Page 1
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N C L I Reference M a nua l 350 East Plumeria Drive San Jose, CA 95134 April 2012 202-10827-01 v1.0...
Introduction This document describes the command-line interface (CLI) for the NETGEAR ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N. This chapter introduces the CLI interface. It includes the following sections: • Command Syntax and Conventions • The Four Categories of Commands •...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command Syntax and Conventions A command is one or more words that can be followed by one or more keywords and parameters. Keywords and parameters can be required or optional: • A keyword is a predefined string (word) that narrows down the scope of a command. A keyword can be followed by an associated parameter or by associated keywords.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 1. Command conventions (continued) Symbol Example Description { } curly braces Indicate that you need to select a keyword from the list of {choice1 | choice2} choices. (choice1 and choice1 are keywords.) | vertical bars Separate the mutually exclusive choices.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Common Parameters Parameter values might be names (strings) or numbers. To use spaces as part of a name parameter, enclose the name value in double quotes. For example, the expression “System Name with Spaces” forces the system to accept the spaces. Empty strings (“”) are not valid user-defined strings.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Five Main Modes for Configuration Commands For the configuration commands, there are five main modes in the CLI: net, security, system, dot11, and vpn. Chapter 2, Overview of the Configuration Commands lists all commands in...
Page 12
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 3. Main configuration modes (continued) __________________________CLI________________________ ___Web Management Interface (GUI)___ Main Mode Submode Feature That You Can Configure Basic Path Security configuration commands security address_filter Source MAC filters Security > Address Filter...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N These are examples of commands for which you need to save your changes: • net lan ipv4 configure <vlan id> lets you enter the net-config [lan-ipv4] configuration mode. After you made your changes, issue save or exit to save your changes.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Three Basic Types of Commands You can encounter the following three basic types of commands in the CLI: • Entry commands to enter a configuration mode. Commands that let you enter a configuration mode from which you can configure various keywords and associated parameters and keywords.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command Autocompletion and Command Abbreviation Command autocompletion finishes spelling the command when you type enough letters of a command to uniquely identify the command keyword. You need to type all of the required keywords and parameters before you can use autocompletion.
Access the CLI You can access the CLI by logging in with the same user credentials (user name and password) that you use to access the web management interface. FVS318N> is the CLI prompt. FVS318N login: admin...
Overview of the Configuration Commands This chapter provides an overview of all configuration commands in the five configuration command modes. The keywords and associated parameters that are available for these commands are explained in the following chapters. The chapter includes the following sections: •...
Page 19
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 7. Net mode configuration commands (continued) Submode Command Name Purpose net ipv6_tunnel isatap add Configure a new IPv6 ISATAP tunnel. net ipv6_tunnel isatap delete <row id> Delete an IPv6 ISATAP tunnel. ipv6_tunnel net ipv6_tunnel isatap edit <row id>...
Page 20
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 7. Net mode configuration commands (continued) Submode Command Name Purpose net radvd configure dmz Configure the IPv6 RADVD for the DMZ. net radvd configure lan Configure the IPv6 RADVD for the LAN.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Security Settings (Security Mode) Configuration Commands Enter the security ? command at the CLI prompt to display the description of all the configuration commands in the security mode. The following table lists the commands in alphabetical order: Table 8.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Wireless Settings (Dot11 Mode) Configuration Commands Enter the dot11 ? command at the CLI prompt to display the description of all the configuration commands in the dot11 mode. The following table lists the commands in alphabetical order: Table 10.
Net Mode Configuration Commands This chapter explains the configuration commands, keywords, and associated parameters in the net mode. The chapter includes the following sections: • General WAN Commands • IPv4 WAN Commands • IPv6 WAN Commands • IPv6 Tunnel Commands •...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net wan port_setup IPv4 WAN Commands net wan_settings wanmode configure This command configures the mode of IPv4 routing between the WAN interface and LAN interfaces. After you have issued the net wan_settings wanmode configure command, you enter the net-config [routing-mode] mode, and then you can configure NAT or classical routing.
Page 32
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type STATIC, DHCPC, PPPoE, or Specifies the type of ISP connection. You isp_connection_type can specify only one type of connection: PPTP • STATIC. Configure the keywords and parameters in the STATIC section of this table.
Page 33
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Y or N Specifies whether or not the IP address is dhcpc get_dns_from_isp dynamically received from the ISP. If you select N, you need to issue the dhcpc primary_dns keyword and enter the IP address of the primary DNS server.
Page 34
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type After the connection has been reset, the pppoe delay_in_reset seconds number of seconds of delay before an PPPoE connection attempt is made. pppoe get_ip_dynamically Y or N Specifies whether or not the IP address is dynamically received from the ISP.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The idle time-out period in minutes (5 to pptp idle_time minutes 999), if the PPTP connection is configured for idle time-out, The IP address that was assigned by the ISP...
Page 36
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N selected ISP connection type, configure one keyword and associated parameter or associated keyword at a time in the order that you prefer. Step 1 Format net wan wan1 ipv6 configure Mode Step 2...
Page 37
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (consists of two Associated Keyword to Description separate words) Select or Parameter to Type DHCPC The type of DHCPv6 mode (stateless or dhcpc stateless_mode_enable StatelessAddrAutoConfig stateful). If you set the dhcpc stateless_mode_enable keywords...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net ipv6 ipmode setup IPv6 Tunnel Commands net ipv6_tunnel isatap add This command configures a new ISATAP tunnel. After you have issued the net ipv6_tunnel isatap add command, you enter the net-config [isatap-tunnel] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 39
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show commands: show net ipv6_tunnel setup show net ipv6_tunnel status net ipv6_tunnel isatap edit <row id> This command configures an existing ISATAP tunnel. After you have issued the net ipv6_tunnel isatap edit command to specify the row to be edited, you enter the net-config [isatap-tunnel] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show commands: show net ipv6_tunnel setup show net ipv6_tunnel status net ipv6_tunnel six_to_four configure This command enables or disables automatic tunneling, which allows traffic from an IPv6 LAN to be tunneled through an IPv4 WAN to reach an IPv6 network. After you have issued the net ipv6_tunnel six_to_four configure command, you enter the net-config [six-to-four-tunnel] mode, and then you can configure automatic tunneling.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Enables or disables DDNS. Use the Disable enable Disable, DynDNS, TZO, DNS_Oray, or 3322_DDNS keyword to disable DDNS after you had first enabled the service.
Page 43
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of Associated Keyword to Description two separate words) Select or Parameter to Type None, DHCP-Server, or Specifies the DHCP mode for the devices that dhcp mode are connected to the VLAN: DHCP-Relay •...
Page 44
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net-config[lan-ipv4]> static address 192.168.1.1 net-config[lan-ipv4]> static subnet_mask 255.255.255.0 net-config[lan-ipv4]> dhcp mode DHCP-Relay net-config[lan-ipv4]> dhcp relay_gateway 10.172.214.198 net-config[lan-ipv4]> proxy dns_enable N net-config[lan-ipv4]> inter_vlan_routing Y net-config[lan-ipv4]> save Related show command: show net lan ipv4 setup net lan ipv4 delete <vlan id>...
