Manuals / Brands / Computer Equipment / Network Card / ZyXEL Communications / Computer Equipment / Network Card

ZyXEL Communications 4.04 10.3 Command Examples, 10.3.1 Firewall Example, Save your settings and then display them for checking

1 204

Download 204 pages, 1.61 Mb

77

		Chapter 10 Configuration Commands
	Table 28 config Default Values
	VARIABLE	DEFAULT VALUE
	firewall attack tcp-mac-incomplete <0~255>	30
	firewall e-mail policy	none
	icmp-timeout	60 seconds
	tcp-idle-timeout	3600 seconds
	udp-idle-timeout	60 seconds

10.3 Command Examples

10.3.1 Firewall Example

Type the following commands to setup a firewall rule in WAN to WAN direction, with source IP = 1.1.1.1 and destination IP = 2.2.2.2. The configured service is SSH(TCP:22), logging is enabled, and the default action taken when a packet matches a rule is to permit the packet.

Save your settings and then display them for checking.

config insert firewall set 8 rule 1

config edit firewall set 8 rule 1 srcaddr-single 1.1.1.1 config edit firewall set 8 rule 1 destaddr-single 2.2.2.2 config edit firewall set 8 rule 1 tcp destport-single 22 config edit firewall set 8 rule 1 log match

config edit firewall set 8 rule 1 action permit config edit firewall set 8 rule 1 name SSH ras> config display firewall set 8

ACL set number: 8(WAN1 to WAN1/ZyWALL) ACL set name: Cmz-Rules

ACL set number of rules: 1

ACL set default action: drop

ACL pnc enable: no

ACL log enable: no

ACL logone enable: no ACL set timeout values: ICMP idle timeout (s): 60 UDP idle timeout (s): 60

TCP connection timeout (s): 30

TCP FIN-wait timeout (s): 60

TCP idle timeout (s): 3600

Free space remaining in ACL buffer: 161160 ras> config display set 8 rule 1

ACL rule number: 1 ACL rule active: yes

ACL rule action: permit ACL rule protocol:

