Page 1 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N C L I Reference M a nua l 350 East Plumeria Drive San Jose, CA 95134 April 2012 202-10827-01 v1.0...
Page 2: Technical Support
© 2012 All rights reserved. Technical Support Thank you for choosing NETGEAR. To register your product, get the latest product updates, get support online, or for more information about the topics covered in this manual, visit the Support website at http://support.netgear.com...
Page 3: Table Of Contents
Contents Chapter 1 Introduction Command Syntax and Conventions ....... 8 Command Conventions .
Page 4 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 Add Firewall Rule and Edit Firewall Rule Commands ... . 77 IPv4 General Firewall Commands ......114 IPv6 Firewall Commands .
Page 5 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Chapter 9 Show Commands Network Settings (Net Mode) Show Commands ....245 WAN (IPv4 and IPv6) Show Commands ..... . . 245 IPv6 Mode and IPv6 Tunnel Show Commands .
Page 6 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Diagnostic Commands ........292...
Page 7: Chapter 1 Introduction
Introduction This document describes the command-line interface (CLI) for the NETGEAR ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N. This chapter introduces the CLI interface. It includes the following sections: • Command Syntax and Conventions • The Four Categories of Commands •...
Page 8: Command Syntax And Conventions
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command Syntax and Conventions A command is one or more words that can be followed by one or more keywords and parameters. Keywords and parameters can be required or optional: • A keyword is a predefined string (word) that narrows down the scope of a command. A keyword can be followed by an associated parameter or by associated keywords.
Page 9: Description Of A Command
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 1. Command conventions (continued) Symbol Example Description { } curly braces Indicate that you need to select a keyword from the list of {choice1 | choice2} choices. (choice1 and choice1 are keywords.) | vertical bars Separate the mutually exclusive choices.
Page 10: Common Parameters
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Common Parameters Parameter values might be names (strings) or numbers. To use spaces as part of a name parameter, enclose the name value in double quotes. For example, the expression “System Name with Spaces” forces the system to accept the spaces. Empty strings (“”) are not valid user-defined strings.
Page 11: The Five Main Modes For Configuration Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Five Main Modes for Configuration Commands For the configuration commands, there are five main modes in the CLI: net, security, system, dot11, and vpn. Chapter 2, Overview of the Configuration Commands lists all commands in...
Page 12 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 3. Main configuration modes (continued) __________________________CLI________________________ ___Web Management Interface (GUI)___ Main Mode Submode Feature That You Can Configure Basic Path Security configuration commands security address_filter Source MAC filters Security > Address Filter...
Page 13: Save Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 3. Main configuration modes (continued) __________________________CLI________________________ ___Web Management Interface (GUI)___ Main Mode Submode Feature That You Can Configure Basic Path VPN configuration commands ipsec IKE policies VPN > IPSec VPN VPN policies...
Page 14: Global Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N These are examples of commands for which you need to save your changes: • net lan ipv4 configure <vlan id> lets you enter the net-config [lan-ipv4] configuration mode. After you made your changes, issue save or exit to save your changes.
Page 15: The Three Basic Types Of Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Three Basic Types of Commands You can encounter the following three basic types of commands in the CLI: • Entry commands to enter a configuration mode. Commands that let you enter a configuration mode from which you can configure various keywords and associated parameters and keywords.
Page 16: Command Autocompletion And Command Abbreviation
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command Autocompletion and Command Abbreviation Command autocompletion finishes spelling the command when you type enough letters of a command to uniquely identify the command keyword. You need to type all of the required keywords and parameters before you can use autocompletion.
Page 17: Access The Cli
Access the CLI You can access the CLI by logging in with the same user credentials (user name and password) that you use to access the web management interface. FVS318N> is the CLI prompt. FVS318N login: admin...
Page 18: Chapter 2 Overview Of The Configuration Commands
Overview of the Configuration Commands This chapter provides an overview of all configuration commands in the five configuration command modes. The keywords and associated parameters that are available for these commands are explained in the following chapters. The chapter includes the following sections: •...
Page 19 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 7. Net mode configuration commands (continued) Submode Command Name Purpose net ipv6_tunnel isatap add Configure a new IPv6 ISATAP tunnel. net ipv6_tunnel isatap delete <row id> Delete an IPv6 ISATAP tunnel. ipv6_tunnel net ipv6_tunnel isatap edit <row id>...
Page 20 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 7. Net mode configuration commands (continued) Submode Command Name Purpose net radvd configure dmz Configure the IPv6 RADVD for the DMZ. net radvd configure lan Configure the IPv6 RADVD for the LAN.
Page 21: Security Settings (Security Mode) Configuration Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Security Settings (Security Mode) Configuration Commands Enter the security ? command at the CLI prompt to display the description of all the configuration commands in the security mode. The following table lists the commands in alphabetical order: Table 8.
Page 22 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 8. Security mode configuration commands (continued) Submode Command Name Purpose security content_filter content_filtering configure Configure web content filtering. security content_filter trusted_domain add Configure a new trusted content_filter domain. (continued) security content_filter trusted_domain delete <row id>...
Page 23 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 8. Security mode configuration commands (continued) Submode Command Name Purpose security firewall ipv4 edit_rule dmz_wan inbound <row id> Configure an existing IPv4 DMZ WAN inbound firewall rule. security firewall ipv4 edit_rule dmz_wan outbound <row id>...
Page 24: Administrative And Monitoring Settings (System Mode) Configuration Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 8. Security mode configuration commands (continued) Submode Command Name Purpose security schedules edit <1 | 2 | 3> Configure one of the three schedules security schedules. security services add Configure a new custom service.
Page 25: Wireless Settings (Dot11 Mode) Configuration Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Wireless Settings (Dot11 Mode) Configuration Commands Enter the dot11 ? command at the CLI prompt to display the description of all the configuration commands in the dot11 mode. The following table lists the commands in alphabetical order: Table 10.
Page 26 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 11. Configuration commands: vpn mode (continued) Submode Command Name Purpose vpn ipsec vpnpolicy drop <vpn policy name> Terminate an IPSec VPN connection. vpn ipsec vpnpolicy enable <vpn policy name> Enable an IPSec VPN policy.
Page 27 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 11. Configuration commands: vpn mode (continued) Submode Command Name Purpose vpn sslvpn users domains edit <row id> Configure an existing authentication domain. vpn sslvpn users groups add Configure a new authentication group.
Page 28: Chapter 3 Net Mode Configuration Commands
Net Mode Configuration Commands This chapter explains the configuration commands, keywords, and associated parameters in the net mode. The chapter includes the following sections: • General WAN Commands • IPv4 WAN Commands • IPv6 WAN Commands • IPv6 Tunnel Commands •...
Page 29 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format def_mtu {Default | Custom {mtu_size <number>}} port_speed {Auto_Sense | 10_BaseT_Half_Duplex | 10_BaseT_Full_Duplex | 100_BaseT_Half_Duplex | 100_BaseT_Full_Duplex | 1000_BaseT_Half_Duplex | 1000_BaseT_Full_Duplex} mac_type {Use-Default-Mac | Use-This-Computers-Mac | Use-This-Mac {mac_address <mac address>}} Mode...
Page 30: Ipv4 Wan Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net wan port_setup IPv4 WAN Commands net wan_settings wanmode configure This command configures the mode of IPv4 routing between the WAN interface and LAN interfaces. After you have issued the net wan_settings wanmode configure command, you enter the net-config [routing-mode] mode, and then you can configure NAT or classical routing.
Page 31 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format isp_connection_type {STATIC | DHCPC | PPPoE | PPTP} Yes isp_login_required {Y | N} static ip_address <ipaddress> static subnet_mask <subnet mask> static gateway_address <ipaddress> static primary_dns <ipaddress> static secondary_dns <ipaddress> dhcpc account_name <account name>...
Page 32 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type STATIC, DHCPC, PPPoE, or Specifies the type of ISP connection. You isp_connection_type can specify only one type of connection: PPTP • STATIC. Configure the keywords and parameters in the STATIC section of this table.
Page 33 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Y or N Specifies whether or not the IP address is dhcpc get_dns_from_isp dynamically received from the ISP. If you select N, you need to issue the dhcpc primary_dns keyword and enter the IP address of the primary DNS server.
Page 34 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type After the connection has been reset, the pppoe delay_in_reset seconds number of seconds of delay before an PPPoE connection attempt is made. pppoe get_ip_dynamically Y or N Specifies whether or not the IP address is dynamically received from the ISP.
Page 35: Ipv6 Wan Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The idle time-out period in minutes (5 to pptp idle_time minutes 999), if the PPTP connection is configured for idle time-out, The IP address that was assigned by the ISP...
Page 36 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N selected ISP connection type, configure one keyword and associated parameter or associated keyword at a time in the order that you prefer. Step 1 Format net wan wan1 ipv6 configure Mode Step 2...
Page 37 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (consists of two Associated Keyword to Description separate words) Select or Parameter to Type DHCPC The type of DHCPv6 mode (stateless or dhcpc stateless_mode_enable StatelessAddrAutoConfig stateful). If you set the dhcpc stateless_mode_enable keywords...