Page 45
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net lan ipv4 setup net ethernet configure <interface name or number> This command configures a VLAN for a LAN interface. After you have issued the net ethernet configure command to specify a LAN interface, you enter net-config [ethernet] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 46
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan ipv4 default_vlan This command configures the default VLAN for each port. After you have issued the net lan ipv4 default_vlan command, you enter the net-config [lan-ipv4-defvlan] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 47
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net lan ipv4 setup net lan ipv4 advanced configure This command configures advanced LAN settings such as the MAC address for VLANs and ARP broadcast. After you have issued the net lan ipv4 advanced configure...
Page 48
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net-config [dhcp-reserved-ip] mode, and then you can configure the IP address for the binding configuration. Step 1 Format net lan dhcp reserved_ip configure <mac address> Mode Step 2 Format ip_mac_name <device name> ip_addr_type {Fixed_set_on_PC | Dhcp_Reserved_IP} ip_address <ipaddress>...
Page 49
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan dhcp reserved_ip delete <mac address> This command deletes the binding of a MAC address to an IP address. Format net lan dhcp reserved_ip delete <mac address> Mode Related show commands: show net lan dhcp reserved_ip setup...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net lan ipv4 multiHoming net lan ipv4 multi_homing edit This command configures an existing IPv4 alias, that is, a secondary IPv4 address. After you have issued the net lan ipv4 multi_homing edit command, you enter the net-config [lan-ipv4-multihoming] mode, and then you can configure the secondary address and subnet mask in the order that you prefer.
Page 52
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net-config[lan-ipv6]> dhcp domain name netgear.com net-config[lan-ipv6]> dhcp server_preference 236 net-config[lan-ipv6]> dhcp dns_type useDnsProxy net-config[lan-ipv6]> dhcp rebind_time 43200 net-config[lan-ipv6]> save Related show command: show net lan ipv6 setup net lan ipv6 pool configure This command configures a new or existing IPv6 DHCP address pool. After you have issued...
Page 53
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan ipv6 multi_homing add This command configures a new IPv6 alias, that is, a secondary IPv6 address. After you have issued the net lan ipv6 multi_homing add command, you enter the net-config [lan-ipv6-multihoming] mode, and then you can configure the secondary address and IPv6 prefix length in the order that you prefer.
Page 54
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan ipv6 multi_homing delete <row id> This command deletes a secondary IPv6 address by specifying its row ID. Format net lan ipv6 multi_homing delete <row id> Mode Related show command: show net lan ipv6 multiHoming...
Page 55
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist Associated Keyword to Description of two separate words) Select or Parameter to Type The interval in seconds (integer) between interval seconds unsolicited multicast RAs. Enter a period from 10 to 1800 seconds. The default is 30 seconds.
Page 56
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format prefix_type {6To4 {sla_id <ID number>} | Global-Local-ISATAP {prefix_address <ipv6-address>} {prefix_length <prefix length>}} prefix_life_time <seconds> Mode net-config [radvd-pool-lan] Keyword Associated Keyword to Description Select or Parameter to Type 6To4 or The prefix type that specifies the type of communication...
Page 57
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N enter the net-config [radvd-pool-lan] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer. Step 1 Format net radvd pool lan edit <row id>...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net radvd lan setup IPv4 DMZ Setup Commands net dmz ipv4 configure This command enables, configures, or disables the IPv4 DMZ. After you have issued the net dmz ipv4 configure command, you enter the net ipv4-config [dmz] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 59
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Specifies the DHCP mode: dhcp_mode None, DHCP-Serves or • None. DHCP is disabled for the DMZ. DHCP-Relay • DHCP-Server. DHCP is enabled for the DMZ.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net dmz ipv4 setup IPv6 DMZ Setup Commands net dmz ipv6 configure This command enables, configures, or disables the IPv6 DMZ. After you have issued the net dmz ipv6 configure command, you enter the net ipv6-config [dmz] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 61
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The DNS server type. If you select dns_server_option useDnsProxy, useDnsFromISP, or useEnteredDns, you also need to issue the primary_dns_server keyword and associated useEnteredDns parameter.
Page 62
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: FVS318N> net dmz ipv6 pool configure net-ipv6-config-pool[dmz]> starting_ip_address 2001::1100 net-ipv6-config-pool[dmz]> ending_ip_address 2001::1120 net-ipv6-config-pool[dmz]> prefix_value 56 net-ipv6-config-pool[dmz]> save Related show command: show net dmz ipv6 setup net radvd configure dmz This command configures the Router Advertisement Daemon (RADVD) process for the link-local advertisements of IPv6 router addresses and prefixes in the DMZ.
Page 63
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist Associated Keyword to Description of two separate words) Select or Parameter to Type Managed or Other Sets the flag: flags • Managed. Specifies that the DHCPv6 stateful protocol is used for autoconfiguration of the address.
Page 64
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type 6To4 or The prefix type that specifies the type of prefix_type communication between the interfaces: Global-Local-ISATAP • 6To4. The prefix is for a 6to4 address. You need to issue the sla_id keyword and specify the interface •...
Page 65
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format prefix_type {6To4 {sla_id <ID number>} | Global-Local-ISATAP {prefix_address <ipv6-address>} {prefix_length <prefix length>}} prefix_life_time <seconds> Mode net-config [radvd-pool-dmz] Keyword Associated Keyword to Description Select or Parameter to Type 6To4 or The prefix type that specifies the type of...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 Routing Commands net routing static ipv4 configure <route name> This command configures an IPv4 static route. After you have issued the net routing static ipv4 configure command to specify the name of the new route, you enter the net-config [static-routing-ipv4] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 67
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net-config[static-routing-ipv4]> subnet_mask 255.255.255.0 net-config[static-routing-ipv4]> interface wan net-config[static-routing-ipv4]> gateway_address 10.192.44.13 net-config[static-routing-ipv4]> metric 7 net-config[static-routing-ipv4]> save Related show command: show net routing static ipv4 setup net routing static ipv4 delete <route name> This command deletes a static IPv4 route by deleting its name.
Page 69
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Description separate words) Select or Parameter to Type Disabled, Rip1, Rip2B, or The RIP version. version Rip2M First key The first MD5 authentication key first_key authentication_id authentication key (alphanumeric string).
Page 71
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format active_flag {Y | N} destination_address <ipv6-address> prefix <prefix length> gateway_address <ipv6-address> interface {Dedicated-WAN | LAN | Sit0-WAN1} metric <number> Mode net-config [static-routing-ipv6] Keyword Associated Keyword to Description Select or Parameter to Type Y or N Specifies whether or not the route is an active route.
Page 72
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net routing static ipv6 delete <route name> This command deletes a static IPv6 route by deleting its name. Format net routing static ipv6 delete <route name> Mode Related show command: show net routing static ipv6 setup net routing static ipv6 delete_all This command deletes all static IPv6 routes.
Security Mode Configuration Commands This chapter explains the configuration commands, keywords, and associated parameters in the security mode. The chapter includes the following sections: • Security Services Commands • Security Schedules Commands • IPv4 Add Firewall Rule and Edit Firewall Rule Commands •...
