Netgear ProSafe FVS318N Cli Reference Manual

Add to My manuals
297 Pages

advertisement

Netgear ProSafe FVS318N Cli Reference Manual | Manualzz

350 East Plumeria Drive

San Jose, CA 95134

USA

April 2012

202-10827-01 v1.0

ProSafe Wireless-N 8-Port

Gigabit VPN Firewall

FVS318N

CLI Reference Manual

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

© 2012 NETGEAR, Inc. All rights reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of NETGEAR, Inc.

NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of

NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice. Other brand and product names are registered trademarks or trademarks of their respective holders. © 2012 All rights reserved.

Technical Support

Thank you for choosing NETGEAR. To register your product, get the latest product updates, get support online, or for more information about the topics covered in this manual, visit the Support website at

http://support.netgear.com

Phone (US & Canada only): 1-888-NETGEAR

Phone (Other Countries): Check the list of phone numbers at

http://support.netgear.com/app/answers/detail/a_id/984

Statement of Conditions

To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use, or application of, the product(s) or circuit layout(s) described herein.

Revision History

Publication Part Number

202-10827-01

Version

1.0

Publish Date

April 2012

Comments

First publication

2

Contents

Chapter 1 Introduction

Command Syntax and Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Command Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Description of a Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Common Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

The Four Categories of Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

The Five Main Modes for Configuration Commands . . . . . . . . . . . . . . . . . 11

Save Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Global Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

The Three Basic Types of Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Command Autocompletion and Command Abbreviation . . . . . . . . . . . . . . 16

CLI Line-Editing Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Access the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Chapter 2 Overview of the Configuration Commands

Network Settings (Net Mode) Configuration Commands . . . . . . . . . . . . . . 18

Security Settings (Security Mode) Configuration Commands . . . . . . . . . . 21

Administrative and Monitoring Settings (System Mode)

Configuration Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Wireless Settings (Dot11 Mode) Configuration Commands . . . . . . . . . . . . 25

VPN Settings (VPN Mode) Configuration Commands . . . . . . . . . . . . . . . . 25

Chapter 3 Net Mode Configuration Commands

General WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

IPv4 WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

IPv6 WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

IPv6 Tunnel Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Dynamic DNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

IPv4 LAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

IPv6 LAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

IPv4 DMZ Setup Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

IPv6 DMZ Setup Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

IPv4 Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

IPv6 Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Chapter 4 Security Mode Configuration Commands

Security Services Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Security Schedules Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

3

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

IPv4 Add Firewall Rule and Edit Firewall Rule Commands . . . . . . . . . . . . 77

IPv4 General Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

IPv6 Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Attack Check Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Session Limit, Time-Out, and Advanced Commands. . . . . . . . . . . . . . . . 125

Address Filter and IP/MAC Binding Commands . . . . . . . . . . . . . . . . . . . 128

Port Triggering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

UPnP Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Bandwidth Profile Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Content Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Chapter 5 System Mode Configuration Commands

Remote Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Time Zone Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Traffic Meter Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Firewall Logs and Email Alerts Commands . . . . . . . . . . . . . . . . . . . . . . . 157

Chapter 6 Dot11 Mode Configuration Commands

Wireless Radio Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Wireless Profile Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Chapter 7 VPN Mode Configuration Commands

IPSec VPN Wizard Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

IPSec IKE Policy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

IPSec VPN Policy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

IPSec VPN Mode Config Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

SSL VPN Portal Layout Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

SSL VPN Authentication Domain Commands . . . . . . . . . . . . . . . . . . . . . 204

SSL VPN Authentication Group Commands . . . . . . . . . . . . . . . . . . . . . . 208

SSL VPN User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

SSL VPN Port Forwarding Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 216

SSL VPN Client Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

SSL VPN Resource Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

SSL VPN Policy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

RADIUS Server Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

L2TP Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Chapter 8 Overview of the Show Commands

Network Settings (Net Mode) Show Commands . . . . . . . . . . . . . . . . . . . 239

Security Settings (Security Mode) Show Commands. . . . . . . . . . . . . . . . 241

Administrative and Monitoring Settings (System Mode)

Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Wireless Settings (Dot11 Mode) Show Commands . . . . . . . . . . . . . . . . . 243

VPN Settings (VPN Mode) Show Commands . . . . . . . . . . . . . . . . . . . . . 243

4

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Chapter 9 Show Commands

Network Settings (Net Mode) Show Commands . . . . . . . . . . . . . . . . . . . 245

WAN (IPv4 and IPv6) Show Commands . . . . . . . . . . . . . . . . . . . . . . . 245

IPv6 Mode and IPv6 Tunnel Show Commands . . . . . . . . . . . . . . . . . . 248

LAN DHCP Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Dynamic DNS Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

IPv4 LAN Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

IPv6 LAN Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

DMZ Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Routing Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Network Statistics Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Security Settings (Security Mode) Show Commands. . . . . . . . . . . . . . . . 257

Services Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Schedules Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Firewall Rules Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Attack Checks Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Session Limits Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Advanced Firewall Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Address Filter Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Port Triggering Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

UPnP Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

Bandwidth Profiles Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Content Filtering Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Administrative and Monitoring Settings (System Mode)

Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Remote Management Show Command . . . . . . . . . . . . . . . . . . . . . . . . 267

SNMP Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Time Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Firmware Version Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

Status Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

Traffic Meter Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

Logging Configuration Show Commands . . . . . . . . . . . . . . . . . . . . . . . 273

Logs Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

Wireless Settings (Dot11 Mode) Show Commands . . . . . . . . . . . . . . . . . 277

Radio Show Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

Profile Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Wireless Statistics Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

VPN Settings (VPN Mode) Show Commands . . . . . . . . . . . . . . . . . . . . . 280

IPSec VPN Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

SSL VPN Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

SSL VPN User Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

RADIUS Server Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

L2TP Server Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Chapter 10 Utility Commands

Overview Util Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Firmware Backup, Restore, and Upgrade Commands . . . . . . . . . . . . . . . 291

5

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Diagnostic Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

CLI Command Index

6

1.

Introduction

This document describes the command-line interface (CLI) for the NETGEAR ProSafe

Wireless-N 8-Port Gigabit VPN Firewall FVS318N.

This chapter introduces the CLI interface. It includes the following sections:

Command Syntax and Conventions

The Four Categories of Commands

The Five Main Modes for Configuration Commands

Global Commands

The Three Basic Types of Commands

Command Autocompletion and Command Abbreviation

Access the CLI

Note:

For more information about the topics covered in this manual, visit the support website at

http://support.netgear.com

.

Note:

For more information about the features that you can configure using the CLI, see the ProSafe Wireless-N 8-port Gigabit VPN

Firewall FVS318N Reference Manual.

Note:

You cannot generate and upload a certificate through the CLI. You need to access the web management interface to manage these tasks.

1

7

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Command Syntax and Conventions

A command is one or more words that can be followed by one or more keywords and parameters. Keywords and parameters can be required or optional:

A keyword is a predefined string (word) that narrows down the scope of a command. A keyword can be followed by an associated parameter or by associated keywords. In many cases, these associated keywords are mutually exclusive, so you need to select one of them. In some cases, this manual refers to a group of words as a keyword.

A parameter is a variable for which you need to type a value. You need to replace the parameter name with the appropriate value, which might be a name or number. A parameter can be associated with a command or with a keyword.

This manual lists each command by its full command name and provides a brief description of the command. In addition, for each command, the following information is provided:

Format. Shows the command keywords and the required and optional parameters.

Mode. Identifies the command mode you need to be in to access the command. (With

some minor exceptions, the mode is always described using lower-case letters.)

Related show command or commands. Identifies and links to the show command or

commands that can display the configured information.

For more complicated commands, in addition to the format, mode, and related show command or commands, the following information is provided:

Table. Explains the keywords and parameters that you can use for the command.

Example. Shows a CLI example for the command.

Command Conventions

In this manual, the following type font conventions are used:

A command name is stated in bold font.

A keyword name is stated in bold font.

A parameter name is stated in italic font.

The keywords and parameters for a command might include mandatory values, optional values, or choices. The following table describes the conventions that this manual uses to distinguish between value types:

Table 1. Command conventions

Symbol Example

< > angle brackets

<value>

[ ] square brackets

[value]

Description

Indicate that you need to enter a value in place of the brackets and text inside them. (value is the parameter.)

Indicate an optional parameter that you can enter in place of the brackets and text inside them. (value is the parameter.)

Introduction

8

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 1. Command conventions (continued)

Symbol

{ } curly braces

Example

{choice1 | choice2}

Description

Indicate that you need to select a keyword from the list of choices. (choice1 and choice1 are keywords.)

| vertical bars

choice1 | choice2

Separate the mutually exclusive choices. (choice1 and

choice1

are keywords.)

[ { } ] braces within square brackets

[{choice1 | choice2}]

Indicate a choice within an optional element. (choice1 and

choice1

are keywords.)

Description of a Command

The following example describes the net radvd pool lan edit <row id> command:

net radvd pool lan edit

is the command name.

<row id>

is the required parameter for which you need to enter a value after you type the command words.

The command lets you enter the net-config [radvd-pool-lan] mode, from which you can issue the following keywords and parameters:

prefix_type {6To4 {sla_id <id number>} | {Global-Local-ISATAP}

{prefix_address <ipv6-address>} {prefix_length

<prefix length>}}

prefix_life_time <seconds>

Explanation of the keywords and parameters:

prefix_type

is a keyword. The required associated keyword that you need to select is either 6To4 or Global-Local-ISATAP.

If you select 6To4, you also need to issue the sla_id keyword and enter a value for the <id number> parameter.

If you select Global-Local-ISATAP, you also need to issue the

prefix_address

keyword and enter a value for the <ipv6-address> parameter, and you need to issue the prefix_length keyword and enter a value for the <prefix length> parameter.

prefix_life_time

is a keyword. <seconds> is the required parameter for which you need to enter a value.

Command example:

FVS318N> net radvd pool lan edit 12 net-config[radvd-pool-lan]> prefix_type Global-Local-ISATAP net-config[radvd-pool-lan]> prefix_address 10FA:2203:6145:4201:: net-config[radvd-pool-lan]> prefix_length 10 net-config[radvd-pool-lan]> prefix_life_time 3600 net-config[radvd-pool-lan]> save

Introduction

9

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Common Parameters

Parameter values might be names (strings) or numbers. To use spaces as part of a name parameter, enclose the name value in double quotes. For example, the expression “System

Name with Spaces” forces the system to accept the spaces. Empty strings (“”) are not valid user-defined strings. The following table describes common parameter values and value formatting:

Table 2. Common parameters

Parameter

ipaddr ipv6-address

Character strings

Description

This parameter is a valid IP address. You can enter the IP address in the following formats:

• a (32 bits)

• a.b (8.24 bits)

• a.b.c (8.8.16 bits)

• a.b.c.d (8.8.8.8)

In addition to these formats, the CLI accepts decimal, hexadecimal, and octal formats through the following input formats (where n is any valid decimal, hexadecimal, or octal number):

• 0xn (CLI assumes hexadecimal format)

• 0n (CLI assumes octal format with leading zeros)

n (CLI assumes decimal format)

FE80:0000:0000:0000:020F:24FF:FEBF:DBCB, or

FE80:0:0:0:20F:24FF:FEBF:DBCB, or

FE80::20F24FF:FEBF:DBCB, or

FE80:0:0:0:20F:24FF:128:141:49:32

For additional information, see

RFC 3513

.

