D-Link DFL-260E Reference Manual

Network security firewall netdefendos version 2.30.01

Hide thumbs Also See for DFL-260E:

Reference manual (948 pages)

Log reference manual (652 pages)

User manual (589 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

page of 211

/ 211
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual See also: Reference Manual, User Manual

Network Security Firewall

CLI Reference Guide

NetDefendOS

Security

Ver.

2.30.01

Network Security Solution

http://www.dlink.com

Table of Contents

Summary of Contents for D-Link DFL-260E

Page 1 Network Security Firewall CLI Reference Guide NetDefendOS Security Security Ver. 2.30.01 Network Security Solution http://www.dlink.com...
Page 2 CLI Reference Guide DFL-260E/860E/1660/2560/2560G NetDefendOS version 2.30.01 D-Link Corporation No. 289, Sinhu 3rd Rd, Neihu District, Taipei City 114, Taiwan R.O.C. http://www.DLink.com Published 2011-05-16 Copyright © 2011...
Page 3 D-Link reserves the right to revise this publication and to make changes from time to time in the content hereof without any obligation to notify any person or parties of such revision or changes.
Page 4: Table Of Contents
Table of Contents Preface .......................10 1. Introduction .....................12 1.1. Running a command ................12 1.2. Help ....................13 1.2.1. Help for commands ..............13 1.2.2. Help for object types ..............13 1.3. Function keys ..................14 1.4. Command line history ................15 1.5. Tab completion ..................16 1.5.1.
Page 5 CLI Reference Guide 2.2.30. idppipes ...................46 2.2.31. ifstat ..................47 2.2.32. igmp ..................48 2.2.33. ikesnoop ...................48 2.2.34. ippool ..................49 2.2.35. ipsecglobalstats ................50 2.2.36. ipseckeepalive ................50 2.2.37. ipsecstats ..................50 2.2.38. ipsectunnels ................51 2.2.39. killsa ..................52 2.2.40. languagefiles ................52 2.2.41. ldap ..................53 2.2.42. license ..................53 2.2.43.
Page 6 CLI Reference Guide 3.3.1. AdvancedScheduleOccurrence ............89 3.4. ALG ....................90 3.4.1. ALG_FTP ..................90 3.4.2. ALG_H323 ................91 3.4.3. ALG_HTTP ................91 3.4.4. ALG_POP3 ................93 3.4.5. ALG_PPTP ................93 3.4.6. ALG_SIP ...................94 3.4.7. ALG_SMTP ................94 3.4.8. ALG_TFTP ................96 3.4.9. ALG_TLS ..................97 3.5. ARP ....................98 3.6. BlacklistWhiteHost .................99 3.7.
Page 7 CLI Reference Guide 3.30.8. PPPoETunnel ................138 3.30.9. SSLVPNInterface ..............140 3.30.10. VLAN .................. 140 3.31. IPPool ....................142 3.32. IPRule ....................143 3.33. IPRuleFolder ..................146 3.33.1. IPRule ................... 146 3.34. IPsecAlgorithms ................. 147 3.35. LDAPDatabase .................. 148 3.36. LDAPServer ..................149 3.37.
Page 8 CLI Reference Guide 3.55.20. SSLVPNInterfaceSettings ............195 3.55.21. StateSettings ................195 3.55.22. TCPSettings ................196 3.55.23. VLANSettings ............... 197 3.56. SSHClientKey ................... 199 3.57. ThresholdRule ................... 200 3.57.1. ThresholdAction ..............200 3.58. UpdateCenter ..................202 3.59. UserAuthRule ..................203 3.60. ZoneDefenseBlock ................205 3.61.
Page 9 List of Examples 1. Command option notation ..................10 1.1. Help for commands ..................13 1.2. Help for object types ..................13 1.3. Command line history ..................15 1.4. Tab completion ....................16 1.5. Inline help ....................16 1.6. Edit an existing property value ................17 1.7. Using categories with tab completion ..............17 2.1.
Page 10: Preface
Administrators that are responsible for configuring and managing the D-Link Firewall. • Administrators that are responsible for troubleshooting the D-Link Firewall. This guide assumes that the reader is familiar with the D-Link Firewall, and has the necessary basic knowledge in network security. Notation...
Page 11 Notation Preface Because the table name option is followed by ellipses it is possible to specify more than one routing table. Since table name is optional as well, the user can specify zero or more policy-based routing tables. gw-world:/> routes Virroute Virroute2...
Page 12: Introduction
Chapter 1. Introduction • Running a command, page 12 • Help, page 13 • Function keys, page 14 • Command line history, page 15 • Tab completion, page 16 • User roles, page 18 This guide is a reference for all commands and configuration object types that are available in the command line interface for NetDefendOS.
Page 13: Help
1.2. Help Chapter 1. Introduction 1.2. Help 1.2.1. Help for commands There are two ways of getting help about a command. A brief help is displayed if the command name is typed followed by -? or -h. This applies to all commands and is therefore not listed in the option list for each command in this guide.
Page 14: Function Keys
1.3. Function keys Chapter 1. Introduction 1.3. Function keys In addition to the return key there are a number of function keys that are used in the CLI. Backspace Delete the character to the left of the cursor. Complete current word. Ctrl-A or Home Move the cursor to the beginning of the line.
Page 15: Command Line History
1.4. Command line history Chapter 1. Introduction 1.4. Command line history Every time a command is run, the command line is added to a history list. The up and down arrow keys are used to access previous command lines (up arrow for older command lines and down arrow to move back to a newer command line).
Page 16: Tab Completion
1.5. Tab completion Chapter 1. Introduction 1.5. Tab completion By using the tab function key in the CLI the names of commands, options, objects and object prop- erties can be automatically completed. If the text entered before pressing tab only matches one pos- sible item, e.g.
Page 17: Configuration Object Type Categories
1.5.3. Configuration object type cat- Chapter 1. Introduction egories If "." is entered instead of a property value and tab is pressed it will be replaced by the current value of that property. This is useful when editing an existing list of items or a long text value. The "<"...
Page 18: User Roles
1.6. User roles Chapter 1. Introduction 1.6. User roles Some commands and options cannot be used unless the logged in user has administrator priviege. This is indicated in this guide by a note following the command or "Admin only" written next to an option.
Page 19 1.6. User roles Chapter 1. Introduction...
Page 20: Command Reference
Chapter 2. Command Reference • Configuration, page 20 • Runtime, page 31 • Utility, page 77 • Misc, page 78 2.1. Configuration 2.1.1. activate Activate changes. Description Activate the latest changes. This will issue a reconfiguration, using the new configuration. If the reconfiguration is successful a commit command must be issued within the configured timeout interval in order to save the changes to media.
Page 21: Cancel
2.1.3. cancel Chapter 2. Command Reference Example 2.1. Create a new object Add objects with an identifier property (not index): gw-world:/> add Address IP4Address example_ip Address=1.2.3.4 Comments="This is an example" gw-world:/> add IP4Address example_ip2 Address=2.3.4.5 Add an object with an index: gw-world:/main>...
Page 22: Change Context
2.1.4. cc Chapter 2. Command Reference Note Requires Administrator privilege. 2.1.4. cc Change the current context. Description Change the current configuration context. A context is a group of objects that are dependent on and grouped by a parent object. Many objects lie in the "root"...
Page 23: Commit
2.1.5. commit Chapter 2. Command Reference depending on the specified <Type>. <Type> Type of configuration object to perform operation on. 2.1.5. commit Save new configuration to media. Description Save the new configuration to media. This command can only be issued after a successful activate command.
Page 24: Pskgen
2.1.7. pskgen Chapter 2. Command Reference Options -force Force object to be deleted even if it's used by other objects or has children. <Category> Category that groups object types. <Identifier> The property that identifies the configuration object. May not be applicable depending on the specified <Type>.
Page 25: Reject Changes
2.1.8. reject Chapter 2. Command Reference All changes made to the object will be lost. If the object is added after the last commit, it will be re- moved. To reject the changes in more than one object, use either the -recursive flag to delete a context and all its children recursively or the -all flag to reject the changes in all objects in the configura- tion.
Page 26: Reset
2.1.9. reset Chapter 2. Command Reference Note Requires Administrator privilege. 2.1.9. reset Reset unit configuration and/or binaries. Description Reset configuration or binaries to factory defaults. Usage reset -configuration Reset the configuration to factory defaults. reset -unit Reset the unit to factory defaults. Options -configuration Reset configuration to factory default.
Page 27: Show
2.1.11. show Chapter 2. Command Reference Example 2.5. Set property values Set properties for objects that have an identifier property: gw-world:/> set Address IP4Address example_ip Address=1.2.3.4 Comments="This is an example" gw-world:/> set IP4Address example_ip2 Address=2.3.4.5 Comments=comment_without_whitespace gw-world:/main> set Route 1 Comment="A route" gw-world:/>...
Page 28: Show Objects
2.1.11. show Chapter 2. Command Reference When showing a table of all objects of a certain type, the status of each object since the last time the configuration was committed is indicated by a flag. The flags used are: The object is deleted. The object is disabled.