Page 75
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security services edit <row id> This command configures an existing firewall custom service. After you have issued the security services edit command to specify the row to be edited, you enter the security-config [custom-service] mode, and then you can edit the service.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show security services setup Security Schedules Commands security schedules edit <1 | 2 | 3> This command configures one of the three security schedules. After you have issued the security schedule edit command to specify the row (that is, the schedule: 1, 2, or 3)
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (consists of two Associated Keyword to Description separate words) Select or Parameter to Type Y or N Specifies whether or not the schedule is time_of_day all_enable active all day. The schedule starts at the specified hour...
Page 78
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule. Step 1 Format security firewall ipv4 add_rule lan_wan outbound Mode...
Page 79
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 80
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The name of the LAN group. The lan_users group_wise group name group name is either a default...
Page 81
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security-config[firewall-ipv4-lan-wan-outbound]> action ALWAYS_ALLOW security-config[firewall-ipv4-lan-wan-outbound]> lan_users address_wise ANY security-config[firewall-ipv4-lan-wan-outbound]> wan_users ADDRESS_RANGE security-config[firewall-ipv4-lan-wan-outbound]> wan_user_start_ip 10.120.114.217 security-config[firewall-ipv4-lan-wan-outbound]> wan_user_end_ip 10.120.114.245 security-config[firewall-ipv4-lan-wan-outbound]> qos_profile Normal-Service security-config[firewall-ipv4-lan-wan-outbound]> log ALWAYS security-config[firewall-ipv4-lan-wan-outbound]> save Related show command: show security firewall ipv4 setup lan_wan security firewall ipv4 edit_rule lan_wan outbound <row id>...
Page 82
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 83
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The name of the LAN group. The lan_users group_wise group name group name is either a default...
Page 84
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: See the command example for the security firewall ipv4 add_rule lan_wan outbound command. Related show command: show security firewall ipv4 setup lan_wan security firewall ipv4 add_rule lan_wan inbound This command configures a new IPv4 LAN WAN outbound firewall rule. After you have...
Page 85
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 86
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Y or N Enables or disables port translate_to_port_number forwarding. enable The port number (integer) if port translate_to_port_number number forwarding is enabled.
Page 87
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The end IP address if the lan_user_end_ip ipaddress lan_user address_wise keywords are set to ADDRESS_RANGE. The name of the LAN group. The...
Page 88
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv4 edit_rule lan_wan inbound <row id> This command configures an existing IPv4 LAN WAN inbound firewall rule. After you have issued the security firewall ipv4 edit_rule lan_wan inbound command to specify the row to be edited (for row information, see the output of the...
Page 89
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 90
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Y or N Enables or disables port translate_to_port_number forwarding. enable The port number (integer) if port translate_to_port_number number forwarding is enabled.
Page 91
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The end IP address if the lan_user_end_ip ipaddress lan_users address_wise keywords are set to ADDRESS_RANGE. The name of the LAN group. The...
Page 92
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule.
Page 93
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 94
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type There are two options: wan_user_start_ip ipaddress • The IP address if the wan_users keyword is set to SINGLE_ADDRESS.
Page 95
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv4 edit_rule dmz_wan outbound <row id> This command configures an existing IPv4 DMZ WAN outbound firewall rule. After you have issued the security firewall ipv4 edit_rule dmz_wan outbound command to specify the row to be edited (for row information, see the output of the...
Page 96
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 97
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type There are two options: wan_user_start_ip ipaddress • The IP address if the wan_users keyword is set to SINGLE_ADDRESS.
Page 98
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule. Step 1 Format security firewall ipv4 add_rule dmz_wan inbound Mode...
Page 99
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 100
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type WAN or OTHERS The type of destination WAN wan_destination_ip_address address for an inbound rule: • WAN. The default IP address of the WAN (broadband) interface.
Page 102
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N log {NEVER | ALWAYS} Mode security-config [firewall-ipv4-dmz-wan-inbound] Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to...
Page 103
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type WAN or OTHERS The type of destination WAN wan_destination_ip_address address for an inbound rule: • WAN. The default IP address of the WAN (broadband) interface.
Page 104
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: See the command example for the security firewall ipv4 add_rule dmz_wan inbound command. Related show command: show security firewall ipv4 setup dmz_wan security firewall ipv4 add_rule lan_dmz outbound This command configures a new IPv4 LAN DMZ outbound firewall rule. After you have issued...
Page 105
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 106
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The name of the LAN group. The lan_users group_wise group name group name is either a default...
Page 107
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule. Step 1 Format security firewall ipv4 edit_rule lan_dmz outbound <row id>...
Page 108
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The type of action to be enforced action ALWAYS_BLOCK, ALWAYS_ALLOW, by the rule. BLOCK_BY_SCHEDULE_ELSE_ALLOW, ALLOW_BY_SCHEDULE_ELSE_BLOCK Schedule1, Schedule2, or...
Page 109
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: See the command example for the security firewall ipv4 add_rule lan_dmz outbound command. Related show command: show security firewall ipv4 setup lan_dmz security firewall ipv4 add_rule lan_dmz inbound This command configures a new IPv4 LAN DMZ inbound firewall rule. After you have issued...
Page 110
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Service name, action, and schedule The default service and protocol to service_name ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
Page 111
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The name of the LAN group. The lan_users group_wise group name group name is either a default...
Page 112
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N mode. You can then edit one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.
Page 113
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The custom service that you have service_name custom service name configured with the security custom_services services add command.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type Logging NEVER or ALWAYS Enables or disables logging. Command example: See the command example for the security firewall ipv4 add_rule lan_dmz inbound command.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv4 disable <row id> This command disables an IPv4 firewall rule by specifying its row ID. Format security firewall ipv4 disable <row id> Mode security Related show command: show security firewall ipv4 setup...
Page 116
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Format security firewall ipv6 configure Mode security Step 2 Format from_zone {LAN | WAN | DMZ} to_zone {LAN | WAN | DMZ} service_name {default_services <default service name> | custom_services <custom service name>}...
Page 117
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The default service and protocol service_name ANY, AIM, BGP, BOOTP_CLIENT, to which the firewall rule applies. default_services...
Page 118
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type ANY, SINGLE_ADDRESS, or The type of destination address. destination_address_type ADDRESS_RANGE There are two options: destination_start_address ipv6-address • The IPv6 address if the...
Page 119
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N the output of the command), you enter the security-config show security firewall ipv6 setup [firewall-ipv6] mode.You can then edit one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.
Page 120
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type The default service and protocol service_name ANY, AIM, BGP, BOOTP_CLIENT, to which the firewall rule applies. default_services...
Page 121
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Select or Description separate words) Parameter to Type ANY, SINGLE_ADDRESS, or The type of destination address. destination_address_type ADDRESS_RANGE There are two options: destination_start_address ipv6-address • The IPv6 address if the...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv6 disable <row id> This command disables an IPv6 firewall rule by specifying its row ID. Format security firewall ipv6 disable <row id> Mode security Related show command: show security firewall ipv6 setup security firewall ipv6 enable <row id>...
Page 123
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword Description to Select WAN security checks respond_to_ping_on_internet_ports Y or N Enables or disables the response to a ping from the WAN port. Y or N Enables or disables stealth mode.