Use double quotation marks to identify character strings, for example, “System Name with

Spaces”. An empty string (“”) is not valid.

The Four Categories of Commands

There are four CLI command categories:

Configuration commands with five main configuration modes. For more information, see

the following section,

The Five Main Modes for Configuration Commands

). Save

commands also fall into this category (see

Save Commands

on page 13).

Show commands that are available for the five main configuration modes (see

Chapter 8,

Overview of the Show Commands

and

Chapter 9, Show Commands

).

Utility commands (see

Chapter 10, Utility Commands

).

Global commands (see

Global Commands

on page 14).

Introduction

10

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

The Five Main Modes for Configuration Commands

For the configuration commands, there are five main modes in the CLI: net, security, system, dot11, and vpn.

Chapter 2, Overview of the Configuration Commands

lists all commands in these modes, and each of these modes is described in detail in a separate chapter (see

Chapter 3

through

Chapter 7

).

The following table lists the main configuration modes, the configuration modes, the features that you can configure in each configuration mode, and, for orientation, the basic web management interface (GUI) path to the feature.

Table 3. Main configuration modes

__________________________CLI________________________ ___Web Management Interface (GUI)___

Main Mode Submode Feature That You Can Configure Basic Path

Network configuration commands

net ddns Dynamic DNS dmz DMZ for IPv4

DMZ for IPv6

Network Configuration > Dynamic DNS

Network Configuration > DMZ Setup ethernet ipv6

VLAN assignment to LAN interface Network Configuration > LAN Setup

IPv4 or IPv4/IPv6 mode Network Configuration > WAN Settings ipv6_tunnel IPv6 tunnels lan IPv4 LAN settings and VLANs

LAN groups for IPv4

Secondary IPv4 addresses

Advanced IPv4 LAN settings

IPv6 LAN settings

Secondary IPv6 addresses

IPv6 LAN DHCP address pools

Network Configuration > WAN Settings

Network Configuration > LAN Setup radvd IPv6 RADVD and pools for the LAN

IPv6 RADVD and pools for the DMZ

Network Configuration > LAN Setup

Network Configuration > DMZ Setup

Network Configuration > Routing routing wan

Dynamic IPv4 routes

Static IPv4 routes

Static IPv6 routes

IPv4 WAN (Internet) settings

IPv6 WAN (Internet) settings

MTU, port speed, and MAC address wan_settings NAT or Classical Routing

Network Configuration > WAN Settings

Network Configuration > WAN Settings

Introduction

11

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 3. Main configuration modes (continued)

__________________________CLI________________________ ___Web Management Interface (GUI)___

Main Mode Submode Feature That You Can Configure Basic Path

Security configuration commands

security address_filter Source MAC filters

IP/MAC bindings for IPv4

IP MAC bindings for IPv6

Security > Address Filter

Security > Bandwidth Profile

Security > Content Filtering bandwidth Bandwidth profiles content_filter Blocked keywords

Trusted domains

Group filtering firewall All IPv4 firewall rules

All IPv6 firewall rules

Attack checks

Session limits and time-outs

SIP ALG porttriggering_rules schedules services upnp

Security > Firewall

Security > Port Triggering

Security > Schedule

Security > Services

Security > UPnP

Administration and monitoring configuration commands

system logging remote_management snmp time traffic_meter

Wireless configuration commands

dot11 profile Wireless profiles radio Wireless radio

Monitoring > Firewall Logs & E-mail

Administration > Remote Management

Administration > SNMP

Administration > Time Zone

Monitoring > Traffic Meter

Network Configuration > Wireless Settings

Network Configuration > Wireless Settings

Introduction

12

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 3. Main configuration modes (continued)

__________________________CLI________________________ ___Web Management Interface (GUI)___

Main Mode Submode Feature That You Can Configure Basic Path

VPN configuration commands

vpn ipsec IKE policies

VPN policies

VPN IPSec Wizard

Mode Config records l2tp radius sslvpn

L2TP server

RADIUS servers for VPN

SSL policies

Resources

Portal layouts

SSL VPN Client

Client routes

Port forwarding

User accounts

User login and IP policies

Groups

Domains

VPN > IPSec VPN

VPN > L2TP Server

VPN > IPSec VPN > RADIUS Client

VPN > SSL VPN

Users

Save Commands

The following table describes the configuration commands that let you save or cancel configuration changes in the CLI. You can use these commands in any of the five main configuration modes. These commands are not preceded by a period.

Table 4. Save commands

Command

save exit cancel

Description

Save the configuration changes.

Save the configuration changes and exit the current configuration mode.

Roll back the configuration changes.

Commands That Require Saving

After you have issued a command that includes the word configure, add, or edit, you enter a configuration mode from which you can issue keywords and associated parameters.

Introduction

13

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

These are examples of commands for which you need to save your changes:

net lan ipv4 configure

<vlan id> lets you enter the net-config [lan-ipv4] configuration mode. After you made your changes, issue save or exit to save your changes.

security content_filter trusted_domain add

lets you enter the security-config [approved-urls] configuration mode. After you made your changes, issue

save

or exit to save your changes.

dot11 profile configure <profile name>

lets you enter the dot11-config

[profile] configuration mode. After you made your changes, issue save or exit to save your changes.

Commands That Do Not Require Saving

You do not need to save your changes after you have issued a command that deletes, disables, or enables a row ID, name, IP address, or MAC address, or that lets you make a configuration change without entering another configuration mode.

These are examples of commands that you do not need to save:

net lan dhcp reserved_ip delete <mac address>

dot11 profile disable <profile name>

security firewall ipv4 enable <row id>

security firewall ipv4 default_outbound_policy

{Allow | Block}

Global Commands

The following table describes the global commands that you can use anywhere in the CLI.

These commands need to be preceded by a period.

Table 5. Global CLI commands

Command

.exit

.help

.top

.reboot

.history

Description

Exit the current session.

Display an overview of the CLI syntax.

Return to the default command mode or root.

Reboot the system.

Display the command-line history of the current session.

Introduction

14

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

The Three Basic Types of Commands

You can encounter the following three basic types of commands in the CLI:

Entry commands to enter a configuration mode. Commands that let you enter a

configuration mode from which you can configure various keywords and associated parameters and keywords. For example, the net wan wan1 ipv4 configure command lets you enter the net-config [wan1-ipv4] mode, from which you can configure the IPv4 WAN settings.

This type of command is the most common in the CLI and is always indicated by two steps in this manual, each one showing the format and mode:

Step 1

Step 2

Format net wan wan1 ipv4 configure

Mode

net

Format

This section shows the keywords and associated parameters, for example:

isp_connection_type {STATIC | DHCPC | PPPoE | PPTP}

Mode

net-config [wan1-ipv4]

Sometimes, you need to enter a parameter to enter a configuration mode. For example,

security schedules edit

<row id> requires you to enter the row ID parameter to enter the security-config [schedules] mode, from which you can modify various keywords and associated parameters and keywords.

Commands with a single parameter. Commands that require you to supply one or more

parameters and that do not let you enter another configuration mode. The parameter is usually a row ID or a name. For example, security firewall ipv4 delete

<row id>

requires you to enter the row ID parameter to delete the firewall rule.

For this type of command, the format and mode are shown in this manual:

Format

Mode

security firewall ipv4 delete <row id> security

Commands without parameters. Commands that do not require you to supply a

parameter after the command and that do not let you enter another configuration mode.

For example, util restore_factory_defaults does not require parameters.

For this type of command also, the format and mode are shown in this manual:

Format

Mode

util restore_factory_defaults util

Introduction

15

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Command Autocompletion and Command Abbreviation

Command autocompletion finishes spelling the command when you type enough letters of a command to uniquely identify the command keyword. You need to type all of the required keywords and parameters before you can use autocompletion.

The following keys both perform autocompletion for the current command. If the command prefix is not unique, a subsequent repeat of the key displays possible completions.

Enter or Return key. Autocompletes, syntax-checks, and then executes the command. If

there is a syntax error, the offending part of the command is highlighted and explained.

Spacebar. Autocompletes, or if the command is already resolved, inserts a space.

CLI Line-Editing Conventions

The following table describes the key combinations that you can use to edit commands or increase the speed of command entry. Access this list from the CLI by issuing .help.

Table 6. CLI editing conventions

Key or Key Sequence Description

Invoking context-sensitive help

?

Displays context-sensitive help. The information that displays consists either of a list of possible command completions with summaries or of the full syntax of the current command. When a command has been resolved, a subsequent repeat of the help key displays a detailed reference.

Autocompleting

Note:

Command autocompletion finishes spelling the command when you type enough letters of a command to uniquely identify the command keyword. However, you need to type all of the required keywords and parameters before you use autocompletion.

Enter (or Return) Autocompletes, syntax-checks, and then executes a command. If there is a syntax error, the offending part of the command line is highlighted and explained. If the command prefix is not unique, a subsequent repeat of the key displays possible completions.

Spacebar Autocompletes, or if the command is already resolved, inserts a space. If the command prefix is not unique, a subsequent repeat of the key displays possible completions.

Moving around

Ctrl-A

Ctrl-E

Up arrow

Down arrow

Left arrow

Go to the beginning of the line.

Go to the end of the line.

Go to the previous line in the history buffer.

Go to the next line in the history buffer.

Go backward one character.

Introduction

16

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 6. CLI editing conventions (continued)

Key or Key Sequence Description

Go forward one character.

Right arrow

Deleting

Ctrl-C

Ctrl-D

Ctrl-K

Backspace

Delete the entire line.

Delete the next character.

Delete all characters to the end of the line from where the cursor is located.

Delete the previous character.

Invoking escape sequences

!!

Substitute the previous line.

!N

!-N

Substitute the Nth line, in which N is the absolute line number as displayed in the output of the history command.

Substitute the line that is located N lines before the current line, in which N is a relative number in relation to the current lint.

Access the CLI

You can access the CLI by logging in with the same user credentials (user name and password) that you use to access the web management interface. FVS318N> is the CLI prompt.

FVS318N login: admin

Password:

************************************************

Welcome to FVS318N Command Line Interface

************************************************

FVS318N>

Introduction

17

2.

Overview of the Configuration

Commands

2

This chapter provides an overview of all configuration commands in the five configuration command modes. The keywords and associated parameters that are available for these commands are explained in the following chapters. The chapter includes the following sections:

Network Settings (Net Mode) Configuration Commands

Security Settings (Security Mode) Configuration Commands

Administrative and Monitoring Settings (System Mode) Configuration Commands

Wireless Settings (Dot11 Mode) Configuration Commands

VPN Settings (VPN Mode) Configuration Commands

Network Settings (Net Mode) Configuration Commands

Enter the net ? command at the CLI prompt to display the description of all the configuration commands in the net mode. The following table lists the commands in alphabetical order:

Table 7. Net mode configuration commands

Submode

ddns dmz ethernet ipv6

Command Name

net ddns configure

net dmz ipv4 configure

net dmz ipv6 configure

net dmz ipv6 pool configure

Purpose

Enable, configure, or disable Dynamic

DNS (DDNS) service.

Enable, configure, or disable the IPv4

DMZ.

Enable, configure, or disable the IPv6

DMZ.