Page 29: Undelete
2.1.12. undelete Chapter 2. Command Reference Options -changes Show all changes in the current configuration. -disabled Show disabled properties. -errors Show all errors in the current configuration. -references Show all references to this object from other objects. -verbose Show error details. <Category>...
Page 30 2.1.12. undelete Chapter 2. Command Reference depending on the specified <Type>. <Type> Type of configuration object to perform operation on. Note Requires Administrator privilege.
Page 31: Runtime
2.2. Runtime Chapter 2. Command Reference 2.2. Runtime 2.2.1. about Show copyright/build information. Description Show copyright and build information. Usage about 2.2.2. alarm Show alarm information. Description Show list of currently active alarms. Usage alarm [-history] [-active] Options -active Show the currently active alarms. -history Show the 20 latest alarms.
Page 32: Arpsnoop
2.2.4. arpsnoop Chapter 2. Command Reference Show all ARP entries. arp -show [<Interface>] [-ip=<pattern>] [-hw=<pattern>] [-num=<n>] Show ARP entries. arp -hashinfo [<Interface>] Show information on hash table health. arp -flush [<Interface>] Flush ARP cache of specified interface. arp -notify=<ip> [<Interface>] [-hwsender=<Ethernet Address>] Send gratuitous ARP for IP.
Page 33: Ats
2.2.5. ats Chapter 2. Command Reference Show snooped interfaces. arpsnoop {ALL | NONE | <interface>} [-verbose] Snoop specified interface. Options -verbose Verbose. {ALL | NONE | <interface>} Interface name. 2.2.5. ats Show active ARP Transaction States. Description Show active ARP Transaction States. Usage ats [-num=<n>] Options...
Page 34: Blacklist
2.2.7. blacklist Chapter 2. Command Reference Options <interface> Interface to show BigPond information. 2.2.7. blacklist Blacklist. Description Block and unblock hosts on the black and white list. Note: Static blacklist hosts cannot be unblocked. If -force is not specified, only the exact host with the service, protocol/port and destiny specified is unblocked.
Page 35: Buffers
2.2.8. buffers Chapter 2. Command Reference -dest=<ip address> Destination address to block/unblock (ExceptExtablished flag is set on). -dynamic Show dynamic hosts only. -force Unblock all services for the host that matches to options. -info Show detailed information. -listtime Show time in list (for dynamic hosts). -port=<port number>...
Page 36: Cam
2.2.10. certcache Chapter 2. Command Reference 2.2.9. cam CAM table information. Description Show information about the CAM table(s) and their entries. Usage cam -num=<n> Show CAM table information. cam <Interface> [-num=<n>] Show interface-specified CAM table information. cam <Interface> [-flush] Flush CAM table information of specified interface. cam -flush Flush CAM table information.
Page 37: Connections
2.2.12. connections Chapter 2. Command Reference Display configuration log. Description Display the log of the last configuration read attempt. Usage cfglog 2.2.12. connections List current state-tracked connections. Description List current state-tracked connections. Usage connections -show [-num=<n>] [-verbose] [-srciface=<interface>] [-destiface=<interface>] [-protocol=<name/num>] [-srcport=<port>] [-destport=<port>] [-srcip=<ip addr>] [-destip=<ip addr>] List connections.
Page 38: Cpuid
2.2.13. cpuid Chapter 2. Command Reference -protocol=<name/num> Show only given IP protocol. -show Show connections. -srciface=<interface> Filter on source interface. -srcip=<ip addr> Filter on source IP address. -srcport=<port> Show only given source TCP/UDP port. -verbose Verbose (more information). 2.2.13. cpuid Display info about the cpu.
Page 39: Dconsole
2.2.16. dconsole Chapter 2. Command Reference cryptostat 2.2.16. dconsole Displays the content of the diagnose console. Description The diagnose console is used to help troubleshooting internal problems within the security gateway Usage dconsole [-clean] [-flush] [-date=<date>] [-onlyhigh] [-blockoutput] Options -clean Remove all diagnose entries.
Page 40: Dhcprelay
2.2.18. dhcprelay Chapter 2. Command Reference Modify interface lease. Options -lease={RENEW | RELEASE} Modify interface lease. -list List all DHCP enabled interfaces. -show Show information about DHCP enabled interface. <interface> DHCP Interface. 2.2.18. dhcprelay Show DHCP/BOOTP relayer ruleset. Description Display the content of the DHCP/BOOTP relayer ruleset and the current routed DHCP relays. Display filter filters relays based on interface/ip (example: if1 192.168.*) Usage dhcprelay...
Page 41: Dhcpserver
2.2.20. dns Chapter 2. Command Reference 2.2.19. dhcpserver Show content of the DHCP server ruleset. Description Show the content of the DHCP server ruleset and various information about active/inactive leases. Display filter filters leases based on interface/mac/ip (example: if1 192.168.*) Usage dhcpserver Show DHCP server leases.
Page 42: Dnsbl
2.2.21. dnsbl Chapter 2. Command Reference DNS client and queries. Description Show status of the DNS client and manage pending DNS queries. Usage dns [-query=<domain name>] [-list] [-remove] Options -list List pending DNS queries. -query=<domain name> Resolve domain name. -remove Remove all pending DNS queries.
Page 43: Frags
2.2.23. frags Chapter 2. Command Reference In the "Flags" field of the dynrouting exports, the following letters are used: Route describe the optimal path to the network Route is unexported Usage dynroute [-rules] [-exports] Options -exports Show current exports. -rules Show dynamic routing, filter ruleset.
Page 44: Hostmon
2.2.24. ha Chapter 2. Command Reference -done List done (lingering) reassemblies. -free List free instead of active. -num=<n> List <n> entries. (Default: 20) {NEW | ALL | <reassembly id>} Show in-depth info about reassembly <n>. (Default: all) 2.2.24. ha Show current HA status. Description Show current HA status.
Page 45: Httpalg
2.2.27. httpposter Chapter 2. Command Reference 2.2.26. httpalg Commands related to the HTTP Application Layer Gateway. Description Show information about the WCF cache or list the overridden WCF hosts. Usage httpalg -override [-flush] List or flush hosts that have overridden the wcf filter. httpalg -wcfcache [-show] [-url=<String>] [-flush] [-verbose] [-count] [-server[={STATUS | CONNECT | DISCONNECT}]] [-num=<n>]...
Page 46: Hwaccel
2.2.28. hwaccel Chapter 2. Command Reference Options -display Display status. -repost Re-post all URLs now. (Admin only) 2.2.28. hwaccel List configured Hardware Accelerators. Description Display information about configured Hardware Accelarators. Usage hwaccel 2.2.29. hwm Show hardware monitor sensor status. Description Show hardware monitor sensor status.
Page 47: Ifstat
2.2.31. ifstat Chapter 2. Command Reference Show list of currently piped hosts. Usage idppipes -show [-host=<ip addr>] Lists hosts for which new connections are piped by IDP. idppipes -unpipe [-all] [-host=<ip addr>] Remove piping for the specified host. Options -all mark all hosts.
Page 48: Igmp
2.2.33. ikesnoop Chapter 2. Command Reference 2.2.32. igmp IGMP Interfaces. Description Show information about the current state of the IGMP interfaces. Send simulated messages to test configuration of the interface. Usage igmp Prints the current IGMP state. igmp -state [<Interface>] Prints the current IGMP state.
Page 49: Ippool
2.2.34. ippool Chapter 2. Command Reference Description Turn IKE on-screen snooping on/off. Useful for troubleshooting IPsec connections. Usage ikesnoop Show IKE snooping status. ikesnoop -on [<ip address>] [-verbose] Enable IKE snooping. ikesnoop -off Disable IKE snooping. Options -off Turn IKE snooping off. Turn IKE snooping on.
Page 50: Ipsecglobalstats
2.2.35. ipsecglobalstats Chapter 2. Command Reference -max=<n> Limit list to <n> entries. (Default: 10) -release Forcibly free IP assigned to subsystem. (Admin only) -show Show IP pool information. -verbose Verbose output. <ip address> IP address to free. 2.2.35. ipsecglobalstats Show global ipsec statistics. Description List global IPsec statistics.
Page 51: Ipsectunnels
2.2.38. ipsectunnels Chapter 2. Command Reference Show the SAs in use. Description List the currently active IKE and IPsec SAs, optionally only showing SAs matching the pattern giv- en for the argument "tunnel". Usage ipsecstats [-ike] [<tunnel>] [-ipsec] [-usage] [-verbose] [-num={ALL | <Integer>}] [-force] Options -force...
Page 52: Killsa
2.2.39. killsa Chapter 2. Command Reference Options -force Bypass confirmation question. -iface=<recv iface> IPsec interface to show information about. -num={ALL | <Integer>} Maximum number of entries to show (default: 40). 2.2.39. killsa Kill all SAs belonging to the given remote SG/peer. Description Kill all (IPsec and IKE) SAs associated with a given remote IKE peer IP or optional all SA:s in the system.
Page 53: Ldap
2.2.41. ldap Chapter 2. Command Reference languagefiles Show all language files on disk. languagefiles -remove=<String> Remove a language file from disk. Options -remove=<String> Specify language file to delete. 2.2.41. ldap LDAP information. Description Status and statistics for the configured LDAP databases. Usage ldap List all LDAP databases.
Page 54: Linkmon
2.2.43. linkmon Chapter 2. Command Reference Show contents of the license file. Description Show contents of the license file. Usage license 2.2.43. linkmon Display link montitoring statistics. Description . If link monitor hosts have been configured, linkmon will monitor host reachability to detect link/ NIC problems.
Page 55: Logout
2.2.45. logout Chapter 2. Command Reference Options {ON | OFF} Enable / disable lockdown. Note Requires Administrator privilege. 2.2.45. logout Logout user. Description Logout current user. Usage logout 2.2.46. memory Show memory information. Description Show core memory consumption. Also show detailed memory use of some components and lists. Usage memory 2.2.47.
