapter 15 IP Commands ZyWALL (ZyNOS) CLI Reference Guide 107 ip dns lan edit <0|1|2> <0:from ISP|1:user defined|2:DNS relay|3:none> [ isp-idx | ip- address ] Configures the DNS server settings the ZyWALL assigns to LAN DHCP clients. 0|1|2 : Configures the first, se cond, or third DNS server setting. 0:from ISP|1:user defined|2:DNS rela[...]

Chapter 15 IP Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 108 ip dns system edita < index > < name > <0:FQDN|1:wildcard> <0:from ISP group|1:user defined> < isp-group-idx | ip- address > Edits the specified DNS address reco rd. R+B ip dns system editns < index > <*| domain name > <0:from ISP|1:user de[...]

Chapter 15 IP Commands ZyWALL (ZyNOS) CLI Reference Guide 109 15.1.10 DNS Command Examples The following example config ures the DNS server settings the ZyW ALL assigns to LAN DHCP clients. In this case the first DNS server is the one assigned by ISP 1. The se cond DNS server is at IP address 192.168 .1.5. No third DNS server is assigned. This exam[...]

Chapter 15 IP Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 11 0 15.1.12 ICMP Commands The following section lis ts the ICMP commands. 15.1.13 ICMP Command Example The following exa mp le dis p lays the ICMP status. The following table describes the labels in this display . T able 50 ICMP Comm ands COMMAND DESCRIPTION M ip icmp discovery < inte[...]

Chapter 15 IP Commands ZyWALL (ZyNOS) CLI Reference Guide 111 15.1.14 IGMP Commands The following section lis ts the IGMP commands. icmpInT imestam pReps The number of IC MP Time stamp Reply message s received on the interface. icmpInAddrMasks The number o f ICMP Address Mask Request messag es received on the interface. icmpInAddrMaskReps The numbe[...]

Chapter 15 IP Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 11 2 15.1.15 IGMP Command Example The following exa mp le dis p lays the IGMP status. ip igmp iface < interface > query Sends an IGMP query on the specified in terface (or IP alias on an interface). R ip igmp iface < interface > rsptime [100~255] Sets the IGMP response time in[...]

Chapter 15 IP Commands ZyWALL (ZyNOS) CLI Reference Guide 11 3 The following table describes the labels in this display . 15.1.16 NA T Commands The following section lis ts the NA T commands. T able 53 ip igmp status Description LABEL DESCRIPTION Group T his field displa ys group multicast IP addresse s. groupLink ifaceLi nk flags These fields are [...]

Chapter 15 IP Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 11 4 15.1.17 NA T Routing Command Example Use this command to set the ZyW ALL to route tr affic that does not match a NA T rule through a specific interface. An example of when you may wa nt to u se this is if you have servers with public IP addresses connected to the LAN, DMZ or WLAN. By[...]

Chapter 15 IP Commands ZyWALL (ZyNOS) CLI Reference Guide 11 5 15.1.18 Route Comman ds The following section lis ts the rou te co mmands. 15.1.19 Report and St atus Comman ds The following section lists the report and statu s co mm an ds . 15.1.20 St atic Route Commands The following section lists the static route commands. T able 55 Route Commands[...]

Chapter 15 IP Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 11 6 15.1.21 St atic Rou te Command Example The following example configures a static route named Example that sends all traffic for IP address 2.2.2.2 to a gateway at 192.168.1.9 and has a metric of 3. ip stroute config metric < metric > Sets a static route’s metric number . R ip[...]

Chapter 15 IP Commands ZyWALL (ZyNOS) CLI Reference Guide 11 7 15.1.22 T raffic Redirect Commands The following section lists th e traf fic redirect commands. 15.1.23 Other IP Commands The following section lists miscellaneous IP commands. T able 58 Traffic Redirect Commands COMMAND DESCRIPTION M ip tredir active <on|off> Enables or disables [...]

Chapter 15 IP Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 11 8 15.1.24 Interface Command Example The following example sets the W AN 1 interface to use IP address 172.16.2.2 and subnet mask 255.255.0.0. ip pingext [ target address ] [ -n] [ repeat-value ] [-l] [ data- size ] [-w] [ timeout-value ] [-o] [ ip- address | interface ] [-v] [ tos- val[...]