Configure a new or existing IPv6 DMZ

DHCP address pool.

net ethernet configure <interface name or number>

Configure a VLAN for a LAN interface.

net ipv6 ipmode configure

Configure the IP mode (IPv4 only or

IPv4/IPv6).

18

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 7. Net mode configuration commands (continued)

Submode

ipv6_tunnel lan

Command Name

net ipv6_tunnel isatap add

net ipv6_tunnel isatap delete <row id>

Purpose

Configure a new IPv6 ISATAP tunnel.

Delete an IPv6 ISATAP tunnel.

net ipv6_tunnel isatap edit <row id>

net ipv6_tunnel six_to_four configure

net lan dhcp reserved_ip configure <mac address>

Bind a MAC address to an IP address for

DHCP reservation or change an existing binding, and assign a LAN group.

net lan dhcp reserved_ip delete <mac address>

Delete the binding of a MAC address to an IP address.

net lan ipv4 advanced configure

Configure an existing IPv6 ISATAP tunnel.

Enable or disable automatic (6to4) tunneling.

net lan ipv4 configure <vlan id>

net lan ipv4 default_vlan

net lan ipv4 delete <vlan id> net lan ipv4 disable <vlan id> net lan ipv4 enable <vlan id>

net lan ipv4 multi_homing add

net lan ipv4 multi_homing delete <row id> net lan ipv4 multi_homing edit

Configure advanced LAN settings such as the MAC address for VLANs and ARP broadcast.

Configure a new or existing VLAN.

Configure the default VLAN for each port.

Delete a VLAN.

Disable a VLAN.

Enable a VLAN.

Configure a new secondary IPv4 address.

Delete a secondary IPv4 address.

Configure an existing secondary IPv4 address.

net lan ipv6 configure

net lan ipv6 multi_homing add

net lan ipv6 multi_homing delete <row id>

net lan ipv6 multi_homing edit

Configure the IPv6 LAN address settings and DHCPv6.

Configure a new secondary IPv6 address.

Delete a secondary IPv6 address.

net lan ipv6 pool configure

Configure an existing secondary IPv6 address.

Configure a new or existing IPv6 LAN

DHCP address pool.

net lan ipv6 pool delete <start ipv6-address>

Delete an IPv6 LAN DHCP address pool.

net lan lan_groups edit <row id> <new group name>

Change an existing LAN default group name.

Overview of the Configuration Commands

19

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 7. Net mode configuration commands (continued)

Submode Command Name

net radvd configure dmz

net radvd configure lan

net radvd pool dmz add

radvd routing wan

net radvd pool dmz delete <row id>

net radvd pool dmz edit <row id>

net radvd pool lan add

net radvd pool lan delete <row id>

net radvd pool lan edit <row id>

net routing dynamic configure

net routing static ipv4 configure <route name>

net routing static ipv4 delete <route name> net routing static ipv4 delete_all

net routing static ipv6 configure <route name>

net routing static ipv6 delete <route name> net routing static ipv6 delete_all

net wan port_setup configure

net wan wan1 ipv4 configure

net wan wan1 ipv6 configure

wan_settings

net wan_settings wanmode configure

Purpose

Configure the IPv6 RADVD for the DMZ.

Configure the IPv6 RADVD for the LAN.

Configure a new IPv6 RADVD pool for the

DMZ.

Delete an IPv6 RADVD pool from the

DMZ.

Configure an existing IPv6 RADVD pool for the DMZ.

Configure a new IPv6 RADVD pool for the

LAN.

Delete an IPv6 RADVD pool from the

LAN.

Configure an existing IPv6 RADVD pool for the LAN.

Configure RIP and the associated MD5 key information.

Configure a new or existing IPv4 static route.

Delete an IPv4 static route.

Delete all IPv4 routes.

Configure a new or existing IPv6 static route.

Delete an IPv6 static route.

Delete all IPv6 routes.

Configure the MTU, port speed, and MAC address of the wireless VPN firewall.

Configure the IPv4 settings of the WAN interface.

Configure the IPv6 settings of the WAN interface.

Configure the mode of IPv4 routing (NAT or classical routing) between the WAN interface and LAN interfaces.

Overview of the Configuration Commands

20

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Security Settings (Security Mode) Configuration

Commands

Enter the security ? command at the CLI prompt to display the description of all the configuration commands in the security mode. The following table lists the commands in alphabetical order:

Table 8. Security mode configuration commands

Submode

address_filter bandwidth content_filter

Command Name

security address_filter ip_or_mac_binding add

Purpose

Configure a new IP/MAC binding rule.

security address_filter ip_or_mac_binding delete <row id>

Delete an IP/MAC binding rule.

security address_filter ip_or_mac_binding edit <row id>

Configure an existing IP/MAC binding rule.

security address_filter ip_or_mac_binding enable_email_log <ip version>

security address_filter mac_filter configure security address_filter mac_filter source add

Configure the email log for

IP/MAC Binding violations.

Configure the source MAC address filter.

Configure a new MAC source address.

security address_filter mac_filter source delete <row id>

security bandwidth profile add

Delete a MAC source address.

Configure a new bandwidth profile.

Delete a bandwidth profile.

security bandwidth profile delete <row id>

security bandwidth profile edit <row id>

security content_filter block_group disable

security content_filter block_group enable

security content_filter blocked_keywords add

Configure an existing bandwidth profile.

Remove content filtering from groups.

Apply content filtering to groups.

Configure a new blocked keyword.

security content_filter blocked_keywords delete <row id>

Delete a blocked keyword.

security content_filter blocked_keywords edit <row id>

Configure an existing blocked keyword.

Overview of the Configuration Commands

21

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 8. Security mode configuration commands (continued)

Submode

content_filter

(continued) firewall

Command Name

security content_filter content_filtering configure

security content_filter trusted_domain add

security content_filter trusted_domain delete <row id> security content_filter trusted_domain edit <row id>

security firewall advanced algs

security firewall attack_checks configure ipv4

Purpose

Configure web content filtering.

Configure a new trusted domain.

Delete a trusted domain.

Configure an existing trusted domain.

Configure SIP support for the

ALG.

Configure WAN and LAN security attack checks for IPv4 traffic.

security firewall attack_checks configure ipv6

security firewall attack_checks igmp setup

security firewall attack_checks jumboframe setup security firewall attack_checks vpn_passthrough configure

Configure VPN pass-through for IPv4 traffic.

security firewall ipv4 add_rule dmz_wan inbound

Configure a new IPv4 DMZ

WAN inbound firewall rule.

security firewall ipv4 add_rule dmz_wan outbound

Enable or disable jumbo frames for IPv4 traffic.

security firewall ipv4 add_rule lan_dmz inbound

security firewall ipv4 add_rule lan_dmz outbound

Configure a new IPv4 DMZ

WAN outbound firewall rule.

Configure a new IPv4 LAN

DMZ inbound firewall rule.

Configure a new IPv4 LAN

DMZ outbound firewall rule.

security firewall ipv4 add_rule lan_wan inbound

Configure WAN security attack checks for IPv6 traffic.

Enable or disable multicast pass-through for IPv4 traffic.

security firewall ipv4 add_rule lan_wan outbound

security firewall ipv4 default_outbound_policy {Allow |

Block} security firewall ipv4 delete <row id>

security firewall ipv4 disable <row id>

Configure a new IPv4 LAN

WAN inbound firewall rule.

Configure a new IPv4 LAN

WAN outbound firewall rule.

Configure the default outbound policy for IPv4 traffic.

Delete an IPv4 firewall rule.

Disable an IPv4 firewall rule.

Overview of the Configuration Commands

22

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 8. Security mode configuration commands (continued)

Submode

firewall

(continued) porttriggering_rules

Command Name Purpose

security firewall ipv4 edit_rule dmz_wan inbound <row id>

Configure an existing IPv4

DMZ WAN inbound firewall rule.

security firewall ipv4 edit_rule dmz_wan outbound <row id>

Configure an existing IPv4

DMZ WAN outbound firewall rule.

security firewall ipv4 edit_rule lan_dmz inbound <row id>

Configure an existing IPv4

LAN DMZ inbound firewall rule.

security firewall ipv4 edit_rule lan_dmz outbound <row id>

Configure an existing IPv4

LAN DMZ outbound firewall rule.

security firewall ipv4 edit_rule lan_wan inbound <row id>

Configure an existing IPv4

LAN WAN inbound firewall rule.

security firewall ipv4 edit_rule lan_wan outbound <row id>

Configure an existing IPv4

LAN WAN outbound firewall rule.

security firewall ipv4 enable <row id> security firewall ipv6 configure

Enable an IPv4 firewall rule.

Configure a new IPv6 firewall rule.

security firewall ipv6 default_outbound_policy {Allow |

Block}

security firewall ipv6 delete <row id>

security firewall ipv6 disable <row id>

security firewall ipv6 edit <row id>

Configure the default outbound policy for IPv6 traffic.

Delete an IPv6 firewall rule.

Disable an IPv6 firewall rule.

Configure an existing IPv6 firewall rule.

security firewall ipv6 enable <row id>

security firewall session_limit configure

security firewall session_settings configure

security porttriggering_rules add

security porttriggering_rules delete <row id>

security porttriggering_rules edit <row id>

Enable an IPv6 firewall rule.

Configure global session limits.

Configure global session time-outs.

Configure a new port triggering rule.

Delete a port triggering rule.

Configure an existing port triggering rule.

Overview of the Configuration Commands

23

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 8. Security mode configuration commands (continued)

Submode

schedules

Command Name

security schedules edit <1 | 2 | 3>

services

security services add

security services delete <row id> security services edit <row id>

Purpose

Configure one of the three security schedules.

Configure a new custom service.

Delete a custom service.

Configure an existing custom service.

Configure UPnP.

upnp

security upnp configure

Administrative and Monitoring Settings (System Mode)

Configuration Commands

Enter the system ? command at the CLI prompt to display the description of all the configuration commands in the system mode. The following table lists the commands in alphabetical order:

Table 9. System mode configuration commands

Submode Command Name

system logging configure

Purpose

Configure routing logs for accepted and dropped IPv4 and IPv6 packets.

logging

system logging remote configure

Configure email logs and alerts, schedule email logs and alerts, and configure a syslog server.

remote_management

system remote_management https configure

Configure remote management over

HTTPS.

system remote_management telnet configure

Configure remote management over

Telnet.

snmp

system snmp sys configure

system snmp trap configure <ip address>

time traffic_meter

system snmp trap delete <ipaddress>

system time configure

system traffic_meter configure

Configure the SNMP system information.

Configure an SNMP agent and community.

Delete an SNMP agent.

Configure the system time, date, and

NTP servers.

Configure the traffic meter.

Overview of the Configuration Commands

24

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Wireless Settings (Dot11 Mode) Configuration

Commands

Enter the dot11 ? command at the CLI prompt to display the description of all the configuration commands in the dot11 mode. The following table lists the commands in alphabetical order:

Table 10. Dot11 mode configuration commands

Submode

profile radio

Command Name

dot11 profile acl configure <profile name>

dot11 profile configure <profile name>

dot11 profile delete <profile name> dot11 profile disable <profile name> dot11 profile enable <profile name>

dot11 profile wps configure

dot11 radio advanced configure

dot11 radio configure

Purpose

Configure an ACL for a specific profile.

Configure a profile.

Delete a profile.

Disable a profile.

Enable a profile.

