ZyXEL Confidential
ZyXEL
Firmware Release Note
Prestige 334
Release 3.60(JJ.5)C0
Date:
Author:
360JJ5C0.rtfC0
May 3, 2005
Johnny Liang
1/29
ZyXEL Confidential
ZyXEL Presitge 334 Standard Version
release 3.60(JJ.5)C0
Release Note
Date: May 3, 2005
Supported Platforms:
ZyXEL Prestige 334
Versions:
ZyNOS F/W Version : V3.60(JJ.5) | 05/03/2005 15:30:40
Bootbase Version: V1.04 | 04/01/2004 14:26:50
Notes:
1.
2.
This version supports quick route and enabled by default
The first entry of static route is reserved for system and read-only for users.
Known Issues:
1.
2.
3.
4.
5.
6.
The device fails to add a firewall ACL rule for NAT server set #12 automatically.
Allow NetBIOS traffic between WAN & LAN doesn’t work when Firewall is
enabled.
eWC/SMT: SUA/NAT->Address Mapping, the rules can be inserted more than 10
rules, and the rules will be invisible expect first 10 rules.
If Prestige Router firmware version is later than V3.60(JJ.1), please DO NOT use
eWC or FTP to upgrade new firmware. Instead, please use firmware upgrade tool
(UpgradeTool_360JJ***.exe) to update new firmware. See Appendix 1.
If Prestige Router firmware version is later than V3.60(JJ.2), please do not FTP the
downgrade firmware directly. Instead, follow these steps to downgrade:
Step 1: Change WAN IP assignment to Dynamic if it is set Static IP.
Step 2: Unplug WAN cable.
Step 3: Reboot device.
Step 4: Load the middle firmware (360JJ3c0-mid.bin) to device.
Step 5: Load the downgrade firmware to device.
Update the wrong configuration file (Word, Rom-t or Excel) from manu24.6 will
cause device exception.
CI Command List:
Features:
360JJ5C0.rtfC0
2/29
ZyXEL Confidential
Modification in V3.60(JJ.5)C0 | 05/03/2005
1. Change to FCS
Modification in V3.60(JJ.5)b4 | 04/29/2005
1. [FEATURE ENHANCED]
Add the Multiboot v1 in the bootextenstion.
2. [BUG FIX]
Symptom: Content filter cannot work correctly at some condition
Condition:
step1 add ”yahoo” in content filter keyword list
step2 key ”www.yahoo.com”in URL, block successful
step3 key ”www.yahoo.com” in Google to serch, you can find content filter cannot
work
step4 key ”www.yahoo.com” in URL again, it cannot block.
Modification in V3.60(JJ.5)b3 | 04/14/2005
1. [BUG FIX] 050413497
Symptom: SNMP community issue .
Condition:
Step1:Menu 22,change Get Community=123,save it
Step2:The Lan side PC use MIB Browser, use community=public can get information.
(the same issue happen in WAN side)
Modification in V3.60(JJ.5)b2 | 04/04/2005
1. [BUG FIX] 050318972
Symptom: SMT prompt double show.
Condition:
Step1: Enter System name: P334
Step2: Enter Domain name:#
Step3: The SMT will show two prompt” Please enter 0-9,a-z,A-Z,’.’,’-’.
2. [BUG FIX] 050321023
Symptom: Daylight saving problem.
Condition: In SMT 24.10, Daylight saving, the start date can be large than end date, but
can not in eWC.
3. [BUG FIX] 050322107
Symptom: NAT rules do not update unless reboot device.
Condition:
Step1: Add a NAT rule, One to One, Local IP Start: 192.168.1.33, Global IP Start:
192.168.8.59
Step2: Use LAN side PC (192.168.1.33) can access Internet.
Step3: Edit the rule, change the Local IP Start: 192.168.1.34
Step4: The LAN side PC(192.168.1.33) also can access Internet.
4. [BUG FIX] 050322114
Symptom: DUT reboot when access from LAN
Condition: DUT reboot when access from LAN by typing
360JJ5C0.rtfC0
3/29
ZyXEL Confidential
5.
6.
7.
8.
in ”http://192.168.1.1/Forms/rpAuth_1?ZyXEL%20ZyWALL%20Series%3cscript%3etop.l
ocation.pathname=%20%22%22%3c/script” as the url in.
[BUG FIX] 050323217
Symptom: System reboot
Condition: In menu24.8, type in ”ping 192.168.8.1”, ”Ctrl+C” before the third
tempt, ”ping 192.168.8.1” again; after replaying the operation several times, system
reboots.
[BUG FIX] 050323218
Symptom: content filter doesn’t work.
Condition: type ’Yahoo” as the keyword in GUI, content filter; ”www.yahoo.com” is
not blocked.
[BUG FIX]
Symptom: In SMT24.7.1 or SMT 4.7.2, system will crash while press “Enter”.
[BUG FIX]
Symptom: SNMP can work at once while we modify port.
Condition: Modify SNMP port in SMT 24.11; it can’t work at once while we use
SNMP software with modified port.
Modification in 3.60(JJ.5)b1 | 03/14/2005
1. [BUG FIX]
Symptom: System will reboot while open blow url..
Condition: In eWC, input this url :
http://192.168.1.1/Forms/rpAuth_1?ZyXEL%20ZyWALL%20Series<script>top.location.p
athname=%20""</script>, system will reboot.
2. [BUG FIX]
Symptom: PPtP connect will drop when higher DSL-Speed as 768/128
3. [FEATURE ENHANCED]
Add WAN speed configure.
CI command: ether edit speed <auto|10/half|10/full|100/half|100/full>
Modification in 3.60(JJ.4) | 12/21/2004
Convert version string from "3.60(JJ.4)b1" to "3.60(JJ.4)"
Modification in 3.60(JJ.4)b1 | 12/14/2004
1. [BUG FIX]
Symptom: Parental Control always disabled by license control.
Condition:
1. Enable TMSS and Parental Control.
2. Active your account on Dashboard of TMSS.
3. Wait a period, Parental Control still disabled by license control. It should be enabled.
2. [BUG FIX]
Symptom: WAN traffic is slow when SUA Server port range is between 10000 and
30000.
Condition: In eWC-> SUA/NAT->SUA Server, set an inactive SUA server with start
port 10000, end port 30000. While the SUA entry is there all out bound sessions are
PATed to port 10000. And the browsing is slower, some pages don’t load at all. When
removing the entry, everything comes back to normal and all PATed sessions show
360JJ5C0.rtfC0
4/29
ZyXEL Confidential
different port.
3. [FEATURE ENHANCED]
Symptom: Chang Web page title to "ZyXEL Prestige 334 ( hostname )" in login in
page.
Modification in 3.60(JJ.3)C0 | 12/01/2004
Convert version string from "3.60(JJ.3)b5" to "3.60(JJ.3)"
TMSS Dashboard server (redirect) URL is
http://tmss.trendmicro.com/dashboard/dashboard.aspx
TMSS license URL is tmss.trendmicro.com/entitlement/tmssvalidateuser.aspx
TMSS active update server URL is
tmss-p.activeupdate.trendmicro.com/activeupdate/server.ini
Modification in 3.60(JJ.3)b5 | 11/15/2004
1. [BUG FIX]
Symptom: Apply call schedule rule to WAN ,DUT will crash
Condition:
1.Set WAN encapsulation is PPPoE
2. Edit a schedule rule name is 1
3.Goto SMT Menu 11 , Set schedules=1 then save to rom
=>DUT will crash
Modification in 3.60(JJ.3)b4 | 11/01/2004
1. [BUG FIX]
Symptom: P2002 (P2P) SIP pass through test fail.