ACL rule log: match

ACL rule alert: no

Source Single IP address: 1.1.1.1

Destination Single IP address: 2.2.2.2

TCP destination port number(s): 22

ACL rule name: SSH ras> config save firewall

	77
ZyWALL (ZyNOS) CLI Reference Guide	77

Contents

www.zyxel.com Page About This CLI Reference Guide Intended Audience How To Use This Guide Contents Overview Index of Commands Page Document Conventions Warnings and Notes Syntax Conventions ip-address name Page Copy and Paste Commands Icons Used in Figures Contents Overview Introduction Appendices and Index of Commands Page Page Page How to Access and Use the CLI 1.1 Accessing the CLI 1.1.1 Console Port 1.1.2Telnet 1.1.3 SSH 1.2Logging in 1.3 Using Shortcuts and Getting Help Abbreviations 1.4 Saving Your Configuration 1.5 Logging Out Common Commands 2.1 Change the Idle Timeout 2.2 Interface Information Chapter 2 Common Commands To view information on all interfaces, enter ip ifconfig To view DHCP information on the LAN port, enter ip dhcp enif0 status Page To view the ARP table for the LAN port, enter ip arp status enif0 ip nat session To see the IP routing table, enter the following command 2.3 Basic System Information Use the following command to view the ZyWALL’s time and date Use the following command to restart your ZyWALL right away Page Use the following command to display all ZyWALL error logs 2.4 UTM and myZyXEL.com This command displays your ZyWALL’s registration information This command displays ZyWALL service registration details Page Page 2.5 Firewall 2.6 VPN 2.7 Dialing PPPoE and PPTP Connections This example shows dialing up remote node “WAN 1” using PPTP Page Page Antispam Commands 3.1 Command Summary 3.2 Command Examples Antivirus Commands 4.1 Command Summary Chapter 4 Antivirus Commands Table 12 av Commands (continued) Table 13 av Default Values 4.2 Command Examples Auxiliary (Dial Backup) Commands 5.1 Command Summary 5.2 Command Examples This example displays the dial backup port’s transmit and receive rates Table 17 aux rate aux0 This example displays details about the dial backup port’s signal Table 18 aux rate aux0 Table 18 aux rate aux0 (continued) Bandwidth Management Page Page Page Page Page Page Page Bridge Commands 7.1 Command Summary Chapter 7 Bridge Commands Table 22 Bridge Commands (continued) 7.2 Command Examples Page Certificates Commands 8.1 Command Summary Chapter 8 Certificates Commands The following section lists the certificates commands Table 24 Certificates Commands Table 24 Certificates Commands (continued) 8.2 Command Examples 8.2.1 Saving Certificates as PEM-encodedFormat 2Click Details and Copy to File Next Base-64 encoded X.509 (.CER) Finish CNM Agent Commands 9.1 Command Summary 9.2 Command Examples Page Page Configuration Commands 10.1 Command Summary day entry# mask string, e mail timeout Table 27 config Command Summary (continued) Page Page Page Page Page Page 10.2 Default Values 10.3 Command Examples 10.3.1 Firewall Example index The following table shows the interfaces assigned to each set number Table 31 Set-InterfaceAssignments LAN to WAN1 WAN1 to LAN DMZ to LAN Page 10.3.2 Anti-spamExample 10.3.3 Custom Service Example Device Related Commands 11.1 Overview 11.2 Command Summary 11.3 Command Example Ethernet Commands 12.1 Command Summary 12.2 Command Examples Firewall Commands 13.1 Command Summary Chapter 13 Firewall Commands The following section lists the firewall commands Table 39 Firewall Commands 13.2 Command Examples Page Page Page IDP Commands 14.1 Command Summary Chapter 14 IDP Commands Table 40 IDP Commands (continued) Page 14.2 Command Examples IP Commands 15.1 Command Summary 15.1.1 ALG Commands 15.1.2 ARP Commands 15.1.3 ARP Behavior and the ARP ackGratuitous Command Details 15.1.3.1 Commands for Using or Ignoring Gratuitous ARP Requests to have the ZyWALL update the MAC address in the ARP entry to have the ZyWALL not update the MAC address in the ARP entry 15.1.4 Binding Commands 15.1.5 Content Filtering Commands Table 45 Content Filtering Commands (continued) Page Page 15.1.6 Content Filtering Command Examples • Schedule Period: 9:00 A.M. to 5:30 P.M 15.1.7 Custom Port Commands 15.1.8 DHCP Commands 15.1.9 DNS Commands Table 48 DNS Commands (continued) Page 15.1.10 DNS Command Examples 15.1.11 HTTP Commands 15.1.12 ICMP Commands 15.1.13 ICMP Command Example 15.1.14 IGMP Commands 15.1.15 IGMP Command Example 15.1.16 NAT Commands 15.1.17 NAT Routing Command Example 15.1.18 Route Commands 15.1.19 Report and Status Commands 15.1.20 Static Route Commands 15.1.21 Static Route Command Example 15.1.22 Traffic Redirect Commands 15.1.23 Other IP Commands 15.1.24 Interface Command Example 15.1.25 Ping Command Example Page IPSec Commands 16.1 Command Summary Chapter 16 IPSec Commands Table 61 Ipsec Commands (continued) Page Page Page Page Page 16.2 swSkipOverlapIp 16.3 Detect Zombie Tunnels in Tunnel or Gateway Mode 16.4 Command Examples This example adds an IPSec rule as follows 1The IPSec Rule Index: 2Rule Name: VPN-ph2 3Active 4Link the IPSec settings with which IKE index rule: Page Load Balancing Commands 17.1 Command Summary 17.2 Command Examples myZyXEL.com Commands ZyWALL 18.1Command Summary 18.2 Country Codes Page Page Page Page Page 18.3 Command Examples Table 66 sys myZyxelCom serviceDisplay Command Output Page PPPoE Commands 19.1 Command Summary 19.2 Command Examples wan_1 Page PPTP Commands 20.1 Command Summary 20.2 Command Examples System Commands 21.1 Local User Database Commands 21.2 Local User Database Commands Example 21.3 Date and Time Commands 21.4 Diagnostic Commands 21.4.1 Logs Commands Table 74 Logs Commands (continued) Page 21.5Configuring What You Want the ZyWALL to Log 21.5.1Displaying Logs 21.5.2Log Command Example 21.6 Remote Node Commands 21.7 Remote Management Commands 21.8 Remote Management Commands Example 21.9 Threat Report Commands 21.10 Temporarily Open Session Commands 21.10.1 UPnP Commands 21.10.2 UPnP Commands Example 21.10.3 Other System Commands Table 80 Other sys Commands (continued) Page Wireless Commands 22.1 Command Summary Chapter 22 Wireless Commands Table 81 General Wireless Commands (continued) Table 82 Wireless SSID Profile Commands Table 83 Wireless WEP Key Command Input Values 22.2 Command Examples •Security profile name: Sec-01 •Security mode: WPA2 with Pre-SharedKey •Group key update time interval: every 600 seconds •Passphrase: aaaaaaaa •SSID profile name: SSID-01 WWAN Commands 23.1 Command Summary Chapter 23 WWAN Commands Table 86 wwan Command Summary (continued) Table 87 wwan Default Values 23.2 Command Examples Page Page Page Page Legal Information Copyright Disclaimer Trademarks Certifications FCC Radiation Exposure Statement Notices Viewing Certifications ZyXEL Limited Warranty Note Registration Page Customer Support Required Information Corporate Headquarters (Worldwide) China - ZyXEL Communications (Beijing) Corp China - ZyXEL Communications (Shanghai) Corp Costa Rica Czech Republic Denmark Finland France Germany Hungary India Japan Kazakhstan Malaysia North America Norway Poland Russia Singapore Spain Sweden Taiwan Thailand Turkey Ukraine United Kingdom Index of Commands