Configure Wi-Fi Protected Setup™ (WPS).

Configure advanced radio settings.

Configure basic radio settings.

VPN Settings (VPN Mode) Configuration Commands

Enter the vpn ? command at the CLI prompt to display the description of all the configuration commands in the vpn mode. The following table lists the commands in alphabetical order:

Table 11. Configuration commands: vpn mode

Submode Command Name

vpn ipsec ikepolicy configure <ike policy name>

ipsec

vpn ipsec ikepolicy delete <ike policy name>

vpn ipsec mode_config configure <record name>

vpn ipsec modeConfig delete <record name>

vpn ipsec vpnpolicy configure <vpn policy name>

vpn ipsec vpnpolicy connect <vpn policy name> vpn ipsec vpnpolicy delete <vpn policy name> vpn ipsec vpnpolicy disable <vpn policy name>

Purpose

Configure a new or existing manual IPSec

IKE policy.

Delete an IPSec policy.

Configure a new or existing Mode Config record.

Delete a Mode Config record.

Configure a new or existing auto IPSec

VPN policy or manual IPSec VPN policy.

Establish a VPN connection.

Delete an IPSec VPN policy.

Disable an IPSec VPN policy.

Overview of the Configuration Commands

25

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 11. Configuration commands: vpn mode (continued)

Submode Command Name

vpn ipsec vpnpolicy drop <vpn policy name>

ipsec

(continued)

vpn ipsec vpnpolicy enable <vpn policy name>

Enable an IPSec VPN policy.

vpn ipsec wizard configure <Gateway | VPN_Client>

Configure the IPSec VPN wizard for a gateway-to-gateway or gateway-to-VPN client connection.

l2tp radius

vpn l2tp server configure

vpn radius configure

Configure the L2TP server.

Configure the RADIUS servers.

vpn sslvpn client ipv4

Purpose

Terminate an IPSec VPN connection.

vpn sslvpn policy add

vpn sslvpn policy delete <row id>

vpn sslvpn policy edit <row id>

vpn sslvpn portal-layouts add

Configure the SSL client IP address range.

Configure a new SSL VPN policy.

Delete an SSL VPN policy.

vpn sslvpn portal-layouts delete <row id>

vpn sslvpn portal-layouts edit <row id>

vpn sslvpn portforwarding appconfig add

Configure an existing SSL VPN policy.

Configure a new SSL VPN portal layout.

Delete an SSL VPN portal layout.

Configure an existing SSL VPN portal layout.

Configure a new SSL port forwarding application.

sslvpn

vpn sslvpn portforwarding appconfig delete <row id>

Delete an SSL VPN port forwarding application.

vpn sslvpn portforwarding hostconfig add

Configure a new host name for an SSL port forwarding application.

vpn sslvpn portforwarding hostconfig delete <row id>

Delete a host name for an SSL port forwarding application.

vpn sslvpn resource add

Add a new SSL VPN resource.

vpn sslvpn resource configure add <resource name>

Configure an existing SSL VPN resource.

vpn sslvpn resource delete <row id>

vpn sslvpn route add

vpn sslvpn route delete <row id>

vpn sslvpn users domains add

vpn sslvpn users domains delete <row id>

Delete an SSL VPN resource.

Add an SSL VPN client route.

Delete an SSL VPN client route.

Configure a new authentication domain.

Delete an authentication domain.

Overview of the Configuration Commands

26

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 11. Configuration commands: vpn mode (continued)

Submode

sslvpn

(continued)

Command Name

vpn sslvpn users domains edit <row id>

vpn sslvpn users groups add

vpn sslvpn users groups delete <row id>

vpn sslvpn users groups edit <row id>

vpn sslvpn users users add

vpn sslvpn users users browser_policies <row id>

Purpose

Configure an existing authentication domain.

Configure a new authentication group.

Delete an authentication group.

Configure an existing authentication group.

Add a new user account.

Configure the client browsers from which a user is either allowed or denied access.

vpn sslvpn users users delete <row id>

vpn sslvpn users users edit <row id>

Delete a user account.

Configure an existing user account.

vpn sslvpn users users ip_policies configure <row id>

Configure source IP addresses from which a user is either allowed or denied access.

vpn sslvpn users users ip_policies delete <row id>

vpn sslvpn users users login_policies <row id>

Delete a source IP address for a user.

Configure the login policy for a user.

Overview of the Configuration Commands

27

3.

Net Mode Configuration Commands

3

This chapter explains the configuration commands, keywords, and associated parameters in the net mode. The chapter includes the following sections:

General WAN Commands

IPv4 WAN Commands

IPv6 WAN Commands

IPv6 Tunnel Commands

Dynamic DNS Commands

IPv4 LAN Commands

IPv6 LAN Commands

IPv4 DMZ Setup Commands

IPv6 DMZ Setup Commands

IPv4 Routing Commands

IPv6 Routing Commands

IMPORTANT:

After you have issued a command that includes the word configure

, add, or edit, you need to save (or cancel) your

changes. For more information, see

Save Commands

on page 13.

General WAN Commands

net wan port_setup configure

This command configures the MTU, port speed, and MAC address of the wireless VPN firewall. After you have issued the net wan port_setup configure command, you enter the net-config [port_setup] mode, and then you can configure the MTU, port speed, and MAC address.

Step 1 Format net wan port_setup configure

Mode

net

28

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 2 Format

def_mtu {Default | Custom {mtu_size <number>}}

port_speed {Auto_Sense | 10_BaseT_Half_Duplex |

10_BaseT_Full_Duplex | 100_BaseT_Half_Duplex |

100_BaseT_Full_Duplex | 1000_BaseT_Half_Duplex |

1000_BaseT_Full_Duplex}

mac_type {Use-Default-Mac | Use-This-Computers-Mac |

Use-This-Mac {mac_address <mac address>}}

Mode

net-config [port_setup]

Keyword def_mtu mtu_size port_speed

Associated Keyword to

Select or Parameter to Type

Default

or Custom

Description

number

Specifies whether the default MTU or a custom MTU is used. If you select Custom, you need to issue the

mtu_size

keyword and specify the size of the MTU.

The size of the default MTU in bytes for the WAN port:

• If you have configured IPv4 mode, type a number between

68 and 1500 bytes.

• If you have configured IPv4/IPv6 mode, type a number between 1280 and 1500 bytes.

Auto_Sense,

10_BaseT_Half_Duplex,

10_BaseT_Full_Duplex,

100_BaseT_Half_Duplex,

100_BaseT_Full_Duplex,

1000_BaseT_Half_Duplex, or

1000_BaseT_Full_Duplex

The port speed and duplex mode of the WAN port. The keywords are self-explanatory.

mac_type

mac_address

Use-Default-Mac

,

Use-This-Computers-Mac

, or Use-This-Mac

The source for the MAC address. The default setting is

Use-Default-Mac

.

If your ISP requires MAC authentication and another MAC address has been previously registered with your ISP, select either Use-This-Computers-Mac or select

Use-This-Mac

. If you select the latter keyword, you need to issue the mac_address keyword and specify the MAC address that is expected by your ISP.

mac address

The MAC address that the ISP requires for MAC authentication when the mac_type keyword is set to

Use-This-Mac

.

Command example:

FVS318N> net wan port_setup configure net-config[port_setup]> def_mtu Custom net-config[port_setup]> mtu_size 1498 net-config[port_setup]> port_speed 1000_BaseT_Full_Duplex net-config[port_setup]> mac_type Use-This-Computers-Mac net-config[port_setup]> save

Net Mode Configuration Commands

29

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Related show command:

show net wan port_setup

IPv4 WAN Commands

net wan_settings wanmode configure

This command configures the mode of IPv4 routing between the WAN interface and LAN interfaces. After you have issued the net wan_settings wanmode configure command, you enter the net-config [routing-mode] mode, and then you can configure NAT or classical routing.

WARNING!

Changing the mode of IPv4 routing causes all LAN–WAN and

DMZ–WAN inbound firewall settings to revert to default settings.

Step 1

Step 2

Format net wan_settings wanmode configure

Mode

net

Format

type {NAT | Classical_Routing}

Mode

net-config [routing-mode]

Related show command:

show net wan_settings wanmode

net wan wan1 ipv4 configure

This command configures the IPv4 settings of the WAN interface. After you have issued the

net wan wan1 ipv4 configure

command, you enter the net-config [wan1-ipv4] mode.

First, specify the ISP connection type (you can select only a single type). Then, for the selected ISP connection type, configure one keyword and associated parameter or associated keyword at a time in the order that you prefer. If you select a static ISP connection type, there is no further configuration required.

Step 1 Format net wan wan1 ipv4 configure

Mode

net

Net Mode Configuration Commands

30

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 2 Format

isp_connection_type {STATIC | DHCPC | PPPoE | PPTP} Yes

isp_login_required {Y | N}

static ip_address <ipaddress>

static subnet_mask <subnet mask>

static gateway_address <ipaddress>

static primary_dns <ipaddress>

static secondary_dns <ipaddress>

dhcpc account_name <account name>

dhcpc domain_name

<domain name>

dhcpc client_identifier {Y | N}

dhcpc vendor_identifier {Y | N}

dhcpc get_dns_from_isp {Y | N {dhcpc primary_dns <ipaddress>}

[dhcpc secondary_dns <ipaddress>]}

Mode

pppoe username <user name>

pppoe password <password>

pppoe AccountName <account name>

pppoe DomainName

<domain name>

pppoe connectivity_type {keepalive | idletimeout {idletime

<minutes>}}

pppoe connection_reset

{N | Y {reset_hour <hour>}

{reset_min <minutes>} {delay_in_reset <seconds>}}

pppoe get_ip_dynamically {Y | N {static_ip <ipaddress>}

{subnet_mask <subnet mask>}}

pppoe get_dns_from_isp {Y | N {primary_dns <ipaddress>}

[secondary_dns <ipaddress>]}

pptp username <user name>

pptp password <password>

pptp AccountName <account name>

pptp DomainName

<domain name>

pptp connectivity_type {keepalive | idletimeout

{pptp idle_time <seconds>}}

pptp my_address <ipaddress>

pptp server_address <ipaddress>

pptp get_dns_from_isp {Y | N {pptp primary_dns <ipaddress>}

[pptp secondary_dns <ipaddress>]} net-config [wan1-ipv4]

Net Mode Configuration Commands

31

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword isp_connection_type isp_login_required

Associated Keyword to

Select or Parameter to Type

Description

STATIC, DHCPC, PPPoE

, or

PPTP

Yes

Specifies the type of ISP connection. You can specify only one type of connection:

STATIC. Configure the keywords and parameters in the STATIC section of this table.

DHCPC. Configure the keywords and parameters in the DHCPC section of this table.

PPPoE. Configure the keywords and parameters in the PPPoE section of this table.

PPTP. Configure the keywords and parameters in the PPTP section of this table.

You need to confirm your selection by typing

Yes

(that is, Yes, and not just Y).

Y

or N Specifies whether or not your ISP requires login if the type of ISP connection is PPPoE or PPTP.

Static static ip_address static subnet_mask static gateway_address static primary_dns static secondary_dns

ipaddress subnet mask ipaddress ipaddress ipaddress

The static IP address.

The subnet mask that is associated with the static IP address.

The IP address of the ISP gateway.

The IP address of the primary DNS server.