Page 38: Ipv6 Tunnel Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net ipv6 ipmode setup IPv6 Tunnel Commands net ipv6_tunnel isatap add This command configures a new ISATAP tunnel. After you have issued the net ipv6_tunnel isatap add command, you enter the net-config [isatap-tunnel] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 39 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show commands: show net ipv6_tunnel setup show net ipv6_tunnel status net ipv6_tunnel isatap edit <row id> This command configures an existing ISATAP tunnel. After you have issued the net ipv6_tunnel isatap edit command to specify the row to be edited, you enter the net-config [isatap-tunnel] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 40: Dynamic Dns Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show commands: show net ipv6_tunnel setup show net ipv6_tunnel status net ipv6_tunnel six_to_four configure This command enables or disables automatic tunneling, which allows traffic from an IPv6 LAN to be tunneled through an IPv4 WAN to reach an IPv6 network. After you have issued the net ipv6_tunnel six_to_four configure command, you enter the net-config [six-to-four-tunnel] mode, and then you can configure automatic tunneling.
Page 41: Ipv4 Lan Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Enables or disables DDNS. Use the Disable enable Disable, DynDNS, TZO, DNS_Oray, or 3322_DDNS keyword to disable DDNS after you had first enabled the service.
Page 42 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format profile_name <name> port_membership {[port 1 {Y | N}] | [port 2 {Y | N}] | [port 3 {Y | N}] | [port 4 {Y | N}] | [port 5 {Y | N}] | [port 6 {Y | N}] | [port 7 {Y | N}] | [port 8 {Y | N}]} static address <ipaddress>...
Page 43 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of Associated Keyword to Description two separate words) Select or Parameter to Type None, DHCP-Server, or Specifies the DHCP mode for the devices that dhcp mode are connected to the VLAN: DHCP-Relay •...
Page 44 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net-config[lan-ipv4]> static address 192.168.1.1 net-config[lan-ipv4]> static subnet_mask 255.255.255.0 net-config[lan-ipv4]> dhcp mode DHCP-Relay net-config[lan-ipv4]> dhcp relay_gateway 10.172.214.198 net-config[lan-ipv4]> proxy dns_enable N net-config[lan-ipv4]> inter_vlan_routing Y net-config[lan-ipv4]> save Related show command: show net lan ipv4 setup net lan ipv4 delete <vlan id>...
Page 45 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net lan ipv4 setup net ethernet configure <interface name or number> This command configures a VLAN for a LAN interface. After you have issued the net ethernet configure command to specify a LAN interface, you enter net-config [ethernet] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 46 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan ipv4 default_vlan This command configures the default VLAN for each port. After you have issued the net lan ipv4 default_vlan command, you enter the net-config [lan-ipv4-defvlan] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 47 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net lan ipv4 setup net lan ipv4 advanced configure This command configures advanced LAN settings such as the MAC address for VLANs and ARP broadcast. After you have issued the net lan ipv4 advanced configure...
Page 48 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net-config [dhcp-reserved-ip] mode, and then you can configure the IP address for the binding configuration. Step 1 Format net lan dhcp reserved_ip configure <mac address> Mode Step 2 Format ip_mac_name <device name> ip_addr_type {Fixed_set_on_PC | Dhcp_Reserved_IP} ip_address <ipaddress>...
Page 49 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan dhcp reserved_ip delete <mac address> This command deletes the binding of a MAC address to an IP address. Format net lan dhcp reserved_ip delete <mac address> Mode Related show commands: show net lan dhcp reserved_ip setup...
Page 50: Ipv6 Lan Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net lan ipv4 multiHoming net lan ipv4 multi_homing edit This command configures an existing IPv4 alias, that is, a secondary IPv4 address. After you have issued the net lan ipv4 multi_homing edit command, you enter the net-config [lan-ipv4-multihoming] mode, and then you can configure the secondary address and subnet mask in the order that you prefer.
Page 51 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format static address <ipv6-address> static prefix_length <prefix length> dhcp server_enable {N | Y {dhcp mode {Stateless | Stateful}}} dhcp domain name <domain name> dhcp server_preference <number> dhcp dns_type {useDnsProxy | useDnsFromISP | useEnteredDns {dhcp primary_dns <ipv6-address>} [dhcp secondary_dns...
Page 52 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net-config[lan-ipv6]> dhcp domain name netgear.com net-config[lan-ipv6]> dhcp server_preference 236 net-config[lan-ipv6]> dhcp dns_type useDnsProxy net-config[lan-ipv6]> dhcp rebind_time 43200 net-config[lan-ipv6]> save Related show command: show net lan ipv6 setup net lan ipv6 pool configure This command configures a new or existing IPv6 DHCP address pool. After you have issued...
Page 53 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan ipv6 multi_homing add This command configures a new IPv6 alias, that is, a secondary IPv6 address. After you have issued the net lan ipv6 multi_homing add command, you enter the net-config [lan-ipv6-multihoming] mode, and then you can configure the secondary address and IPv6 prefix length in the order that you prefer.
Page 54 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan ipv6 multi_homing delete <row id> This command deletes a secondary IPv6 address by specifying its row ID. Format net lan ipv6 multi_homing delete <row id> Mode Related show command: show net lan ipv6 multiHoming...
Page 55 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist Associated Keyword to Description of two separate words) Select or Parameter to Type The interval in seconds (integer) between interval seconds unsolicited multicast RAs. Enter a period from 10 to 1800 seconds. The default is 30 seconds.
Page 56 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format prefix_type {6To4 {sla_id <ID number>} | Global-Local-ISATAP {prefix_address <ipv6-address>} {prefix_length <prefix length>}} prefix_life_time <seconds> Mode net-config [radvd-pool-lan] Keyword Associated Keyword to Description Select or Parameter to Type 6To4 or The prefix type that specifies the type of communication...
Page 57 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N enter the net-config [radvd-pool-lan] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer. Step 1 Format net radvd pool lan edit <row id>...
Page 58: Ipv4 Dmz Setup Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net radvd lan setup IPv4 DMZ Setup Commands net dmz ipv4 configure This command enables, configures, or disables the IPv4 DMZ. After you have issued the net dmz ipv4 configure command, you enter the net ipv4-config [dmz] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 59 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Specifies the DHCP mode: dhcp_mode None, DHCP-Serves or • None. DHCP is disabled for the DMZ. DHCP-Relay • DHCP-Server. DHCP is enabled for the DMZ.
Page 60: Ipv6 Dmz Setup Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net dmz ipv4 setup IPv6 DMZ Setup Commands net dmz ipv6 configure This command enables, configures, or disables the IPv6 DMZ. After you have issued the net dmz ipv6 configure command, you enter the net ipv6-config [dmz] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 61 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The DNS server type. If you select dns_server_option useDnsProxy, useDnsFromISP, or useEnteredDns, you also need to issue the primary_dns_server keyword and associated useEnteredDns parameter.
Page 62 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: FVS318N> net dmz ipv6 pool configure net-ipv6-config-pool[dmz]> starting_ip_address 2001::1100 net-ipv6-config-pool[dmz]> ending_ip_address 2001::1120 net-ipv6-config-pool[dmz]> prefix_value 56 net-ipv6-config-pool[dmz]> save Related show command: show net dmz ipv6 setup net radvd configure dmz This command configures the Router Advertisement Daemon (RADVD) process for the link-local advertisements of IPv6 router addresses and prefixes in the DMZ.
Page 63 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist Associated Keyword to Description of two separate words) Select or Parameter to Type Managed or Other Sets the flag: flags • Managed. Specifies that the DHCPv6 stateful protocol is used for autoconfiguration of the address.
Page 64 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type 6To4 or The prefix type that specifies the type of prefix_type communication between the interfaces: Global-Local-ISATAP • 6To4. The prefix is for a 6to4 address. You need to issue the sla_id keyword and specify the interface •...
Page 65 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format prefix_type {6To4 {sla_id <ID number>} | Global-Local-ISATAP {prefix_address <ipv6-address>} {prefix_length <prefix length>}} prefix_life_time <seconds> Mode net-config [radvd-pool-dmz] Keyword Associated Keyword to Description Select or Parameter to Type 6To4 or The prefix type that specifies the type of...
Page 66: Ipv4 Routing Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 Routing Commands net routing static ipv4 configure <route name> This command configures an IPv4 static route. After you have issued the net routing static ipv4 configure command to specify the name of the new route, you enter the net-config [static-routing-ipv4] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 67 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net-config[static-routing-ipv4]> subnet_mask 255.255.255.0 net-config[static-routing-ipv4]> interface wan net-config[static-routing-ipv4]> gateway_address 10.192.44.13 net-config[static-routing-ipv4]> metric 7 net-config[static-routing-ipv4]> save Related show command: show net routing static ipv4 setup net routing static ipv4 delete <route name> This command deletes a static IPv4 route by deleting its name.
Page 68 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format authentication_enable {Y | N} direction {None | In-only | Out-only | Both} version {Disabled | Rip1 | Rip2B | Rip2M} first_key authentication_id <authentication key> first_key id_number <number> first_key valid_from {day <day>} first_key valid_from {month <month>}...
Page 69 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Description separate words) Select or Parameter to Type Disabled, Rip1, Rip2B, or The RIP version. version Rip2M First key The first MD5 authentication key first_key authentication_id authentication key (alphanumeric string).
Page 70: Ipv6 Routing Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net-config[dynamic-routing]> first_key authentication_id 2rt!00jkl26ll7Oo0 net-config[dynamic-routing]> first_key id_number 1 net-config[dynamic-routing]> first_key valid_from day 01 net-config[dynamic-routing]> first_key valid_from month 12 net-config[dynamic-routing]> first_key valid_from year 2011 net-config[dynamic-routing]> first_key valid_from hour 07 net-config[dynamic-routing]> first_key valid_from minute 00 net-config[dynamic-routing]>...
Page 71 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format active_flag {Y | N} destination_address <ipv6-address> prefix <prefix length> gateway_address <ipv6-address> interface {Dedicated-WAN | LAN | Sit0-WAN1} metric <number> Mode net-config [static-routing-ipv6] Keyword Associated Keyword to Description Select or Parameter to Type Y or N Specifies whether or not the route is an active route.