Chapter 15 IP Commands ZyWALL (ZyNOS) CLI Reference Guide 11 9 15.1.25 Ping Command Example The following command has the ZyW ALL ping IP address 172.16.2.56 5 times. ras> ip pingext 172.16.2.56 -n 5 Resolving 172.16.2.56... 172.16.2.56 sent rcvd size rtt avg max min 1 1 36 0 0 0 0 2 2 36 0 0 0 0 3 3 36 0 0 0 0 4 4 36 0 0 0 0 5 5 36 0 0 0 0 Exte[...]

Chapter 15 IP Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 120[...]

ZyWALL (ZyNOS) CLI Reference Guide 121 C HAPTER 16 IPSec Commands Use these commands to configur e IPSec settings on the ZyW ALL. 16.1 Command Summary The following table describes the values required for many commands . Other va lues are discussed with the c orresponding commands. The following section lists th e commands for this feature. T able [...]

Chapter 16 IPSec Com ma nds ZyWALL (Zy NOS) CLI Re ference Gu ide 122 ipsec timer update_peer < time > For IPSec rules with a domain name as the local or remote gateway address, th is comman d sets the interval (in minutes) for resolving the domain name and updating the rules. time : 2~60 minutes. The defaul t is 5 minutes. 0 disables the upd[...]

Chapter 16 IPSec Commands ZyWALL (ZyNOS) CLI Reference Guide 123 ipsec ikeConfig authMethod <0:PreSharedKey|1:RSASignature|2:pre ShareKey+XAUTH|3:RSASignature+XAUTH> Sets the authentication method. R+ B ipsec ikeConfig preShareKey < ascii | 0xhex > Sets the pre-shared key . ascii | 0xhex : Enter characte rs in ASCII or in hexadecimal f [...]

Chapter 16 IPSec Com ma nds ZyWALL (Zy NOS) CLI Re ference Gu ide 124 ipsec ipsecDisplay < rule-number > Displays the specified IPSec rule. Or displays all runtime IPSec rules without specifying a rule. Use ipsecAdd or ip secEdit to l oad an IPSec rule before using this command. R+B ipsec ipsecAdd Allocates a wo rking buffer to add an IPSec r[...]

Chapter 16 IPSec Commands ZyWALL (ZyNOS) CLI Reference Guide 125 ipsec ipsecConfig lcPortStart < po rt > Se ts the starting port for l ocal network traffic. Only traffic using the specified ports can go through the VPN tunnel. R+B ipsec ipsecConfig lcPortEnd < port > Se ts the ending port for local network traffic. R+B ipsec ipsecConfig[...]

Chapter 16 IPSec Com ma nds ZyWALL (Zy NOS) CLI Re ference Gu ide 126 ipsec manualConfig lcAddrStart < ip- address > Sets the local network starting IP address. R+B ipsec manualConfig lcAddrEndMask < ip- address > Sets the local network ending IP address for a range or the subnet mask for a subnet. R+B ipsec manualConfig lcPortStart <[...]

Chapter 16 IPSec Commands ZyWALL (ZyNOS) CLI Reference Guide 127 ipsec swSkipOverlapIp <on|off> T urn this on to send packets destined for overlapping local and remote IP a ddresses to the local network (you can access the local devices but not the remote devices). T urn this off to send packets destined for overlapping local and remote IP a [...]

Chapter 16 IPSec Com ma nds ZyWALL (Zy NOS) CLI Re ference Gu ide 128 16.2 swSkipOverlapIp Normally , we don't configure the local VPN policy rule’ s IP addresses to overlap with the remote VPN policy rule’ s IP addresses . For example, we don't configure both with 192.168.1.0. However , overlapp ing local and remote network IP addres[...]

Chapter 16 IPSec Commands ZyWALL (ZyNOS) CLI Reference Guide 129 In this case, if you want to send packets from network A to an overlapped IP (ex. 10.1.2.241) that is in the IP ali as network M, you ha ve to set the swSkipOverlapIp command to on . 16.3 Detect Zombie T unnels in T unnel or Gateway Mode The initial contact feature detects zombie tunn[...]