Page 56: Netobjects
2.2.48. netobjects Chapter 2. Command Reference Options -num=<Integer> Maximum number of items to list (default: 20). -verbose Verbose (more information). <IP4 Address> Translated IP. <pool name> NAT Pool name. 2.2.48. netobjects Show runtime values of network objects. Description Displays named network objects and their contents. Example 2.10.
Page 57 2.2.49. ospf Chapter 2. Command Reference ospf Show runtime information. ospf -iface [<interface>] [-process=<OSPF Router Process>] Show interface information. ospf -area [<OSPF Area>] [-process=<OSPF Router Process>] Show area information. ospf -neighbor [<OSPF Neighbor>] [-process=<OSPF Router Process>] Show neighbor information. ospf -route [{HA | ALT}] [-process=<OSPF Router Process>] Show the internal OSPF process routingtable.
Page 58: Pcapdump
2.2.50. pcapdump Chapter 2. Command Reference -lsa Show details for a specified LSA <lsaID>. -neighbor Show neighbor information. -process=<OSPF Router Pro- Required if there are >1 OSPF router processes. cess> -route Show the internal OSPF process routingtable. -snoop={ON | OFF} Show troubleshooting messages on the console.
Page 59 2.2.50. pcapdump Chapter 2. Command Reference pcapdump -show [<interface(s)>] Show a captured packets brief. pcapdump -write [<interface(s)>] [-filename=<String>] Write the captured packets to disk. pcapdump -wipe Remove all captured packets from memory. pcapdump -cleanup Remove all captured packets, release capture mode and delete all written capture files from disk. Options -cleanup Remove all captured packets, release capture mode and delete...
Page 60: Pipes
2.2.51. pipes Chapter 2. Command Reference -start Start capture. -status Show capture status. -stop Stop capture. -tcp TCP filter. -udp UDP filter. -wipe Remove all captured packets from memory. -write Write the captured packets to disk. <interface(s)> Name of interface(s). Note Requires Administrator privilege.
Page 61: Pptpalg
2.2.53. reconfigure Chapter 2. Command Reference 2.2.52. pptpalg Show PPTP ALG information. Description Shows information and statistics of the PPTP ALGs. Usage pptpalg Show all configured PPTP ALGs. pptpalg -sessions <PPTP ALG> [-verbose] [-num=<Integer>] List all PPTP sessions. pptpalg -services <PPTP ALG> List all services attached to PPTP ALG.
Page 62: Routemon
2.2.55. routes Chapter 2. Command Reference 2.2.54. routemon List the currently monitored interfaces and gateways. Description List the currently monitored interfaces and/or gateways. Usage routemon 2.2.55. routes Display routing lists. Description Display information about the routing table(s): Contents of a (named) routing table. The list of routing tables, along with a total count of route entries in each table, as well as how many of the entries are single-host routes.
Page 63: Rules
2.2.56. rules Chapter 2. Command Reference Options -all Also show routes for interface addresses. -flushl3cache Flush Layer 3 Cache. -lookup=<ip address> Lookup the route for the given IP address. -nonhost Do not show single-host routes. -num=<n> Limit display to <n> entries. (Default: 20) -switched Only show switched routes and L3C entries.
Page 64: Selftest
2.2.57. selftest Chapter 2. Command Reference 2.2.57. selftest Run appliance self tests. Description The appliance self tests are used to verify the correct function of hardware components. Normal SGW operations might be disrupted during the test(s). The outcome of the throughput crypto accelerator tests are dependent on configuration values. If the number of large buffers (LocalReassSettings->LocalReass_NumLarge) too low, it might lower throughput result.
Page 65 2.2.57. selftest Chapter 2. Command Reference selftest -ping [-interfaces=<Interface>] Run a ping test over the interfaces. selftest -throughput [-interfaces=<Interface>] Run a throughput test over the interfaces. selftest -traffic [-interfaces=<Interface>] Run a traffic test over the interfaces. selftest -cryptoaccel Verify the correct functioning of the accelerator cards. selftest -burnin [-hours[=<Integer>]] [-minutes[=<Integer>]] [-memory] [-media] [-ping] [-throughput] [-traffic] [-cryptoaccel]...
Page 66: Services
2.2.58. services Chapter 2. Command Reference maximal achievable interface throughput. -traffic Run a traffic test over the interfaces. The traffic test uses mixed frame sizes and verifies the content of each received frame. Note Requires Administrator privilege. 2.2.58. services Show runtime values of configured services. Description Shows the runtime values of all configured services.
Page 67: Settings
2.2.60. settings Chapter 2. Command Reference Usage sessionmanager Show Session Manager status. sessionmanager -status Show Session Manager status. sessionmanager -list [-num=<n>] List active sessions. sessionmanager -info <session name> <database> Show in-depth information about session(s). sessionmanager -message <session name> <database> <message text> Send message to session with console.
Page 68: Shutdown
2.2.61. shutdown Chapter 2. Command Reference Description Show the contents of the settings section, category by category. Usage settings Show list of categories. settings <category> Show settings in category. Options <category> Show settings in category. 2.2.61. shutdown Initiate core or system shutdown. Description Initiate restart of the core/system.
Page 69 2.2.62. sipalg Chapter 2. Command Reference Description List running SIP-ALG configurations, SIP registration and call information. The -flags option with -snoop allows any combination of the following values: 0x00000001 GENERAL 0x00000002 ERRORS 0x00000004 OPTIONS 0x00000008 PARSE 0x00000010 VALIDATE 0x00000020 SDP 0x00000040 ALLOW_CHANGES 0x00000080 SUPPORTED_CHANGES 0x00000100 2543COMPLIANCE...
Page 70: Sshserver
2.2.63. sshserver Chapter 2. Command Reference sipalg -registration[={SHOW | FLUSH}] <alg> Show or flush current registration table. sipalg -calls <alg> Show active calls table. sipalg -session <alg> Show active SIP sessions. sipalg -connection <alg> Show SIP connections. sipalg -statistics[={SHOW | FLUSH}] <alg> Show or flush SIP counters.
Page 71: Sslvpn
2.2.64. sslvpn Chapter 2. Command Reference Show SSH Server status, or start/stop/restart SSH Server. Usage sshserver Show server status and list all connected clients. sshserver -status [-verbose] Show server status and list all connected clients. sshserver -keygen [-b=<bits>] [-t={RSA | DSA}] Generate SSH Server private keys.
Page 72: Stats
2.2.66. sysmsgs Chapter 2. Command Reference 2.2.65. stats Display various general firewall statistics. Description Display general information about the firewall, such as uptime, CPU load, resource consumption and other performance data. Usage stats 2.2.66. sysmsgs System messages. Description Show contents of the FWLoader sysmsg buffer. Usage sysmsgs 2.2.67.
Page 73: Uarules
2.2.69. uarules Chapter 2. Command Reference Description Display/set the system date and time. Usage time Display current system time. time -set <date> <time> Set system local time: <YYYY-MM-DD> <HH:MM:SS>. time -sync [-force] Synchronize time with timeserver(s) (specified in settings). Options -force Force synchronization regardless of the MaxAdjust setting.
Page 74: Updatecenter
2.2.70. updatecenter Chapter 2. Command Reference Options -verbose Verbose output. <Integer Range> Range of rules to list. 2.2.70. updatecenter Show autoupdate status and manage IDP/AV databases. Description Show autoupdate mechanism status or force an update. Usage updatecenter -update[={ANTIVIRUS | IDP | ALL}] Initiate an update check of the specified database.
Page 75: Vlan
2.2.72. vlan Chapter 2. Command Reference Show currently logged-on users and other information. Also allows logged-on users to be forcibly logged out. Note: In the user listing -list, only privileges actually used by the policy are displayed. Usage userauth List all authenticated users. userauth -list [-num=<n>] List all authenticated users.
Page 76: Vpnstats
2.2.73. vpnstats Chapter 2. Command Reference vlan List attached VLANs. vlan <Interface> Display VLANs connected to physical iface <iface>. Options <Interface> Display VLAN information about this interface. 2.2.73. vpnstats Alias for ipsecstats. 2.2.74. zonedefense Zonedefense. Description Block/unblock IP addresses/net and ethernet addresses. Usage zonedefense [-save] [-blockip=<ip address>] [-blockenet=<ethernet address>] [-eraseip=<ip address>]...
Page 77: Utility
2.3. Utility Chapter 2. Command Reference 2.3. Utility 2.3.1. ping Ping host. Description Sends one or more ICMP ECHO, TCP SYN or UDP datagrams to the specified IP address of a host. All datagrams are sent preloaded-style (all at once). The data size -length given is the ICMP or UDP data size.
Page 78: Misc
2.4. Misc Chapter 2. Command Reference 2.4. Misc 2.4.1. echo Print text. Description Print text to the console. Example 2.17. Hello World echo Hello World Usage echo [<String>]... Options <String> Text to print. 2.4.2. help Show help for selected topic. Description The help system contains information about commands and configuration object types.
Page 79: History
2.4.3. history Chapter 2. Command Reference Display help about selected topic from any category. help -category={COMMANDS | TYPES} [<Topic>] Display help from a specific topic category. Options -category={COMMANDS | Topic category. TYPES} <Topic> Help topic. 2.4.3. history Dump history to screen. Description List recently typed commands that have been stored in the command history.
Page 80: Script
2.4.5. script Chapter 2. Command Reference Example 2.20. Upload certificate data scp certificate.cer user@sgw-ip:certificate/certificate_name scp certificate.key user@sgw-ip:certificate/certificate_name Example 2.21. Upload ssh public key data scp sshkey.pub user@sgw-ip:sshclientkey/sshclientkey_name Usage Options -long Enable long listing format. <File> File to list. 2.4.5. script Handle CLI scripts.