The IP address of the optional secondary

DNS server.

DHCPC (These keywords consist of two separate words) dhcpc account_name

account name

dhcpc domain_name dhcpc client_identifier dhcpc vendor_identifier

domain name

Y

Y

or N

or N

The ISP account name (alphanumeric string).

The ISP domain name (alphanumeric string).

Specifies whether or not the DHCP client-identifier option is sent to the ISP server. By default, the option is not sent.

Specifies whether or not the DHCP vendor-class-identifier option is sent to the

ISP server. By default, the option is not sent.

Net Mode Configuration Commands

32

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword dhcpc get_dns_from_isp dhcpc primary_dns dhcpc secondary_dns

Associated Keyword to

Select or Parameter to Type

Description

Y

or N Specifies whether or not the IP address is dynamically received from the ISP. If you select N, you need to issue the dhcpc

primary_dns

keyword and enter the IP address of the primary DNS server. For a secondary DNS server, issue the dhcpc

secondary_dns

keyword, and enter the IP address.

ipaddress

ipaddress

The IP address of the primary DNS server if your IP address is not dynamically received from the ISP.

The IP address of the optional secondary

DNS server if your IP address is not dynamically received from the ISP.

PPPoE (These keywords consist of two separate words) pppoe username pppoe password pppoe AccountName pppoe DomainName

user name password account name domain name

pppoe connectivity_type keepalive pppoe idle_time pppoe connection_reset pppoe reset_hour pppoe reset_min

or

idletimeout

minutes

Y

or N

hour minutes

The user name (alphanumeric string) to log in to the PPPoE service, if required.

The password (alphanumeric string) to log in to the PPPoE service, if required.

The PPPoE account name (alphanumeric string).

The PPPoE domain name (alphanumeric string).

The type of PPPoE connection. If you select

idletimeout

, you need to issue the

idle_time

keyword and enter the idle time-out in minutes.

The idle time-out period in minutes, from 5 to

999 minutes.

Specifies whether or not the PPPoE connection is automatically reset. If it is reset, you need to issue the reset_hour and reset_min keywords and enter the hour and minutes after which the connection is reset. You also need to issue the

delay_in_reset

keyword and enter the number of seconds of delay.

The hour at which the PPPoE connection is reset.

The minutes at which the PPPoE connection is reset.

Net Mode Configuration Commands

33

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword pppoe delay_in_reset

Associated Keyword to

Select or Parameter to Type

Description

seconds

After the connection has been reset, the number of seconds of delay before an

PPPoE connection attempt is made.

pppoe get_ip_dynamically Y

or N Specifies whether or not the IP address is dynamically received from the ISP. If it is not, you need to issue the static_ip keyword and enter the static IP address, and issue the

subnet_mask

keyword and enter the subnet mask.

pppoe static_ip pppoe subnet_mask pppoe get_dns_from_isp pppoe primary_dns pppoe secondary_dns

ipaddress subnet mask

Y

or N

ipaddress ipaddress

The static IP address if your IP address is not dynamically received from the ISP.

The subnet mask if your IP address is not dynamically received from the ISP.

Specifies whether or not the IP address is dynamically received from the ISP. If you select N, you need to issue the pppoe

primary_dns

keyword and enter the IP address of the primary DNS server. For a secondary DNS server, issue the

pppoe secondary_dns

keyword, and enter the IP address.

The IP address of the primary DNS server if your IP address is not dynamically received from the ISP.

The IP address of the optional secondary

DNS server if your IP address is not dynamically received from the ISP.

PPTP (These keywords consist of two separate words) pptp username pptp password pptp AccountName pptp DomainName pptp connectivity_type

user name password account name domain name

keepalive

or

idletimeout

The user name (alphanumeric string) to log in to the PPTP service, if required.

The password (alphanumeric string) to log in to the PPTP service, if required.

The PPPoE account name (alphanumeric string).

The PPPoE domain name (alphanumeric string).

The type of PPTP connection. If you select idletimeout, you need to issue the

pptp idle_time

keyword and enter the idle time-out period.

Net Mode Configuration Commands

34

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword pptp idle_time pptp my_address pptp server_address pptp get_dns_from_isp pptp primary_dns pptp secondary_dns

Associated Keyword to

Select or Parameter to Type

Description

minutes ipaddress ipaddress

Y

or N

The idle time-out period in minutes (5 to

999), if the PPTP connection is configured for idle time-out,

The IP address that was assigned by the ISP to make a connection with the ISP’s PPTP server.

The IP address of the PPTP server.

Specifies whether or not the IP address is dynamically received from the ISP. If you select N, you need to issue the

pptp primary_dns

keyword and enter the

IP address of the primary DNS server. For a secondary DNS server, issue the

pptp secondary_dns

keyword, and enter the IP address.

ipaddress ipaddress

The IP address of the primary DNS server if your IP address is not dynamically received from the ISP.

The IP address of the optional secondary

DNS server if your IP address is not dynamically received from the ISP.

Command example:

FVS318N> net wan wan1 ipv4 configure net-config[wan1-ipv4]> isp_connection_type DHCPC net-config[wan1-ipv4]> dhcpc client_identifier Y net-config[wan1-ipv4]> dhcpc get_dns_from_isp N net-config[wan1-ipv4]> dhcpc primary_dns 10.124.56.118 net-config[wan1-ipv4]> dhcpc secondary_dns 10.124.56.132 net-config[wan1-ipv4]> save

Related show commands:

show net wan wan1 ipv4 setup

and

show net wan wan1 ipv4 status

IPv6 WAN Commands

net wan wan1 ipv6 configure

This command configures the IPv6 settings of the WAN interface. After you have issued the

net wan wan1 ipv6 configure

command, you enter the net-config [wan1-ipv6] mode.

First, specify the ISP connection type (you can select only a single type). Then, for the

Net Mode Configuration Commands

35

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

selected ISP connection type, configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

net wan wan1 ipv6 configure

Mode

net

Format

isp type {static | dhcpc}

static ip_address <ipv6-address>

static prefix <prefix-length>

static gateway_address <ipv6-address>

static primary_dns <ipv6-address>

static secondary_dns <ipv6-address>

dhcpc stateless_mode_enable {StatelessAddrAutoConfig

[prefix_delegation_enable {Y | N}] | StatefulAddrAutoConfig}

Mode

Keyword (consists of two separate words) isp type

net-config [wan1-ipv6]

Associated Keyword to

Select or Parameter to Type static

or dhcpc

Description

The type of ISP connection:

static. Configure the keywords and parameters in the Static section of this table.

dhcpc. Configure the keywords and parameters in the DHCPC section of this table.

Static static ip_address static prefix static gateway_address static primary_dns static secondary_dns

ipv6-address prefix-length ipv6-address ipv6-address ipv6-address

The IPv6 address of the WAN interface.

The prefix length (integer) for the static address.

The IPv6 address of the gateway.

The IPv6 address of the primary DNS server.

The IPv6 address of the secondary DNS server.

Net Mode Configuration Commands

36

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (consists of two separate words)

DHCPC

Associated Keyword to

Select or Parameter to Type

Description dhcpc stateless_mode_enable StatelessAddrAutoConfig

or

StatefulAddrAutoConfig

The type of DHCPv6 mode (stateless or stateful). If you set the dhcpc

stateless_mode_enable

keywords to StatelessAddrAutoConfig, you have the option to set the dhcpc

prefix_delegation_enable

keywords and associated parameter.

dhcpc prefix_delegation_enable

Y dhcpc stateless_mode_enable

keywords are set to

StatelessAddrAutoConfig

, enables or disables prefix delegation. Prefix delegation allows the ISP’s stateful

DHCPv6 server to assign a prefix.

Command example:

FVS318N> net wan wan1 ipv6 configure net-config[wan1-ipv6]> isp_connection_type DHCPC net-config[wan1-ipv6]> isp type dhcpc net-config[wan1-ipv6]> dhcpc stateless_mode_enable StatelessAddrAutoConfig net-config[wan1-ipv6]> save

Related show commands:

show net wan wan1 ipv6 setup

and

show net wan wan1 ipv6 status

net ipv6 ipmode configure

This command configures the IP mode. After you have issued the net ipv6 ipmode

configure

command, you enter the net-config [mode] mode, and then you can configure the IP mode. You can select support for IPv4 only or for both IPv4 and IPv6.

WARNING!

Changing the IP mode causes the wireless VPN firewall to reboot.

Step 1

Step 2

Format net ipv6 ipmode configure

Mode

net

Format

ip_type {IPv4_Only | IPv4/IPv6}

Mode

net-config [mode]

Net Mode Configuration Commands

37

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Related show command:

show net ipv6 ipmode setup

IPv6 Tunnel Commands

net ipv6_tunnel isatap add

This command configures a new ISATAP tunnel. After you have issued the net

ipv6_tunnel isatap add

command, you enter the net-config [isatap-tunnel] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Note:

To be able to configure an ISATAP tunnel, you first need to set the IP

mode to IPv4/IPv6 (see

net ipv6 ipmode configure

).

Step 1

Step 2

Format

net ipv6_tunnel isatap add

Mode

net

Format

subnet_prefix <subnet prefix>

end_point_type {LAN | Other_IP {ipv4_address <address>}}

Mode

net-config [isatap-tunnel]

Keyword subnet_prefix end_point_type LAN ipv4_address

Associated Keyword to

Select or Parameter to Type

Description

subnet prefix

or Other_IP

ipaddress

The IPv6 64-bit subnet prefix (string) that is assigned to the logical ISATAP subnet for this intranet.

The local endpoint IP address for the tunnel that is initiated on the wireless VPN firewall. The endpoint can be the LAN interface or a specific LAN IPv4 address. If you select

Other_IP

, you also need to issue the ipv4_address keyword to specify an IPv4 address.

The IPv4 address of a local endpoint that is not a LAN IPv4 address.

Command example:

FVS318N> net ipv6_tunnel isatap add net-config[isatap-tunnel]> subnet_prefix FE80::DEFC net-config[isatap-tunnel]> end_point_type Other_IP net-config[isatap-tunnel]> ipv4_address 10.29.33.4 net-config[isatap-tunnel]> save

Net Mode Configuration Commands

38

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Related show commands:

show net ipv6_tunnel setup

and

show net ipv6_tunnel status

net ipv6_tunnel isatap edit <row id>

This command configures an existing ISATAP tunnel. After you have issued the net

ipv6_tunnel isatap edit

command to specify the row to be edited, you enter the net-config [isatap-tunnel] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

net ipv6_tunnel isatap edit <row id>

Mode

net

Format

subnet_prefix <subnet prefix>

end_point_type {LAN | Other_IP {ipv4_address <address>}}

Mode

net-config [isatap-tunnel]

Keyword subnet_prefix end_point_type LAN ipv4_address

Associated Keyword to

Select or Parameter to Type

Description

subnet prefix

or Other_IP

ipaddress

The IPv6 64-bit subnet prefix (string) that is assigned to the logical ISATAP subnet for this intranet.

The local endpoint IP address for the tunnel that is initiated on the wireless VPN firewall. The endpoint can be the LAN interface or a specific LAN IPv4 address. If you select

Other_IP

, you also need to issue the ipv4_address keyword to specify an IPv4 address.

The IPv4 address of a local endpoint that is not a LAN IPv4 address.