Page 124
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall attack_checks jumboframe setup This command enables or disables jumbo frames for IPv4 traffic. After you have issued the security firewall attack_checks jumboframe setup command, you enter the security-advanced-config [jumbo-frame] mode, and then you can enable or disable jumbo frames.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show security firewall attack_checks vpn_passthrough setup security firewall attack_checks configure ipv6 This command configures ipv6 WAN security attack checks. After you have issued the security firewall attack_checks configure ipv6 command, you enter the security-config [attack-checks-ipv6] mode, and then you can edit one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 126
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Format security firewall session_limit configure Mode security Step 2 Format enable {Y | N} conn_limit_type {Percentage_Of_MaxSessions | Number_Of_Sessions} user_limit <number> Mode security-config [session-limit] Keyword Associated Keyword to Select Description or Parameter to Type Y or N Enables or disables session limits.
Page 127
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format tcp_session_timeout <seconds> udp_session_timeout <seconds> icmp_session_timeout <seconds> Mode security-config [session-settings] Keyword Associated Parameter Description to Type Configures the TCP session timeout period (integer) in tcp_session_timeout seconds seconds. Configures the UDP session timeout period (integer) in...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Address Filter and IP/MAC Binding Commands security address_filter mac_filter configure This command configures the source MAC address filter. After you have issued the security address_filter mac_filter configure command, you enter the security-config [mac-filter] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 129
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show security address_filter mac_filter setup security address_filter mac_filter source delete <row id> This command deletes a MAC address from the MAC address table by deleting its row ID. Format security address_filter mac_filter source delete <row id>...
Page 130
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The IPv6 address to which the IP/MAC binding ip_address6 ipv6-address rule is applied. log_dropped_packets Y or N Enables or disables logging for the IP/MAC binding rule.
Page 131
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type IPv4 or IPv6 Specifies the type of IP address to which the ip_version IP/MAC binding rule is applied: • IPv4. You need to issue the ip_address keyword and specify an IPv4 address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword Description to Select Y or N Enables or disables the email log or IP/MAC Binding enable_email_logs violations. Related show command: show security address_filter enable_email_log Port Triggering Commands security porttriggering_rules add This command configures a new port triggering rule.
Page 133
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The start port number (integer) of the incoming incoming_start_port number traffic range. Valid numbers are from 0 to 65535. The end port number (integer) of the incoming...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The name (alphanumeric string) of the port name rule name triggering rule. Y or N Enables or disables the port triggering rule. enable_rule...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Format security upnp configure Mode security Step 2 Format enable {Y | N} advertisement period <seconds> advertisement time_to_live <seconds> Mode security-config [upnp] Keyword (might consist of two Associated Keyword to Description...
Page 136
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format name <profile name> direction {Inbound | Outbound | Both _Directions} inbound_minimum_rate <kbps> inbound_maximum_rate <kbps> outbound_minimum_rate <kbps> outbound_maximum_rate <kbps> is_group {Individual | Group} Mode security-config [bandwidth-profile] Keyword Associated Keyword to Description Select or Parameter to Type The profile name (alphanumeric string).
Page 137
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security bandwidth profile edit <row id> This command configures an existing bandwidth profile. After you have issued the security bandwidth profile edit command to specify the row to be edited, you enter the security-config [bandwidth-profile] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.s...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security bandwidth profile delete <row id> This command deletes a bandwidth profile by deleting its row ID. Format net bandwidth profile delete <row id> Mode security Related show command: show security bandwidth profile setup...
Page 139
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security-config[content-filtering]> cookies_enable Y security-config[content-filtering]> java_enable Y security-config[content-filtering]> proxy_enable N security-config[content-filtering]> save Related show command: show security content_filter content_filtering security content_filter block_group enable This command applies content filtering to selected groups or to all groups. After you have...
Page 140
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: FVS318N> security content_filter blocked_group enable security-config[block-group-enable]> group group1 Y security-config[block-group-enable]> group group2 Y security-config[block-group-enable]> group group3 Y security-config[block-group-enable]> group group8 Y security-config[block-group-enable]> save Related show command: show security content_filter block_group security content_filter block_group disable This command removes content filtering from selected groups or from all groups.
Page 141
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword Description to Select group group1 group group2 group group3 group group4 Disables content filtering for the selected group. group group5 group group6 group group7 group group8 Command example: FVS318N> security content_filter blocked_group disable security-config[block-group-disable]>...
Page 142
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security content_filter blocked_keywords edit <row id> This command configures an existing blocked keyword for content filtering. After you have issued the security content_filter blocked_keywords edit command to specify the row to be edited, you enter the security-config [blocked-keywords] mode, and then you can edit the keyword.
Page 143
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show security content_filter trusted_domains security content_filter trusted_domain edit <row id> This command configures an existing trusted domain for content filtering. After you have issued the security content_filter trusted_domain edit command to specify the row to be edited, you enter the security-config [approved-urls] mode, and then you can edit the URL.
System Mode Configuration Commands This chapter explains the configuration commands, keywords, and associated parameters in the system mode. The chapter includes the following sections: • Remote Management Commands • SNMP Commands • Time Zone Command • Traffic Meter Command • Firewall Logs and Email Alerts Commands IMPORTANT: After you have issued a command that includes the word...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Everyone, IP_Range, or Specifies the type of access: access_type6 To_this_PC_only • Everyone. Enables access to all IP addresses. You do not need to configure any IP address.
Page 147
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: You can configure remote management over Telnet for both IPv4 and IPv6 connections because these connections are not mutually exclusive. Step 1 Format system remote_management telnet configure Mode system Step 2 Format...
Page 148
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The single IP address if you have set the only_this_pc_ip ipaddress access_type keyword to To_this_PC_only. Telnet over an IPv6 connection Y or N...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N SNMP Commands system snmp trap configure <ip address> This command configures a new or existing SNMP agent to which trap information is forwarded. After you have issued the system snmp trap configure command to specify...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N system snmp trap delete <ipaddress> This command deletes an SNMP agent by deleting its IP address. Format system snmp trap delete <ipaddress> Mode system Related show command: show system snmp trap [agent ipaddress] system snmp sys configure This command configures the SNMP system information.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Time Zone Command system time configure This command configures the system time, date, and NTP servers. After you have issued the system time configure command, you enter the system-config [time] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Page 152
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 12. Timezone keywords GMT time and location Note: Enter the keywords exactly as stated (you can use autocompletion keys). If there are two locations for the same time zone, enter the location exactly as stated.
Page 153
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 12. Timezone keywords (continued) GMT time and location Note: Enter the keywords exactly as stated (you can use autocompletion keys). If there are two locations for the same time zone, enter the location exactly as stated.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 12. Timezone keywords (continued) GMT time and location Note: Enter the keywords exactly as stated (you can use autocompletion keys). If there are two locations for the same time zone, enter the location exactly as stated.
Page 155
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N block_type {Block-all-traffic | Block-all-traffic-except-email} send_email_alert {Y | N} Mode system-config [traffic-meter] Keyword Associated Keyword to Select or Description Parameter to Type Traffic meter configuration Y or N Enables or disables the traffic meter.
Page 156
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Select or Description Parameter to Type The hour in the format HH (00 to 12) time_hour hour that the traffic counter restarts. This keyword applies only when you have set the counter keyword to SpecificTime.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Firewall Logs and Email Alerts Commands system logging configure This command configures routing logs for accepted and dropped IPv4 and IPv6 packets, selected system logs, and logs for other events. After you have issued the system...