Page 81 2.4.5. script Chapter 2. Command Reference Execute script. script -show [-all] [-name=<Name>] Show script in console window. script -store [-all] [-name=<Name>] Store a script to persistent storage. script -remove [-all] [-name=<Name>] Remove script. script List script files. Options -all Apply to all scripts. -create Create configuration script from specified object, class or category.
Page 82 2.4.5. script Chapter 2. Command Reference...
Page 83: Configuration Reference
Chapter 3. Configuration Reference • Access, page 84 • Address, page 86 • AdvancedScheduleProfile, page 89 • ALG, page 90 • ARP, page 98 • BlacklistWhiteHost, page 99 • Certificate, page 100 • Client, page 101 • CommentGroup, page 104 •...
Page 84: Access
3.1. Access Chapter 3. Configuration Reference • IPRule, page 143 • IPRuleFolder, page 146 • IPsecAlgorithms, page 147 • LDAPDatabase, page 148 • LDAPServer, page 149 • LinkMonitor, page 150 • LocalUserDatabase, page 151 • LogReceiver, page 152 • NATPool, page 155 •...
Page 85 3.1. Access Chapter 3. Configuration Reference Description Use an access rule to allow or block specific source IP addresses on a specific interface. Properties Index The index of the object, starting at 1. (Identifier) Name Specifies a symbolic name for the object. Action Accept, Expect or Drop.
Page 86: Address
3.2. Address Chapter 3. Configuration Reference 3.2. Address This is a category that groups the following object types. 3.2.1. AddressFolder Description An address folder can be used to group related address objects for better overview. Properties Name Specifies a symbolic name for the network object. (Identifier) Comments Text describing the current object.
Page 87 3.2.1. AddressFolder Chapter 3. Configuration Reference Name Specifies a symbolic name for the network object. (Identifier) Members Group members. UserAuthGroups Groups and user names that belong to this object. Objects that fil- ter on credentials can only be used as source networks and destin- ations networks in rules.
Page 88: Ethernetaddress
3.2.2. EthernetAddress Chapter 3. Configuration Reference Name Specifies a symbolic name for the network object. (Identifier) Address IP address, e.g. "172.16.50.8", "192.168.30.7,192.168.30.11", "192.168.7.0/24" or "172.16.25.10-172.16.25.50". ActiveAddress The dynamically set address used by e.g. DHCP enabled Ethernet interfaces. (Optional) UserAuthGroups Groups and user names that belong to this object. Objects that fil- ter on credentials can only be used as source networks and destin- ations networks in rules.
Page 89: Advancedscheduleprofile
3.3. AdvancedScheduleProfile Chapter 3. Configuration Reference 3.3. AdvancedScheduleProfile Description An advanced schedule profile contains definitions of occurrences used by various policies in the system. Properties Name Specifies a symbolic name for the service. (Identifier) Comments Text describing the current object. (Optional) 3.3.1.
Page 90: Alg
3.4. ALG Chapter 3. Configuration Reference 3.4. ALG This is a category that groups the following object types. 3.4.1. ALG_FTP Description Use an FTP Application Layer Gateway to manage FTP traffic through the system. Properties Name Specifies a symbolic name for the ALG. (Identifier) AllowServerPassive Allow server to use passive mode (unsafe for server).
Page 91: Alg_H323
3.4.2. ALG_H323 Chapter 3. Configuration Reference File List of file types to allow or deny. (Optional) VerifyContentMimetype Verify that file extentions correspond to the MIME type. (Default: No) Comments Text describing the current object. (Optional) 3.4.2. ALG_H323 Description Use an H.323 Application Layer Gateway to manage H.323 multimedia traffic. Properties Name Specifies a symbolic name for the ALG.
Page 92 3.4.3. ALG_HTTP Chapter 3. Configuration Reference MaxDownloadSize The maximal allowed file size in kB. (Optional) FileListType Specifies if the file list contains files to allow or deny. (Default: Block) FailModeBehavior Standard behaviour on error: Allow or Deny. (Default: Deny) File List of file types to allow or deny.
Page 93: Alg_Pop3
3.4.4. ALG_POP3 Chapter 3. Configuration Reference Note If no Index is specified when creating an instance of this type, the object will be placed last in the list and the Index will be equal to the length of the list. 3.4.4.
Page 94: Alg_Sip
3.4.6. ALG_SIP Chapter 3. Configuration Reference Description Use a PPTP Application Layer Gateway to manage PPTP traffic through the system. Properties Name Specifies a symbolic name for the ALG. (Identifier) EchoTimeout Specifies idle timeout for Echo messages in the PPTP tunnel. (Default: 0) IdleTimeout SPecifies idle timeout for user traffic in the PPTP tunnel.
Page 95 3.4.7. ALG_SMTP Chapter 3. Configuration Reference VerifySenderEmail Check emails for mismatching SMTP command From ad- dress and email header From address. (Default: No) VerifySenderEmailAction Action if sender verfication fails. (Default: Deny) VerifySenderEmailSpamTag Spam Tag that is inserted into the subject. (Default: "*** SPAM ***") VerifySenderEmailDomainOnly Only check domain names in email From addresses.
Page 96: Alg_Tftp
3.4.8. ALG_TFTP Chapter 3. Configuration Reference CacheSize Size of the IP Cache of checked sender IP addresses. (Default: 0) CacheTimeout Timeout in seconds before a cached IP address is removed. (Default: 600) DNSBlackLists Specifies the BlackList domain and its weighted value. Comments Text describing the current object.
Page 97: Alg_Tls
3.4.9. ALG_TLS Chapter 3. Configuration Reference Comments Text describing the current object. (Optional) 3.4.9. ALG_TLS Description TLS Alg Properties Name Specifies a symbolic name for the ALG. (Identifier) HostCert Specifies the host certificate. RootCert Specifies the root certificate. (Optional) Comments Text describing the current object.
Page 98: Arp
3.5. ARP Chapter 3. Configuration Reference 3.5. ARP Description Use an ARP entry to publish additional IP addresses and/or MAC addresses on a specified interface. Properties Mode Static, Publish or XPublish. (Default: Publish) Interface Indicates the interface to which the ARP entry applies; e.g. the interface the ad- dress shall be published on.
Page 99: Blacklistwhitehost
3.6. BlacklistWhiteHost Chapter 3. Configuration Reference 3.6. BlacklistWhiteHost Description Hosts and networks added to this whitelist can never be blacklisted by IDP or Threshold Rules. Properties Addresses Specifies the addresses that will be whitelisted. Service Specifies the service that will be whitelisted. Schedule The schedule when the whitelist should be active.
Page 100: Certificate
3.7. Certificate Chapter 3. Configuration Reference 3.7. Certificate Description An X. 509 certificate is used to authenticate a VPN client or gateway when establishing an IPsec tunnel. Properties Name Specifies a symbolic name for the certificate. (Identifier) Type Local, Remote or Request. CertificateData Certificate data.
Page 101: Client
This object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type. 3.8.3. DynDnsClientDLinkChina Description Configure the parameters used to connect to the D-Link DynDNS service (China only).
Page 102: Dyndnsclientdyndnsorg
3.8.4. DynDnsClientDyndnsOrg Chapter 3. Configuration Reference Properties DNSName The DNS name excluding the .dlinkddns.com suffix. Username Username. Password The password for the specified username. (Optional) Comments Text describing the current object. (Optional) Note This object type does not have an identifier and is identified by the name of the type only.
Page 103: Dyndnsclientpeanuthull
3.8.6. DynDnsClientPeanutHull Chapter 3. Configuration Reference Note This object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type. 3.8.6. DynDnsClientPeanutHull Description Configure the parameters used to connect to the Peanut Hull DynDNS service. Properties DNSNames Specifies the DNS names separated by ";".
Page 104: Commentgroup
3.9. CommentGroup Chapter 3. Configuration Reference 3.9. CommentGroup Description Group together one or more configuration objects. Properties Description Group description. (Default: "(New Group)") Color Group color. (Default: 9EBEE7) Note If no Index is specified when creating an instance of this type, the object will be placed last in the list and the Index will be equal to the length of the list.
Page 105: Comportdevice
3.10. COMPortDevice Chapter 3. Configuration Reference 3.10. COMPortDevice Description A serial communication port, that is used for accessing the CLI. Properties Port Port. (Identifier) BitsPerSecond Bits per second. (Default: 9600) DataBits Data bits. (Default: 8) Parity Parity. (Default: None) StopBits Stop bits.
Page 106: Configmodepool
3.11. ConfigModePool Chapter 3. Configuration Reference 3.11. ConfigModePool Description An IKE Config Mode Pool will dynamically assign the IP address, DNS server, WINS server etc. to the VPN client connecting to this gateway. Properties IPPoolType Specifies whether a predefined IP Pool or a static set of IP addresses should be used as IP address source.
Page 107: Datetime
3.12. DateTime Chapter 3. Configuration Reference 3.12. DateTime Description Set the date, time and time zone information for this system. Properties TimeZone Specifies the time zone. (Default: GMT) DSTEnabled Enable daylight saving time. (Default: Yes) DSTOffset Daylight saving time offset in minutes. (Default: 60) DSTStartMonth What month daylight saving time starts.
Page 108: Device
3.13. Device Chapter 3. Configuration Reference 3.13. Device Description Global parameters for this device. Properties Name Name of the device. (Default: Device) LocalCfgVersion Local version number of the configuration. (Default: 1) ConfigUser Name of the user who committed the current configuration. (Default: BaseConfiguration) ConfigSession Session type used when the current configuration was committed.