Chapter 16 IPSec Com ma nds ZyWALL (Zy NOS) CLI Re ference Gu ide 130 16.4 Command Examples This example adds an IKE rule as follows. • IKE Rule Name: VPN-p h1 • My IP Address: 10.1.1.1 • Secure Gateway Address: 10.1.1.2 • Authentication: Pre-Shared Key • Pre-Shared Key: 123456 78 This example en ab les VPN HA on an existing IKE rule. &qu[...]

Chapter 16 IPSec Commands ZyWALL (ZyNOS) CLI Reference Guide 131 This example adds an IPSec rule as follows. 1 The IPSec Rule Index: 1 2 Rule Name: VPN-ph2 3 Active 4 Link the IPSec settings with which IKE index rule: 1 5 The VPN protocol: ESP 6 Local Network T ype : Su bnet 7 Local Network Address Start: 192.168.1 .0 8 Local Network Address End: 2[...]

Chapter 16 IPSec Com ma nds ZyWALL (Zy NOS) CLI Re ference Gu ide 132[...]

ZyWALL (ZyNOS) CLI Reference Guide 133 C HAPTER 17 Load Balancing Commands Use these comm an ds to configure load shar i ng (load balancing ) setting s on the ZyW ALL. 17.1 Command Summary The following section lists the load sharing commands. T able 62 Load Balancing Commands COMMAND DESCRIPTION M ls band <up|down> < wan1- bandwidth wan2 [...]

Chapter 17 Load Balancing Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 134 17.2 Command Examples This example sets Least Load First load balancing to distribute 100 Kbps of upstream traf fic to W AN1 for eve ry 200 Kbps of upstream traffic that goes through W AN2. The bandwidth measurement is averaged over 30 seconds. Then it changes the load bal[...]

ZyWALL (ZyNOS) CLI Reference Guide 135 C HAPTER 18 myZyXEL.com Commands Use these comm an ds to con f igu r e us e r , produc t, or service registration settings on your ZyW ALL. Y our ZyW ALL needs to connect to the registration server (default is http:// www .myZyXEL.com). " Ensure your ZyW ALL is connected to t he Internet and the registrat[...]

Chapter 18 myZyXEL .com Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 136 18.2 Country Codes The following section lists the relationship between countries an d country codes defined in the ZyW ALL. T able 64 Country Codes COUNTRY NAME COUNTRY CODE AFGHANIST AN 1 ALBANIA 2 ALGERIA 3 AMERI CA 4 ANDORRA 5 ANGOLA 6 ANGUILLA 7 ANT A RTICA 8 ANTIGUA_AN[...]

Chapter 18 myZyX EL.com Comm a nd s ZyWALL (ZyNOS) CLI Reference Guide 137 BURUNDI 36 CAMBODIA 37 CAMEROON 38 CANADA 39 CAPE_VERDE 40 CA YMAN_ISLANDS 41 CENTRAL_AFRICAN_REPUBLIC 42 CHAD 43 CHILE 44 CHINA 45 CHRISTMAS_ISLAND 46 COCOS_KEELING_ISLANDS 47 COLOMBIA 48 COMOROS 49 CONGO_DEMOCRA TIC_REPUBLIC_OF_ THE 50 CONGO_REPUB_IC_OF 51 COOK_ISLANDS 52 [...]

Chapter 18 myZyXEL .com Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 138 FRANCE 74 FRANCE_METROPOLIT AN 75 FRENCH_GUIANA 76 FRENCH_POL YNESIA 77 FRENCH_SOUTHERN_TERRITORIES 78 GABON 79 GAMBIA 80 GEORGIA 81 GERMANY 82 GHANA 83 GIBRAL T AR 84 GREA T_BRIT AIN 85 GREECE 86 GREENLAND 87 GRENADA 88 GUADELOUPE 89 GUAM 90 GUA TEMALA 91 GUERNSEY 92 GUINEA[...]