Page 158
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Description Keyword to Select Routing logs Y or N lan_wan_accept_packet_logs Y or N lan_wan_drop_packet_logs Y or N lan_dmz_accept_packet_logs Y or N lan_dmz_drop_packet_logs Y or N dmz_wan_accept_packet_logs Enables or disables packet logging for...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Description Keyword to Select Other event logs Y or N Enables or disables logging of packets source_mac_filter_logs from MAC addresses that match the source MAC address filter settings. Y or N...
Page 161
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Description separate words) Select or Parameter to Type None, Plain, or CRAM-MD5 The type of authentication for the smtp_auth type SMTP server. If you select Plain or...
Page 162
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two Associated Keyword to Description separate words) Select or Parameter to Type Syslog server ipaddress or domain name The IP address or domain name of syslog_server the syslog server.
Dot11 Mode Configuration Commands This chapter explains the configuration commands, keywords, and associated parameters in the dot11 mode. The chapter includes the following sections: • Wireless Radio Commands • Wireless Profile Commands IMPORTANT: After you have issued a command that includes the word configure, add, or edit, you need to save (or cancel) your changes.
Page 164
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Select or Description Parameter to Type After you have selected a geographical country africa, asia, region, select a predefined country name europe, country within the selected region. For a list of...
Page 165
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Select or Description Parameter to Type The default transmit power in dBm, which default_transmit_power number can range from 0 to 31. Note: If the country regulation does not allow the transmit power that you configure, the power will be automatically adjusted to the legally allowed power.
Page 166
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 13. Region and country keywords (continued) Region Country Asia Indonesia (continued) Japan Kazakhstan KoreaRepublic Macau Malaysia Nepal NorthKorea Pakistan Philippines Singapore SriLanka Taiwan Thailand Uzbekistan Vietnam Europe Albania Armenia Austria Belarus Belgium...
Page 167
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 13. Region and country keywords (continued) Region Country Europe France (continued) Georgia Note: This keyword might be located under another region. The command syntax might change in a future release. Germany Greece...
Page 168
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 13. Region and country keywords (continued) Region Country Europe Switzerland (continued) Turkey Ukraine UnitedKingdom MiddleEast Iran_IslamicRepublicOf Israel Bahrain Jordan Kuwait Lebanon Oman Qatar SaudiArabia Syria UnitedArabEmirates Yemen Oceania Australia NewZealand PapuaNewGuinea UnitedStates...
Page 169
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 13. Region and country keywords (continued) Region Country UnitedStates ElSalvador (continued) Guatemala Honduras Jamaica Mexico Panama Peru PuertoRico TrinidadAndTobago UnitedStates_US Uruguay Venezuela Command example: FVS318N> dot11 radio configure dot11-config[radio]> country united_states UnitedStates_US dot11-config[radio]>...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N dot11-config[radio-advance]> power_save_enable Y dot11-config[radio-advance]> save Related show command: show dot11 radio Wireless Profile Commands dot11 profile configure <profile name> This command configures a new or existing profile. After you have issued the dot11...
Page 172
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist Associated Keyword to Select Description of two separate words) or Parameter to Type Open, WEP, WPA, WPA2, or The type of security and associated encryption. security_type Your selection determines which other keywords...
Page 173
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist Associated Keyword to Select Description of two separate words) or Parameter to Type PSK, RADIUS, or PSK+RADIUS The WPA authentication type. Note the following: wpa authentication • PSK. Requires you to set the wpa wpa_password keyword and associated parameter.
Page 175
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show dot11 profile [profile name] dot11 profile acl configure <profile name> This command adds a MAC address to or deletes a MAC address from an access control list (ACL) and configures the ACL setting for a selected profile. After you have issued the dot11...
Page 176
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N dot11 profile wps configure This command configures Wi-Fi Protected Setup™ (WPS) for as SSID. After you have issued the dot11 profile wps configure command, you enter the dot11-config [ap-wps] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
VPN Mode Configuration Commands This chapter explains the configuration commands, keywords, and associated parameters in the vpn mode. The chapter includes the following sections: • IPSec VPN Wizard Command • IPSec IKE Policy Commands • IPSec VPN Policy Commands • IPSec VPN Mode Config Commands •...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPSec VPN Wizard Command vpn ipsec wizard configure <Gateway | VPN_Client> This command configures the IPSec VPN wizard for a gateway-to-gateway or gateway-to-VPN client connection. After you have issued the vpn ipsec wizard...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N To display the IKE policy configuration that the wizard created through the vpn ipsec wizard configure command, issue the show vpn ipsec ikepolicy setup command: FVS318N> show vpn ipsec ikepolicy setup List of IKE Policies...
Page 181
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N extended_authentication {None | IPSecHost {xauth_username <user name>} {xauth_password <password>} | EdgeDevice {extended_authentication_type {User-Database | RadiusPap | RadiusChap}}} Mode vpn-config [ike-policy] Keyword Associated Keyword to Description Select or Parameter to Type Mode Config record selection and general policy settings...
Page 182
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Local and remote identifiers IPv4 or IPv6 If the local_identtype and ip_version remote_identtype keywords are set to Local_Wan_IP, specifies the IP address version for both the local and remote endpoints: •...
Page 183
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Specifies the ISAKMP identifier to be remote_identtype Remote_Wan_IP, FQDN, User-FQDN, or used by the wireless VPN firewall: DER_ASN1_DN • Remote_Wan_IP. The WAN IP address of the remote endpoint.
Page 184
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Pre_shared_key or Specifies the authentication method: auth_method RSA_Signature • Pre_shared_key. A secret that is shared between the wireless VPN firewall and the remote endpoint. You...
Page 185
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Extended authentication settings None, IPSecHost, or Specifies whether or not Extended extended_authentication Authentication (XAUTH) is enabled, and, EdgeDevice if enabled, which device is used to verify user account information: •...
Page 189
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type IPv4 or IPv6 If the general_remote_end_point_type general_ip_version keyword is set to IP-Address, specifies the IP address version for the remote endpoint,...
Page 190
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type If the general_remote_end_point_type general_remote_end_point ipv6-address ipv6_adress keyword is set to IP-Address, and if the general_ip_version keyword is set to IPv6, the IPv6 address of the remote endpoint.
Page 191
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type The maximum number of keep-alive request general_keep_alive_failue_count number failures before the wireless VPN firewall tears down the connection and then attempts to reconnect to the peer.
Page 192
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type If the general_local_network_type general_local_end_address ipaddress keyword is set to RANGE, and if the general_ip_version keyword is set to IPv4, specifies the local IPv4 end address.
Page 193
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type Traffic selector settings—Remote address information Specifies the address or addresses that are general_remote_network_type ANY, SINGLE, RANGE, or SUBNET part of the VPN tunnel on the remote end: •...
Page 194
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type If the general_remote_network_type general_remote_subnet_mask subnet mask keyword is set to SUBNET, and if the general_ip_version keyword is set to IPv4, specifies the subnet mask.
Page 195
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type Manual policy settings—Outbound policy The Security Parameters Index (SPI) for the manual_spi_out number outbound policy as an hexadecimal value between 3 and 8 characters.