Page 109: Dhcprelay
3.14. DHCPRelay Chapter 3. Configuration Reference 3.14. DHCPRelay Description Use a DHCP Relay to dynamically alter the routing table according to relayed DHCP leases. Properties Name Specifies a symbolic name for the relay rule. (Identifier) Action Ignore, Relay or BootpFwd. (Default: Ignore) SourceInterface The source interface of the DHCP packet.
Page 110: Dhcpserver
3.15. DHCPServer Chapter 3. Configuration Reference 3.15. DHCPServer Description A DHCP Server determines a set of IP addresses and host configuration parameters to hand out to DHCP clients attached to a given interface. Properties Index The index of the object, starting at 1. (Identifier) Name Specifies a symbolic name for the DHCP Server rule.
Page 111: Dhcpservercustomoption
3.15.2. DHCPServerCustomOption Chapter 3. Configuration Reference Static DHCP Server host entry Properties Host IP Address of the host. StaticHostType Identifier for host. (Default: MACAddress) MACAddress The hardware address of the host. ClientIdentType Type of client identifier specified. (Default: Ascii) ClientIdent The client identifier for the host.
Page 112: Dns
3.16. DNS Chapter 3. Configuration Reference 3.16. DNS Description Configure the DNS (Domain Name System) client settings. Properties DNSServer1 IP of the primary DNS Server. (Optional) DNSServer2 IP of the secondary DNS Server. (Optional) DNSServer3 IP of the tertiary DNS Server. (Optional) Comments Text describing the current object.
Page 113: Driver
3.17. Driver Chapter 3. Configuration Reference 3.17. Driver This is a category that groups the following object types. 3.17.1. E1000EthernetPCIDriver Description Intel (E1000) Gigabit Ethernet Adaptor. Properties RxRingsize Rx ringsize. (Default: 64) TxRingsize Rx ringsize. (Default: 256) EnableMonitoring Enable monitoring. (Default: No) BelowCPULoad Below CPU load.
Page 114: Ixp4Npeethernetdriver
3.17.4. MarvellEthernetPCIDriver Chapter 3. Configuration Reference 3.17.3. IXP4NPEEthernetDriver Description Intel (IXP4xxNPE) Fast Ethernet Adaptor. Properties Comments Text describing the current object. (Optional) Note This object type does not have an identifier and is identified by the name of the type only.
Page 115 3.17.6. R8169EthernetPCIDriver Chapter 3. Configuration Reference Description RealTek (8169,8110) Gigabit Ethernet Adaptor. Properties Comments Text describing the current object. (Optional) Note This object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type.
Page 116: Dynamicroutingrule
3.18. DynamicRoutingRule Chapter 3. Configuration Reference 3.18. DynamicRoutingRule Description A Dynamic Routing Policy rule creates a filter to catch statically configured or OSPF learned routes. The matched routes can be controlled by the action rules to be either exported to OSPF processes or to be added to one or more routing tables.
Page 117: Dynamicroutingruleexportospf
3.18.2. DynamicRoutingRuleAddRoute Chapter 3. Configuration Reference 3.18.1. DynamicRoutingRuleExportOSPF Description An OSPF action is used to manipulate and export new or changed routes to an OSPF Router Pro- cess. Properties ExportToProcess Specifies to which OSPF Process the route change should be exported. SetTag Specifies a tag for this route.
Page 118 3.18.2. DynamicRoutingRuleAddRoute Chapter 3. Configuration Reference ProxyARPAllInterfaces Always select all interfaces, including new ones, for publishing routes via Proxy ARP. (Default: No) ProxyARPInterfaces Specifies the interfaces on which the security gateway should publish routes via Proxy ARP. (Optional) Comments Text describing the current object. (Optional) Note If no Index is specified when creating an instance of this type, the object will be placed last in the list and the Index will be equal to the length of the list.
Page 119: Ethernetdevice
3.19. EthernetDevice Chapter 3. Configuration Reference 3.19. EthernetDevice Description Hardware settings for an Ethernet interface. Properties Name Specifies a symbolic name for the device. (Identifier) EthernetDriver The Ethernet PCI driver that should be used by the interface. PCIBus PCI bus number where the Ethernet adapter is installed. PCISlot PCI slot number used by the Ethernet adapter.
Page 120: Highavailability
3.20. HighAvailability Chapter 3. Configuration Reference 3.20. HighAvailability Description Configure the High Availability cluster parameters for this system. Properties Enabled Enable high availability. (Default: No) ClusterID A (locally) unique cluster ID to use in identifying this group of HA security gateways. (Default: 0) SyncIface Specifies the interface used for state synchronization.
Page 121: Httpalgbanners
3.21. HTTPALGBanners Chapter 3. Configuration Reference 3.21. HTTPALGBanners Description HTTP banner files specifies the look and feel of HTTP ALG restriction web pages. Properties Name Specifies a symbolic name for the HTTP Banner Files. (Identifier) CompressionForbidden HTML for the CompressionForbidden.html web page. ContentForbidden HTML for the ContentForbidden.html web page.
Page 122: Httpauthbanners
3.22. HTTPAuthBanners Chapter 3. Configuration Reference 3.22. HTTPAuthBanners Description HTTP banner files specifies the look and feel of HTML authentication web pages. Properties Name Specifies a symbolic name for the HTTP Banner Files. (Identifier) FormLogin HTML for the FormLogin.html web page. LoginSuccess HTML for the LoginSuccess.html web page.
Page 123: Httpposter
3.23. HTTPPoster Chapter 3. Configuration Reference 3.23. HTTPPoster Description Use the HTTP poster for dynamic DNS or automatic logon to services using web-based authentica- tion. Properties URL1 The first URL that will be posted when the security gateway is loaded. (Optional) URL2 The second URL that will be posted when the security gateway is loaded.
Page 124: Hwm
3.24. HWM Chapter 3. Configuration Reference 3.24. HWM Description Hardware Monitoring allows monitoring of hardware sensors. Properties Name Specifies a symbolic name for the object. Type Type of monitoring. Sensor Sensor index. MinLimit Lower limit. (Optional) MaxLimit Upper limit. (Optional) EnableMonitoring Enable/disable monitoring.
Page 125: Idlist
3.25. IDList Chapter 3. Configuration Reference 3.25. IDList Description An ID list contains IDs, which are used within the authentication process when establishing an IPsec tunnel. Properties Name Specifies a symbolic name for the ID list. (Identifier) Comments Text describing the current object. (Optional) 3.25.1.
Page 126: Idprule
3.26. IDPRule Chapter 3. Configuration Reference 3.26. IDPRule Description An IDP Rule defines a filter for matching specific network traffic. When the filter criterion is met, the IDP Rule Actions are evaluated and possible actions taken. Properties Index The index of the object, starting at 1. (Identifier) Name Specifies a symbolic name for the rule.
Page 127 3.26.1. IDPRuleAction Chapter 3. Configuration Reference Properties Action Specifies what action to take if the given signature is found. (Default: Audit) Signatures Specifies what signature(s) to search for in the network traffic. (Optional) ZoneDefense Activate ZoneDefense. (Default: No) BlackList Activate BlackList. (Default: No) BlackListTimeToBlock The number of seconds that the dynamic black list should re- main.
Page 128: Igmprule
3.27. IGMPRule Chapter 3. Configuration Reference 3.27. IGMPRule Description An IGMP rule specifies how to handle inbound IGMP reports and outbound IGMP queries. Properties Index The index of the object, starting at 1. (Identifier) Name Specifies a symbolic name for the rule. (Optional) Type The type of IGMP messages the rule applies to.
Page 129 3.27. IGMPRule Chapter 3. Configuration Reference Note If no Index is specified when creating an instance of this type, the object will be placed last in the list and the Index will be equal to the length of the list.
Page 130: Igmpsetting
3.28. IGMPSetting Chapter 3. Configuration Reference 3.28. IGMPSetting Description IGMP parameters can be tuned for one, or a group of interfaces in order to match the characteristics of a network. Properties Name Specifies a symbolic name for the object. (Identifier) Interface The interfaces that these settings should apply to.
Page 131: Ikealgorithms
3.29. IKEAlgorithms Chapter 3. Configuration Reference 3.29. IKEAlgorithms Description Configure algorithms which are used in the IKE phase of an IPsec session. Properties Name Specifies a symbolic name for the object. (Identifier) NULLEnabled Enable plaintext. (Default: No) DESEnabled Enable DES encryption algorithm. (Default: No) DES3Enabled Enable 3DES encryption algorithm.
Page 132: Interface
3.30. Interface Chapter 3. Configuration Reference 3.30. Interface This is a category that groups the following object types. 3.30.1. DefaultInterface Description A special interface used to represent internal mechanisms in the system as well as an abstract "any" interface. Properties Name Specifies a symbolic name for the interface.
Page 133: Gretunnel
3.30.3. GRETunnel Chapter 3. Configuration Reference added automatically for this interface. (Default: No) AutoInterfaceNetworkRoute Automatically add a route for this interface using the given network. (Default: Yes) AutoDefaultGatewayRoute Automatically add a default route for this interface using the given default gateway. (Default: Yes) DHCPDNS1 IP of the primary DNS server.
Page 134: Ipsectunnel
3.30.5. IPsecTunnel Chapter 3. Configuration Reference Description Use an interface group to combine several interfaces for a simplified security policy. Properties Name Specifies a symbolic name for the interface. (Identifier) Equivalent Specifies if the interfaces should be considered security equivalent, that means that if enabled the interface group can be used as a destination interface in rules where connections might need to be moved between the two interfaces.