Condition: P2002 _1-----P-334_1---------P-334_2----- P2002 _2
1. Phone call setting is P2P.
2. Set default server to P2002.
3. P2002 _2 can’t receive P2002 _1’s Ring.
2. [BUG FIX]
Symptom: Cannot access Dashboard correctly.
Condition: 1. Set you dashboard URL to beta.tmss.trendmicro.com.
2. Connect to “tmss.trendmicro.com/dashboard/” directly.
3. Browser will display message "you need a Trend Micro-approved router to connect
to the Internet".
Modification in 3.60(JJ.3)b3 | 10/01/2004
1. [BUG FIX]
Symptom: P2002 (Proxy IP) SIP pass through test fail.
Condition: P2002_1-----P-334_1---------P-334_2----- P2002_2
1. Phone call setting is Proxy IP.
2. P2002_2 can’t receive P2002_1’s Ring.
2. [BUG FIX]
Symptom: P2002 (P2P) SIP pass through test fail.
Condition: P2002 _1-----P-334_1---------P-334_2----- P2002 _2
1. Phone call setting is P2P.
360JJ5C0.rtfC0
5/29
ZyXEL Confidential
2. Set default server to P2002.
3. P2002 _2 can’t receive P2002 _1’s Ring.
3. [BUG FIX]
Symptom: AOL 9.0, Live video chat FAIL.
Condition: PC_1-----P-334_1---------P-334_2----- PC_2
1. ”Live video chat” can’t work.
4. [BUG FIX]
Symptom: Error log problem.
Condition: 1). In menu 24.8, ”enter sys log err dis”.
2). You will have the result below, by those dump we can see the serial number are not
continuous. And the time was automatically add one hour (the actual time=display time
- one hour).
1 Thu Sep 23 14:13:15 2004 PP10 WARN netMakeChannDial: err=-3001
rn_p=809de930
4 Thu Sep 23 14:13:18 2004 PP10 WARN netMakeChannDial: err=-3001
rn_p=809de930
8 Thu Sep 23 14:13:21 2004 PP10 WARN netMakeChannDial: err=-3001
rn_p=809de930
12 Thu Sep 23 14:13:24 2004 PP10 WARN netMakeChannDial: err=-3001
rn_p=809de930
14 Thu Sep 23 14:13:27 2004 PP10 WARN netMakeChannDial: err=-3001
rn_p=809de930
17 Thu Sep 23 14:13:30 2004 PP10 WARN netMakeChannDial: err=-3001
rn_p=809de930
18 Thu Sep 23 14:14:45 2004 PP1b WARN Last errorlog repeat 24 Times
20 Thu Sep 23 14:14:45 2004 PP10 WARN netMakeChannDial: err=-3001
rn_p=809de930
21 Thu Sep 23 14:15:33 2004 PP15 WARN Last errorlog repeat 15 Times
5. [BUG FIX]
Symptom: DUT crash.
Condition: 1). Set WAN to PPTP mode.
2). Access support SSL’s web site for a period of time and exception occurs.
EPC= 0x8009E5D0
SR= 0x00000003
CR= 0x9080840C
$RA= 0x00000000
TLBS..\src\sys_isr.c:489 sysreset()
6. [FEATURE CHANGED]
Change the default AV Redircet URL to
“http://beta.tmss.trendmicro.com/dashboard/dashboard.asp”, the default URL License
Server to “beta.tmss.trendmicro.com/entitlement/tmssvalidateuser.aspx”.
7. [BUG FIX]
Symptom: System Crash.
Condition: Using session.exe to generate lots of TCP port 80 sessions to P334 would
360JJ5C0.rtfC0
6/29
ZyXEL Confidential
cause device system reset.
8. [BUG FIX]
Symptom: Rom file damaged.
Condition: 1). eWC-> Firewall-> Services, add FTP(TCP:20,21) to Blocked Services,
Apply.
2). eWC-> Firewall-> Services, delete FTP(TCP:20,21) from Blocked Services, Apply.
3). Reboot DUT, DUT will do crash dump cycle.
Modification in 3.60(JJ.3)b2 | 09/07/2004
1. [BUG FIX]
Symptom: System crash.
Condition: 1. Enable TMSS->Parental Control.
2. Connect to Internet and router would crash sometimes.
2. [FEATURE ENHANCED]
Router will trigger license check if client active register at dashboard.
3. [BUG FIX]
Symptom & Condition: Trend Micro Internet Security 2005 cannot display correctly at
eWC.
4. [FEATURE CHANGED]
When enable/disable Trend Micro Security Services at Service Settings, router will
also enable/disable Automatically update and parental control.
5. [BUG FIX]
Symptom & Condition: Html code is displayed on the Parental Control blocking page.
6. [BUG FIX]
Symptom: Display error in parental control.
Condition: 1. Active parental control.
2. After a period time.
3. In eWC->TMSS->Parental Control, has “0.0.0.0” displayed in address list.
7. [FEATURE CHANGED]
Change the default NAT UDP idle timeout from 180 to 300, the default NAT session
per host from 2048 to 256.
8. [BUG
FIX]
Symptom & Condition: Device will do rom convert after reset default rom.
9. [BUG FIX]
Symptom: ICMP packet cannot response.
Condition: 1. Enable Firewall and set default SUA server to a exist host.
2. ICMP packet would be blocked by Firewall.
10. [BUG FIX]
Symptom & Condition: Buttons of multi language cannot work when using Mozilla
login.
11. [BUG FIX]
Symptom: & Condition: P334’s picture not displays on Dashboard.
12. [BUG FIX]
Symptom: Display error in parental control.
Condition: 1. Active parental control.
360JJ5C0.rtfC0
7/29
ZyXEL Confidential
2. After a period time.
3. In eWC->TMSS->Parental Control, has “0.0.0.0” displayed in address list.
13. [FEATURE CHANGED]
Change the redirect URL of TMSS from IP to domain name.
14. [FEATURE ENHANCED]
Support multi language for blocking page of Parental Control.
15. [BUG FIX]
Symptom: Can’t save PPTP to static IP in Wizard configuration.
Condition: 1. In eWC-> Connection Wizard 2, change Encapsulation to PPTP.
2. In eWC-> Connection Wizard 3, select ”Use fixed IP address” and set My WAN IP
Address, Apply.
3. Screen display ”Error: Subnet Mask format error.”
16. [BUG FIX]
Symptom: Can’t save any configuration in WAN ISP page.
Condition: 1. eWC-> ADVANCED->WAN-> WAN ISP, change any setting in this
page and Apply.
2. Can’t save & display ”The range of NAT session number per user is from 1 to
2048”.
17. [BUG FIX]
Symptom: Device crash while link to DHCP Table.