Chapter 18 myZyX EL.com Comm a nd s ZyWALL (ZyNOS) CLI Reference Guide 139 KAZAKHST AN 1 12 KENY A 1 13 KIRIBA TI 1 14 KOREA_REPUBLIC_OF 1 15 KUWAIT 1 16 KYRGYZST AN 1 17 LAO_PEOPLE’s_DEMOCRA TIC_REPUBLIC_OF 1 18 LA TVIA 1 19 LEBANON 120 LESOTHO 121 LIBERIA 122 LIECHTENSTEIN 123 LITHUANIA 124 LUXEMBOURG 125 MACAU 126 MACEDONIA_FORMER_YUGOSLA V_RE[...]

Chapter 18 myZyXEL .com Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 140 NETHERLANDS 150 NETHERLANDS_ANTILLES 151 NEW_CALEDONIA 152 NEW_ZEALAND 153 NICARAGUA 154 NIGER 155 NIGERIA 156 NIUE 157 NORFOLK_ISLAND 158 NORTHERN_MARIANA_ISLANDS 159 NORW A Y 160 NOT_DETERMINED 161 OMAN 162 P AKIST AN 163 P ALAU 164 P ANAMA 164 P APUA_NEW_GUINEA 166 P ARAG[...]

Chapter 18 myZyX EL.com Comm a nd s ZyWALL (ZyNOS) CLI Reference Guide 141 SINGAPORE 188 SLOV AK_REPUBLIC 189 SLOVENIA 190 SOLOMON_ISLANDS 191 SOMALIA 192 SOUTH_AFRICA 193 SOUTH_GEORGIA_AND_THE_SOUTH_SANDWICH_ISLANDS 194 SP AIN 195 SRI_LANKA 196 ST_PIERRE_AND_MIQUELON 197 ST_HELENA 198 SURINAME 199 SV ALBARD_AND_JAN_MA YEN_ISLANDS 200 SW AZILAND 20[...]

Chapter 18 myZyXEL .com Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 142 18.3 Command Examples This example displays your ZyW ALL’ s registration information. . VENEZUELA 226 VIETNAM 227 VIRGIN_ISLANDS_BRITISH 228 VIRGIN_ISLANDS_USA 229 W ALLIS_ AND_FUTUNA_ISLANDS 230 WESTERN_SAHARA 231 WESTERN_SAMOA 232 YEMEN 233 YUGOSLA VIA 234 ZAMBIA 235 ZIM[...]

Chapter 18 myZyX EL.com Comm a nd s ZyWALL (ZyNOS) CLI Reference Guide 143 This example displays the detailed servic e registration information of your ZyW ALL. password Displays the registered password. email Displays the registered e-mail address. sku This is a string the registration server uses to validate your ZyWALL. country code Displays the[...]

Chapter 18 myZyXEL .com Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 144[...]

ZyWALL (ZyNOS) CLI Reference Guide 145 C HAPTER 19 PPPoE Commands Use these commands to configur e PPPoE settings on the ZyW ALL. 19.1 Command Summary A remote node is the remote ga teway (and the network behind the remote gateway) across a W AN connection. Remote node 1 may be your ISP for example. Y ou may configure multiple remote nodes in produ[...]

Chapter 19 PPPoE Com m and s ZyWALL (Zy NOS) CLI Re ference Gu ide 146 The following table shows a list of default values . 19.2 Command Examples This example shows the status of channel poe 0. Specifically it will show how many incoming and outgoing packets, octets (bytes) and control packets (pac ke ts used to set up or tear down the link) there [...]

Chapter 19 PPPoE Comma nd s ZyWALL (ZyNOS) CLI Reference Guide 147 This example shows dia l in g up remote node wan_1 using PPPoE. ras> poe dial WAN_1 Start dialing for node <WAN_1>... ### Hit any key to continue.### $$$ DIALING dev=6 ch=0.......... $$$ OUTGOING-CALL phone() $$$ CALL CONNECT speed<100000000> ty pe<6> chan<0&[...]

Chapter 19 PPPoE Com m and s ZyWALL (Zy NOS) CLI Re ference Gu ide 148[...]

ZyWALL (ZyNOS) CLI Reference Guide 149 C HAPTER 20 PPTP Commands Use these commands to configur e PP TP settings on the ZyW ALL. 20.1 Command Summary A remote node is the remote ga teway (and the network behind the remote gateway) across a W AN connection. Remote node 1 may be your ISP for example. Y ou may configure multiple remote nodes in produc[...]