Page 135 3.30.5. IPsecTunnel Chapter 3. Configuration Reference encryption and authentication session keys. (Default: 3600) IPsecLifeTimeKilobytes The lifetime of the IPsec connection in kilobytes. (Default: 0) EncapsulationMode Specifies if the IPsec tunnel should use Tunnel or Transport mode. (Default: Tunnel) AuthMethod Certificate or Pre-shared key. Selects the Pre-shared key to use with this IPsec Tunnel.
Page 136: L2Tpclient
3.30.6. L2TPClient Chapter 3. Configuration Reference Net) DeadPeerDetection Enable Dead Peer Detection. (Default: Yes) NATTraversal Enable or disable NAT traversal. (Default: OnIfNeeded) KeepAlive Disabled, Auto or Manual. (Default: Disabled) KeepAliveSourceIP Source IP address used when sending keep-alive ICMP pings. KeepAliveDestinationIP Destination IP address used when sending keep-alive ICMP pings.
Page 137: L2Tpserver
3.30.7. L2TPServer Chapter 3. Configuration Reference PPPAuthPAP Use PAP authentication protocol for this tunnel. User name and password are sent in plaintext. (Default: Yes) PPPAuthCHAP Use CHAP authentication protocol for this tunnel. (Default: Yes) PPPAuthMSCHAP Use MS-CHAP authentication protocol for this tunnel. (Default: Yes) PPPAuthMSCHAPv2 Use MS-CHAP v2 authentication protocol for this tunnel.
Page 138: Pppoetunnel
3.30.8. PPPoETunnel Chapter 3. Configuration Reference TunnelProtocol Specifies if PPTP or L2TP should be used for this tunnel. (Default: PPTP) Interface The interface that the PPTP/L2TP Server should be listening on. ServerIP Specifies the IP that the PPTP/L2TP server should listen on, this can be an IP of a interface, or for example an ARP published IP.
Page 139 3.30.9. SSLVPNInterface Chapter 3. Configuration Reference Name Specifies a symbolic name for the interface. (Identifier) EthernetInterface The physical Ethernet interface that connects to the PPPoE server network. The host name to store the assigned IP address in. Network The network from which traffic should be routed into the tun- nel.
Page 140: Sslvpninterface
3.30.10. VLAN Chapter 3. Configuration Reference 3.30.9. SSLVPNInterface Description An SSL VPN interface, together with the bundled client, creates an easy to use tunnel solution for roaming users. Properties Name Specifies a symbolic name for the interface. (Identifier) OuterInterface The physical interface that the SSL VPN interface will listen on. ServerPort The listening port for the SSL VPN interface.
Page 141 3.30.10. VLAN Chapter 3. Configuration Reference Broadcast Specifies the broadcast address of the virtual LAN interface. (Optional) PrivateIP The private IP address of this high availability node. (Optional) Metric Specifies the metric for the auto-created route. (Default: 100) AutoSwitchRoute Enable transparent mode, which means that a switch route is added automatically for this virtual LAN interface.
Page 142: Ippool
3.31. IPPool Chapter 3. Configuration Reference 3.31. IPPool Description An IP Pool is a dynamic object which consists of IP leases that are fetched from a DHCP Server. The IP Pool is used as an address source by subsystems that may need to distribute addresses, e.g. by IPsec in Configuration mode.
Page 143: Iprule
3.32. IPRule Chapter 3. Configuration Reference 3.32. IPRule Description An IP rule specifies what action to perform on network traffic that matches the specified filter criter- Properties Index The index of the object, starting at 1. (Identifier) Name Specifies a symbolic name for the rule. (Optional) Action Reject, Drop, FwdFast, Allow, NAT, SAT or SLB_SAT.
Page 144 3.32. IPRule Chapter 3. Configuration Reference SLBNetSize Specifies network size for network stickiness. (Default: 24) SLBNewPort Rewrite destination port to this port. (Optional) SLBMonitorRoutingTable Routing table used for server monitoring. (Default: main) SLBMonitorPing Enable monitoring using ICMP Ping packets. (Default: No) SLBPingPollingInterval Delay in milliseconds between each ping interval.
Page 145 3.32. IPRule Chapter 3. Configuration Reference nections for connection-rate algorithm. (Default: 10) RequireIGMP Multicast traffic must have been requested using IGMP be- fore it is forwarded. (Default: Yes) MultiplexArgument Specifies how the traffic should be forwarded and translated. MultiplexAllToOne Rewrite all destination IPs to a single IP. (Default: No) LogEnabled Enable logging.
Page 146: Iprulefolder
3.33. IPRuleFolder Chapter 3. Configuration Reference 3.33. IPRuleFolder Description An IP Rule Folder can be used to group IP Rules into logical groups for better overview and simpli- fied management. Properties Index The index of the object, starting at 1. (Identifier) Name Specifies the name of the folder.
Page 147: Ipsecalgorithms
3.34. IPsecAlgorithms Chapter 3. Configuration Reference 3.34. IPsecAlgorithms Description Configure algorithms which are used in the IPsec phase of an IPsec session. Properties Name Specifies a symbolic name for the object. (Identifier) NULLEnabled Enable plaintext. (Default: No) DESEnabled Enable DES encryption algorithm. (Default: No) DES3Enabled Enable 3DES encryption algorithm.
Page 148: Ldapdatabase
3.35. LDAPDatabase Chapter 3. Configuration Reference 3.35. LDAPDatabase Description External LDAP server used to verify user names and passwords. Properties Name Specifies a symbolic name for the server. (Identifier) The IP address of the server. Port The TCP port of the server. (Default: 389) Timeout The timeout, in milliseconds, used when processing requests.
Page 149: Ldapserver
3.36. LDAPServer Chapter 3. Configuration Reference 3.36. LDAPServer Description An LDAP server is used as a central repository of certificates and CRLs that the security gateway can download when necessary. Properties Host Specifies the IP address or hostname of the LDAP server. Username Specifies the username to use when accessing the LDAP server.
Page 150: Linkmonitor
3.37. LinkMonitor Chapter 3. Configuration Reference 3.37. LinkMonitor Description The Link Monitor allows the system to monitor one or more hosts and take action if they are un- reachable. Properties Action Specifies what action the system should take. Addresses Specifies the addresses that should be monitored. MaxLoss A single host is considered unreachable if this number of consecutive ping responses to that host are not replied to.
Page 151: Localuserdatabase
3.38. LocalUserDatabase Chapter 3. Configuration Reference 3.38. LocalUserDatabase Description A local user database contains user accounts used for authentication purposes. Properties Name Specifies a symbolic name for the object. (Identifier) Comments Text describing the current object. (Optional) 3.38.1. User Description User credentials may be used in User Authentication Rules, which in turn are used in e.g.
Page 152: Logreceiver
3.39. LogReceiver Chapter 3. Configuration Reference 3.39. LogReceiver This is a category that groups the following object types. 3.39.1. EventReceiverSNMP2c Description A SNMP2c event receiver is used to receive SNMP events from the system. Properties Name Specifies a symbolic name for the log receiver. (Identifier) IPAddress Destination IP address.
Page 153: Logreceivermemory
3.39.3. LogReceiverSMTP Chapter 3. Configuration Reference 3.39.2. LogReceiverMemory Description A memory log receiver is used to receive and keep log events in system RAM. Properties Name Specifies a symbolic name for the log receiver. (Identifier) LogSeverity Specifies with what severity log events will be sent to the specified log receiv- ers.
Page 154: Logreceiversyslog
3.39.4. LogReceiverSyslog Chapter 3. Configuration Reference Comments Text describing the current object. (Optional) 3.39.4. LogReceiverSyslog Description A Syslog receiver is used to receive log events from the system in the standard Syslog format. Properties Name Specifies a symbolic name for the log receiver. (Identifier) IPAddress Specifies the IP address of the log receiver.
Page 155: Natpool
3.40. NATPool Chapter 3. Configuration Reference 3.40. NATPool Description A NAT Pool is used for NATing multiple concurrent connections to using different source IP ad- dresses. Properties Name Specifies a symbolic name for the NAT Pool. (Identifier) Type Specifies how NAT'ed connections are assigned a NAT IP ad- dress.
Page 156: Ospfprocess
3.41. OSPFProcess Chapter 3. Configuration Reference 3.41. OSPFProcess Description An OSPF Router Process defines a group of routers exchanging routing information via the Open Shortest Path First routing protocol. Properties Name Specifies a symbolic name for the OSPF process. (Identifier) RouterID Specifies the IP address that is used to identify the router.
Page 157: Ospfarea
3.41.1. OSPFArea Chapter 3. Configuration Reference cifies the details of the log. (Default: Off) DebugRoute Enables or disabled logging of routing table manipulation events and also specifies the details of the log. (Default: Off) AuthType Specifies the authentication type for the OSPF protocol exchanges. (Default: None) AuthPassphrase Specifies the passphrase used for authentication.
Page 158 3.41.1. OSPFArea Chapter 3. Configuration Reference Properties Interface Specifies which interface in the security gateway will be used for this OS- PF interface. (Identifier) Type Auto, Broadcast, Point-to-point or Point-to-multipoint. (Default: Auto) Network Specifies the network related to the configured OSPF interface. (Optional) MetricType Metric value or Bandwidth.
Page 159 3.41.1. OSPFArea Chapter 3. Configuration Reference Description For point-to-point and point-to-multipoint networks, specify the IP addresses of directly connected routers. Properties Interface Specifies the OSPF interface of the neighbor. IPAddress IP Address of the neighbor. Metric Specifies the metric of the neighbor. (Optional) Comments Text describing the current object.