Page 196
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated Description words) Keyword to Select or Parameter to Type MD5 or SHA-1 Specifies the authentication algorithm to auto_authentication_algorithm negotiate the security association (SA): • SHA-1. Hash algorithm that produces a 160-bit digest.
Page 197
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn ipsec vpnpolicy delete <vpn policy name> This command deletes a VPN policy by specifying the name of the VPN policy. Format vpn ipsec vpnpolicy delete <vpn policy name> Mode Related show command: show vpn ipsec vpnpolicy setup vpn ipsec vpnpolicy disable <vpn policy name>...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn ipsec vpnpolicy drop <vpn policy name> This command terminates an active VPN connection by specifying the name of the VPN policy. Format vpn ipsec vpnpolicy drop <vpn policy name> Mode Related show command:...
Page 200
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Seconds or KBytes Specifies whether the sa_lifetime sa_lifetime_type keyword is set in seconds or Kbytes. seconds or number Depending on the setting of the...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn ipsec modeConfig delete <record name> This command deletes a Mode Config record by specifying its record name. Format vpn ipsec modeConfig delete <record name> Mode Related show command: show vpn ipsec mode_config setup...
Page 202
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The banner title (alphanumeric banner_title banner name string). Place text that consists of more than one word between quotes. The banner message banner_message message text (alphanumeric string).
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn portal-layouts delete <row id> This command deletes an SSL VPN portal layout by specifying its row ID. Format vpn sslvpn portal-layouts delete <row id> Mode Related show command: show vpn sslvpn portal-layouts...
Page 205
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The authentication method that is applied to authentication_type LocalUserDatabase, the domain: Radius-PAP, Radius-CHAP, Radius-MSCHAP, • For all selections with the exception of Radius-MSCHAPv2,...
Page 206
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users domains edit <row id> This command configures an existing authentication domain that is not limited to SSL VPN users. After you have issued the vpn sslvpn users domains edit command to specify...
Page 207
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The authentication method that is applied to authentication_type LocalUserDatabase, the domain: Radius-PAP, Radius-CHAP, Radius-MSCHAP, • For all selections with the exception of Radius-MSCHAPv2,...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N SSL VPN Authentication Group Commands vpn sslvpn users groups add This command configures a new authentication group that is not limited to SSL VPN users. After you have issued the vpn sslvpn users groups add command, you enter the users-config [groups] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Format vpn sslvpn users groups edit <row id> Mode Step 2 Format domain_name <domain name> group_name <group name> idle_timeout <minutes> Mode users-config [groups] Keyword Associated Description Parameter to Type The domain name (alphanumeric string) to which the group...
Page 211
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users edit <row id> This command configures an existing user account. The command is not limited to SSL VPN users. After you have issued the vpn sslvpn users users edit command to specify...
Page 212
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users delete <row id> This command deletes a user account by specifying its row ID. Format vpn sslvpn users users delete <row id> Mode Related show command: show vpn sslvpn users users vpn sslvpn users users login_policies <row id>...
Page 213
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users ip_policies configure <row id> This command configures source IP addresses from which a user is either allowed or denied access. The command is not limited to SSL VPN users. After you have issued the vpn...
Page 214
IPNetwork and the ip_version keyword is set to IPv6, the prefix length of the IPv6 network. Command example: FVS318N> vpn sslvpn users users ip_policies configure 5 users-config[ip-policy]> allow_login_from_defined_addresses Y users-config[ip-policy]> ip_version IPv4 users-config[ip-policy]> source_address_type IPAddress users-config[ip-policy]> source_address 10.156.127.39 users-config[ip-policy]>...
Page 215
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users ip_policies delete <row id> This command deletes a source IP address for a user by specifying the row ID of the table. Format vpn sslvpn users ip_policies delete <row id>...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Removes a browser from delete_browser InternetExplorer, the browser list (after you NetscapeNavigator, first have added the Opera, Firefox, Mozilla browser to the browser list).
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Description Parameter to Type The IP address of the local server that hosts the application. server_ip ipaddress The TCP port number of the local server that hosts the application. port number Command example: FVS318N>...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Description Parameter to Type The IP address of the local server that hosts the application. server_ip ipaddress Note: The IP address needs to be the same as the IP address that you assigned through the...
Page 219
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format enable_full_tunnel {Y | N} dns_suffix <suffix> primary_dns <ipaddress> secondary_dns <ipaddress> begin_client_address <ipaddress> end_client_address <ipaddress> Mode [sslvpn-client-ipv4-settings] Keyword Associated Keyword to Description Select or Parameter to Type Y or N Enables or disables full-tunnel support: enable_full_tunnel •...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn client ipv6 This command configures the SSL client IP address range. After you have issued the vpn sslvpn client ipv6 command, you enter the [sslvpn-client-ipv6-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn route add This command configures a static client route to a destination network. After you have issued the vpn sslvpn route add command, you enter the [sslvpn-route-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N [sslvpn-route-settings]> subnet_mask 255.255.255.254 [sslvpn-route-settings]> save Related show command: show vpn sslvpn route vpn sslvpn route delete <row id> This command deletes a client route by specifying its row ID. Format vpn sslvpn route delete <row id>...
Page 223
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: FVS318N> vpn sslvpn resource add [sslvpn-resource-settings]> resource_name TopSecure [sslvpn-resource-settings]> service_type PortForwarding [sslvpn-resource-settings]> save Related show command: show vpn sslvpn resource vpn sslvpn resource delete <row id> This command deletes a resource by specifying its row ID.
Page 224
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N For an IP network: ip_version {IPv4 {object_address <ipaddress>} {mask_length <subnet mask length>} | IPv6 {object_address6 <ipv6-address>} {mask_length <prefix length>}} start_port <port number> end_port <port number> Mode [sslvpn-resource-settings] Keyword Associated Keyword to Description Select or Parameter to Type...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type subnet mask length or The nature of this keyword and parameter depend on mask_length the setting of the ip_version and object_type prefix length keywords: •...
Page 226
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format policy_name <policy name> policy type {Global | Group {policy_owner <group name>} | User {policy_owner <user name>}} destination_object_type {NetworkResource | IPAddress | IPNetwork | All} In addition to a policy name, policy type, and destination object type, configure the...
Page 227
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The policy name (alphanumeric string). policy_name policy name Global, Group, or User The SSL VPN policy type: policy_type • Global. The policy is global and includes all groups and users.
Page 228
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type The policy destination type, which determines destination_object_type NetworkResource, IPAddress, IPNetwork, or how the policy is applied, and, in turn, which keywords you need to issue to specify the policy: •...
Page 229
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type • IPNetwork. The policy is applied to an IPv4 destination_object_type NetworkResource, IPAddress, IPNetwork, or or IPv6 network address. You need to issue (continued)
Page 230
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type IPv4 or IPv6 The IP version that applies to the policy: ip_version • IPv4. The policy is for an IPv4 network resource, IPv4 address, IPv4 network, or for all IPv4 addresses.
Page 232
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N In addition to a policy name, policy type, and destination object type, configure the following for an IP address: ip_version {IPv4 {policy_address <ipaddress>} | IPv6 {policy_address6 <ipv6-address>}} start_port <port number> end_port <port number>...