Related show commands:

show net ipv6_tunnel setup

and

show net ipv6_tunnel status

net ipv6_tunnel isatap delete <row id>

This command deletes an ISATAP tunnel by deleting its row ID.

Note:

To be able to delete an ISATAP tunnel, you first need to set the IP mode to IPv4/IPv6 (see

net ipv6 ipmode configure

).

Format

Mode

net ipv6_tunnel isatap delete <row id> net

Net Mode Configuration Commands

39

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Related show commands:

show net ipv6_tunnel setup

and

show net ipv6_tunnel status

net ipv6_tunnel six_to_four configure

This command enables or disables automatic tunneling, which allows traffic from an IPv6

LAN to be tunneled through an IPv4 WAN to reach an IPv6 network. After you have issued the net ipv6_tunnel six_to_four configure command, you enter the net-config [six-to-four-tunnel] mode, and then you can configure automatic tunneling.

Step 1

Step 2

Format

net ipv6_tunnel six_to_four configure

Mode

net

Format

automatic_tunneling_enable {Y | N}

Mode

net-config [six-to-four-tunnel]

Related show commands:

show net ipv6_tunnel setup

and

show net ipv6_tunnel status

Dynamic DNS Commands

net ddns configure

This command enables, configures, or disables Dynamic DNS (DDNS) service. After you have issued the net ddns configure command, you enter the net-config [ddns] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

net ddns configure

Mode

net

Format

enable {Disable | DynDNS | TZO | DNS_Oray | 3322_DDNS}

hostname <host name>

username <user name>

password <password>

wild_flag_enable {Y | N}

time_update_enable {Y | N}

Mode

net-config [ddns]

Net Mode Configuration Commands

40

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword enable hostname username password wild_flag_enable

Associated Keyword to

Select or Parameter to Type

Description

Disable

, DynDNS, TZO,

DNS_Oray

, or 3322_DDNS

Enables or disables DDNS. Use the Disable keyword to disable DDNS after you had first enabled the service. The other keywords represent DDNS service providers and are self-explanatory.

host name user name password

Y time_update_enable Y

or N

or N

Configures a host name (string) for a DDNS server.

Configures a user name (string) for a DDNS server.

Configures a password (string) for a DDNS server.

Enables or disables the use of wildcards for DDNS.

Enables or disables the automatic update of the

DDNS service after 30 days.

Command example:

FVS318N> net ddns configure net-config[ddns]> enable DynDNS net-config[ddns]> hostname adminnetgear.dyndns.org net-config[ddns]> username jaybrown net-config[ddns]> password 4hg!RA278s net-config[ddns]> wild_flag_enable N net-config[ddns]> time_update_enable Y net-config[ddns]> save

Related show command:

show net ddns setup

IPv4 LAN Commands

net lan ipv4 configure <vlan id>

This command configures a new or existing VLAN, that is, a VLAN ID and a VLAN profile.

After you have issued the net lan ipv4 configure command to specify a new or existing VLAN ID, you enter the net-config [lan-ipv4] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1 Format

net lan ipv4 configure <vlan id>

Mode

net

Net Mode Configuration Commands

41

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 2 Format

profile_name <name>

port_membership {[port 1 {Y | N}] | [port 2 {Y | N}] |

[port 3 {Y | N}] | [port 4 {Y | N}] | [port 5 {Y | N}] |

[port 6 {Y | N}] | [port 7 {Y | N}] | [port 8 {Y | N}]}

static address <ipaddress>

static subnet_mask <subnet mask>

dhcp mode {None | DHCP-Server | DHCP-Relay}

proxy dns_enable {Y | N}

dhcp domain_name <domain name>

dhcp start_address <ipaddress>

dhcp end_address <ipaddress>

dhcp primary_dns <ipaddress>

dhcp secondary_dns <ipaddress>

dhcp wins_server <ipaddress>

dhcp lease_time <hours>

enable_ldap {Y | N}

ldap_serverip <ipaddress>

ldap_search_base <search base>

ldap_port <number>

dhcp relay_gateway <ipaddress>

inter_vlan_routing {Y | N}

Mode

net-config [lan-ipv4]

Keyword (might consist of two separate words)

Associated Keyword to

Select or Parameter to Type

Description profile_name

name

The name of the VLAN profile.

port_membership port1 port_membership port2 port_membership port3 port_membership port4

Y

or N

port_membership port5

Specifies the ports that should be members of the VLAN. You need to specify each port individually.

port_membership port6 port_membership port7 port_membership port8 static address

ipaddress

static subnet_mask

subnet mask

The static IPv4 address for the VLAN.

The IPv4 subnet mask for the VLAN profile.

Net Mode Configuration Commands

42

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to

Select or Parameter to Type

Description dhcp mode None

, DHCP-Server, or

DHCP-Relay

Specifies the DHCP mode for the devices that are connected to the VLAN:

None. The DHCP server is disabled. No further

DHCP configuration is required.

DHCP-Server. Configure the keywords and parameters in the DHCP server section of this table.

DHCP-Relay. Configure the keywords and parameters in the DHCP relay section of this table.

proxy dns_enable Y

or N

Y

or N

Enables or disables the LAN DNS proxy.

Enables or disables inter-VLAN routing.

inter_vlan_routing

DHCP Server dhcp domain _name dhcp start_address dhcp end_address dhcp primary_dns

domain name ipaddress ipaddress ipaddress

The FQDN or domain name of the DHCP server.

The start IP address for the DHCP address range.

The end IP address for the DHCP address range.

The IP address of the primary DNS server for the

DHCP server.

dhcp secondary_dns wins_server dhcp lease_time enable_ldap ldap_serverip ldap_search_base

ipaddress ipaddress hours

Y

or N

ipaddress search base number

The IP address of the secondary DNS server for the DHCP server.

The IP address of the WINS server for the DHCP server.

The DHCP lease time in hours.

Enables or disables LDAP.

The IP address of the LDAP server.

The search base (string) for LDAP

The port number for the LDAP server.

ldap_port

DHCP Relay dhcp relay_gateway

ipaddress

The IP address of the DHCP relay gateway.

Command example:

FVS318N> net lan ipv4 configure 4 net-config[lan-ipv4]> profile_name Marketing net-config[lan-ipv4]> port_membership port 1 Y net-config[lan-ipv4]> port_membership port 4 Y net-config[lan-ipv4]> port_membership port 5 Y

Net Mode Configuration Commands

43

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

net-config[lan-ipv4]> static address 192.168.1.1 net-config[lan-ipv4]> static subnet_mask 255.255.255.0 net-config[lan-ipv4]> dhcp mode DHCP-Relay net-config[lan-ipv4]> dhcp relay_gateway 10.172.214.198 net-config[lan-ipv4]> proxy dns_enable N net-config[lan-ipv4]> inter_vlan_routing Y net-config[lan-ipv4]> save

Related show command:

show net lan ipv4 setup

net lan ipv4 delete <vlan id>

This command deletes a VLAN by deleting its ID. You cannot delete VLAN 1, the default

VLAN.

Format

Mode

net lan ipv4 delete <vlan id> net

Related show command:

show net lan ipv4 setup

net lan ipv4 disable <vlan id>

This command disables a VLAN by specifying its ID. You cannot disable VLAN 1, the default

VLAN.

Format

Mode

net lan ipv4 disable <vlan id> net

Related show command:

show net lan ipv4 setup

net lan ipv4 enable <vlan id>

This command enables a VLAN by specifying its ID. VLAN 1, the default VLAN, is always enabled.

Format

Mode

net lan ipv4 enable <vlan id> net

Net Mode Configuration Commands

44

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Related show command:

show net lan ipv4 setup

net ethernet configure <interface name or number>

This command configures a VLAN for a LAN interface. After you have issued the net

ethernet configure

command to specify a LAN interface, you enter net-config [ethernet] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

net ethernet configure <interface name or number>

Mode

net

Format

vlanid <number>

vlan-enable {Y | N}

native-vlan {Y | N}

Mode

net-config [ethernet]

Keyword vlanid vlan-enable native-vlan

Associated Keyword to

Select or Parameter to Type

Description

number

Y

Y

or N

or N

The VLAN ID.

Enables or disables the VLAN for this interface.

Enables or disables the default (native) VLAN for this interface.

Command example:

FVS318N> net ethernet configure eth0 net-config[ethernet]> vlanid 12 net-config[ethernet]> vlan-enable Y net-config[ethernet]> native-vlan N net-config[ethernet]> save

Note:

To enter the net-config [ethernet] mode, you can issue the net

ethernet configure

command with either an interface name such as eth0 or an interface number such as 0.

Related show command:

show net ethernet {interface name | all}

Net Mode Configuration Commands

45

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N port1 port2 port3 port4 port5 port6 port7 port8 net lan ipv4 default_vlan

This command configures the default VLAN for each port. After you have issued the net

lan ipv4 default_vlan

command, you enter the net-config [lan-ipv4-defvlan] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format net lan ipv4 default_vlan

Mode

net

Format

port1 <vlan name>

port2 <vlan name>

port3 <vlan name>

port4 <vlan name>

port5 <vlan name>

port6 <vlan name>

port7 <vlan name>

port8 <vlan name>

Mode

net-config [lan-ipv4-defvlan]

Keyword Associated

Parameter to Type

Description

vlan name

Specifies the default VLAN name. You need to specify the name for each port individually.

Command example:

FVS318N> net lan ipv4 default_vlan net-config[lan-ipv4-defvlan]> port1 Default net-config[lan-ipv4-defvlan]> port2 Default net-config[lan-ipv4-defvlan]> port3 Management net-config[lan-ipv4-defvlan]> port4 Sales net-config[lan-ipv4-defvlan]> port5 Marketing net-config[lan-ipv4-defvlan]> port6 Sales net-config[lan-ipv4-defvlan]> port7 Remote net-config[lan-ipv4-defvlan]> port8 Default net-config[lan-ipv4-defvlan]> save

Net Mode Configuration Commands

46

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Related show command:

show net lan ipv4 setup

net lan ipv4 advanced configure

This command configures advanced LAN settings such as the MAC address for VLANs and

ARP broadcast. After you have issued the net lan ipv4 advanced configure command, you enter the net-config [lan-ipv4-adv] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format net lan ipv4 advanced configure

Mode

net

Format

vlan_mac_offset_type {Same | Unique}

enable_arp_broadcast {Y | N}

Mode

net-config [lan-ipv4-adv]

Keyword Associated

Keyword to Select

Description vlan_mac_offset_type Same

or Unique

enable_arp_broadcast Y

or N

Specifies the MAC address for VLANs:

Same. All VLAN profiles use the same MAC address as the LAN ports. (All LAN ports share the same MAC address.)

Unique. Each VLAN (up to 16 VLANs) is assigned a unique MAC address.

Enables or disables ARP broadcast.

Command example:

FVS318N> net lan ipv4 advanced configure net-config[lan-ipv4-adv]> vlan_mac_offset_type Same net-config[lan-ipv4-adv]> enable_arp_broadcast Y net-config[lan-ipv4-adv]> save

Related show command:

show net lan ipv4 advanced setup

net lan dhcp reserved_ip configure <mac address>

This command binds a MAC address to an IP address for DHCP reservation or lets you edit an existing binding. The command also assigns the device or computer to which the MAC address belongs to one of eight LAN groups. After you have issued the net lan dhcp

reserved_ip configure

command to configure the MAC address, you enter the

Net Mode Configuration Commands

47

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

net-config [dhcp-reserved-ip] mode, and then you can configure the IP address for the binding configuration.