Page 72 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net routing static ipv6 delete <route name> This command deletes a static IPv6 route by deleting its name. Format net routing static ipv6 delete <route name> Mode Related show command: show net routing static ipv6 setup net routing static ipv6 delete_all This command deletes all static IPv6 routes.
Page 73: Chapter 4 Security Mode Configuration Commands
Security Mode Configuration Commands This chapter explains the configuration commands, keywords, and associated parameters in the security mode. The chapter includes the following sections: • Security Services Commands • Security Schedules Commands • IPv4 Add Firewall Rule and Edit Firewall Rule Commands •...
Page 74 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Format security services add Mode security Step 2 Format name <service name> protocol {TCP {start_port <number>} {finish_port <number>} | UDP {start_port <number>} {finish_port <number>} | ICMP {icmp_type <number> | ICMPv6 {icmp_type <number>}}...
Page 75 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security services edit <row id> This command configures an existing firewall custom service. After you have issued the security services edit command to specify the row to be edited, you enter the security-config [custom-service] mode, and then you can edit the service.
Page 76: Security Schedules Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show security services setup Security Schedules Commands security schedules edit <1 | 2 | 3> This command configures one of the three security schedules. After you have issued the security schedule edit command to specify the row (that is, the schedule: 1, 2, or 3)
Page 77: Ipv4 Add Firewall Rule And Edit Firewall Rule Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (consists of two Associated Keyword to Description separate words) Select or Parameter to Type Y or N Specifies whether or not the schedule is time_of_day all_enable active all day. The schedule starts at the specified hour...
Page 78 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule. Step 1 Format security firewall ipv4 add_rule lan_wan outbound Mode...
Page 79 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 80 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The name of the LAN group. The lan_users group_wise group name group name is either a default...
Page 81 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security-config[firewall-ipv4-lan-wan-outbound]> action ALWAYS_ALLOW security-config[firewall-ipv4-lan-wan-outbound]> lan_users address_wise ANY security-config[firewall-ipv4-lan-wan-outbound]> wan_users ADDRESS_RANGE security-config[firewall-ipv4-lan-wan-outbound]> wan_user_start_ip 10.120.114.217 security-config[firewall-ipv4-lan-wan-outbound]> wan_user_end_ip 10.120.114.245 security-config[firewall-ipv4-lan-wan-outbound]> qos_profile Normal-Service security-config[firewall-ipv4-lan-wan-outbound]> log ALWAYS security-config[firewall-ipv4-lan-wan-outbound]> save Related show command: show security firewall ipv4 setup lan_wan security firewall ipv4 edit_rule lan_wan outbound <row id>...
Page 82 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 83 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The name of the LAN group. The lan_users group_wise group name group name is either a default...
Page 84 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: See the command example for the security firewall ipv4 add_rule lan_wan outbound command. Related show command: show security firewall ipv4 setup lan_wan security firewall ipv4 add_rule lan_wan inbound This command configures a new IPv4 LAN WAN outbound firewall rule. After you have...
Page 85 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 86 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Y or N Enables or disables port translate_to_port_number forwarding. enable The port number (integer) if port translate_to_port_number number forwarding is enabled.
Page 87 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The end IP address if the lan_user_end_ip ipaddress lan_user address_wise keywords are set to ADDRESS_RANGE. The name of the LAN group. The...
Page 88 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv4 edit_rule lan_wan inbound <row id> This command configures an existing IPv4 LAN WAN inbound firewall rule. After you have issued the security firewall ipv4 edit_rule lan_wan inbound command to specify the row to be edited (for row information, see the output of the...
Page 89 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 90 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Y or N Enables or disables port translate_to_port_number forwarding. enable The port number (integer) if port translate_to_port_number number forwarding is enabled.
Page 91 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The end IP address if the lan_user_end_ip ipaddress lan_users address_wise keywords are set to ADDRESS_RANGE. The name of the LAN group. The...
Page 92 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule.
Page 93 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 94 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type There are two options: wan_user_start_ip ipaddress • The IP address if the wan_users keyword is set to SINGLE_ADDRESS.
Page 95 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv4 edit_rule dmz_wan outbound <row id> This command configures an existing IPv4 DMZ WAN outbound firewall rule. After you have issued the security firewall ipv4 edit_rule dmz_wan outbound command to specify the row to be edited (for row information, see the output of the...
Page 96 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 97 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type There are two options: wan_user_start_ip ipaddress • The IP address if the wan_users keyword is set to SINGLE_ADDRESS.
Page 98 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule. Step 1 Format security firewall ipv4 add_rule dmz_wan inbound Mode...
Page 99 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 100 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type WAN or OTHERS The type of destination WAN wan_destination_ip_address address for an inbound rule: • WAN. The default IP address of the WAN (broadband) interface.
Page 101 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: FVS318N> security firewall ipv4 add_rule dmz_wan inbound security-config[firewall-ipv4-dmz-wan-inbound]> service_name custom_services Traceroute security-config[firewall-ipv4-lan-wan-inbound]> action ALWAYS_ALLOW security-config[firewall-ipv4-lan-wan-inbound]> send_to_dmz_server_ip 176.21.214.2 security-config[firewall-ipv4-lan-wan-inbound]> translate_to_port_number enable Y security-config[firewall-ipv4-lan-wan-inbound]> translate_to_port_number port 4500 security-config[firewall-ipv4-lan-wan-inbound]> wan_destination_ip_address OTHERS security-config[firewall-ipv4-lan-wan-inbound]> wan_destination_ip_address_start 10.115.97.174 security-config[firewall-ipv4-lan-wan-inbound]>...
Page 102 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N log {NEVER | ALWAYS} Mode security-config [firewall-ipv4-dmz-wan-inbound] Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to...
Page 103 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type WAN or OTHERS The type of destination WAN wan_destination_ip_address address for an inbound rule: • WAN. The default IP address of the WAN (broadband) interface.
Page 104 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: See the command example for the security firewall ipv4 add_rule dmz_wan inbound command. Related show command: show security firewall ipv4 setup dmz_wan security firewall ipv4 add_rule lan_dmz outbound This command configures a new IPv4 LAN DMZ outbound firewall rule. After you have issued...
Page 105 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 106 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The name of the LAN group. The lan_users group_wise group name group name is either a default...
Page 107 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule. Step 1 Format security firewall ipv4 edit_rule lan_dmz outbound <row id>...
Page 108 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The type of action to be enforced action ALWAYS_BLOCK, ALWAYS_ALLOW, by the rule. BLOCK_BY_SCHEDULE_ELSE_ALLOW, ALLOW_BY_SCHEDULE_ELSE_BLOCK Schedule1, Schedule2, or...
Page 109 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: See the command example for the security firewall ipv4 add_rule lan_dmz outbound command. Related show command: show security firewall ipv4 setup lan_dmz security firewall ipv4 add_rule lan_dmz inbound This command configures a new IPv4 LAN DMZ inbound firewall rule. After you have issued...
Page 110 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 111 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The name of the LAN group. The lan_users group_wise group name group name is either a default...
Page 112 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N mode. You can then edit one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.
Page 113 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The custom service that you have service_name custom service name configured with the security custom_services services add command.
Page 114: Ipv4 General Firewall Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Logging NEVER or ALWAYS Enables or disables logging. Command example: See the command example for the security firewall ipv4 add_rule lan_dmz inbound command.
Page 115: Ipv6 Firewall Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv4 disable <row id> This command disables an IPv4 firewall rule by specifying its row ID. Format security firewall ipv4 disable <row id> Mode security Related show command: show security firewall ipv4 setup...
Page 116 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Format security firewall ipv6 configure Mode security Step 2 Format from_zone {LAN | WAN | DMZ} to_zone {LAN | WAN | DMZ} service_name {default_services <default service name> | custom_services <custom service name>}...
Page 117 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The default service and protocol service_name ANY, AIM, BGP, BOOTP_CLIENT, to which the firewall rule applies. default_services...
Page 118 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type ANY, SINGLE_ADDRESS, or The type of destination address. destination_address_type ADDRESS_RANGE There are two options: destination_start_address ipv6-address • The IPv6 address if the...
Page 119 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N the output of the command), you enter the security-config show security firewall ipv6 setup [firewall-ipv6] mode.You can then edit one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.
Page 120 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The default service and protocol service_name ANY, AIM, BGP, BOOTP_CLIENT, to which the firewall rule applies. default_services...
Page 121 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type ANY, SINGLE_ADDRESS, or The type of destination address. destination_address_type ADDRESS_RANGE There are two options: destination_start_address ipv6-address • The IPv6 address if the...
Page 122: Attack Check Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv6 disable <row id> This command disables an IPv6 firewall rule by specifying its row ID. Format security firewall ipv6 disable <row id> Mode security Related show command: show security firewall ipv6 setup security firewall ipv6 enable <row id>...
Page 123 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword Description to Select WAN security checks respond_to_ping_on_internet_ports Y or N Enables or disables the response to a ping from the WAN port. Y or N Enables or disables stealth mode.
