Chapter 16 Firewall

16.2 Firewall Commands

The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.

Table 65 Input Values for General Firewall Commands

LABEL

DESCRIPTION

address_object

The name of the IP address (or address group) object. You may use 1-31

 

alphanumeric characters, underscores(_), or dashes (-), but the first character

 

cannot be a number. This value is case-sensitive.

address6_object

The name of the IPv6 address (or address group) object. You may use 1-31

 

alphanumeric characters, underscores(_), or dashes (-), but the first character

 

cannot be a number. This value is case-sensitive.

user_name

The name of a user (group). You may use 1-31 alphanumeric characters,

 

underscores(_), or dashes (-), but the first character cannot be a number. This value

 

is case-sensitive.

zone_object

The name of the zone. For the ZyWALL USG 300 and above, use up to 31 characters

 

(a-zA-Z0-9_-). The name cannot start with a number. This value is case-sensitive.

 

The ZyWALL USG 200 and lower models use pre-defined zone names like DMZ, LAN1,

 

SSL VPN, WLAN, IPSec VPN, OPT, and WAN.

 

 

rule_number

The priority number of a firewall rule. 1 - X where X is the highest number of rules

 

the ZyWALL model supports. See the ZyWALL’s User’s Guide for details.

 

 

schedule_object

The name of the schedule. You may use 1-31 alphanumeric characters,

 

underscores(_), or dashes (-), but the first character cannot be a number. This value

 

is case-sensitive.

service_name

The name of the service (group). You may use 1-31 alphanumeric characters,

 

underscores(_), or dashes (-), but the first character cannot be a number. This value

 

is case-sensitive.

The following table describes the commands available for the firewall. You must use the configure terminal command to enter the configuration mode before you can use the configuration commands. Commands that do not have IPv6 specified in the description are for IPv4.

Table 66 Command Summary: Firewall

COMMAND

DESCRIPTION

[no] firewall asymmetrical-route activate

Allows or disallows asymmetrical route topology.

[no] connlimit max-per-host <1..8192>

Sets the highest number of sessions that the ZyWALL

 

will permit a host to have at one time. The no

 

command removes the settings.

firewall rule_number

Enters the firewall sub-command mode to set a

 

firewall rule. See Table 67 on page 137 for the sub-

 

commands.

 

 

firewall zone_object {zone_objectZyWALL} rule_number

Enters the firewall sub-command mode to set a

 

direction specific through-ZyWALL rule or to-ZyWALL

 

rule. See Table 67 on page 137 for the sub-

 

commands.

 

 

firewall zone_object {zone_objectZyWALL} append

Enters the firewall sub-command mode to add a

 

direction specific through-ZyWALL rule or to-ZyWALL

 

rule to the end of the global rule list. See Table 67 on

 

page 137 for the sub-commands.

 

 

134

 

ZyWALL (ZLD) CLI Reference Guide