Chapter 20 PPTP Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 150 20.2 Command Examples This example limits the number of packets queued for transmission to 1 1. Packets 12 and above in the queue will be dropped. ras> pptp enque 11 PPTP max en-queue size (flow control ) = 11[...]

ZyWALL (ZyNOS) CLI Reference Guide 151 C HAPTER 21 System Commands Use these commands to configure sy stem related settings on the ZyW ALL. 21.1 Local User Dat abase Commands The following section lists the local user database commands. 21.2 Local User Dat a base Commands Exa m pl e The following example configures a loca l user account with userna[...]

Chapter 21 System Comm ands ZyWALL (Zy NOS) CLI Re ference Gu ide 152 21.4 Diagnostic Commands The following section lists the diagnostic commands. sys datetime sync Has the ZyW ALL synchronize with the ti me server . R+ B sys datetime time hh [ mm [ ss ]] Set s or disp lays th e system’s current time (in hour minute second format). R+B T able 72[...]

Chapter 21 Syste m Commands ZyWALL (ZyNOS) CLI Reference Guide 153 21.4.1 Logs Commands The following section lis ts the logs commands. sys diagnostic switch [on|off] T urns the diagnostic feature on or off. R+B sys diagnostic threshold CPU [0~100] Sets the ZyW ALL to generate and send a diagnostic file every time the CPU us age exceeds the specifi[...]

Chapter 21 System Comm ands ZyWALL (Zy NOS) CLI Re ference Gu ide 154 sys logs category ipsec [0:none|1:log|2:alert|3:both] [0:don't show debug type|1:show debug type] Records IPSec logs and/or sends alerts. R sys logs category javablocked [0:none|1:log|2:alert|3:both] [0:don't show debug type|1:show debug type] Records blocked we b featu[...]

Chapter 21 Syste m Commands ZyWALL (ZyNOS) CLI Reference Guide 155 sys logs consolidate period <1- 600> Sets the log consolidation period (seconds). R+B sys logs consolidate switch <0:on|1:off> Enables or disables log consolidation. R+B sys logs display [access|attack|error|ipsec|ike|j avablocked|mten|packetfilter|pki |tcpreset|urlblock[...]

Chapter 21 System Comm ands ZyWALL (Zy NOS) CLI Re ference Gu ide 156 21.5 Configuring What Y ou W ant the ZyW ALL to Log 1 Use the sys logs load command to load the log settin gs for editing. Then you can configure which logs th e ZyW ALL is to record. 2 Use sys logs category to view a list of the log categories. Figure 8 Displaying Log Categories[...]

Chapter 21 Syste m Commands ZyWALL (ZyNOS) CLI Reference Guide 157 4 Use sys logs category followed by a log category and a parameter to decide what to record. Use 0 to not record logs for that category , 1 to record only logs fo r that category , 2 to record only alerts for that category , and 3 to record both logs and alerts for that cate gory . [...]

Chapter 21 System Comm ands ZyWALL (Zy NOS) CLI Re ference Gu ide 158 21.6 Remote Node Commands The following section lists the remote node commands. 21.7 Remote Management Commands The following section lis ts the server (remote management) commands. T able 75 Remote Node Commands COMMAND DESCRIPTION M sys rn accessblock <0:disable|1:enable>[...]

Chapter 21 Syste m Commands ZyWALL (ZyNOS) CLI Reference Guide 159 21.8 Remote Management Commands Example The following example allows HTTPS management access to the ZyW ALL through W AN1 from IP address 2.2.2.2 and displa ys the server access settings. 21.9 Threat Report Commands The following section lists th e threat report commands. ras> sy[...]

Chapter 21 System Comm ands ZyWALL (Zy NOS) CLI Re ference Gu ide 160 21.10 T emporarily Open Session Commands The following section lists the T emporarily Open Session (TOS) commands. sys threatReport av active <yes|no> T urns anti-virus threat repo rts on or off. R+B sys threatReport av flush Discards all anti-virus report data and updates [...]