Page 124 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall attack_checks jumboframe setup This command enables or disables jumbo frames for IPv4 traffic. After you have issued the security firewall attack_checks jumboframe setup command, you enter the security-advanced-config [jumbo-frame] mode, and then you can enable or disable jumbo frames.
Page 125: Session Limit, Time-Out, And Advanced Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show security firewall attack_checks vpn_passthrough setup security firewall attack_checks configure ipv6 This command configures ipv6 WAN security attack checks. After you have issued the security firewall attack_checks configure ipv6 command, you enter the security-config [attack-checks-ipv6] mode, and then you can edit one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 126 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Format security firewall session_limit configure Mode security Step 2 Format enable {Y | N} conn_limit_type {Percentage_Of_MaxSessions | Number_Of_Sessions} user_limit <number> Mode security-config [session-limit] Keyword Associated Keyword to Select Description or Parameter to Type Y or N Enables or disables session limits.
Page 127 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format tcp_session_timeout <seconds> udp_session_timeout <seconds> icmp_session_timeout <seconds> Mode security-config [session-settings] Keyword Associated Parameter Description to Type Configures the TCP session timeout period (integer) in tcp_session_timeout seconds seconds. Configures the UDP session timeout period (integer) in...
Page 128: Address Filter And Ip/Mac Binding Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Address Filter and IP/MAC Binding Commands security address_filter mac_filter configure This command configures the source MAC address filter. After you have issued the security address_filter mac_filter configure command, you enter the security-config [mac-filter] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 129 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show security address_filter mac_filter setup security address_filter mac_filter source delete <row id> This command deletes a MAC address from the MAC address table by deleting its row ID. Format security address_filter mac_filter source delete <row id>...
Page 130 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The IPv6 address to which the IP/MAC binding ip_address6 ipv6-address rule is applied. log_dropped_packets Y or N Enables or disables logging for the IP/MAC binding rule.
Page 131 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type IPv4 or IPv6 Specifies the type of IP address to which the ip_version IP/MAC binding rule is applied: • IPv4. You need to issue the ip_address keyword and specify an IPv4 address.
Page 132: Port Triggering Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword Description to Select Y or N Enables or disables the email log or IP/MAC Binding enable_email_logs violations. Related show command: show security address_filter enable_email_log Port Triggering Commands security porttriggering_rules add This command configures a new port triggering rule.
Page 133 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The start port number (integer) of the incoming incoming_start_port number traffic range. Valid numbers are from 0 to 65535. The end port number (integer) of the incoming...
Page 134: Upnp Command
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The name (alphanumeric string) of the port name rule name triggering rule. Y or N Enables or disables the port triggering rule. enable_rule...
Page 135: Bandwidth Profile Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Format security upnp configure Mode security Step 2 Format enable {Y | N} advertisement period <seconds> advertisement time_to_live <seconds> Mode security-config [upnp] Keyword (might consist of two Associated Keyword to Description...
Page 136 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format name <profile name> direction {Inbound | Outbound | Both _Directions} inbound_minimum_rate <kbps> inbound_maximum_rate <kbps> outbound_minimum_rate <kbps> outbound_maximum_rate <kbps> is_group {Individual | Group} Mode security-config [bandwidth-profile] Keyword Associated Keyword to Description Select or Parameter to Type The profile name (alphanumeric string).
Page 137 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security bandwidth profile edit <row id> This command configures an existing bandwidth profile. After you have issued the security bandwidth profile edit command to specify the row to be edited, you enter the security-config [bandwidth-profile] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.s...
Page 138: Content Filtering Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security bandwidth profile delete <row id> This command deletes a bandwidth profile by deleting its row ID. Format net bandwidth profile delete <row id> Mode security Related show command: show security bandwidth profile setup...
Page 139 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security-config[content-filtering]> cookies_enable Y security-config[content-filtering]> java_enable Y security-config[content-filtering]> proxy_enable N security-config[content-filtering]> save Related show command: show security content_filter content_filtering security content_filter block_group enable This command applies content filtering to selected groups or to all groups. After you have...
Page 140 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: FVS318N> security content_filter blocked_group enable security-config[block-group-enable]> group group1 Y security-config[block-group-enable]> group group2 Y security-config[block-group-enable]> group group3 Y security-config[block-group-enable]> group group8 Y security-config[block-group-enable]> save Related show command: show security content_filter block_group security content_filter block_group disable This command removes content filtering from selected groups or from all groups.
Page 141 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword Description to Select group group1 group group2 group group3 group group4 Disables content filtering for the selected group. group group5 group group6 group group7 group group8 Command example: FVS318N> security content_filter blocked_group disable security-config[block-group-disable]>...
Page 142 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security content_filter blocked_keywords edit <row id> This command configures an existing blocked keyword for content filtering. After you have issued the security content_filter blocked_keywords edit command to specify the row to be edited, you enter the security-config [blocked-keywords] mode, and then you can edit the keyword.
Page 143 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show security content_filter trusted_domains security content_filter trusted_domain edit <row id> This command configures an existing trusted domain for content filtering. After you have issued the security content_filter trusted_domain edit command to specify the row to be edited, you enter the security-config [approved-urls] mode, and then you can edit the URL.
Page 144: Chapter 5 System Mode Configuration Commands
System Mode Configuration Commands This chapter explains the configuration commands, keywords, and associated parameters in the system mode. The chapter includes the following sections: • Remote Management Commands • SNMP Commands • Time Zone Command • Traffic Meter Command • Firewall Logs and Email Alerts Commands IMPORTANT: After you have issued a command that includes the word...
Page 145 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format ip_version {IPv4 | IPv6} enable_ipv4 {Y | N} access_type {Everyone | IP_Range {from_address <ipaddress>} {end_address <ipaddress>} | To_this_PC_only {only_this_pc_ip <ipaddress>}} port <number> enable_ipv6 {Y | N} access_type6 {Everyone | IP_Range {from_address6 <ipv6-address>} {end_address6 <ipv6-address>} |...
Page 146: System Remote_Management Telnet Configure
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Everyone, IP_Range, or Specifies the type of access: access_type6 To_this_PC_only • Everyone. Enables access to all IP addresses. You do not need to configure any IP address.
Page 147 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: You can configure remote management over Telnet for both IPv4 and IPv6 connections because these connections are not mutually exclusive. Step 1 Format system remote_management telnet configure Mode system Step 2 Format...
Page 148 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The single IP address if you have set the only_this_pc_ip ipaddress access_type keyword to To_this_PC_only. Telnet over an IPv6 connection Y or N...
Page 149: Snmp Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N SNMP Commands system snmp trap configure <ip address> This command configures a new or existing SNMP agent to which trap information is forwarded. After you have issued the system snmp trap configure command to specify...
Page 150: System Snmp Sys Configure
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N system snmp trap delete <ipaddress> This command deletes an SNMP agent by deleting its IP address. Format system snmp trap delete <ipaddress> Mode system Related show command: show system snmp trap [agent ipaddress] system snmp sys configure This command configures the SNMP system information.
Page 151: Time Zone Command
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Time Zone Command system time configure This command configures the system time, date, and NTP servers. After you have issued the system time configure command, you enter the system-config [time] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 152 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 12. Timezone keywords GMT time and location Note: Enter the keywords exactly as stated (you can use autocompletion keys). If there are two locations for the same time zone, enter the location exactly as stated.
Page 153 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 12. Timezone keywords (continued) GMT time and location Note: Enter the keywords exactly as stated (you can use autocompletion keys). If there are two locations for the same time zone, enter the location exactly as stated.
Page 154: Traffic Meter Command
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 12. Timezone keywords (continued) GMT time and location Note: Enter the keywords exactly as stated (you can use autocompletion keys). If there are two locations for the same time zone, enter the location exactly as stated.
Page 155 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N block_type {Block-all-traffic | Block-all-traffic-except-email} send_email_alert {Y | N} Mode system-config [traffic-meter] Keyword Associated Keyword to Select or Description Parameter to Type Traffic meter configuration Y or N Enables or disables the traffic meter.
Page 156 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Select or Description Parameter to Type The hour in the format HH (00 to 12) time_hour hour that the traffic counter restarts. This keyword applies only when you have set the counter keyword to SpecificTime.
Page 157: Firewall Logs And Email Alerts Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Firewall Logs and Email Alerts Commands system logging configure This command configures routing logs for accepted and dropped IPv4 and IPv6 packets, selected system logs, and logs for other events. After you have issued the system...