Condition: 1. Set LAN DHCP server to “None”.
2. In eWC-> MAINTENANCE, click DHCP Table will cause device crash.
Modification in 3.60(JJ.3)b1 | 08/20/2004
1. [FEATURE ENHANCED]
Support Trend Micro Security Services.
2. [FEATURE ENHANCED]
Modify F/W upgrade setup page to inform user using F/W upgrade tool to update F/W.
Modification in 3.60(JJ.2)D0 | 07/14/2004
1. [FEATURE CHANGED]
Convert from 3.60(JJ.2)C0 and change the default NAT UDP idle timeout from 300 to
180, the default NAT session per host from 256 to 2048.
Modification in 3.60(JJ.2)C0 | 07/07/2004
1. [FEATURE ENHANCED]
Convert to FCS version.
Modification in 3.60(JJ.2)b5 | 06/28/2004
1. [ENHANCEMENT]
Each unified ALG can be enabled/disabled. Default is enabled.
CI command:
360JJ5C0.rtfC0
8/29
ZyXEL Confidential
1. "ip alg display" to display the enable/disable information of each ALG.
2. "ip alg enable
<ALG_FTP|ALG_MSMN|ALG_RA|ALG_ICQ|ALG_VoIP|ALG_SIP>" to enable an
ALG.
3. "ip alg disable
<ALG_FTP|ALG_MSMN|ALG_RA|ALG_ICQ|ALG_VoIP|ALG_SIP>" to disable an
ALG.
2. [ENHANCEMENT]
Symptom: Support AOL Instant Messanger version 9.0
Condition:
1. AOL 9.0 is NAT friendly, no need us to transfer for AOL.
2. Add a CI-command "ip nat AOL-version9 <on|off>" to support AOL version 9.
AOL-version9: off. (Support under AOL version 8).
AOL-version9: on. (Support above AOL version 9).
The default vaule is AOL-version9: on.
3. [BUG FIXED]
Symptom: System crash.
Condition: 1. Into eWC->ADVANCE->WAN->WAN ISP, set NAT to full feature.
2. Into eWC->ADVANCE->SUA/NAT->Address Mapping, edit three one-to-one rule
and one server rule.
3. Delete the all NAT mapping rule, system crash.
Modification in 3.60(JJ.2)b4 | 06/18/2004
1. [BUG FIXED]
Symptom: DNS server can’t configuration.
Condition:
1). Restore default ROM file.
2). In eWC Wizard 3, Configure First DNS server type to user-defined then save.
3). In Menu 1, the First DNS server type still is From ISP.
2. [BUG FIXED]
In eWC Wizard 3, Wish change the word from Next to Finish on “Next” button.
3. [BUG FIXED]
1). Make sure WAN port is down & restore default rom.
2). In eWC Advance(System), Domain Name display zyxel.com.tw.
4. [BUG FIX]
Symptom: GUI wording.
Condition: 1). In eWC (French language) Advance (WAN) Route, Into
“Fournisseur WAN” page, you will see the word from “Fournisseur WAN” change to
“ISP WAN”.
5. [FEATURE ENHANCED]
Symptom: Use JavaScript to modify web page title as "ZyXEL [product name]
( hostname )".
Modification in 3.60(JJ.2)b3 | 06/15/2004
360JJ5C0.rtfC0
9/29
ZyXEL Confidential
1. [BUG FIXED]
Symptom: content filter have some problem
Condition:
step1. In eWC->firewall->filter
step2. filter “ActiveX” or “ JAVA “
step3. Go to http://java.sun.com/applets/other/UnderConstruction/index.html test if
JAVA is blocked =>can not open JAVA test page but no display Denied Access
Message
2. [BUG FIXED]
Symptom: The packets on LAN (not to WAN) triggers the PPPoE connection.
Condition:
P334 connected to ADSL Modem, and 334 configured with pppoe encapsulation.
Ping LAN IP address (192.168.1.1) of 334 from a LAN-PC (192.168.1.33).
This packets will trigger 334 to dial PPPoE.
3. [FEATURE ENHANCED]
Add AT command “atld” to upload ROM file and write the ROM file to replace default
ROM file.
4. [BUG FIX]
Symptom & Condition: Telnet to menu 24.1, ” RAS F/W Version:n+ V3.60(JJ.2)b2 ”
should be ” ZyNOS F/W Version: V3.60(JJ.2)b2 ”
5. [BUG FIX]
Symptom & Condition: Telnet to menu 24.2.1, ”255” should be invisible.
6. [BUG FIX]
Symptom: DUT will be exception.
Condition:
Step1. Route set NAT port forwarding address is PC address and disable firewall.
Step2. PC run application eMule for long time.
Modification in 3.60(JJ.2)b2 | 05/26/2004
1. [BUG FIXED]
Symptom: DUT will be exception.
Condition:
step1. WAN port connect to IPTV server
step2. Enable LAN/WAN IGMP v1 , Disable firewall
step3. Run IPTV viewer on LAN site PC => DUT exception.
2. [BUG FIXED]
Symptom: DUT will be exception.
Condition:
Step1. Set all(10) address mapping rule with many to one to one
Step2. Delete all(10) address mapping rule
Step3. Repeat step1-step2 more time DUT will be execption
3. [BUG FIXED]
Symptom: DHCP configure have some problem
Condition: In SMT Menu 3.2, Set IP staring address is not same LAN IP segment and
press enter to save config => No display error message and it still can save
360JJ5C0.rtfC0
10/29
ZyXEL Confidential
4. [BUG FIXED]
Symptom: LAN IP alias setup problem
Condition :
step1. In SMT Menu 3.2.1 setup IP alias
step2. setup IP alias1 is 192.168.2.1 submask is 255.255.255.255 and press enter to
save
5. [BUG FIXED]
Symptom :VPN NAT-Traversal have some problem
Condition : PC1---ZW5----NAT----P334----PC2
When VPN rule NAT-Traversal ON , Local ID and Peer ID with domain name or
Email
VPN tunnel can not establish . Same VPN rule , Local ID and Peer ID with IP , VPN
tunnel can establish.
6. [BUG FIXED]
Symptom: eWC: SUA/NAT->Address Mapping, the rules can be inserted more than
10 rules, and the rules will be invisible expect first 10 rules.
Condition: eWC: SUA/NAT->Address Mapping, to insert more than 10 rules.
Modification in 3.60(JJ.2)b1 | 05/12/2004
1. [FEATURE ENHANCED]
Sync code from trunk at 03/18/2004.
2. [FEATURE CHANGED]
Remove the Online Help.
3. [FEATURE ENHANCED]
Support SIP pass through.
4. [FEATURE ENHANCED]
Support PPTP with dynamic IP.
5. [FEATURE ENHANCED]
Support Multi lingual
6. [FEATURE CHANGED]
Change default setting of quick route, disable quick route when firewall enable.
Modification in 3.60(JJ.1)b2 | 3/24/2004
1.
[FEATURE CHANGED]
Turn on Firewall and turn off UPNP by default.
Modification in 3.60(JJ.0)b9 | 1/13/2004
1.
[BUG FIXED]
Symptom: Exception occurs during boot procedure after restore default rom file by CI
command.