Chapter 21 Syste m Commands ZyWALL (ZyNOS) CLI Reference Guide 161 21.10.1 UPnP Commands The following section lis ts the UP nP commands. 21.10.2 UPnP Commands Example The following example turns on UPnP and sets the ZyW ALL to allow UPnP to create firewall rules and keep UPnP created NA T rules even after restarting. sys tos timeout mail <1~655[...]

Chapter 21 System Comm ands ZyWALL (Zy NOS) CLI Re ference Gu ide 162 21.10.3 Other System Commands The following section lists mi scellaneous system commands. T able 80 Other sys Commands COMMAND DESCRIPTION M sys atsh Displays system information. R+B sys baud <1~5> Set s the console port speed . 1 : 38400 bps, 2 : 19200 bps, 3 : 9600, 4 : 5[...]

Chapter 21 Syste m Commands ZyWALL (ZyNOS) CLI Reference Guide 163 sys pwderrtm [ minute ] Sets or di sp lays the password error blocking timeout value. Brute-force password guessing prot ection allows you to specify a wait-time that must expire be fore entering a fourth password after three incorrect passwords have been entered. R+B sys reboot Res[...]

Chapter 21 System Comm ands ZyWALL (Zy NOS) CLI Re ference Gu ide 164[...]

ZyWALL (ZyNOS) CLI Reference Guide 165 C HAPTER 22 Wireless Commands Use these commands to configure wireless settings on the ZyW ALL. 22.1 Command Summary The following section lists th e commands for this feature. T able 81 General Wireless Commands COMMAND DESCRIPTION M wlan active <1:on|0:off> Sets 1 to activate the wireless card. R+B wla[...]

Chapter 22 Wirele ss Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 166 The following section lists the commands deal with SSID profiles. ZyW ALL supports 8 SSID profiles. Only one SSID profile is active at the same time. The following table describes the values required for many wireless WEP key setting commands. Other values are discus sed with t[...]

Chapter 22 Wireless Comman ds ZyWALL (ZyNOS) CLI Reference Guide 167 The following section lists the co mm ands dealing with security profiles. The ZyW ALL supports multiple security profiles. Only one security profile is active at one time . 22.2 Command Examples This example shows how to configure, save and display the settings of a wireless secu[...]

Chapter 22 Wirele ss Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 168 • Security profile name: Sec-01 • Security mode: WP A2 with Pre-Shared Key • Group key update tim e interval: every 600 seconds • Passphrase: aaaaaaaa This example shows how to conf igure, save and display the se ttings of a wireless SSID profile. This example uses th e[...]

ZyWALL (ZyNOS) CLI Reference Guide 169 C HAPTER 23 WWAN Commands Use these commands to configure wireless W AN settings on the ZyW ALL. 23.1 Command Summary The following table describes th e values required for many wwan commands. Other values are discussed with the relevant co mmands. The following section lists th e commands for this feature. T [...]

Chapter 23 WWAN Comm an d s ZyWALL (Zy NOS) CLI Re ference Gu ide 170 wwan config budgetCtrl data dir [1|2|3] Sets w hether either tra nsmitted (Tx) or recei ved (Rx), or both Tx/Rx data should be counted for budget purposes. 1:Tx 2:Rx 3:Tx and Rx R wwan config budgetCtrl data enable [on|off] Enables the recording of the amount of Tx/Rx data. This [...]

Chapter 23 WWAN Comm a nd s ZyWALL (ZyNOS) CLI Reference Guide 171 The following table shows a list of default values . wwan config nailUp [on|off] Enabl es a nailed up (always on) connection. R wwan config nat [on|off] Enables N A T (Network Ad dress T r anslation). R wwan config password < string > Set s the password for PPP authentication.[...]

Chapter 23 WWAN Comm an d s ZyWALL (Zy NOS) CLI Re ference Gu ide 172 23.2 Command Examples If using 3G card s such as the A C850, AC875, E612 , E620, or OptionG T HSDP A 7.2, type the commands below to configure 3G W W AN. The following screens show the same conf iguration using the web configurator . Figure 10 WW AN configuration example ras> [...]

Chapter 23 WWAN Comm a nd s ZyWALL (ZyNOS) CLI Reference Guide 173 Figure 1 1 WWAN configuration exampl e[...]