Page 158 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Description Keyword to Select Routing logs Y or N lan_wan_accept_packet_logs Y or N lan_wan_drop_packet_logs Y or N lan_dmz_accept_packet_logs Y or N lan_dmz_drop_packet_logs Y or N dmz_wan_accept_packet_logs Enables or disables packet logging for...
Page 159: System Logging Remote Configure
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Description Keyword to Select Other event logs Y or N Enables or disables logging of packets source_mac_filter_logs from MAC addresses that match the source MAC address filter settings. Y or N...
Page 160 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N email_logs_enable {Y | N} email_server {ipaddress | domain name} return_email <email address> send_to_email <email address> smtp_custom_port <number> smtp_auth type {None | Plain {smtp_auth username <user name>} {smtp_auth password <password>} | CRAM-MD5 {smtp_auth username <user name>} {smtp_auth password <password>}}...
Page 161 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Description separate words) Select or Parameter to Type None, Plain, or CRAM-MD5 The type of authentication for the smtp_auth type SMTP server. If you select Plain or...
Page 162 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Description separate words) Select or Parameter to Type Syslog server ipaddress or domain name The IP address or domain name of syslog_server the syslog server.
Page 163: Chapter 6 Dot11 Mode Configuration Commands
Dot11 Mode Configuration Commands This chapter explains the configuration commands, keywords, and associated parameters in the dot11 mode. The chapter includes the following sections: • Wireless Radio Commands • Wireless Profile Commands IMPORTANT: After you have issued a command that includes the word configure, add, or edit, you need to save (or cancel) your changes.
Page 164 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Select or Description Parameter to Type After you have selected a geographical country africa, asia, region, select a predefined country name europe, country within the selected region. For a list of...
Page 165 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Select or Description Parameter to Type The default transmit power in dBm, which default_transmit_power number can range from 0 to 31. Note: If the country regulation does not allow the transmit power that you configure, the power will be automatically adjusted to the legally allowed power.
Page 166 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 13. Region and country keywords (continued) Region Country Asia Indonesia (continued) Japan Kazakhstan KoreaRepublic Macau Malaysia Nepal NorthKorea Pakistan Philippines Singapore SriLanka Taiwan Thailand Uzbekistan Vietnam Europe Albania Armenia Austria Belarus Belgium...
Page 167 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 13. Region and country keywords (continued) Region Country Europe France (continued) Georgia Note: This keyword might be located under another region. The command syntax might change in a future release. Germany Greece...
Page 168 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 13. Region and country keywords (continued) Region Country Europe Switzerland (continued) Turkey Ukraine UnitedKingdom MiddleEast Iran_IslamicRepublicOf Israel Bahrain Jordan Kuwait Lebanon Oman Qatar SaudiArabia Syria UnitedArabEmirates Yemen Oceania Australia NewZealand PapuaNewGuinea UnitedStates...
Page 169 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 13. Region and country keywords (continued) Region Country UnitedStates ElSalvador (continued) Guatemala Honduras Jamaica Mexico Panama Peru PuertoRico TrinidadAndTobago UnitedStates_US Uruguay Venezuela Command example: FVS318N> dot11 radio configure dot11-config[radio]> country united_states UnitedStates_US dot11-config[radio]>...
Page 170 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format beacon_interval <milliseconds> dtim_interval <milliseconds> rts_threshold <bytes> fragmentation_threshold <bytes> preamble_mode <Long | Short> protection_mode {CTS-to-Self_Protection | None} power_save_enable {Y | N} Mode dot11-config [radio-advance] Keyword Associated Keyword to Description Select or Parameter to Type...
Page 171: Wireless Profile Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N dot11-config[radio-advance]> power_save_enable Y dot11-config[radio-advance]> save Related show command: show dot11 radio Wireless Profile Commands dot11 profile configure <profile name> This command configures a new or existing profile. After you have issued the dot11...
Page 172 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist Associated Keyword to Select Description of two separate words) or Parameter to Type Open, WEP, WPA, WPA2, or The type of security and associated encryption. security_type Your selection determines which other keywords...
Page 173 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist Associated Keyword to Select Description of two separate words) or Parameter to Type PSK, RADIUS, or PSK+RADIUS The WPA authentication type. Note the following: wpa authentication • PSK. Requires you to set the wpa wpa_password keyword and associated parameter.
Page 174 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N dot11-config[profile]> wpa authentication PSK dot11-config[profile]> wpa wpa_password Se36cu37re38! dot11-config[profile]> enable_active_time Y dot11-config[profile]> start hour 8 dot11-config[profile]> start meridiem AM dot11-config[profile]> start minute 00 dot11-config[profile]> stop hour 5 dot11-config[profile]> stop meridiem PM dot11-config[profile]> stop minute 00 dot11-config[profile]>...
Page 175 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show dot11 profile [profile name] dot11 profile acl configure <profile name> This command adds a MAC address to or deletes a MAC address from an access control list (ACL) and configures the ACL setting for a selected profile. After you have issued the dot11...
Page 176 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N dot11 profile wps configure This command configures Wi-Fi Protected Setup™ (WPS) for as SSID. After you have issued the dot11 profile wps configure command, you enter the dot11-config [ap-wps] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 177: Chapter 7 Vpn Mode Configuration Commands
VPN Mode Configuration Commands This chapter explains the configuration commands, keywords, and associated parameters in the vpn mode. The chapter includes the following sections: • IPSec VPN Wizard Command • IPSec IKE Policy Commands • IPSec VPN Policy Commands • IPSec VPN Mode Config Commands •...
Page 178: Ipsec Vpn Wizard Command
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPSec VPN Wizard Command vpn ipsec wizard configure <Gateway | VPN_Client> This command configures the IPSec VPN wizard for a gateway-to-gateway or gateway-to-VPN client connection. After you have issued the vpn ipsec wizard...
Page 179 Local Remote Auth Encr _______ _________________ ___________ ___________ ______________________________________ ______________________________ _____ ____ Enabled FVS318N-to-Peer44 Auto Policy Tunnel Mode 2002:408b:36e4:a:a8ab:bbff:fe00:1 / 64 fe80::a4bb:ffdd:fe01:2 / 64 SHA-1 3DES Enabled FVS-to-Paris Auto Policy Tunnel Mode 192.168.1.0 / 255.255.255.0 192.168.50.0 / 255.255.255.255 SHA-1 3DES...
Page 180: Ipsec Ike Policy Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N To display the IKE policy configuration that the wizard created through the vpn ipsec wizard configure command, issue the show vpn ipsec ikepolicy setup command: FVS318N> show vpn ipsec ikepolicy setup List of IKE Policies...
Page 181 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N extended_authentication {None | IPSecHost {xauth_username <user name>} {xauth_password <password>} | EdgeDevice {extended_authentication_type {User-Database | RadiusPap | RadiusChap}}} Mode vpn-config [ike-policy] Keyword Associated Keyword to Description Select or Parameter to Type Mode Config record selection and general policy settings...
Page 182 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Local and remote identifiers IPv4 or IPv6 If the local_identtype and ip_version remote_identtype keywords are set to Local_Wan_IP, specifies the IP address version for both the local and remote endpoints: •...
Page 183 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Specifies the ISAKMP identifier to be remote_identtype Remote_Wan_IP, FQDN, User-FQDN, or used by the wireless VPN firewall: DER_ASN1_DN • Remote_Wan_IP. The WAN IP address of the remote endpoint.
Page 184 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Pre_shared_key or Specifies the authentication method: auth_method RSA_Signature • Pre_shared_key. A secret that is shared between the wireless VPN firewall and the remote endpoint. You...
Page 185 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Extended authentication settings None, IPSecHost, or Specifies whether or not Extended extended_authentication Authentication (XAUTH) is enabled, and, EdgeDevice if enabled, which device is used to verify user account information: •...
Page 186: Ipsec Vpn Policy Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: FVS318N> vpn ipsec ikepolicy configure FVS-to-Paris vpn-config[ike-policy]> enable_mode_config N vpn-config[ike-policy]> direction_type Both vpn-config[ike-policy]> exchange_mode Main vpn-config[ike-policy]> ip_version ipv4 vpn-config[ike-policy]> local_identtype Local_Wan_IP vpn-config[ike-policy]> local_identifier 10.139.54.228 vpn-config[ike-policy]> remote_identtype Remote_Wan_IP vpn-config[ike-policy]> remote_identifier 10.112.71.154 vpn-config[ike-policy]> encryption_algorithm 3DES vpn-config[ike-policy]>...
Page 187 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Format vpn ipsec vpnpolicy configure <vpn policy name> Mode Step 2 Format general_policy_type {Auto-Policy | Manual-Policy} general_ip_version {IPv4 | IPv6} general_remote_end_point_type {FQDN {general_remote_end_point fqdn <domain name> | IP-Address {general_remote_end_point ip_address <ipaddress> | {general_remote_end_point ipv6_address <ipv6-address>}}...
Page 188 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N manual_spi_out <number> manual_authentication_algorithm {MD5 | SHA-1} manual_authentication_key_in <key> manual_authentication_key_out <key> auto_sa_lifetime {bytes <number> | {seconds <seconds>} auto_encryption_algorithm {None | DES | 3DES | AES-128 | AES-192 | AES-256} auto_authentication_algorithm {MD5 | SHA-1} auto_enable_pfskeygroup {N | Y {auto_dh_group {Group1_768_bit | Group2_1024_bit | Group5_1536_bit}}} auto_select_ike_policy <ike policy name>...
Page 189 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type IPv4 or IPv6 If the general_remote_end_point_type general_ip_version keyword is set to IP-Address, specifies the IP address version for the remote endpoint,...
Page 190 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type If the general_remote_end_point_type general_remote_end_point ipv6-address ipv6_adress keyword is set to IP-Address, and if the general_ip_version keyword is set to IPv6, the IPv6 address of the remote endpoint.
Page 191 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type The maximum number of keep-alive request general_keep_alive_failue_count number failures before the wireless VPN firewall tears down the connection and then attempts to reconnect to the peer.