Modification in 3.60(JJ.0)b8 | 1/9/2004
360JJ5C0.rtfC0
11/29
ZyXEL Confidential
1.
[BUG FIXED]
Symptom: Content filter cannot block cookie content for some web sites.
Condition: 1. Enable "block cookie" in eWC. 2. Access
http://www.tomshardware.com from PC. 3. PC has cookie contents which are written
from the website. Router should block the cookie contents.
2.
[BUG FIXED]
Symptom: Exception occurs when connect with PQA Reback PPPoE Server.
Modification in 3.60(JJ.0)b7 | 12/31/2003
1.
[BUG FIXED]
Symptom: Exception occurs when configure WAN interface as PPPoE in eWC.
2.
[BUG FIXED]
Symptom: Logged into the eWC from one computer and then try to login from a
second one. The login fails, but the centralize log states that the login was successful.
3.
[FEATURE ENHANCED]
Change the warning message of Daylight saving from "Start date cannot greater than
end date" to "Start Date must occur before End Date.
4.
[FEATURE ENHANCED]
eWC online help is updated for Remote Management ->Security.
Modification in 3.60(JJ.0)b6 | 12/11/2003
1.
[BUG FIXED]
Symptom: Exception occurs when DNS server replies a request for more then once.
Modification in 3.60(JJ.0)b5 | 12/09/2003
1.
[BUG FIXED]
Symptom: Avoid ipsec_list linking list be destroyed by chk_conn.
2.
[BUG FIXED]
Symptom: Help page http://192.168.1.1/RestoreErr.html# is not available.
3.
[BUG FIXED]
Symptom: 1.”WIZARD 2” -> select PPTP and finish editing(My IP Subnet Mask =
255.0.0.0) 2."WIZARD 3"-> the "IP Subnet Mask" always be "255.0.0.0".
4.
[BUG FIXED]
Symptom: Relogin Period (min) default setting is 0 min for Telia Login, but it show
"30 min" in help page.
360JJ5C0.rtfC0
12/29
ZyXEL Confidential
5.
[BUG FIXED]
Symptom: System crash when user access a long URL web site.
Condition: 1. Enable content filter. 2. Set the current time within range of content
filter's blocking time. 3. Open a web broswer and access a web site whose URL is very
long. 4. System will crash.
6.
[BUG FIXED]
Symptom: cbuf double free caused by DNS query.
7.
[FEATURE CHANGED]
Symptom: Default setting for allowing Netbios traffic is changed to "Disable".
Modification in 3.60(JJ.0)b4 | 11/13/2003
1.
[BUG FIXED]
Symptom: Issue CI command "sys romr" can not restore default rom file via Telnet.
Condition: (1) Issue "sys romr" in menu 24.8 via Telnet. (2) It does not send out the
message "Do you want to restore default ROM file(y/n)?".
2.
[BUG FIXED]
Symptom: Into eWC--> Wizard, Can't save Gateway IP Adrress if you configure
WAN = Ethernet and fixed IP.
3.
[BUG FIXED]
Symptom: Upnp function "Allow users to make configuration changes through
UPnP" can't work correctly.
4.
[BUG FIXED]
Symptom: Output first 3 characters of username and password of Telia login.
5.
[BUG FIXED]
Symptom: The menu "Static Route" is not accessible with Linux Mozilla Firebird.
6.
[BUG FIXED]
Symptom: GUI problem for Telia Login setting.
Condition: (1)Into eWC--> WAN--> WAN ISP, Setting Telia Login and Relogin
Every(min) = 10 then save it. (2)Into eWC--> Wizard 2, you will see the value of
"Relogin Every(min)" is not 10.
7.
[FEATURE CHANGED]
Quick route is disabled when there exist IPSec tunnels.
Modification in 3.60(JJ.0)b3 | 11/05/2003
1.
[BUG FIXED]
Symptom: Windows 2000 command line FTP client cannot get file from FTP server
360JJ5C0.rtfC0
13/29
ZyXEL Confidential
in WAN side.
2.
[BUG FIXED]
Symptom: The modification in lower part of eWC content filter page cannot be saved
after apply the change of upper part settings.
3.
[BUG FIXED]
Symptom: PPPoE idletime value will be change to "0" when you Enable traffic
redirect function from eWC.
4.
[BUG FIXED]
Symptom: There is no help in GUI for Telia login.
5.
[BUG FIXED]
Symptom: After running VPN FTP stress test several hours, LeapFTP can't login to
Serv-U of remote's PC again. (It can work if you disable quick route)
6.
[BUG FIXED]
Symptom: Run NAT function auto test, P334 will crash.
7.
[BUG FIXED]
Symptom: Time Protocol & Time server address default settings are different from
help page http://192.168.1.1/TimeZone.html#.
Modification in 3.60(JJ.0)b2 | 10/21/2003
1.
[BUG FIXED]
Symptom: Press "Apply" on WebGUI "WAN ISP" page will get an error
message:"ERROR: Fail to update due to internal error (-9)!" and the outgoing traffic
from WAN port is blocked.
Condition: 1: Configure PPPoE with fixed IP address in eWC . 2: Change the
encapsulation from PPPoE to Ethernet. 3: Choose
RR-Toshiba/RR-Manager/RR-Telstra/RR-Telia as the Service Type. 4: Click
“Apply” The status shows: "ERROR: Fail to update due to internal error (-9)!" and the
outgoing traffic from WAN port is blocked.
2.
[BUG FIXED]
Symptom: Configure traffic redirect all fields via eWC that cause P334 crash.
3.
[BUG FIXED]
Symptom: Enter eWC--> Firewall--> Services, select " any(UDP)" rule then click add
button that cause P334 crash.
4.
[BUG FIXED]
Symptom: Exception occurs when VPN tunnel is activated but PPPoE/PPTP
connection is not established yet.
360JJ5C0.rtfC0
14/29
ZyXEL Confidential
Condition: 1. Set WAN Encapsulation = PPPoE. 2. Create one VPN rule and activate
it. The exception occurs in 10 seconds.
5.
[BUG FIXED]
Symptom: Change Encryption Algorithm from DES to " 3DES " while transfer file
that will cause P334 crash.
Condition: 1. Create one VPN rule and connect with ZW2. 2. Remote PC Transfer file
to Local via VPN tunnel. 3. Into ZW2 menu27.1.1.1, change Encryption Algorithm
from DES to " 3DES " in IKE phase1 and save it.
6.
[BUG FIXED]
Symptom: The location of private field is incorrect.
Condition: 1. Set WAN= PPPoE or PPTP, and go to menu 11.3. 2. The cursor is
located on wrong position for " Private " & "RIP Direction".
7.
[BUG FIXED]
Symptom: Cannot Access P334 after change network on WAN.
Condition: 1. Set WAN= Ethernet/ Static IP via eWC, and connect the WAN port with
PQA internal LAN. 2. Connect WAN port to ZyXEL's internal LAN 3. Modify
WAN= Ethernet/ Dynamic via eWC. 4. P334 cannot be accessed anymore.
8.
[BUG FIXED]
Symptom: In Wizard last page " http://192.168.1.1/wzError.html# " that Help is not
available. (網頁發生錯誤)
9.