Page 233
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type group name or user name The owner of the policy depends on the setting policy_owner of the policy_type keyword: • Group. Specify the group name to which the policy applies.
Page 234
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type • IPNetwork. The policy is applied to an IPv4 destination_object_type NetworkResource, IPAddress, IPNetwork, or or IPv6 network address. You need to issue (continued)
Page 235
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type IPv4 or IPv6 The IP version that applies to the policy: ip_version • IPv4. The policy is for an IPv4 network resource, IPv4 address, IPv4 network, or for all IPv4 addresses.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: See the command example for the vpn sslvpn policy add command. Related show command: show vpn sslvpn policy vpn sslvpn policy delete <row id> This command deletes an SSL VPN policy by specifying its row ID.
Page 237
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Primary RADIUS server Y or N Specifies whether or not the primary enable RADIUS server is enabled. The IPv4 address of the primary...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N L2TP Server Commands vpn l2tp server configure This command configures the L2TP server. After you have issued the vpn l2tp server configure command, you enter the l2tp-server-config [policy] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
Overview of the Show Commands This chapter provides an overview of all show commands for the five configuration command modes. The chapter includes the following sections: • Network Settings (Net Mode) Show Commands • Security Settings (Security Mode) Show Commands •...
Page 240
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 14. Show commands: show net mode (continued) Submode Command Name Purpose show net lan dhcp reserved_ip setup Display information about the DHCP clients, including the assigned (reserved) IP addresses. show net lan ipv4 advanced setup Display the advanced IPv4 LAN configuration.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Security Settings (Security Mode) Show Commands Enter the show security ? command at the CLI prompt to display the categories of show commands in the security mode. The following table lists the commands in alphabetical order: Table 15.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 15. Show commands: show security mode (continued) Submode Command Name Purpose show security firewall session_limit Display the session limit settings. firewall (continued) show security firewall session_settings Display the session time-out settings. show security porttriggering_rules setup Display the port triggering rules.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 16. Show commands: show system mode (continued) Submode Command Name Purpose time show system time setup Display the time configuration and the configuration of the NTP server. traffic_meter show system traffic_meter setup Display the configuration of the traffic meter and the Internet traffic statistics.
Page 244
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 18. Show commands: show vpn mode (continued) Submode Command Name Purpose show vpn ipsec vpnpolicy setup Display the IPSec VPN policies. ipsec (continued) show vpn ipsec vpnpolicy status Display status information about the active and nonactive IPSec VPN policies.
Show Commands This chapter explains the show commands and associated parameters for the five configuration command modes. The chapter includes the following sections: • Network Settings (Net Mode) Show Commands • Security Settings (Security Mode) Show Commands • Administrative and Monitoring Settings (System Mode) Show Commands •...
Page 246
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net wan mode This command displays the WAN mode configuration: WAN MODE Setup ______________ Routing Mode: NAT IP Mode: IPv4/IPv6 mode show net wan port_setup This command displays the configuration of the WAN port:...
Page 247
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net wan wan1 ipv4 status This command displays the IPv4 WAN connection status: WAN Status __________ MAC Address: AA:AB:BB:00:00:02 IPv4 Address: 10.139.54.228 / 255.255.255.248 Wan State: UP NAT (IPv4 only): Enabled IPv4 Connection Type: STATIC...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 Mode and IPv6 Tunnel Show Commands show net ipv6 ipmode setup This command displays the IPv6 routing mode configuration: IP MODE _______ IPv4 only mode : Disabled IPv4/IPv6 mode : Enabled show net ipv6_tunnel setup...
1 00:02:26 FVS318N local7.info dhcpd: Sending on LPF/bdg1/aa:ab:bb:00:00:01/192.168.1.0/24 1 00:02:26 FVS318N local7.info dhcpd: Sending on Socket/fallback/fallback-net 1 00:02:34 FVS318N local7.info dhcpd: Wrote 0 leases to leases file. 1 00:02:34 FVS318N local7.info dhcpd: Listening on LPF/bdg1/aa:ab:bb:00:00:01/192.168.1.0/24 1 00:02:34 FVS318N local7.info dhcpd: Sending on LPF/bdg1/aa:ab:bb:00:00:01/192.168.1.0/24...
Page 250
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N VLAN Profiles _____________ Status Profile Name VLAN Id IPv4 Address Subnet Mask DHCP Status Server Address _______ ____________ _______ ____________ _______________ ___________ _______________________________ Enabled Default 192.168.1.1 255.255.255.0 DHCP Server 192.168.1.100 - 192.168.1.254 Enabled Sales 192.168.70.1 255.255.255.0...
Page 251
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net ethernet {interface name | all} This command displays the MAC address and VLAN status for a single or all Ethernet interfaces: FVS318N> show net ethernet eth1 MAC Address: AA:AB:BB:00:00:02 VLAN ID: 1...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net lan lan_groups This command displays the LAN groups: Row ID : Group Name ___________________ GROUP1 GROUP2 GROUP3 GROUP4 Management SalesEMEA SalesAmericas GROUP8 show net lan ipv4 multiHoming This command displays the LAN secondary IP addresses:...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N DHCP Status: Enable DHCPv6 Server DHCP Mode: Stateless Domain Name: netgear.com Server Preference: 255 DNS Servers: Use DNS from ISP Lease/Rebind Time: 86400 List of IPv6 Address Pools __________________________ Start Address End Address...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net lan ipv6 multiHoming This command displays the LAN secondary IPv6 addresses: IPv6 LAN Multi-homing _____________________ Available Secondary LAN IPs :- ______________________________ Row Id: 1 IPv6 Address: 2001:db8:3000::2192 Prefix Length: 10 DMZ Show Commands...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Schedules Show Command show security schedules setup This command displays the configured schedules: Schedules _________ List of Available Schedules ROW ID Name Days Start Time End Time ______ _________ _________________________ __________ ________ schedule1 Monday, Wednesday, Friday 07:15 AM...
Page 259
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Destination: Broadband Bandwidth Profile: NONE Log: Never show security firewall ipv4 setup dmz_wan This command displays the configured IPv4 DMZ WAN firewall rules: Default Outbound Policy for IPv4 : Allow Always DMZ WAN Outbound Rules.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N DMZ User: 176.16.2.65 - 176.16.2.85 Log: Never LAN DMZ Inbound Rules. ______________________ ROWID: 101 Status: Enabled Service Name: SSH:UDP Filter: BLOCK by schedule,otherwise allow DMZ User: 176.16.2.211 LAN User: 192.168.4.109 Log: Always show security firewall ipv6 setup...
Page 261
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security firewall attack_checks setup ipv4 This command displays which WAN and LAN security checks are enabled for IPv4: Attack Checks _____________ WAN Security Checks: _____________________ Respond to ping on Wan : Yes...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Port Triggering Show Commands show security porttriggering_rules setup This command displays the port triggering rules: Port Triggering _______________ List of Available Port Triggering Rules _______________________________________ ROW ID: 1 Name: AccInq Enable: Yes Type: TCP...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security upnp setup This command displays the UPnP configuration: UPnP configuration __________________ Advertisement Period: 30 Advertisement Time To Live: 4 Bandwidth Profiles Show Command show security bandwidth profile setup This command displays the configured bandwidth profiles:...