Page 192 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type If the general_local_network_type general_local_end_address ipaddress keyword is set to RANGE, and if the general_ip_version keyword is set to IPv4, specifies the local IPv4 end address.
Page 193 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type Traffic selector settings—Remote address information Specifies the address or addresses that are general_remote_network_type ANY, SINGLE, RANGE, or SUBNET part of the VPN tunnel on the remote end: •...
Page 194 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type If the general_remote_network_type general_remote_subnet_mask subnet mask keyword is set to SUBNET, and if the general_ip_version keyword is set to IPv4, specifies the subnet mask.
Page 195 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type Manual policy settings—Outbound policy The Security Parameters Index (SPI) for the manual_spi_out number outbound policy as an hexadecimal value between 3 and 8 characters.
Page 196 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type MD5 or SHA-1 Specifies the authentication algorithm to auto_authentication_algorithm negotiate the security association (SA): • SHA-1. Hash algorithm that produces a 160-bit digest.
Page 197 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn ipsec vpnpolicy delete <vpn policy name> This command deletes a VPN policy by specifying the name of the VPN policy. Format vpn ipsec vpnpolicy delete <vpn policy name> Mode Related show command: show vpn ipsec vpnpolicy setup vpn ipsec vpnpolicy disable <vpn policy name>...
Page 198: Ipsec Vpn Mode Config Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn ipsec vpnpolicy drop <vpn policy name> This command terminates an active VPN connection by specifying the name of the VPN policy. Format vpn ipsec vpnpolicy drop <vpn policy name> Mode Related show command:...
Page 199 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N pfs_key_group {N | Y {dh_group {Group1_768_bit | Group2_1024_bit | Group5_1536_bit}}} sa_lifetime_type {Seconds {sa_lifetime <seconds>} | KBytes {sa_lifetime <KBytes>}) encryption_algorithm {None | DES | 3DES | AES-128 | AES-192 | AES-256} integrity_algorithm {MD5 | SHA-1} local_ip <ipaddress>...
Page 200 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Seconds or KBytes Specifies whether the sa_lifetime sa_lifetime_type keyword is set in seconds or Kbytes. seconds or number Depending on the setting of the...
Page 201: Ssl Vpn Portal Layout Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn ipsec modeConfig delete <record name> This command deletes a Mode Config record by specifying its record name. Format vpn ipsec modeConfig delete <record name> Mode Related show command: show vpn ipsec mode_config setup...
Page 202 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The banner title (alphanumeric banner_title banner name string). Place text that consists of more than one word between quotes. The banner message banner_message message text (alphanumeric string).
Page 203 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Format vpn sslvpn portal-layouts edit <row id> Mode Step 2 Format portal_name <portal name> portal_title <portal title> banner_title <banner title> banner_message <message text> display_banner {Y | N} enable_httpmetatags {Y | N}...
Page 204: Ssl Vpn Authentication Domain Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn portal-layouts delete <row id> This command deletes an SSL VPN portal layout by specifying its row ID. Format vpn sslvpn portal-layouts delete <row id> Mode Related show command: show vpn sslvpn portal-layouts...
Page 205 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The authentication method that is applied to authentication_type LocalUserDatabase, the domain: Radius-PAP, Radius-CHAP, Radius-MSCHAP, • For all selections with the exception of Radius-MSCHAPv2,...
Page 206 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users domains edit <row id> This command configures an existing authentication domain that is not limited to SSL VPN users. After you have issued the vpn sslvpn users domains edit command to specify...
Page 207 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The authentication method that is applied to authentication_type LocalUserDatabase, the domain: Radius-PAP, Radius-CHAP, Radius-MSCHAP, • For all selections with the exception of Radius-MSCHAPv2,...
Page 208: Ssl Vpn Authentication Group Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N SSL VPN Authentication Group Commands vpn sslvpn users groups add This command configures a new authentication group that is not limited to SSL VPN users. After you have issued the vpn sslvpn users groups add command, you enter the users-config [groups] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 209: Ssl Vpn User Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Format vpn sslvpn users groups edit <row id> Mode Step 2 Format domain_name <domain name> group_name <group name> idle_timeout <minutes> Mode users-config [groups] Keyword Associated Description Parameter to Type The domain name (alphanumeric string) to which the group...
Page 210 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Format vpn sslvpn users users add Mode Step 2 Format user_name <user name> user_type {SSLVPNUser | Administrator | Guest | IPSECVPNUser | L2TPUser} group <group name> password <password> confirm_password <password> idle_timeout <minutes>...
Page 211 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users edit <row id> This command configures an existing user account. The command is not limited to SSL VPN users. After you have issued the vpn sslvpn users users edit command to specify...
Page 212 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users delete <row id> This command deletes a user account by specifying its row ID. Format vpn sslvpn users users delete <row id> Mode Related show command: show vpn sslvpn users users vpn sslvpn users users login_policies <row id>...
Page 213 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users ip_policies configure <row id> This command configures source IP addresses from which a user is either allowed or denied access. The command is not limited to SSL VPN users. After you have issued the vpn...
Page 214 IPNetwork and the ip_version keyword is set to IPv6, the prefix length of the IPv6 network. Command example: FVS318N> vpn sslvpn users users ip_policies configure 5 users-config[ip-policy]> allow_login_from_defined_addresses Y users-config[ip-policy]> ip_version IPv4 users-config[ip-policy]> source_address_type IPAddress users-config[ip-policy]> source_address 10.156.127.39 users-config[ip-policy]>...
Page 215 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users ip_policies delete <row id> This command deletes a source IP address for a user by specifying the row ID of the table. Format vpn sslvpn users ip_policies delete <row id>...
Page 216: Ssl Vpn Port Forwarding Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Removes a browser from delete_browser InternetExplorer, the browser list (after you NetscapeNavigator, first have added the Opera, Firefox, Mozilla browser to the browser list).
Page 217: Vpn Sslvpn Portforwarding Hostconfig Add
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Description Parameter to Type The IP address of the local server that hosts the application. server_ip ipaddress The TCP port number of the local server that hosts the application. port number Command example: FVS318N>...
Page 218: Ssl Vpn Client Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Description Parameter to Type The IP address of the local server that hosts the application. server_ip ipaddress Note: The IP address needs to be the same as the IP address that you assigned through the...
Page 219 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format enable_full_tunnel {Y | N} dns_suffix <suffix> primary_dns <ipaddress> secondary_dns <ipaddress> begin_client_address <ipaddress> end_client_address <ipaddress> Mode [sslvpn-client-ipv4-settings] Keyword Associated Keyword to Description Select or Parameter to Type Y or N Enables or disables full-tunnel support: enable_full_tunnel •...
Page 220: Vpn Sslvpn Client Ipv
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn client ipv6 This command configures the SSL client IP address range. After you have issued the vpn sslvpn client ipv6 command, you enter the [sslvpn-client-ipv6-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 221: Vpn Sslvpn Route Add
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn route add This command configures a static client route to a destination network. After you have issued the vpn sslvpn route add command, you enter the [sslvpn-route-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 222: Ssl Vpn Resource Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N [sslvpn-route-settings]> subnet_mask 255.255.255.254 [sslvpn-route-settings]> save Related show command: show vpn sslvpn route vpn sslvpn route delete <row id> This command deletes a client route by specifying its row ID. Format vpn sslvpn route delete <row id>...
Page 223 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: FVS318N> vpn sslvpn resource add [sslvpn-resource-settings]> resource_name TopSecure [sslvpn-resource-settings]> service_type PortForwarding [sslvpn-resource-settings]> save Related show command: show vpn sslvpn resource vpn sslvpn resource delete <row id> This command deletes a resource by specifying its row ID.
Page 224 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N For an IP network: ip_version {IPv4 {object_address <ipaddress>} {mask_length <subnet mask length>} | IPv6 {object_address6 <ipv6-address>} {mask_length <prefix length>}} start_port <port number> end_port <port number> Mode [sslvpn-resource-settings] Keyword Associated Keyword to Description Select or Parameter to Type...
Page 225: Ssl Vpn Policy Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type subnet mask length or The nature of this keyword and parameter depend on mask_length the setting of the ip_version and object_type prefix length keywords: •...
Page 226 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format policy_name <policy name> policy type {Global | Group {policy_owner <group name>} | User {policy_owner <user name>}} destination_object_type {NetworkResource | IPAddress | IPNetwork | All} In addition to a policy name, policy type, and destination object type, configure the...
Page 227 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The policy name (alphanumeric string). policy_name policy name Global, Group, or User The SSL VPN policy type: policy_type • Global. The policy is global and includes all groups and users.
Page 228 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The policy destination type, which determines destination_object_type NetworkResource, IPAddress, IPNetwork, or how the policy is applied, and, in turn, which keywords you need to issue to specify the policy: •...
Page 229 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type • IPNetwork. The policy is applied to an IPv4 destination_object_type NetworkResource, IPAddress, IPNetwork, or or IPv6 network address. You need to issue (continued)
Page 230 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type IPv4 or IPv6 The IP version that applies to the policy: ip_version • IPv4. The policy is for an IPv4 network resource, IPv4 address, IPv4 network, or for all IPv4 addresses.