Chapter 23 WWAN Comm an d s ZyWALL (Zy NOS) CLI Re ference Gu ide 174[...]

175 P ART III Appendices and Index of Commands Legal Information (177) Customer Support (181) Index of Commands (187)[...]

176[...]

ZyWALL (ZyNOS) CLI Reference Guide 177 A PPENDIX A Legal Information Copyright Copyright © 2008 by ZyXEL Communications Corporation. The contents of this publication may not be reprod uced in any part or as a whole, transcribed, stored in a retrieval system, tran slated into any language, or transmitted in any form or by any means, el ectronic, me[...]

Appendix A Legal In fo rm at ion ZyWALL (Zy NOS) CLI Re ference Gu ide 178 If this device does cause harmful inte rference to radio/television reception, which can be determined by turning th e device off and on, the user is enc ouraged to try to correct the interference by one or more of the following measures: 1 Reorient or relocate the receiving[...]

Appendix A Legal Information ZyWALL (ZyNOS) CLI Reference Guide 179 This device has been designed for the WLAN 5 GHz network throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Vie win[...]

Appendix A Legal In fo rm at ion ZyWALL (Zy NOS) CLI Re ference Gu ide 180[...]

ZyWALL (ZyNOS) CLI Reference Guide 181 A PPENDIX B Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor . If you cannot contact yo ur vendor , then contac t a ZyXEL office for the region in which you bought the dev ice. Regional of fices are listed below (see also http:// www .zyxel.co[...]

Appendix B Customer Support ZyWALL (Zy NOS) CLI Re ference Gu ide 182 • Address: 1005F , ShengGao Internationa l T ower , No.137 XianXia Rd., Shanghai • W eb: http://www .zyxel.cn Cost a Rica • Support E-mail: soporte@zyxel.co.cr • Sales E-mail: sales@zyxel.co.cr • T elephone: +506-2017878 • Fax: +506-2 015098 • W eb: www .zyxel.co.cr[...]

Appendix B Customer Support ZyWALL (ZyNOS) CLI Reference Guide 183 Germany • Support E-mail: support@zyxel.de • Sales E-mail: sales@zyxel.de • T elephone: +49-2405-6909-69 • Fax: +49-2405-690 9-99 • W eb: www .zyxel.de • Re g u l ar M a il : ZyXEL Deut schland GmbH., Adenauerstr . 20/A2 D-52146, W uerselen, Germany Hungary • Support E[...]

Appendix B Customer Support ZyWALL (Zy NOS) CLI Re ference Gu ide 184 Malaysia • Support E-mail: support@zyxel.com.my • Sales E-mail: sales@zyxel.com.my • T elephone: +603-8076-9933 • Fax: +603-8076- 9833 • W eb: http://www .zyxel.com.my • Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F , Bandar Puchong Jaya, 47[...]

Appendix B Customer Support ZyWALL (ZyNOS) CLI Reference Guide 185 Singapore • Support E-mail: support@zyxel.com.sg • Sales E-mail: sales@zyxel.com.sg • T elephone: +65-6899-6678 • Fax: +65-6899-8887 • W eb: http://www .zyxel.com.sg • Regular Mail: ZyXEL Singapore Pte Ltd., No. 2 International Business Park, The Strategy #03-28, Sin gap[...]

Appendix B Customer Support ZyWALL (Zy NOS) CLI Re ference Gu ide 186 T urkey • Support E-mail: cso@zyxel.com.tr • T elephone: +90 212 222 55 22 • Fax: +90-212-220-2 526 • W eb: http:www .zyxel.com.tr • Address: Kaptanpasa Mahallesi Piyalep asa Bulvari Ortadogu Plaza N:14/13 K:6 Okmeydani/Sisli Istanbul/T urkey Ukraine • Support E-mail:[...]

Index of Commands ZyWALL (ZyNOS) CLI Reference Guide 187 Index of Commands 1 Use of undocumented co mmands or misconfigurat ion can damage the unit and possibly render it unusable. as asAction [0|1] .............................................................. ... 33 as delete blackRule < number | start-nu mber >[ end-number ] ..............[...]