Page 266
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security content_filter block_group This command displays the groups for which content filtering is enabled: Blocked Groups ______________ List of Blocked Groups Blocked Groups: Unblocked Groups : GROUP1, GROUP2, GROUP3, GROUP4, Management, SalesEMEA,...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Administrative and Monitoring Settings (System Mode) Show Commands This section contains the following subsections: • Remote Management Show Command • SNMP Show Commands • Time Show Command • Firmware Version Show Command •...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N SNMP Show Commands show system snmp trap [agent ipaddress] This command displays the SNMP trap configuration of an SNMP agent: Trap Agent IP Address _____________________ IP Address: 10.118.33.245 Subnet Mask: 255.255.255.255 Port: 162...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Firmware Version Show Command show system firmware_version This command displays the firmware version: Firmware Version : 4.1.1-8 Status Show Command show system status This command displays the system status (also referred to as router status) information:...
Page 270
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IP Address: 192.168.90.5 Subnet Mask: 255.255.255.128 DHCP Status: Disabled Lan Port 4 Information ______________________ VLAN Profile: Default VLAN ID: MAC Address: E0:46:9A:1D:1A:9C IP Address: 192.168.1.1 Subnet Mask: 255.255.255.0 DHCP Status: Enabled Lan Port 5 Information...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Traffic Meter Show Command show system traffic_meter setup This command displays the configuration of the traffic meter and the Internet traffic statistics: Enable Traffic Meter ____________________ Traffic Meter is Enabled Limit Type Download only...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Logging Configuration Show Commands show system logging setup This command displays the configuration of the IPv4 and IPv6 logs: Logging Config ______________ Routing Logs ____________ LAN to WAN __________ Accepted Packets: Disabled Dropped Packets:...
This command displays the system logs (the following example shows only part of the command output): Wed Dec 7 14:06:23 2011(GMT) [FVS318N][System][NTP] Looking Up time-g.netgear.com Wed Dec 7 14:06:25 2011(GMT) [FVS318N][System][NTP] Requesting time from time-g .netgear.com Wed Dec 7 14:06:26 2011(GMT) [FVS318N][System][NTP] Synchronized time with time -g.netgear.com...
Page 276
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N wireless MAC[0] : e0469a1d1aae wireless MAC[1] : e0469a1d1aaf wireless MAC[2] : e0469a1d1ab0 wireless MAC[3] : e0469a1d1ab1 vlan[0] MAC : e0469a1d1a9f vlan[1] MAC : e0469a1d1aa0 vlan[2] MAC : e0469a1d1aa1 vlan[3] MAC : e0469a1d1aa2 vlan[4] MAC : e0469a1d1aa3...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Wireless Settings (Dot11 Mode) Show Commands This section contains the following subsections: • Radio Show Command • Profile Show Commands • Wireless Statistics Commands Radio Show Command show dot11 radio This command displays the configuration information for the radio:...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Profile Show Commands show dot11 profile [profile name] This command displays basic information for all profiles or basic and advanced information for a specified profile: • All profiles: FVS318N> show dot11 profile Status...
Page 279
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N PktTx: 0 ByteRx: 0 ByteTx: 0 ErrRx: 0 ErrTx: 0 DropRx: 0 DropTx: 11301 MCast: 0 #Coll: 0 Connected Clients _________________ show dot11 acl <profile name> This command displays the ACL policy and MAC addresses for the specified profile:...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Wireless Statistics Commands show dot11 statistics This command displays the cumulative wireless traffic statistics for all wireless profiles (note that the profiles are indicated by ap1, ap2, ap3, and so on): Wireless Statistics...
Successful for Local Admin user admin2 from host 10.116.205.103 Sat Dec 10 18:09:50 2011(GMT) [FVS318N][System][PLATFORM] platformHandleDBUpdate:SSLVPNPortalLayout op=23 row=1 Sat Dec 10 18:09:51 2011(GMT) [FVS318N][System][SSLVPN] Portal 'SSL-VPN' is set as default Sat Dec 10 18:09:53 2011(GMT) [FVS318N][System][SSLVPN] Domain Headquarter is successfully added. Authentication Type: ldapPortal Layout Name: SSL-VPN Sat Dec 10 18:10:21 2011(GMT) [FVS318N][System][SSLVPN] Group Sales is successfully added.
Page 284
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn portforwarding appconfig This command displays the SSL VPN port forwarding application configuration: Port Forwarding Application Configuration _________________________________________ Row Id Server IP Port ______ ______________ ____ 192.168.51.227 3389 192.168.51.230 4009 show vpn sslvpn portforwarding hostconfig...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn users groups This command displays the group configurations: List of Groups ______________ Row_Id Name Domain ______ _______________ ______________ geardomain* geardomain Headquarter Headquarter Sales Headquarter LevelI_Support LevelI_Support TEST TEST show vpn sslvpn users users...
Page 287
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn users ip_policies <row id> Note: The row ID refers to the List of Users table in the output of the show vpn sslvpn users users command. This command displays the login restrictions based on IP addresses for the specified user:...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N L2TP Server Show Commands show vpn l2tp server setup This command displays the configuration of the L2TP server: L2TP Server Configuration _________________________ L2TP Server Status: Enabled L2TP Starting IP Address: 192.168.112.1 L2TP server Ending IP Address: 192.168.112.25...
Utility Commands This chapter explains the configuration commands, keywords, and associated parameters in the Util mode. The chapter includes the following sections: • Overview Util Commands • Firmware Backup, Restore, and Upgrade Commands • Diagnostic Commands Overview Util Commands Enter the util ? command at the CLI prompt to display the description of the utility commands in the util mode.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Firmware Backup, Restore, and Upgrade Commands util backup_configuration This command backs up the configuration file of the wireless VPN firewall to a TFTP server. Format util backup_configuration <destination file name> <tftp server address>...
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N util restore_factory_defaults This command restores the wireless VPN firewall to factory default settings. It takes about 3 minutes for the wireless VPN firewall to come back up. Format util restore_factory_defaults Mode util Diagnostic Commands util dns_lookup This command looks up the IP address of a domain name.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N util ping_through_vpn_tunnel This command pings a VPN endpoint IP address with 56 data bytes through a VPN tunnel and displays the ping information. Format util ping_through_vpn_tunnel <ipaddress> Mode util FVS318N> util ping_through_vpn_tunnel 10.136.24.128 Pinging 192.168.1.1 from 5...
Page 294
CLI Command Index net radvd configure lan net radvd pool dmz delete dot11 profile acl configure net radvd pool dmz edit dot11 profile configure net radvd pool lan add dot11 profile delete net radvd pool lan delete dot11 profile disable net radvd pool lan edit dot11 profile enable net routing dynamic configure...
Page 295
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall attack_checks configure ipv4 show net ipv6 ipmode setup security firewall attack_checks configure ipv6 show net ipv6_tunnel setup security firewall attack_checks igmp setup show net ipv6_tunnel status security firewall attack_checks jumboframe setup...
Page 296
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security porttriggering_rules setup system time configure show security porttriggering_rules status system traffic_meter configure show security schedules setup show security services setup show security upnp portmap util backup_configuration show security upnp setup util dns_lookup...