Step 1

Step 2

Format

net lan dhcp reserved_ip configure <mac address>

Mode

net

Format

ip_mac_name <device name>

ip_addr_type {Fixed_set_on_PC | Dhcp_Reserved_IP}

ip_address <ipaddress>

group_name

{Group1 | Group2 | Group3 | Group4 | Group5 | Group6 |

Group7

| Group8}

Mode

net-config [dhcp-reserved-ip]

Keyword ip_mac_name ip_addr_type ip_address group_name

Associated Keyword to

Select or Parameter to Type

Description

device name

Fixed_set_on_PC

or

Dhcp_Reserved_IP

ipaddress

Group1

, Group2, Group3,

Group4

, Group5, Group6,

Group7

, or Group8

The name of the computer or device.

The IP address type:

Fixed_set_on_PC. The IP address is statically assigned on the computer or device.

Dhcp_Reserved_IP. The DHCP server of the wireless

VPN firewall always assigns the specified IP address to this client during the DHCP negotiation.

The IP address that needs to be bound to the specified

MAC address.

The group to which the computer or device needs to be assigned.

Note:

You cannot enter group names that you have specified with the net lan lan_groups edit command.

Command example:

FVS318N> net lan dhcp reserved_ip configure AA:BB:CC:1A:2B:3C net-config[dhcp-reserved-ip]> ip_addr_type Dhcp_Reserved_IP net-config[dhcp-reserved-ip]> ip_address 192.168.27.219 net-config[dhcp-reserved-ip]> group_name Group3 net-config[dhcp-reserved-ip]> save

Related show commands:

show net lan dhcp reserved_ip setup

and

show net lan dhcp leased_clients list

Net Mode Configuration Commands

48

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan dhcp reserved_ip delete <mac address>

This command deletes the binding of a MAC address to an IP address.

Format

Mode

net lan dhcp reserved_ip delete <mac address> net

Related show commands:

show net lan dhcp reserved_ip setup

and

show net lan dhcp leased_clients list

net lan lan_groups edit <row id> <new group name>

This command specified an IPv4 LAN group name, that is, it changes a default group name such as Group1, Group2, or Group3. You need to specify both the row id that represents the group (for example, 2 for Group2 or 5 for Group5) and the new name for the group.

Format

Mode

net lan lan_group edit <row id> <new group name> net

Related show command:

show net lan lan_groups

net lan ipv4 multi_homing add

This command configures a new IPv4 alias, that is, a secondary IPv4 address. After you have issued the net lan ipv4 multi_homing add command, you enter the net-config [lan-ipv4-multihoming] mode, and then you can configure the secondary address and subnet mask in the order that you prefer.

Step 1

Step 2

Format net lan ipv4 multi_homing add

Mode

net

Format

ip_address <ipaddress>

subnet_mask <subnet mask>

Mode

net-config [lan-ipv4-multihoming]

Command example:

FVS318N> net lan ipv4 multi_homing add net-config[lan-ipv4-multihoming]> ip_address 192.168.16.110 net-config[lan-ipv4-multihoming]> subnet_mask 255.255.255.248 net-config[lan-ipv4-multihoming]> save

Net Mode Configuration Commands

49

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Related show command:

show net lan ipv4 multiHoming

net lan ipv4 multi_homing edit

This command configures an existing IPv4 alias, that is, a secondary IPv4 address. After you have issued the net lan ipv4 multi_homing edit command, you enter the net-config [lan-ipv4-multihoming] mode, and then you can configure the secondary address and subnet mask in the order that you prefer.

Step 1

Step 2

Format net lan ipv4 multi_homing edit

Mode

net

Format

ip_address <ipaddress>

subnet_mask <subnet mask>

Mode

net-config [lan-ipv4-multihoming]

Related show command:

show net lan ipv4 multiHoming

net lan ipv4 multi_homing delete <row id>

This command deletes a secondary IPv4 address by specifying its row ID.

Format

Mode

net lan ipv4 multi_homing delete <row id> net

Related show command:

show net lan ipv4 multiHoming

IPv6 LAN Commands

net lan ipv6 configure

This command configures the IPv6 LAN address settings and DHCPv6. After you have issued the net lan ipv6 configure command, you enter the net-config [lan-ipv6] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1 Format

net lan ipv6 configure

Mode

net

Net Mode Configuration Commands

50

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 2 Format

static address <ipv6-address>

static prefix_length <prefix length>

dhcp server_enable {N | Y {dhcp mode {Stateless | Stateful}}}

dhcp domain name <domain name>

dhcp server_preference <number>

dhcp dns_type {useDnsProxy | useDnsFromISP | useEnteredDns

{dhcp primary_dns <ipv6-address>} [dhcp secondary_dns

<ipv6-address>]}

dhcp rebind_time <seconds>

Mode

net-config [lan-ipv6]

Keyword (consists of two separate words) static address static prefix_length dhcp server_enable dhcp mode dhcp domain_name

dhcp server_preference number

dhcp dns_type

Associated Keyword to

Select or Parameter to Type

Description

ipv6-address prefix length

Y

or N

The link-local IPv6 address.

The IPv6 prefix length (integer) of the link-local

IPv6 address.

Specifies whether or not DHCPv6 is enabled. If you enable DHCPv6, you also need to issue the

dhcp

mode keyword and its associated keyword.

Stateless

or Stateful

domain name

useDnsProxy, useDnsFromISP, or useEnteredDns

The DHCPv6 mode (stateless or stateful).

The server domain name (string) or FQDN for the DHCP server.

The preference number (integer) of the DHCP server.

The DNS server type. If you select

useEnteredDns

, you also need to issue the

dhcp primary_dns

keyword and associated parameter. The dhcp secondary_dns keyword and associated parameter are optional.

dhcp primary_dns dhcp secondary_dns dhcp rebind_time

ipv6-address ipv6-address seconds

The IPv6 address for the primary DNS server in the DHCP configuration.

The IPv6 address for the secondary DNS server in the DHCP configuration.

The lease time in seconds (integer), from 0 to

604800 seconds.

Command example:

FVS318N> net lan ipv6 configure net-config[lan-ipv6]> static address fec0::3 net-config[lan-ipv6]> static prefix_length 64 net-config[lan-ipv6]> dhcp server_enable Y net-config[lan-ipv6]> dhcp mode Stateless

Net Mode Configuration Commands

51

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

net-config[lan-ipv6]> dhcp domain name netgear.com net-config[lan-ipv6]> dhcp server_preference 236 net-config[lan-ipv6]> dhcp dns_type useDnsProxy net-config[lan-ipv6]> dhcp rebind_time 43200 net-config[lan-ipv6]> save

Related show command:

show net lan ipv6 setup

net lan ipv6 pool configure

This command configures a new or existing IPv6 DHCP address pool. After you have issued the net lan ipv6 pool configure command, you enter the net-config [lan-ipv6-pool] mode, and then you can configure the IPv6 start and end addresses and the IPv6 prefix length for the IPv6 pool in the order that you prefer.

Step 1

Step 2

Format

net lan ipv6 pool configure

Mode

net

Format

start_address <ipv6-address>

end_address <ipv6-address>

prefix_value <prefix length>

Mode

net-config [lan-ipv6-pool]

Command example:

FVS318N> net lan ipv6 pool configure net-config[lan-ipv6-pool]> start_address 2001::1025 net-config[lan-ipv6-pool]> end_address 2001::1030 net-config[lan-ipv6-pool]> prefix_value 56 net-config[lan-ipv6-pool]> save

Related show command:

show net lan ipv6 setup

net lan ipv6 pool delete <start ipv6-address>

This command deletes an IPv6 DHCP address pool by deleting its start address.

Format

Mode

net lan ipv6 pool delete <start ipv6-address> net

Related show command:

show net lan ipv6 setup

Net Mode Configuration Commands

52

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan ipv6 multi_homing add

This command configures a new IPv6 alias, that is, a secondary IPv6 address. After you have issued the net lan ipv6 multi_homing add command, you enter the net-config [lan-ipv6-multihoming] mode, and then you can configure the secondary address and IPv6 prefix length in the order that you prefer.

Step 1

Step 2

Format net lan ipv6 multi_homing add

Mode

net

Format

ip_address <ipv6-address>

prefix_length <prefix length>

Mode

net-config [lan-ipv6-multihoming]

Command example:

FVS318N> net lan ipv6 multi_homing add net-config[lan-ipv6-multihoming]> ip_address 2002::1006 net-config[lan-ipv6-multihoming]> prefix_length 10 net-config[lan-ipv6-multihoming]> save

Related show command:

show net lan ipv6 multiHoming

net lan ipv6 multi_homing edit

This command configures an existing IPv6 alias, that is, a secondary IPv6 address. After you have issued the net lan ipv6 multi_homing edit command, you enter the net-config [lan-ipv6-multihoming] mode, and then you can configure the secondary address and IPv6 prefix length in the order that you prefer.

Step 1

Step 2

Format net lan ipv6 multi_homing edit

Mode

net

Format

ip_address <ipv6-address>

prefix_length <prefix length>

Mode

net-config [lan-ipv6-multihoming]

Related show command:

show net lan ipv6 multiHoming

Net Mode Configuration Commands

53

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan ipv6 multi_homing delete <row id>

This command deletes a secondary IPv6 address by specifying its row ID.

Format

Mode

net lan ipv6 multi_homing delete <row id> net

Related show command:

show net lan ipv6 multiHoming

net radvd configure lan

This command configures the Router Advertisement Daemon (RADVD) for the link-local advertisements of IPv6 router addresses and prefixes in the LAN. After you have issued the

net radvd configure lan

command, you enter the net-config [radvd] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format net radvd configure lan

Mode

net

Format

enable {Y | N}

mode {Unsolicited-Multicast | Unicast-Only}

interval

<seconds>

flags {Managed | Other}

preference {Low | Medium | High}

mtu <number>

life_time <seconds>

Mode

net-config [radvd]

Keyword (might consist of two separate words)

Associated Keyword to

Select or Parameter to Type

Description enable Y

or N Enables the RADVD process to allow stateless autoconfiguration of the IPv6 LAN.

mode Unsolicited-Multicast

or Unicast-Only

Sets the advertisement mode:

Unsolicited-Multicast. Allows unsolicited multicast and unicast communication with the hosts. Router advertisements (RAs) are sent to all interfaces at the rate that is defined by the

interval

keyword and parameter.

Unicast-Only. Responds to unicast packet requests only. No unsolicited packets are advertised.

Net Mode Configuration Commands

54

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to

Select or Parameter to Type

Description interval flags

seconds

Managed

flag:

Managed. Specifies that the DHCPv6 stateful protocol is used for autoconfiguration of the address.

Other. Specifies that the DHCPv6 stateful protocol is used for autoconfiguration of other

(that is, nonaddress) information.

preference Low

, Medium, or High

The interval in seconds (integer) between unsolicited multicast RAs. Enter a period from 10 to 1800 seconds. The default is 30 seconds.

mtu life_time

number seconds

The wireless VPN firewall’s preference in relation to other hosts and routers in the LAN.