Index of Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 188 av signature config destroyFile <on| off> ....................................... ... 36 av signature config log <on|off> .............................. .................... 36 av signature config sendWinMsg <on|o ff> ........................................ ... 36 av sig[...]

Index of Commands ZyWALL (ZyNOS) CLI Reference Guide 189 bridge rstp port mcheck < interface > ... ............................................ 52 bridge rstp port p2pLink < interface > <Auto:2|True:1|False:0> ................... ... 52 bridge rstp port pathCost < interface > [ path-cost ] ................................. 5[...]

Index of Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 190 cnm version ................................................... .................... 63 config cli .................................................... .................... 68 config delete anti-spam blackRule ............................. .................... 68 config delete anti-spam wh[...]

Index of Commands ZyWALL (ZyNOS) CLI Reference Guide 191 config display anti-spam ...................................... .................... 71 config display custom-service < entry # > ............................................ 71 config display custom-service ................................. .................... 71 config display firewa[...]

Index of Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 192 config edit firewall set < set# > rule < rule# > destaddr-range < start-ip >< end-ip > .... 74 config edit firewall set < set# > rule < rule# > destaddr-single < ip-address > ......... 74 config edit firewall set < set# > rule < rule# >[...]

Index of Commands ZyWALL (ZyNOS) CLI Reference Guide 193 idp config dir wan-wan <on|off> ............................... .................... 93 idp config dir wan-wan2 <on|off> .............................. .................... 93 idp config dir wan-wlan <on|off> .............................. .................... 93 idp config [...]

Index of Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 194 ip arp force <on|off> ................................................. ............ 98 ip arp gratuitous <on|off> .................................... .................... 98 ip arp reqUpdateTable <on|off> ................................ .................... 98 ip arp s[...]

Index of Commands ZyWALL (ZyNOS) CLI Reference Guide 195 ip cf policy config webFeature [<blo ck|nonblock> <activex|java|cookie|webproxy>] . 103 ip cf policy delete < index > ........... ........................................... 103 ip cf policy display < index > .......... ........................................... 103 i[...]

Index of Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 196 ip igmp iface < interface > interval < 125 ~ 2147483647> .............................. 111 ip igmp iface < interface > join < grou p > ........................................... 111 ip igmp iface < interface > leave < gro up > .........................[...]

Index of Commands ZyWALL (ZyNOS) CLI Reference Guide 197 ip tcp status .................................................................. .. 115 ip telnet < address > [ port ] ............................................ ........... 118 ip traceroute < address > [ ttl ] [ wait ] [ queries ] ........................ ........... 118 ip tr[...]

Index of Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 198 poe inout <NODE_NAME> ................................................. ........... 145 poe ippool [IP] [CNT] ................................................. ........... 145 poe master easy [ON|OFF] ...................................... ................... 145 poe master promiscuo[...]

Index of Commands ZyWALL (ZyNOS) CLI Reference Guide 199 sys edit < filename > ................... ........................................... 162 sys feature ................................................... ................... 162 sys filter netbios config <0~10> <on |off> ...................................... .. 162 sys filt[...]

Index of Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 200 type] .......................................................... ........... 154 sys logs category traffic [0:none|1: log] [0:don't show debug type|1:show debug type] 154 sys logs category upnp [0:none|1:log ] [0:don't show debug type|1:show debug type] 154 sys logs category urlb[...]

Index of Commands ZyWALL (ZyNOS) CLI Reference Guide 201 sys restart daily < hour > .............. ........................................... 163 sys restart display ........................................... ................... 163 sys restart timer < minute > ............ ........................................... 163 sys rn access[...]

Index of Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 202 sys tos timeout tcpsyn <1~65535> .............................. ................... 161 sys tos timeout udp <1~65535> ................................. ................... 161 sys updateServer debug type <0:Disab le|1:updateServer <on|off>|2:httpClient <on|off>|3[...]

Index of Commands ZyWALL (ZyNOS) CLI Reference Guide 203 wwan config budgetCtrl time quota [ t ime_in_hours ] ................................ 170 wwan config enable [on|off] ................................... ................... 170 wwan config idleTimeout < time_in_sec onds > ........................................ 170 wwan config multica[...]

Index of Commands ZyWALL (Zy NOS) CLI Re ference Gu ide 204[...]