Page 160 3.41.1. OSPFArea Chapter 3. Configuration Reference RouterID The ID of the router on the other side of the virtual link. UseDefaultAuth Use the authentication configuration specified in the OSPF process. (Default: Yes) AuthType Specifies the authentication type for the OSPF protocol exchanges. (Default: None) AuthPassphrase Specifies the passphrase used for authentication.
Page 161: Pipe
3.42. Pipe Chapter 3. Configuration Reference 3.42. Pipe Description A pipe defines basic traffic shaping parameters. The pipe rules then determines which traffic goes through which pipes. Properties Name Specifies a symbolic name for the pipe. (Identifier) LimitKbpsTotal Total bandwidth limit for this pipe in kilobits per second. (Optional) LimitPPSTotal Total packet per second limit for this pipe.
Page 162 3.42. Pipe Chapter 3. Configuration Reference UserLimitPPS0 Specifies the throughput limit per group in PPS for precedence 0 (the lowest precedence). (Optional) UserLimitKbps1 Specifies the bandwidth limit per group in kbps for precedence 1. (Optional) UserLimitPPS1 Specifies the throughput limit per group in PPS for precedence 1. (Optional) UserLimitKbps2 Specifies the bandwidth limit per group in kbps for precedence 2.
Page 163 3.42. Pipe Chapter 3. Configuration Reference (Default: 7) Comments Text describing the current object. (Optional)
Page 164: Piperule
3.43. PipeRule Chapter 3. Configuration Reference 3.43. PipeRule Description A Pipe Rule determines traffic shaping policy - which Pipes to use - for one or more types of traffic with the same granularity as the standard ruleset. Properties Index The index of the object, starting at 1. (Identifier) Name Specifies a symbolic name for the object.
Page 165: Psk
3.44. PSK Chapter 3. Configuration Reference 3.44. PSK Description PSK (Pre-Shared Key) authentication is based on a shared secret that is known only by the parties involved. Properties Name Specifies a symbolic name for the pre-shared key. (Identifier) Type Specifies the type of the shared key. PSKAscii Specifies the PSK as a passphrase.
Page 166: Radiusaccounting
3.45. RadiusAccounting Chapter 3. Configuration Reference 3.45. RadiusAccounting Description External RADIUS server used to collect user statistics. Properties Name Specifies a symbolic name for the server. (Identifier) IPAddress The IP address of the server. Port The UDP port of the server. (Default: 1813) RetryTimeout The retry timeout, in seconds, used when trying to contact the RADIUS ac- counting server.
Page 167: Radiusserver
3.46. RadiusServer Chapter 3. Configuration Reference 3.46. RadiusServer Description External RADIUS server used to verify user names and passwords. Properties Name Specifies a symbolic name for the server. (Identifier) IPAddress The IP address of the server. Port The UDP port of the server. (Default: 1812) RetryTimeout The retry timeout, in seconds, used when trying to contact the RADIUS ac- counting server.
Page 168: Remoteidlist
3.47. RemoteIDList Chapter 3. Configuration Reference 3.47. RemoteIDList Description List of Remote IDs that are allowed access when using Pre Shared Keys as authentication method. Properties Type Specifies the type of the shared key. PSKAscii Specifies the PSK as a passphrase. PSKHex Specifies the PSK as a hexadecimal key.
Page 169: Remotemanagement
3.48. RemoteManagement Chapter 3. Configuration Reference 3.48. RemoteManagement This is a category that groups the following object types. 3.48.1. RemoteMgmtHTTP Description Configure HTTP/HTTPS management to enable remote management to the system. Properties Name Specifies a symbolic name for the object. (Identifier) Interface Specifies the interface for which remote access is granted.
Page 170 3.48.3. RemoteMgmtSSH Chapter 3. Configuration Reference Properties Name Specifies a symbolic name for the SSH server. (Identifier) Interface Specifies the interface for which remote access is granted. Port The listening port for the SSH server. (Default: 22) AllowAuthMethodPassword Allow password client authentication. (Default: Yes) AllowAuthMethodPublicKey Allow public key client authentication.
Page 171 3.48.3. RemoteMgmtSSH Chapter 3. Configuration Reference Comments Text describing the current object. (Optional)
Page 172: Routebalancinginstance
3.49. RouteBalancingInstance Chapter 3. Configuration Reference 3.49. RouteBalancingInstance Description A route balancing instance is assoicated with a routingtable and defines how to make use of multiple routes to the same destination. Properties RoutingTable Specify routingtable to deploy route load balancing in. (Identifier) Algorithm Specify which algorithm to use when balancing the routes.
Page 173: Routebalancingspilloversettings
3.50. RouteBalancingSpilloverSetting Chapter 3. Configuration Reference 3.50. RouteBalancingSpilloverSettings Description Settings associated with the spillover algorithm. Properties Interface Interface to threshold limit. (Identifier) HoldTime Number of consecutive seconds over/under the threshold limit to trig- ger state change for the affected routes. (Default: 30) OutboundThreshold Outbound threshold limit.
Page 174: Routingrule
3.51. RoutingRule Chapter 3. Configuration Reference 3.51. RoutingRule Description A Routing Rule forces the use of a routing table in the forward and/or return direction of traffic on a connection. The ordering parameter of the routing table determines if it is consulted before or after the main routing table.
Page 175: Routingtable
3.52. RoutingTable Chapter 3. Configuration Reference 3.52. RoutingTable Description The system has a predefined main routing table. Alternate routing tables can be defined by the user. Properties Name Specifies a symbolic name for the routing table. (Identifier) Ordering Specifies how a route lookup is done in a named routing ta- ble.
Page 176 3.52.1. Route Chapter 3. Configuration Reference 1000) EnableHostMonitoring Enables the Host Monitoring functionality. (Default: No) Reachability Specifies the number of hosts that are required to be reach- able to consider the route to be active. (Default: ALL) GracePeriod Specifies the time to wait after a reconfiguration until the monitoring begins.
Page 177: Switchroute
3.52.2. SwitchRoute Chapter 3. Configuration Reference RequestURL Specifies the HTTP URL to monitor. ExpectedResponse Expected HTTP response. Comments Text describing the current object. (Optional) Note If no Index is specified when creating an instance of this type, the object will be placed last in the list and the Index will be equal to the length of the list.
Page 178: Scheduleprofile
3.53. ScheduleProfile Chapter 3. Configuration Reference 3.53. ScheduleProfile Description A Schedule Profile defines days and dates and are then used by the various policies in the system. Properties Name Specifies a symbolic name for the service. (Identifier) Specifies during which intervals the schedule profile is active on Mondays. (Optional) Specifies during which intervals the schedule profile is active on Tuesdays.
Page 179: Service
3.54. Service Chapter 3. Configuration Reference 3.54. Service This is a category that groups the following object types. 3.54.1. ServiceGroup Description A Service Group is a collection of service objects, which can then be used by different policies in the system. Properties Name Specifies a symbolic name for the service.
Page 180: Serviceipproto
3.54.3. ServiceIPProto Chapter 3. Configuration Reference EchoReplyCodes Specifies which Echo Reply message codes should be matched. (Default: 0-255) SourceQuenching Enable matching of Source Quenching messages. (Default: SourceQuenchingCodes Specifies which Source Quenching message codes should be matched. (Default: 0-255) TimeExceeded Enable matching of Time Exceeded messages. (Default: No) TimeExceededCodes Specifies which Time Exceeded message codes should be matched.
Page 181 3.54.4. ServiceTCPUDP Chapter 3. Configuration Reference Properties Name Specifies a symbolic name for the service. (Identifier) DestinationPorts Specifies the destination port or the port ranges applicable to this ser- vice. Type Specifies whether this service uses the TCP or UDP protocol or both. (Default: TCP) SourcePorts Specifies the source port or the port ranges applicable to this service.
Page 182: Settings
3.55. Settings Chapter 3. Configuration Reference 3.55. Settings This is a category that groups the following object types. 3.55.1. ARPTableSettings Description Advanced ARP-table settings. Properties ARPMatchEnetSender The Ethernet Sender address matching the hardware address in the ARP data. (Default: DropLog) ARPQueryNoSenderIP If the IP source address of an ARP query (NOT response!) is "0.0.0.0".
Page 183: Authenticationsettings
3.55.3. ConnTimeoutSettings Chapter 3. Configuration Reference 3.55.2. AuthenticationSettings Description Settings related to Authentication and Accounting. Properties LogoutAccUsersAtShutdown Logout authenticated accounting users and send Accounting- Stop packets prior to shutdown. (Default: Yes) AllowAuthIfNoAccountingRe- Allow an authenticated user to still have access even if no re- sponse sponse is received by the Accounting Server.
Page 184: Dhcprelaysettings
3.55.4. DHCPRelaySettings Chapter 3. Configuration Reference Note This object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type. 3.55.4. DHCPRelaySettings Description Advanced DHCP relay settings. Properties MaxTransactions Maximum number of concurrent BOOTP/DHCP transactions.
Page 185: Fragsettings
3.55.6. FragSettings Chapter 3. Configuration Reference Note This object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type. 3.55.6. FragSettings Description Settings related to fragmented packets. Properties PseudoReass_MaxConcurrent Maximum number of concurrent fragment reassemblies.
Page 186: Icmpsettings