Page 231 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N [sslvpn-policy-settings]> policy_type Global [sslvpn-policy-settings]> destination_object_type NetworkResource [sslvpn-policy-settings]> resource_name TopSecure [sslvpn-policy-settings]> policy_permission Permit [sslvpn-policy-settings]> save [sslvpn-policy-settings]> policy_name Management [sslvpn-policy-settings]> ip_version IPv4 [sslvpn-policy-settings]> policy_type Group [sslvpn-policy-settings]> policy_owner Headquarter [sslvpn-policy-settings]> destination_object_type All [sslvpn-policy-settings]> start_port 15652 [sslvpn-policy-settings]> end_port 15658 [sslvpn-policy-settings]>...
Page 232 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N In addition to a policy name, policy type, and destination object type, configure the following for an IP address: ip_version {IPv4 {policy_address <ipaddress>} | IPv6 {policy_address6 <ipv6-address>}} start_port <port number> end_port <port number>...
Page 233 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type group name or user name The owner of the policy depends on the setting policy_owner of the policy_type keyword: • Group. Specify the group name to which the policy applies.
Page 234 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type • IPNetwork. The policy is applied to an IPv4 destination_object_type NetworkResource, IPAddress, IPNetwork, or or IPv6 network address. You need to issue (continued)
Page 235 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type IPv4 or IPv6 The IP version that applies to the policy: ip_version • IPv4. The policy is for an IPv4 network resource, IPv4 address, IPv4 network, or for all IPv4 addresses.
Page 236: Radius Server Command
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: See the command example for the vpn sslvpn policy add command. Related show command: show vpn sslvpn policy vpn sslvpn policy delete <row id> This command deletes an SSL VPN policy by specifying its row ID.
Page 237 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Primary RADIUS server Y or N Specifies whether or not the primary enable RADIUS server is enabled. The IPv4 address of the primary...
Page 238: L2Tp Server Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N L2TP Server Commands vpn l2tp server configure This command configures the L2TP server. After you have issued the vpn l2tp server configure command, you enter the l2tp-server-config [policy] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 239: Chapter 8 Overview Of The Show Commands
Overview of the Show Commands This chapter provides an overview of all show commands for the five configuration command modes. The chapter includes the following sections: • Network Settings (Net Mode) Show Commands • Security Settings (Security Mode) Show Commands •...
Page 240 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 14. Show commands: show net mode (continued) Submode Command Name Purpose show net lan dhcp reserved_ip setup Display information about the DHCP clients, including the assigned (reserved) IP addresses. show net lan ipv4 advanced setup Display the advanced IPv4 LAN configuration.
Page 241: Security Settings (Security Mode) Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Security Settings (Security Mode) Show Commands Enter the show security ? command at the CLI prompt to display the categories of show commands in the security mode. The following table lists the commands in alphabetical order: Table 15.
Page 242: Administrative And Monitoring Settings (System Mode) Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 15. Show commands: show security mode (continued) Submode Command Name Purpose show security firewall session_limit Display the session limit settings. firewall (continued) show security firewall session_settings Display the session time-out settings. show security porttriggering_rules setup Display the port triggering rules.
Page 243: Wireless Settings (Dot11 Mode) Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 16. Show commands: show system mode (continued) Submode Command Name Purpose time show system time setup Display the time configuration and the configuration of the NTP server. traffic_meter show system traffic_meter setup Display the configuration of the traffic meter and the Internet traffic statistics.
Page 244 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 18. Show commands: show vpn mode (continued) Submode Command Name Purpose show vpn ipsec vpnpolicy setup Display the IPSec VPN policies. ipsec (continued) show vpn ipsec vpnpolicy status Display status information about the active and nonactive IPSec VPN policies.
Page 245: Chapter 9 Show Commands
Show Commands This chapter explains the show commands and associated parameters for the five configuration command modes. The chapter includes the following sections: • Network Settings (Net Mode) Show Commands • Security Settings (Security Mode) Show Commands • Administrative and Monitoring Settings (System Mode) Show Commands •...
Page 246 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net wan mode This command displays the WAN mode configuration: WAN MODE Setup ______________ Routing Mode: NAT IP Mode: IPv4/IPv6 mode show net wan port_setup This command displays the configuration of the WAN port:...
Page 247 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net wan wan1 ipv4 status This command displays the IPv4 WAN connection status: WAN Status __________ MAC Address: AA:AB:BB:00:00:02 IPv4 Address: 10.139.54.228 / 255.255.255.248 Wan State: UP NAT (IPv4 only): Enabled IPv4 Connection Type: STATIC...
Page 248: Ipv6 Mode And Ipv6 Tunnel Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 Mode and IPv6 Tunnel Show Commands show net ipv6 ipmode setup This command displays the IPv6 routing mode configuration: IP MODE _______ IPv4 only mode : Disabled IPv4/IPv6 mode : Enabled show net ipv6_tunnel setup...
Page 249: Dynamic Dns Show Commands
1 00:02:26 FVS318N local7.info dhcpd: Sending on LPF/bdg1/aa:ab:bb:00:00:01/192.168.1.0/24 1 00:02:26 FVS318N local7.info dhcpd: Sending on Socket/fallback/fallback-net 1 00:02:34 FVS318N local7.info dhcpd: Wrote 0 leases to leases file. 1 00:02:34 FVS318N local7.info dhcpd: Listening on LPF/bdg1/aa:ab:bb:00:00:01/192.168.1.0/24 1 00:02:34 FVS318N local7.info dhcpd: Sending on LPF/bdg1/aa:ab:bb:00:00:01/192.168.1.0/24...
Page 250 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N VLAN Profiles _____________ Status Profile Name VLAN Id IPv4 Address Subnet Mask DHCP Status Server Address _______ ____________ _______ ____________ _______________ ___________ _______________________________ Enabled Default 192.168.1.1 255.255.255.0 DHCP Server 192.168.1.100 - 192.168.1.254 Enabled Sales 192.168.70.1 255.255.255.0...
Page 251 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net ethernet {interface name | all} This command displays the MAC address and VLAN status for a single or all Ethernet interfaces: FVS318N> show net ethernet eth1 MAC Address: AA:AB:BB:00:00:02 VLAN ID: 1...
Page 252: Ipv6 Lan Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net lan lan_groups This command displays the LAN groups: Row ID : Group Name ___________________ GROUP1 GROUP2 GROUP3 GROUP4 Management SalesEMEA SalesAmericas GROUP8 show net lan ipv4 multiHoming This command displays the LAN secondary IP addresses:...
Page 253: Show Net Radvd Lan Setup
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N DHCP Status: Enable DHCPv6 Server DHCP Mode: Stateless Domain Name: netgear.com Server Preference: 255 DNS Servers: Use DNS from ISP Lease/Rebind Time: 86400 List of IPv6 Address Pools __________________________ Start Address End Address...
Page 254: Dmz Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net lan ipv6 multiHoming This command displays the LAN secondary IPv6 addresses: IPv6 LAN Multi-homing _____________________ Available Secondary LAN IPs :- ______________________________ Row Id: 1 IPv6 Address: 2001:db8:3000::2192 Prefix Length: 10 DMZ Show Commands...
Page 255: Routing Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net radvd dmz setup This command displays the DMZ RADVD configuration: Router Advertisement Daemon ( RADVD ) _____________________________________ RADVD Status: Enabled Advertise Mode: Unicast only Advertise Interval: 30 RA Flags Managed: Disabled...
Page 256: Network Statistics Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Not Valid After: 2011/12/31@23:59:59 Second Key Parameters MD5 Key Id: 2 MD5 Auth Key: ***** Not Valid Before: 2011/12/31@24:00:00 Not Valid After: 2012/03/31@23:59:59 show net routing static ipv4 setup This command displays the IPv4 static routes configuration:...
Page 257: Security Settings (Security Mode) Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Mcast: 0 Coll: 0 FVS318N> show net statistics all Interface Statistics ____________________ IFACE PktRx PktTx ByteRx ByteTx ErrRx ErrTx DropRx DropTx Mcast Coll _____ ______ ______ ________ ________ _____ _____ ______ ______ _____ ____...
Page 258: Schedules Show Command
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Schedules Show Command show security schedules setup This command displays the configured schedules: Schedules _________ List of Available Schedules ROW ID Name Days Start Time End Time ______ _________ _________________________ __________ ________ schedule1 Monday, Wednesday, Friday 07:15 AM...
Page 259 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Destination: Broadband Bandwidth Profile: NONE Log: Never show security firewall ipv4 setup dmz_wan This command displays the configured IPv4 DMZ WAN firewall rules: Default Outbound Policy for IPv4 : Allow Always DMZ WAN Outbound Rules.
Page 260: Attack Checks Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N DMZ User: 176.16.2.65 - 176.16.2.85 Log: Never LAN DMZ Inbound Rules. ______________________ ROWID: 101 Status: Enabled Service Name: SSH:UDP Filter: BLOCK by schedule,otherwise allow DMZ User: 176.16.2.211 LAN User: 192.168.4.109 Log: Always show security firewall ipv6 setup...
Page 261 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security firewall attack_checks setup ipv4 This command displays which WAN and LAN security checks are enabled for IPv4: Attack Checks _____________ WAN Security Checks: _____________________ Respond to ping on Wan : Yes...
Page 262: Session Limits Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Session Limits Show Commands show security firewall session_limit This command displays the session limit settings: Session Settings ________________ Session Limit Enable: Enabled Connection Limit Type: User Connection Limit: TCP Session Timeout Duration: 1800(Secs)
Page 263: Address Filter Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Address Filter Show Commands show security address_filter enable_email_log This command displays the configuration of the IP/MAC binding log: Email logs for IP/MAC binding violation _______________________________________ Email logs for IP/MAC binding violation: Enabled Email logs for IP/MAC binding violation IPv6...
Page 264: Port Triggering Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Port Triggering Show Commands show security porttriggering_rules setup This command displays the port triggering rules: Port Triggering _______________ List of Available Port Triggering Rules _______________________________________ ROW ID: 1 Name: AccInq Enable: Yes Type: TCP...
Page 265: Bandwidth Profiles Show Command
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security upnp setup This command displays the UPnP configuration: UPnP configuration __________________ Advertisement Period: 30 Advertisement Time To Live: 4 Bandwidth Profiles Show Command show security bandwidth profile setup This command displays the configured bandwidth profiles:...