[FEATURE ENHANCED]
Change the default page of remote management in eWC to “WWW”.
10. [BUG FIXED]
In eWC--> WAN--> Route, remove all wording for dial backup in
http://192.168.1.1/WAN_Route.html# help page.
11. [BUG FIXED]
Correct all “ZyWALL” terms in help pages of IPSec VPN.
12. [BUG FIXED]
Correct the typo “Remode Management” to “Remote Management” in Remote
management help pages.
13. [FEATURE CHANGED]
Support Telia login.
Modification in 3.60(JJ.0)b1 | 09/30/2003
1.
First firmware release
360JJ5C0.rtfC0
15/29
ZyXEL Confidential
Appendix 1: ZyXEL F/W Upgrade Tool
Network Environment:
1. Prestige Router Series
The target network environment is a small number of PCs using the Prestige DHCP service
for IP address assignment. Following figure shows a typical Internet access application.
Firmware Upgrade Procedure
1. Change the Router’s password to “1234”.
2. Change the Router’s LAN IP to “192.168.1.1” and make sure that PC can connect to
Router.
If your PC’s IP is dynamic assigned by router, please release original IP and
renew it from router’s DHCP service.
If your PC’s IP is static assigned, please change it and make sure the new IP
address at same subnet with router. (Ex: Set PC’s IP to 192.168.1.33).
3. Logout the Router.
4. Executing the upgrade tool and wait about 6 minutes to wait firmware upgrade
procedure finished.
1.
2.
3.
Trouble shooting
Make sure the password is correct.
If upgrade fail, unplug WAN cable and reboot the device and then try again.
Make sure the setting for Telnet port as 23 and FTP port as 21.
360JJ5C0.rtfC0
16/29
ZyXEL Confidential
Annex A CI Command List
Last Updated: 2002/11/26
System Related Command
Ethernet Related Command
Configuration Related Command
Firewall Related Command
Command Class List Table
Exit Command
POE Related Command
IP Related Command
System Related Command
Command
Device Related Command
PPTP Related Command
IPSec Related Command
Home
Description
sys
adjtime
callhist
retrive date and time from Internet
display
remove
countrycode
date
domainname
edit
extraphnum
<index>
[countrycode]
[year month date]
<filename>
add
display
node
remove
reset
feature
hostname
logs
<set 1-3> <1st phone num> [2nd phone
num]
display call history
remove entry from call history
set country code
set/display date
display domain name
edit a text file
maintain extra phone numbers for outcalls
add extra phone numbers
display extra phone numbers
set all extend phone number to remote node
<num>
remove extra phone numbers
reset flag and mask
display feature bit
display system hostname
<num>
<set 1-3>
[hostname]
category
access [0:none/1:log/2:alert/3:both]
attack [0:none/1:log/2:alert/3:both]
display
error [0:none/1:log/2:alert/3:both]
ipsec [0:none/1:log/2:alert/3:both]
ike [0:none/1:log/2:alert/3:both]
javablocked [0:none/1:log]
mten [0:none/1:log]
upnp [0:none/1:log]
urlblocked [0:none/1:log/2:alert/3:both]
urlforward [0:none/1:log]
clear
display
[access|attack|error|ipsec|ike|javablocked|
mten|urlblocked|urlfor
ward]
record the access control logs
record and alert the firewall attack logs
display the category setting
record and alert the system error logs
record the access control logs
record the access control logs
record the java etc. blocked logs
record the system maintenance logs
record upnp logs
record and alert the web blocked logs
record web forward logs
clear log
display all logs or specify category logs
errlog
clear
disp
online
display log error
clear log error
turn on/off error log online display
load the log setting buffer
alertAddr [mail address]
send alerts to this mail address
load
mail
360JJ5C0.rtfC0
17/29
ZyXEL Confidential
display
logAddr [mail address]
schedule display
schedule hour [0-23]
schedule minute [0-59]
schedule policy
[0:full/1:hourly/2:daily/3:weekly/4:none]
schedule week
[0:sun/1:mon/2:tue/3:wed/4:thu/5:fri/6:sa
t]
server [domainName/IP]
subject [mail subject]
display mail setting
send logs to this mail address
display mail schedule
hour time to send the logs
minute time to send the logs
mail schedule policy
active [0:no/1:yes]
display
facility [Local ID(1-7)]
server [domainName/IP]
active to enable unix syslog
display syslog setting
log the messages to different files
syslog server to send the logs
save
syslog
weekly time to send the logs
mail server to send the logs
mail subject
save the log setting buffer
log
clear
disp
online
resolve
clear log error
display log error
turn on/off error log online display
Resolve mail server and syslog server address
[on|off]
mbuf
link
pool
status
disp
cnt
debug
pwderrtm
link
<id> [type]
list system mbuf link
list system mbuf pool
display system mbuf status
display mbuf status
<address>
disp
clear
[on|off]
[minute]
display system mbuf count
clear system mbuf count
Set or display the password error blocking
timeout value.
rn
load
disp
nat
nailup
mtu
save
smt
stdio
time
trcdisp
trclog
trcpacket
syslog
<entry no.>
<entry no.>(0:working buffer)
<none|sua|full_feature>
<no|yes>
<value>
[entry no.]
[minute]
[hour [min [sec]]]
server
facility
type
mode
[destIP]
<FacilityNo>
[type]
[on|off]
set syslog server IP address
set syslog facility
set/display syslog type flag
set syslog mode
display RAS code and driver version
version
360JJ5C0.rtfC0
load remote node information
display remote node information
config remote node nat
config remote node nailup
set remote node mtu
save remote node information
not support in this product
change terminal timeout value
display/set system time
monitor packets
18/29
ZyXEL Confidential
view
wdog
<filename>
view a text file
switch
cnt
[on|off]
[value]
set on/off wdog
display watchdog counts value: 0-34463
restore default romfile
access
load
disp
port
save
secureip
<telnet|ftp|web|icmp|snmp|dns> <value>
set server access type
load server information
display server information
set server port
save server information
set server secure ip addr
romreset
server
<telnet|ftp|web|snmp> <port>
<telnet|ftp|web|icmp|snmp|dns> <ip>
fwnotify
load
save
url
days
active
disp
check
debug
load fwnotify entry from spt
save fwnotify entry to spt
set fwnotify url
set fwnotify days
turn on/off fwnotify flag
display firmware notify information
check firmware notify event
turn on/off firmware notify debug flag
<url>
<days>
<flag>
<flag>
cmgr
trace
disp <ch-name>
clear <ch-name>
<ch-name>
show the connection trace of this channel
clear the connection trace of this channel
show channel connection related counter
display system socket information
debug
<level>
display
<iface name>
restart
<iface name>
enable/disable roadrunner service
0: diable <default>
1: enable
display roadrunner information
iface-name: enif0, wanif0
restart roadrunner
debug
display
restart
logout
<level>
<iface name>
<iface name>
<iface name>
enable/disable ddns service
display ddns information
restart ddns
logout ddns
cnt
socket
filter
netbios
roadrunner
ddns
cpu
display
display CPU utilization
filter
netbios
upnp
active
config
display
firewall
load
save
360JJ5C0.rtfC0
[0:no/1:yes]
[0:deny/1:permit]
Activate or deactivate the saved upnp settings
Allow users to make configuration changes.