3.55.8. ICMPSettings Chapter 3. Configuration Reference General settings for Hardware Monitoring Properties EnableSensors Enable/disable all HWM functionality. (Default: No) SensorPollInterval Sensor polling interval. (Default: 500) MemoryPollInterval Memory polling interval in minutes. (Default: 15) MemoryUsePercent Should mem monitor use percentage as unit for monitoring, else it is megabyte.
Page 187: Ipsettings
3.55.10. IPSettings Chapter 3. Configuration Reference Settings for the IPsec tunnel interfaces used for establishing IPsec VPN connections to and from this system. Properties IPsecMaxTunnels Amount of IPsec tunnels allowed (0 = automatic). (Default: IPsecMaxRules Amount of IPsec rules allowed (0 = automatic). (Default: 0) IKESendInitialContact Send 'initial contact' messages.
Page 188 3.55.10. IPSettings Chapter 3. Configuration Reference Description Settings related to the IP protocol. Properties LogCheckSumErrors Log IP packets with bad checksums. (Default: Yes) LogNonIP4 Log occurrences of non-IPv4 packets. (Default: Yes) LogReceivedTTL0 Log received packets with TTL=0; this should never happen! (Default: Yes) Log0000Src Log invalid 0.0.0.0 source address.
Page 189: L2Tpserversettings
3.55.11. L2TPServerSettings Chapter 3. Configuration Reference IPRF How to handle the IP Reserved Flag, if set; it should never be. (Default: DropLog) StripDFOnSmall Strip the "DontFragment" flag for packets of this size or smal- ler. (Default: 65535) MulticastIPEnetOnMismatch What action to take when ethernet and IP multicast addresses do not match.
Page 190: Localreasssettings
3.55.13. LocalReassSettings Chapter 3. Configuration Reference MaxAHLen IPsec AH; Authenticated communication. (Default: 2000) MaxSKIPLen SKIP; Simple Key management for IP, VPN protocol. (Default: 2000) MaxOSPFLen OSPF; Open Shortest Path First, routing protocol. (Default: 1480) MaxIPIPLen IPIP/FWZ; Encapsulated (tunneled) transport, used by VPN-1. (Default: 2000) MaxIPCompLen IPsec IPComp;...
Page 191: Miscsettings
3.55.15. MiscSettings Chapter 3. Configuration Reference LogSendPerSecLimit Limits how many log packets the security gateway may send out per second. (Default: 2000) Note This object type does not have an identifier and is identified by the name of the type only.
Page 192: Remotemgmtsettings
3.55.17. RemoteMgmtSettings Chapter 3. Configuration Reference IGMPQueryInterval The interval (ms) between general queries sent by the Secur- ity Gateway. (Default: 125000) IGMPQueryResponseInterval The maximum time (ms) until a host/client has to send an an- swer to a query. (Default: 10000) IGMPStartupQueryInterval The general query interval (ms) to use during the startup phase (default: 1/4 of the 'IGMP Query Interval' parameter.
Page 193: Routingsettings
3.55.18. RoutingSettings Chapter 3. Configuration Reference configured IP Rules. (Default: Yes) SNMPRequestLimit Maximum number of SNMP packets that will be processed each second. (Default: 100) SNMPSysContact The contact person for this managed node. (Default: N/A) SNMPSysName The name for this managed node. (Default: N/A) SNMPSysLocation The physical location of this node.
Page 194: Sslsettings
3.55.19. SSLSettings Chapter 3. Configuration Reference Transp_CAMSize_Dynamic Allocate the CAM Size value dynamically. (Default: Yes) Transp_CAMSize Maximum number of entries in each CAM table. (Default: 8192) Transp_L3CSize_Dynamic Allocate the L3 Cache Size value dynamically. (Default: Yes) Transp_L3CSize Maximum number of entries in each Layer 3 Cache. (Default: 8192) Transp_RelaySTP Relay Spanning-Tree (STP, RSTP and MSTP) Bridge Pro-...
Page 195 3.55.20. SSLVPNInterfaceSettings Chapter 3. Configuration Reference Note This object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type. 3.55.20. SSLVPNInterfaceSettings Description SSL VPN interface settings. Properties SSLVPNBeforeRules Pass SSL VPN connections sent to the security gateway directly...
Page 196 3.55.22. TCPSettings Chapter 3. Configuration Reference MaxConnections_Dynamic Allocate the Max Connection value dynamically. (Default: Yes) MaxConnections Maximum number of simultaneous connections. (Default: 8192) Note This object type does not have an identifier and is identified by the name of the type only.
Page 197 3.55.23. VLANSettings Chapter 3. Configuration Reference TCP- The ALTCHKDATA (Alternate Checksum Data) option. (Default: OPT_ALTCHKDATA StripLog) TCPOPT_CC The CC (Connection Count) option series (semi common). (Default: StripLogBad) TCPOPT_OTHER How to handle TCP options not specified above. (Default: StripLog) TCPSynUrg The TCP URG flag together with SYN; normally invalid (strip=strip URG).
Page 198 3.55.23. VLANSettings Chapter 3. Configuration Reference Note This object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type.
Page 199 3.56. SSHClientKey Chapter 3. Configuration Reference 3.56. SSHClientKey Description The public key of the client connecting to the SSH server. Properties Name Specifies a symbolic name for the key. (Identifier) Type DSA or RSA. (Default: DSA) Subject Value of the Subject header tag of the public key file. (Optional) PublicKey Specifies the public key.
Page 200 3.57. ThresholdRule Chapter 3. Configuration Reference 3.57. ThresholdRule Description A Threshold Rule defines a filter for matching specific network traffic. When the filter criterion is met, the Threshold Rule Actions are evaluated and possible actions taken. Properties Index The index of the object, starting at 1. (Identifier) Name Specifies a symbolic name for the rule.
Page 201 3.57.1. ThresholdAction Chapter 3. Configuration Reference ThresholdUnit Specifies the threshold unit. (Default: ConnsSec) ZoneDefense Activate ZoneDefense. (Default: No) BlackList Activate BlackList. (Default: No) BlackListTimeToBlock The number of seconds that the dynamic black list should re- main. (Optional) BlackListBlockOnlyService Only block the service that triggered the blacklisting. (Default: No) BlackListIgnoreEstablished Do not drop existing connection.
Page 202 3.58. UpdateCenter Chapter 3. Configuration Reference 3.58. UpdateCenter Description Configure automatical updates. Properties AVEnabled Automatic updates of antivirus definitions and engine. (Default: No) IDPEnabled Automatic updates of IDP maintenance signatures. (Default: No) AdvancedIDPEnabled Automatic updates of Advanced IDP signatures. (Default: No) UpdateInterval Specifies the interval at which the automatic update runs.
Page 203 3.59. UserAuthRule Chapter 3. Configuration Reference 3.59. UserAuthRule Description The User Authentication Ruleset specifies from where users are allowed to authenticate to the sys- tem, and how. Properties Index The index of the object, starting at 1. (Identifier) Name Specifies a symbolic name for the rule. (Optional) Agent HTTP, HTTPS, XAUTH, PPP or EAP.
Page 204 3.59. UserAuthRule Chapter 3. Configuration Reference PPPAuthMSCHAP Use MS-CHAP authentication protocol. (Default: Yes) PPPAuthMSCHAPv2 Use MS-CHAP v2 authentication protocol. (Default: Yes) IdleTimeout If a user has successfully been authenticated, and no traffic has been seen from his IP address for this number of seconds, he/she will automatically be logged out.
Page 205 3.60. ZoneDefenseBlock Chapter 3. Configuration Reference 3.60. ZoneDefenseBlock Description Manually configured blocks are used to block a host/network on the switches either by default or based on schedule. Properties Addresses Specifies the addresses to block. Protocol All, TCP, UDP or ICMP. (Default: All) Port Specifies which UDP or TCP port to use.
Page 206 3.61. ZoneDefenseExcludeList Chapter 3. Configuration Reference 3.61. ZoneDefenseExcludeList Description The exclude list is used exclude certain hosts/networks from being blocked out by IDP/Threshold rule violations. Properties Addresses Specifies the addresses that should not be blocked. (Optional) Comments Text describing the current object. (Optional) Note This object type does not have an identifier and is identified by the name of the type only.
Page 207 3.62. ZoneDefenseSwitch Chapter 3. Configuration Reference 3.62. ZoneDefenseSwitch Description A ZoneDefense switch will have its ACLs controlled and hosts/networks violating the IDP/ Threshold rules will be blocked directly on the switch. Properties Name Specifies a symbolic name for the ZoneDefense switch. (Identifier) SwitchModel Specifies the switch model type.
Page 208 3.62. ZoneDefenseSwitch Chapter 3. Configuration Reference...
Page 209 Index idppipes, 46 ifstat, 47 Commands igmp, 48 ikesnoop, 48 ippool, 49 ipsecglobalstats, 50 ipseckeepalive, 50 about, 31 ipsecstats, 50 activate, 20 ipsectunnels, 51 add, 20 alarm, 31 arp, 31 arpsnoop, 32 killsa, 52 ats, 33 languagefiles, 52 bigpond, 33 ldap, 53 blacklist, 34 license, 53...
Page 210 Index sipalg, 68 DateTime, 107 sshserver, 70 DefaultInterface, 132 sslvpn, 71 Device, 108 stats, 72 DHCPRelay, 109 sysmsgs, 72 DHCPRelaySettings, 184 DHCPServer, 110 DHCPServerCustomOption, 111 DHCPServerPoolStaticHost, 110 techsupport, 72 DHCPServerSettings, 184 time, 72 DNS, 112 DynamicRoutingRule, 116 DynamicRoutingRuleAddRoute, 117 DynamicRoutingRuleExportOSPF, 117 uarules, 73 DynDnsClientCjbNet, 101 undelete, 29...
Page 211 Index IPsecTunnelSettings, 186 RoutingSettings, 193 IPSettings, 187 RoutingTable, 175 ixgbeEthernetPCIDriver, 113 IXP4NPEEthernetDriver, 114 ScheduleProfile, 178 ServiceGroup, 179 L2TPClient, 136 ServiceICMP, 179 L2TPServer, 137 ServiceIPProto, 180 L2TPServerSettings, 189 ServiceTCPUDP, 180 LDAPDatabase, 148 SSHClientKey, 199 LDAPServer, 149 SSLSettings, 194 LengthLimSettings, 189 SSLVPNInterface, 140 LinkMonitor, 150 SSLVPNInterfaceSettings, 195 LocalReassSettings, 190...

This manual is also suitable for:

Dfl-2560 Dfl-860e Dfl-2560g Dfl-1660

D-Link DFL-260E Reference Manual

1 Introduction

2 Command Reference

3 Configuration Reference

Quick Links

Related Manuals for D-Link DFL-260E

Summary of Contents for D-Link DFL-260E