Page 266 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security content_filter block_group This command displays the groups for which content filtering is enabled: Blocked Groups ______________ List of Blocked Groups Blocked Groups: Unblocked Groups : GROUP1, GROUP2, GROUP3, GROUP4, Management, SalesEMEA,...
Page 267: Administrative And Monitoring Settings (System Mode) Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Administrative and Monitoring Settings (System Mode) Show Commands This section contains the following subsections: • Remote Management Show Command • SNMP Show Commands • Time Show Command • Firmware Version Show Command •...
Page 268: Snmp Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N SNMP Show Commands show system snmp trap [agent ipaddress] This command displays the SNMP trap configuration of an SNMP agent: Trap Agent IP Address _____________________ IP Address: 10.118.33.245 Subnet Mask: 255.255.255.255 Port: 162...
Page 269: Firmware Version Show Command
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Firmware Version Show Command show system firmware_version This command displays the firmware version: Firmware Version : 4.1.1-8 Status Show Command show system status This command displays the system status (also referred to as router status) information:...
Page 270 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IP Address: 192.168.90.5 Subnet Mask: 255.255.255.128 DHCP Status: Disabled Lan Port 4 Information ______________________ VLAN Profile: Default VLAN ID: MAC Address: E0:46:9A:1D:1A:9C IP Address: 192.168.1.1 Subnet Mask: 255.255.255.0 DHCP Status: Enabled Lan Port 5 Information...
Page 271 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N VLAN Profile: Default VLAN ID: MAC Address: E0:46:9A:1D:1A:9C IP Address: 192.168.1.1 Subnet Mask: 255.255.255.0 DHCP Status: Enabled Broadband Information _____________________ MAC Address: AA:AB:BB:00:00:02 IPv4 Address: 10.139.54.228 / 255.255.255.248 IPv6 Address: fe80::a8ab:bbff:fe00:2 / 64...
Page 272: Traffic Meter Show Command
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Traffic Meter Show Command show system traffic_meter setup This command displays the configuration of the traffic meter and the Internet traffic statistics: Enable Traffic Meter ____________________ Traffic Meter is Enabled Limit Type Download only...
Page 273: Logging Configuration Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Logging Configuration Show Commands show system logging setup This command displays the configuration of the IPv4 and IPv6 logs: Logging Config ______________ Routing Logs ____________ LAN to WAN __________ Accepted Packets: Disabled Dropped Packets:...
Page 274: Show System Logging Remote Setup
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N ___________ Change of time by NTP: Disabled Login attempts: Enabled Secure Login attempts: Enabled Reboots: Enabled All Unicast Traffic: Disabled All Broadcast/Multicast Traffic: Disabled WAN Status: Disabled Resolved DNS Names: Disabled VPN Logs:...
Page 275: Logs Show Commands
This command displays the system logs (the following example shows only part of the command output): Wed Dec 7 14:06:23 2011(GMT) [FVS318N][System][NTP] Looking Up time-g.netgear.com Wed Dec 7 14:06:25 2011(GMT) [FVS318N][System][NTP] Requesting time from time-g .netgear.com Wed Dec 7 14:06:26 2011(GMT) [FVS318N][System][NTP] Synchronized time with time -g.netgear.com...
Page 276 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N wireless MAC[0] : e0469a1d1aae wireless MAC[1] : e0469a1d1aaf wireless MAC[2] : e0469a1d1ab0 wireless MAC[3] : e0469a1d1ab1 vlan[0] MAC : e0469a1d1a9f vlan[1] MAC : e0469a1d1aa0 vlan[2] MAC : e0469a1d1aa1 vlan[3] MAC : e0469a1d1aa2 vlan[4] MAC : e0469a1d1aa3...
Page 277: Wireless Settings (Dot11 Mode) Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Wireless Settings (Dot11 Mode) Show Commands This section contains the following subsections: • Radio Show Command • Profile Show Commands • Wireless Statistics Commands Radio Show Command show dot11 radio This command displays the configuration information for the radio:...
Page 278: Profile Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Profile Show Commands show dot11 profile [profile name] This command displays basic information for all profiles or basic and advanced information for a specified profile: • All profiles: FVS318N> show dot11 profile Status...
Page 279 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N PktTx: 0 ByteRx: 0 ByteTx: 0 ErrRx: 0 ErrTx: 0 DropRx: 0 DropTx: 11301 MCast: 0 #Coll: 0 Connected Clients _________________ show dot11 acl <profile name> This command displays the ACL policy and MAC addresses for the specified profile:...
Page 280: Wireless Statistics Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Wireless Statistics Commands show dot11 statistics This command displays the cumulative wireless traffic statistics for all wireless profiles (note that the profiles are indicated by ap1, ap2, ap3, and so on): Wireless Statistics...
Page 281: Show Vpn Ipsec Vpnpolicy Setup
Local Remote Auth Encr _______ _________________ ___________ ___________ ______________________________________ ______________________________ _____ ____ Enabled FVS318N-to-Peer44 Auto Policy Tunnel Mode 2002:408b:36e4:a:a8ab:bbff:fe00:1 / 64 fe80::a4bb:ffdd:fe01:2 / 64 SHA-1 3DES Enabled FVS-to-Paris Auto Policy Tunnel Mode 192.168.1.0 / 255.255.255.0 192.168.50.0 / 255.255.255.255 SHA-1 3DES...
Page 282: Ssl Vpn Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Tue Apr 10 12:27:25 2012 (GMT -0700): [FVS318N] [IKE] INFO: Sending Informational Exchange: notify payload[10637] SSL VPN Show Commands show vpn sslvpn client This command displays the SSL VPN client ranges and configurations:...
Page 283: Show Vpn Sslvpn Policy
Successful for Local Admin user admin2 from host 10.116.205.103 Sat Dec 10 18:09:50 2011(GMT) [FVS318N][System][PLATFORM] platformHandleDBUpdate:SSLVPNPortalLayout op=23 row=1 Sat Dec 10 18:09:51 2011(GMT) [FVS318N][System][SSLVPN] Portal 'SSL-VPN' is set as default Sat Dec 10 18:09:53 2011(GMT) [FVS318N][System][SSLVPN] Domain Headquarter is successfully added. Authentication Type: ldapPortal Layout Name: SSL-VPN Sat Dec 10 18:10:21 2011(GMT) [FVS318N][System][SSLVPN] Group Sales is successfully added.
Page 284 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn portforwarding appconfig This command displays the SSL VPN port forwarding application configuration: Port Forwarding Application Configuration _________________________________________ Row Id Server IP Port ______ ______________ ____ 192.168.51.227 3389 192.168.51.230 4009 show vpn sslvpn portforwarding hostconfig...
Page 285: Ssl Vpn User Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn resource-object <resource name> This command displays the detailed configuration for the specified resource object: RESOURCE OBJECTS ________________ Row Id: 1 Object Type: IP Network Object Address: 192.168.30.56 Mask Length: 24...
Page 286: Show Vpn Sslvpn Users Groups
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn users groups This command displays the group configurations: List of Groups ______________ Row_Id Name Domain ______ _______________ ______________ geardomain* geardomain Headquarter Headquarter Sales Headquarter LevelI_Support LevelI_Support TEST TEST show vpn sslvpn users users...
Page 287 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn users ip_policies <row id> Note: The row ID refers to the List of Users table in the output of the show vpn sslvpn users users command. This command displays the login restrictions based on IP addresses for the specified user:...
Page 288: Radius Server Show Command
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn users active_users This command displays the active SSL VPN users: UserName: : admin GroupName: : geardomain LoginAddress: : 74.116.205.166 LoginTime: : Fri Apr 13 11:55:33 2012 (GMT -0700) RADIUS Server Show Command...
Page 289: L2Tp Server Show Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N L2TP Server Show Commands show vpn l2tp server setup This command displays the configuration of the L2TP server: L2TP Server Configuration _________________________ L2TP Server Status: Enabled L2TP Starting IP Address: 192.168.112.1 L2TP server Ending IP Address: 192.168.112.25...
Page 290: Chapter 10 Utility Commands
Utility Commands This chapter explains the configuration commands, keywords, and associated parameters in the Util mode. The chapter includes the following sections: • Overview Util Commands • Firmware Backup, Restore, and Upgrade Commands • Diagnostic Commands Overview Util Commands Enter the util ? command at the CLI prompt to display the description of the utility commands in the util mode.
Page 291: Firmware Backup, Restore, And Upgrade Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Firmware Backup, Restore, and Upgrade Commands util backup_configuration This command backs up the configuration file of the wireless VPN firewall to a TFTP server. Format util backup_configuration <destination file name> <tftp server address>...
Page 292: Diagnostic Commands
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N util restore_factory_defaults This command restores the wireless VPN firewall to factory default settings. It takes about 3 minutes for the wireless VPN firewall to come back up. Format util restore_factory_defaults Mode util Diagnostic Commands util dns_lookup This command looks up the IP address of a domain name.
Page 293: Util Ping_Through_Vpn_Tunnel
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N util ping_through_vpn_tunnel This command pings a VPN endpoint IP address with 56 data bytes through a VPN tunnel and displays the ping information. Format util ping_through_vpn_tunnel <ipaddress> Mode util FVS318N> util ping_through_vpn_tunnel 10.136.24.128 Pinging 192.168.1.1 from 5...
Page 294 CLI Command Index net radvd configure lan net radvd pool dmz delete dot11 profile acl configure net radvd pool dmz edit dot11 profile configure net radvd pool lan add dot11 profile delete net radvd pool lan delete dot11 profile disable net radvd pool lan edit dot11 profile enable net routing dynamic configure...
Page 295 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall attack_checks configure ipv4 show net ipv6 ipmode setup security firewall attack_checks configure ipv6 show net ipv6_tunnel setup security firewall attack_checks igmp setup show net ipv6_tunnel status security firewall attack_checks jumboframe setup...
Page 296 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security porttriggering_rules setup system time configure show security porttriggering_rules status system traffic_meter configure show security schedules setup show security services setup show security upnp portmap util backup_configuration show security upnp setup util dns_lookup...
Page 297 ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users domains add vpn sslvpn users domains delete vpn sslvpn users domains edit vpn sslvpn users groups add vpn sslvpn users groups delete vpn sslvpn users groups edit vpn sslvpn users users add...

NETGEAR ProSafe FVS318N Cli Reference Manual

Chapter 1 Introduction

Chapter 2 Overview of the Configuration Commands

Chapter 3 Net Mode Configuration Commands

Chapter 4 Security Mode Configuration Commands

Chapter 5 System Mode Configuration Commands

Chapter 6 Dot11 Mode Configuration Commands

Chapter 7 VPN Mode Configuration Commands

Chapter 8 Overview of the Show Commands

Chapter 9 Show Commands

Chapter 10 Utility Commands

Quick Links

Related Manuals for NETGEAR ProSafe FVS318N

Summary of Contents for NETGEAR ProSafe FVS318N

Table of Contents