through UPnP
display upnp information
Allow UPnP to pass through Firewall.
save upnp information
save upnp information
[0:deny/1:pass]
19/29
ZyXEL Confidential
Exit Command
Home
Description
Command
exit
exit smt menu
Device Related Command
Command
Home
Description
dev
channel
drop
dial
<channel_name>
<node#>
drop channel
dial to remote node
Ethernet Related Command
Command
Home
Description
ether
config
driver
display LAN configuration information
cnt
disp <name>
<ch_name>
<ch_name>
display ether driver counters
Useless in this stage.
see LAN status
see ethernet device type
sap
arp
packet <level>
event <ch> [on|off]
[ch_name]
<ch_name> <ip-addr>
set ether test packet display level
turn on/off ether test event display
send sap packet
send arp packet to ip-addr
disp
level
<ch_name>
<ch_name> <level>
display ethernet debug infomation
set the ethernet debug level
level 0: disable debug log
level 1:enable debug log (default)
load
mtu
accessblock
save
<ether no.>
<value>
<0:disable 1:enable>
load ether data from spt
set ether data mtu
block internet access
save ether data to spt
ioctl
status
version
pkttest
disp
debug
edit
POE Related Command
Command
Home
Description
poe
status
dial
drop
ether
[ch_name]
<node>
<node>
[rfc|3com]
see poe status
dial a remote node
drop a pppoe call
set /display pppoe ether type
PPTP Related Command
Command
Home
Description
pptp
dial
drop
tunnel
<rn-name>
<rn-name>
<tunnel id>
360JJ5C0.rtfC0
dial a remote node
drop a remote node call
display pptp tunnel information
20/29
ZyXEL Confidential
Configuration Related Command
Command
config
edit
firewall
retrieve
save
display
firewall
firewall
firewall
Home
Description
The parameters of config are listed below.
Activate or deactivate the saved firewall settings
active
<yes|no>
Retrieve current saved firewall settings
Save the current firewall settings
Displays all the firewall settings
Display current entries of a set configuration;
including timeout values, name, default-permit,
and number of rules in the set.
Display current entries of a rule in a set.
Display all the attack alert settings in PNC
Display all the e-mail settings in PNC
Display all the available sub commands
Edit the mail server IP to send the alert
set <set#>
set <set#>
attack
e-mail
?
e-mail
rule <rule#>
mail-server
<mail server IP>
return-addr
<e-mail address>
e-mail-to <e-mail
address>
policy <full |
hourly |daily |
weekly>
day <sunday |
monday | tuesday
| wednesday |
thursday | friday |
saturday>
hour <0~23>
Edit the mail address for returning an email alert
Edit the mail address to send the alert
Edit email schedule when log is full or per hour,
day, week.
Edit the day to send the log when the email policy
is set to Weekly
Edit the hour to send the log when the email
policy is set to daily or weekly
Edit the minute to send to log when the email
policy is set to daily or weekly
Edit the email subject
minute <0~59>
attack
set <set#>
360JJ5C0.rtfC0
Subject <mail
subject>
send-alert
<yes|no>
block <yes|no>
Activate or deactivate the firewall DoS attacks
notification emails
Yes: Block the traffic when exceeds the
tcp-max-incomplete threshold
No: Delete the oldest half-open session when
exceeds the tcp-max-incomplete threshold
Only valid when sets 'Block' to yes. The unit is
minute
The threshold to start to delete the old
half-opened sessions to minute-low
The threshold to stop deleting the old
half-opened session
The threshold to start to delete the old
half-opened sessions to max-incomplete-low
The threshold to stop deleting the half-opened
session
The threshold to start executing the block field
block-minute
<0~255>
minute-high
<0~255>
minute-low
<0~255>
max-incompletehigh <0~255>
max-incompletelow <0~255>
tcp-max-incompl
ete <0~255>
name <desired
Edit the name for a set
21/29
ZyXEL Confidential
name>
default-permit
<forward|block>
icmp-timeout
<seconds>
udp-idle-timeout
<seconds>
connection-timeo
ut <seconds>
fin-wait-timeout
<seconds>
tcp-idle-timeout
<seconds>
pnc <yes|no>
log <yes|no>
rule <rule#>
permit <forward|block>
active <yes|no>
protocol <0~255>
log
<none|match|not-match|both
>
alert <yes|no>
srcaddr-single <ip address>
srcaddr-subnet <ip address>
<subnet mask>
srcaddr-range <start ip
address> <end ip address>
destaddr-single <ip address>
destaddr-subnet <ip
address> <subnet mask>
destaddr-range <start ip
address> <end ip address>
tcp destport-single <port#>
tcp destport-range <start
port#> <end port#>
udp destport-single <port#>
udp destport-range <start
port#> <end port#>
desport-custom <desired
360JJ5C0.rtfC0
22/29
Edit whether a packet is dropped or allowed
when it does not match the default set
Edit the timeout for an idle ICMP session before
it is terminated
Edit the timeout for an idle UDP session before it
is terminated
Edit the wait time for the SYN TCP sessions
before it is terminated
Edit the wait time for FIN in concluding a TCP
session before it is terminated
Edit the timeout for an idle TCP session before it
is terminated
PNC is allowed when 'yes' is set even there is a
rule to block PNC
Switch on/off sending the log for matching the
default permit
Edit whether a packet is dropped or allowed
when it matches this rule
Edit whether a rule is enabled or not
Edit the protocol number for a rule. 1=ICMP,
6=TCP, 17=UDP...
Sending a log for a rule when the packet
none|matches|not match|both the rule
Activate or deactivate the notification when a
DoS attack occurs or there is a violation of any
alert settings. In case of such instances, the
function will send an email to the SMTP
destination address and log an alert.
Select and edit a source address of a packet which
complies to this rule
Select and edit a source address and subnet mask
if a packet which complies to this rule.
Select and edit a source address range of a packet
which complies to this rule.
Select and edit a destination address of a packet
which complies to this rule
Select and edit a destination address and subnet
mask if a packet which complies to this rule.
Select and edit a destination address range of a
packet which complies to this rule.
Select and edit the destination port of a packet
which comply to this rule. For non-consecutive
port numbers, the user may repeat this command
line to enter the multiple port numbers.
Select and edit a destination port range of a
packet which comply to this rule.
Select and edit the destination port of a packet
which comply to this rule. For non-consecutive
port numbers, users may repeat this command
line to enter the multiple port numbers.
Select and edit a destination port range of a
packet which comply to this rule.
Type in the desired custom port name
ZyXEL Confidential
custom port name>
delete
firewall
e-mail
attack
set <set#>
set <set#>
insert
firewall
rule <rule#>
e-mail
attack
set <set#>
set <set#>
cli
debug
Remove all email alert settings
Reset all alert settings to defaults
Remove a specified set from the firewall
configuration
Remove a specified rule in a set from the firewall
configuration
Insert email alert settings
Insert attack alert settings
Insert a specified rule set to the firewall
configuration
Insert a specified rule in a set to the firewall
configuration
Display the choices of command list.
Turn on|off trace for firewall debug information.
rule <rule#>
<1|0>
IP Related Command
Home
Description
Command
ip
address
alias
aliasdis
arp
status
dhcp
[addr]
<iface>
<0|1>
display host ip address
alias iface
disable alias
<iface>
<iface>
display ip arp status
release
renew
[option]
release DHCP client IP
renew DHCP client IP
show dhcp status
<primary> [secondary] [third]
set dns server
clear
disp
clear dns statistics
display dns statistics
client
status
dns
query
server
stats
httpd
icmp
status
discovery
ifconfig
ping
route
status
add
addiface
addprivate
drop
<iface> [on|off]
[iface] [ipaddr] [broadcast <addr>
|mtu <value>|dynamic]
<hostid>
[if]
<dest_addr|default>[/<bits>]
<gateway> [<metric>]
<dest_addr|default>[/<bits>]
<gateway> [<metric>]
<dest_addr|default>[/<bits>]
<gateway> [<metric>]
<host addr> [/<bits>]
smtp
status
stroute
360JJ5C0.rtfC0
display icmp statistic counter
set icmp router discovery flag
configure network interface
ping remote host
display routing table
add route
add an entry to the routing table to iface
add private route
drop a route
display ip statistic counters
23/29
ZyXEL Confidential
display
load
save
config
traceroute
xparent
join
break
[rule # | buf]
<rule #>
display rule index or detail message in rule.
load static route rule in buffer
save rule from buffer to spt.
name <site name>
destination <dest addr>[/<bits>]
<gateway> [<metric>]
mask <IP subnet mask>
gateway <IP address>
metric <metric #>
private <yes|no>
active <yes|no>
<host> [ttl] [wait] [queries]
set name for static route.
set static route destination address and gateway.
<iface1> [<iface2>]
<iface>
join iface2 to iface1 group
break iface to leave ipxparent group
display
name
eMail <size>
country <size>
clearAll
display urlfilter registration information
set urlfilter registration name
set urlfilter registration email addr
set urlfilter registration country
clear urlfilter register information
display
webFeature [block/nonblock]
[activex/java/cookei/webproxy]
logAndBlock [log/logAndBlock]
blockCategory [block/nonblock]
[all/type(1-14)]
timeOfDay [always/hh:mm] [hh:mm]
clearAll
display urlfilter category
block or unblock webfeature
display
actionFlags [yes/no]
scheduleFlag [pending]
dayFlag [pending]
time [pending]
clearAll
display listupdate status
set listupdate or not
set schedule flag
set day flag
set time
clear all listupdate information
display
actionFlags
[type(1-3)][enable/disable]
add [ip1] [ip2]
delete [ip1] [ip2]
clearAll
display exemptzone information
set action flags
display
actionFlags[filterList/disableAllExce
ptTrusted/unblockRWFToTrusted/k
eywordBlock/fullPath/caseInsensiti
ve/fileName][enable/disable]
logFlags [type(1-3)][enable/disable]
add [string] [trust/untrust/keyword]
display customize action flags
set action flags
set static route subnet mask.
set static route gateway address.
set static route metric number.
set private mode.
set static route rule enable or disable.
send probes to trace route of a remote host
urlfilter
reginfo
category
set log only or log and block
block or unblock type
set block time
clear all category information
listUpdate
exemptZone
add exempt range
delete exempt range
clear exemptzone information
customize
360JJ5C0.rtfC0
24/29
set log flags
add url string
ZyXEL Confidential
delete [string] [trust/untrust/keyword]
clearAll
logDisplay
ftplist
listServerIP
listServerName
<ipaddr>
<name>
delete url string
clear all information
display cyber log
update cyber list data
set list server ip
set list server name
tredir
failcount
partner
target
timeout
checktime
active
save
disp
debug
<count>
<ipaddr>
<ipaddr>
<timeout>
<period>
<on|off>
<value>
set tredir failcount
set tredir partner
set tredir target
set tredir timeout
set tredir checktime
set tredir active
save tredir information
display tredir information
set tredir debug value
hashTable
server
<enifX>; X=0, 1, 2....
display nat hash table
disp
load <set id>
save
clear <set id>
edit active <yes|no>
edit svrport <start port> [end port]
edit intport <start port> [end port]
edit remotehost <start ip> [end ip]
edit leasetime [time]
edit rulename [name]
edit forwardip [ip]
edit protocol [protocol id]
edit clear
display nat server table
load nat server information from ROM
save nat server information to ROM
clear nat server information
set nat server edit active flag
set nat server server port
set nat server forward port
set nat server remote host ip
set nat server lease time
set nat server rule name
set nat server server ip
set nat server protocol
clear one rule in the set
irc [on|off]
turn on/off irc flag
reset all nat server table entries
turn on/off increase ike port flag
set NAT session per host
support AOL version 9 or not
set TMSS enable or disable
nat
service
enforcer
resetport
incikeport
session
AOL-vision9
active
av
[on|off]
<on|off>
<on|off>
active <on|off>
Enable or disable Automatically check for update
components
Set the checking time
Set the server's URL
Display Engine Version and Pattern number
Display current active server IP address
Refresh active server
Set redirect URL
checktime
server
versio
disp
refresh
redirect_url
time
report
outdate
update
display
get
360JJ5C0.rtfC0
<server_addr ><port><filename>
25/29
Set report time
Set time out
Set update time
Display TMSS setting
Get server.ini
ZyXEL Confidential
except
discover
notify
client
debug
add
del
display
<ipAddr>
<ipAddr>
Add client to exception list
Delete client from exception list
Display exception list
Update client information
Notify client update engine/pattern
init
display
get
del
reset
add
[1:ERROR | 2:DEBUG | 4:INFO |
8:WARN | 16:CRIT |
32:NOTICE|63:ALL]
Initial client pool
Display client pool
Display client information
Delete client from client pool
Reset client pool
Add client to client pool
Print debug message
Active
server
category
display
reset
Enable/disable parental control
Set License server URL
Set parental control category
Display Parental control setting
Reset Parental control statistics
Display the pending queue
[level]
[on|off]
[on|off]
set igmp debug level
turn on/off igmp forward to all interfaces flag
turn on/off igmp stop query flag
<iface> grouptm <timeout>
<iface> interval <interval>
<iface> join <group>
<iface> leave <group>
<iface> query
<iface> rsptime [time]
<iface> start
<iface> stop
<iface> ttl <threshold>
<iface> v1compat [on|off]
<num>
set igmp group timeout
set igmp query interval
join a group on iface
leave a group on iface
send query on iface
set igmp response time
turn on of igmp on iface
turn off of igmp on iface
set ttl threshold
turn on/off v1compat on iface
set igmp robustness variable
dump igmp status
url
queue
igmp
debug
forwardall
querier
iface
robustness
status
alg
display
enable
disable
<ALG_FTP|ALG_MSMN|ALG_RA|
ALG_ICQ|ALG_VoIP|ALG_SIP>
<ALG_FTP|ALG_MSMN|ALG_RA|
ALG_ICQ|ALG_VoIP|ALG_SIP>
IPSec Related Command
Command
Display the enable/disable information of each
ALG
Enable an ALG
Disable an ALG
Home
Description
ipsec
debug
ipsec_log_disp
route
<1|0>
lan
360JJ5C0.rtfC0
turn on|off trace for IPsec debug information
show IPSec log, same as menu 27.3
After a packet is IPSec processed and will be sent
<on|off>
26/29
ZyXEL Confidential
wan
show_runtime
to LAN side, this switch is to control if this
packet can be applied IPSec again.
Remark: Command available since 3.50(WA.3)
After a packet is IPSec processed and will be sent
to WAN side, this switch is to control if this
packet can be applied IPSec again.
Remark: Command available since 3.50(WA.3)
display runtime phase 1 and phase 2 SA
information
When a dynamic rule accepts a request and a
tunnel is established, a runtime SPD is created
according to peer local IP address. This
command is to show these runtime SPD.
As long as there exists one active IPSec rule, all
packets will run into IPSec process to check SPD.
This switch is to control if a packet should do
this. If it is turned on, even there exists active
IPSec rules, packets will not run IPSec process.
- Adjust timer to check if WAN IP in menu is
changed
- Interval is in seconds
- Default is 10 seconds
- 0 is not a valid value
- Adjust auto-timer to check if any IPsec
connection has no traffic for certain period. If
yes, system will disconnect it.
- Interval is in minutes
- Default is 2 minuets
- 0 means never timeout
- Adjust auto-timer to update IPSec rules which
use domain name as the secure gateway IP.
- Interval is in minutes
- Default is 30 minutes
- 0 means never update
Remark: Command available since 3.50(WA.3)
Force system to update IPSec rules which use
domain name as the secure gateway IP right
away.
Remark: Command available since 3.50(WA.3)
Initiate IPSec rule <#> from ZyWALL box
Remark: Command available since 3.50(WA.3)
Display IPSec rule #
I add a secured remote access tunnel with
pre-shared key. It is a dynamic rule with local:
the route’s WAN IP. The algorithms with it are
fixed to phase1: DES+MD5, DH1 and SA
lifetime 28800 seconds; phase2: DES+MD5, PFS
off, no anti-replay and SA lifetime 28800
seconds. The length of pre-shared key is between
8 to 31 ASCII characters.
Activate or de-activate the secured remote access
tunnel.
Set ipsec keep_alive flag
Load ipsec rule
Save ipsec rules
<on|off>
sa
spd
switch
<on|off>
timer
chk_my_ip
<1~3600>
chk_conn.
<0~255>
update_peer
<0~255>
updatePeerIp
dial
<rule #>
display
remote
<rule #>
key
<string>
switch
<on|off>
<rule #>
<rule #>
<on|off>
keep_alive
load
save
360JJ5C0.rtfC0
27/29
ZyXEL Confidential
config
netbios
name
name
keeyAlive
lcIdType
lcIdContent
myIpAddr
peerIdType
peerIdContent
secureGwAddr
protocol
lcAddrType
lcAddrStart
lcAddrEndMas
k
lcPortStart
lcPortEnd
rmAddrType
rmAddrStart
rmAddrEndMa
sk
rmPortStart
rmPortEnd
antiReplay
keyManage
ike
manual
manual ah
manual esp
active <on|off>
group <group index1, group index2…>
<string>
<string>
<Yes| No>
<0:IP | 1:DNS | 2:Email>
<string>
<IP address>
<0:IP | 1:DNS | 2:Email>
<string>
<IP address | Domain name>
<1:ICMP | 6:TCP | 17:UDP>
<0:single | 1:range | 2:subnet>
<IP>
<IP>
Set netbios active flag
Set netbios group
Set rule name
Set rule name
Set keep alive or not
Set local ID type
Set local ID content
Set my IP address
Set peer ID type
Set peer ID content
Set secure gateway address or domain name
Set protocol
Set local address type
Set local start address
Set local end address or mask
<port>
<port>
<0:single | 1:range | 2:subnet>
<IP>
<IP>
Set local start port
Set local end port
Set remote address type
Set remote start address
Set remote end address or mask
<port>
<port>
<Yes | No>
<0:IKE | 1:Manual>
negotiationMode <0:Main |
1:Aggressive>
preShareKey <string>
p1EncryAlgo <0:DES | 1:3DES>
p1AuthAlgo <0:MD5 | 1:SHA1>
p1SaLifeTime <seconds>
p1KeyGroup <0:DH1 | 1:DH2>
activeProtocol <0:AH | 1:ESP>
p2EncryAlgo <0:Null | 1:DES |
2:3DES>
p2AuthAlgo <0:MD5 | 1:SHA1>
p2SaLifeTime <seconds>
encap <0:Tunnel | 1:Transport>
pfs <0:None | 1:DH1 | 2:DH2>
activeProtocol <0:AH | 1:ESP>
encap <0:Tunnel | 1:Transport>
spi <decimal>
authAlgo <0:MD5 | 1:SHA1>
authKey <string>
encap <0:Tunnel | 1:Transport>
spi <decimal>
encryAlgo <0:Null | 1:DES | 2:3DES>
encryKey <string>
authAlgo <0:MD5 | 1:SHA1>
authKey < string>
Set remote start port
Set remote end port
Set anitreplay or not
Set key manage
Set negotiation mode in phase 1 in IKE
Firewall Related Command
Command
360JJ5C0.rtfC0
Set pre shared key in phase 1 in IKE
Set encryption algorithm in phase 1 in IKE
Set authentication algorithm in phase 1 in IKE
Set sa life time in phase 1 in IKE
Set key group in phase 1 in IKE
Set active protocol in phase 2 in IKE
Set encryption algorithm in phase 2 in IKE
Set authentication algorithm in phase 2 in IKE
Set sa life time in phase 2 in IKE
set encapsulation in phase 2 in IKE
set pfs in phase 2 in IKE
Set active protocol in manual
Set encapsulation in ah in manual
Set spi in ah in manual
Set authentication algorithm in ah in manual
Set authentication key in ah in manual
Set encapsulation in esp in manual
Set spi in esp in manual
Set encryption algorithm in esp in manual
Set encryption key in esp in manual
Set authentication algorithm in esp in manual
Set authentication key in esp in manual
Home
Description
28/29
ZyXEL Confidential
sys
Firewall
acl
active
clear
cnt
disp
<yes|no>
Display specific ACL set # rule #, or all ACLs.
Active firewall or deactivate firewall
Clear firewall log
disp
clear
Display firewall log type and count.
Clear firewall log count.
Display firewall log
Set firewall log online.
Dump the 64 bytes of dropped packet by firewall
Update firewall
rst
rst113
display
Set TCP reset sending on/off.
Set TCP reset sending for port 113 on/off.
Display TCP reset sending setting.
smtp
display
ignore
Set SMTP DoS defender on/off
Display SMTP DoS defender setting.
Set if firewall ignore DoS in lan/wan/dmz/wlan
dos
triangle
Set if firewall ignore DoS in lan/wan/dmz/wlan
Set if firewall ignore triangle route in lan/wan/dmz/wlan
disp
online
pktdump
update
dynamicrule
tcprst
icmp
dos
ignore
360JJ5C0.rtfC0
29/29
Download PDF
Similar pages