The MTU size (integer) that is used in the RAs to ensure that all nodes in the network use the same

MTU size. The default is 1500 seconds.

The advertisement lifetime in seconds (integer) of the route. The default is 3600 seconds.

Command example:

FVS318N> net radvd configure lan net-config[radvd]> enable Y net-config[radvd]> mode Unsolicited-Multicast net-config[radvd]> interval 60 net-config[radvd]> flags Managed net-config[radvd]> preference Medium net-config[radvd]> mtu 1496 net-config[radvd]> life_time 7200 net-config[radvd]> save

Related show command:

show net radvd lan setup

net radvd pool lan add

This command configures the IPv6 RADVD pool of advertisement prefixes for the LAN. After you have issued the net radvd pool lan add command, you enter the net-config [radvd-pool-lan] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1 Format

net radvd pool lan add

Mode

net

Net Mode Configuration Commands

55

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 2 Format

prefix_type {6To4 {sla_id <ID number>} | Global-Local-ISATAP

{prefix_address <ipv6-address>} {prefix_length

<prefix length>}}

prefix_life_time <seconds>

Mode

net-config [radvd-pool-lan]

Keyword prefix_type sla_id prefix_address prefix_length

Associated Keyword to

Select or Parameter to Type

Description

6To4

or

Global-Local-ISATAP

The prefix type that specifies the type of communication between the interfaces:

6To4. The prefix is for a 6to4 address. You need to issue the sla_id keyword and specify the interface

ID.

Global-Local-ISATAP. The prefix is for a global, local, or ISATAP address. This needs to be a global prefix, not the site-local or link-local prefix. You need to issue the prefix_address and prefix_length keywords and associated parameters.

ID number ipv6-address prefix length

prefix_life_time seconds

The site-level aggregation identifier (SLA ID) (integer) in the 6to4 address prefix is the ID of the interface from which the advertisements are sent.

The IPv6 address for a global, local, or ISATAP prefix.

The IPv6 prefix length (integer) for a global, local, or

ISATAP prefix. This is a decimal value that indicates the number of contiguous, higher-order bits of the address that make up the network portion of the address.

The period in seconds (integer) during which the requesting router is allowed to use the prefix.

Command example:

FVS318N> net radvd pool lan add net-config[radvd-pool-lan]> prefix_type 6To4 net-config[radvd-pool-lan]> sla_id 67 net-config[radvd-pool-lan]> prefix_life_time 3600 net-config[radvd-pool-lan]> save

Related show command:

show net radvd lan setup

net radvd pool lan edit <row id>

This command configures an existing IPv6 RADVD address pool for the LAN. After you have issued the net radvd pool lan edit command to specify the row to be edited, you

Net Mode Configuration Commands

56

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

enter the net-config [radvd-pool-lan] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

net radvd pool lan edit <row id>

Mode

net

Format

prefix_type {6To4 {sla_id <ID number>} | Global-Local-ISATAP

{prefix_address <ipv6-address>} {prefix_length

<prefix length>}}

prefix_life_time <seconds>

Mode

net-config [radvd-pool-lan]

Keyword prefix_type sla_id prefix_address prefix_length

Associated Keyword to

Select or Parameter to Type

Description

6To4

or

Global-Local-ISATAP

The prefix type that specifies the type of communication between the interfaces:

6To4. The prefix is for a 6to4 address. You need to issue the sla_id keyword and specify the interface

ID.

Global-Local-ISATAP. The prefix is for a global, local, or ISATAP address. This needs to be a global prefix, not the site-local or link-local prefix. You need to issue the prefix_address and prefix_length keywords and associated parameters.

ID number ipv6-address prefix length

prefix_life_time seconds

The site-level aggregation identifier (SLA ID) (integer) in the 6to4 address prefix is the ID of the interface from which the advertisements are sent.

The IPv6 address for a global, local, or ISATAP prefix.

The IPv6 prefix length (integer) for a global, local, or

ISATAP prefix. This is a decimal value that indicates the number of contiguous, higher-order bits of the address that make up the network portion of the address.

The period in seconds (integer) during which the requesting router is allowed to use the prefix.

Related show command:

show net radvd lan setup

net radvd pool lan delete <row id>

This command deletes a RADVD pool for the LAN by deleting its row ID.

Format

Mode

net radvd pool lan delete <row id> net

Net Mode Configuration Commands

57

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Related show command:

show net radvd lan setup

IPv4 DMZ Setup Commands

net dmz ipv4 configure

This command enables, configures, or disables the IPv4 DMZ. After you have issued the net

dmz ipv4 configure

command, you enter the net ipv4-config [dmz] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

net dmz ipv4 configure

Mode

net

Format

enable_dmz {Y | N}

ip_address <ipaddress>

subnet_mask <subnet mask>

dhcp_mode {None | DHCP-Server | DHCP-Relay}

dns_proxy_enable {Y | N}

domain_name <domain name>

starting_ip_address <ipaddress>

ending_ip_address <ipaddress>

primary_dns_server <ipaddress>

secondary_dns_server <ipaddress>

wins_server <ipaddress>

lease_time <hours>

enable_ldap {Y | N}

ldap_serverip <ipaddress>

ldap_search_base <search base>

ldap_port <number>

Keyword

Mode enable_dmz ip_address subnet_mask

relay_gateway <ipaddress> net-ip4-config [dmz]

Associated Keyword to

Select or Parameter to Type

Description

Y

or N

ipaddress

Enables or disables the DMZ.

The IP address of the DMZ port.

subnet mask

The subnet mask of the DMZ port.

Net Mode Configuration Commands

58

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword dhcp_mode

Associated Keyword to

Select or Parameter to Type

Description

Non

e,

DHCP-Serves

or

DHCP-Relay

Specifies the DHCP mode:

None. DHCP is disabled for the DMZ.

DHCP-Server. DHCP is enabled for the DMZ.

You can configure all keywords and parameters except the relay_gateway keyword and associated parameter.

DHCP-Relay. Addresses are assigned in the

DMZ by a DHCP Relay. Configure the

relay_gateway

keyword and associated parameter.

Enables or disables the DNS proxy.

dns_proxy_enable Y

or N

DHCP server domain_name starting_ip_address ending_ip_address

domain name ipaddress ipaddress

The server domain name (string) or FQDN for the

DHCP server.

The start IP address for the DHCP address pool.

The end IP address for the DHCP address pool.

primary_dns_server secondary_dns_server wins_server lease_time enable_ldap ldap_serverip ldap_search_base

ipaddress ipaddress ipaddress hours

Y

or N

ipaddress search base number

The IP address of the primary DNS server in the

DMZ DHCP configuration.

The IP address of the secondary DNS server in the DMZ DHCP configuration.

The IP address of the WINS server in the DMZ

DHCP configuration.

The duration in hours for which an IP address is leased.

Enables or disables LDAP.

The IP address of the LDAP server.

The search base (string) for LDAP

The port number for the LDAP server.

ldap_port

DHCP relay relay_gateway

ipaddress

Set DHCP relay gateway server.

Command example:

FVS318N> net dmz ipv4 configure net-ipv4-config[dmz]> enable_dmz net-ipv4-config[dmz]> ip_address 10.126.32.59 net-ipv4-config[dmz]> subnet_mask 2525.255.255.0 net-ipv4-config[dmz]> dhcp_mode None net-ipv4-config[dmz]> dns_proxy_enable Y net-ipv4-config[dmz]> save

Net Mode Configuration Commands

59

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Related show command:

show net dmz ipv4 setup

IPv6 DMZ Setup Commands

net dmz ipv6 configure

This command enables, configures, or disables the IPv6 DMZ. After you have issued the net

dmz ipv6 configure

command, you enter the net ipv6-config [dmz] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

net dmz ipv6 configure

Mode

net

Format

enable_dmz {Y | N}

ip_address <ipv6-address>

prefix_length <prefix length>

dhcp_enable {N | Y {dhcp_mode {Stateless | Stateful}}}

domain name <domain-name>

server_preference <number>

dns_server_option {useDnsProxy | useDnsFromISP | useEnteredDns

{primary_dns_server <ipv6-address>} [secondary_dns_server

<ipv6-address>]}

lease_time <seconds>

Keyword

Mode enable_dmz ip_address prefix_length

DHCPv6 server dhcp_enable dhcp_mode domain_name server_preference

net-ipv6-config [dmz]

Associated Keyword to

Select or Parameter to Type

Description

Y

or N

ipv6-address

Enables or disables the DMZ.

The IPv6 address of the DMZ port.

prefix length

The prefix length (integer) for the DMZ port.

Y

or N

Stateless

domain name number

or Stateful

Enables or disables DHCP server for the DMZ.

The DHCPv6 mode (Stateless or Stateful).

The server domain name (string) for the DHCP server.

The preference number (integer) of the DHCP server.

Net Mode Configuration Commands

60

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword dns_server_option primary_dns_server secondary_dns_server lease_time

Associated Keyword to

Select or Parameter to Type

Description useDnsProxy, useDnsFromISP

, or

useEnteredDns

The DNS server type. If you select

useEnteredDns

, you also need to issue the

primary_dns_server

keyword and associated parameter. The secondary_dns_server keyword and associated parameter are optional.

ipv6-address ipv6-address seconds

The IPv6 address for the primary DNS server in the DMZ configuration.

The IPv6 address of the secondary DNS server in the DMZ configuration.

The duration in seconds for which an IP address is leased.

Command example:

FVS318N> net dmz ipv6 configure net-ipv6-config[dmz]> enable_dmz Y net-ipv6-config[dmz]> ip_address 2001:176::1 net-ipv6-config[dmz]> prefix_length 64 net-ipv6-config[dmz]> dhcp_enable Y net-ipv6-config[dmz]> dhcp_mode Stateful net-ipv6-config[dmz]> domain_name netgear.com net-ipv6-config[dmz]> server_preference 210 net-ipv6-config[dmz]> dns_server_option useDnsProxy net-ipv6-config[dmz]> lease_time 43200 net-ipv6-config[dmz]> save

Related show command:

show net dmz ipv6 setup

net dmz ipv6 pool configure

This command configures a new or existing IPv6 DMZ address pool. After you have issued the net lan ipv6 pool configure command, you enter the net ipv6-config-pool [dmz] mode, and then you can configure the IPv6 start and end addresses and the IPv6 prefix length for the IPv6 pool in the order that you prefer.

Step 1

Step 2

Format net dmz ipv6 pool configure

Mode

net

Format

starting_ip_address <ipv6-address>

ending_ip_address <ipv6-address>

prefix_value <prefix length>

Mode

net ipv6-config-pool [dmz]

Net Mode Configuration Commands

61

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Command example:

FVS318N> net dmz ipv6 pool configure net-ipv6-config-pool[dmz]> starting_ip_address 2001::1100 net-ipv6-config-pool[dmz]> ending_ip_address 2001::1120 net-ipv6-config-pool[dmz]> prefix_value 56 net-ipv6-config-pool[dmz]> save

Related show command:

show net dmz ipv6 setup

net radvd configure dmz

This command configures the Router Advertisement Daemon (RADVD) process for the link-local advertisements of IPv6 router addresses and prefixes in the DMZ. After you have issued the net radvd configure dmz command, you enter the net-config [radvd] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format net radvd configure dmz

Mode

net

Format

enable {Y | N}

mode {Unsolicited-Multicast | Unicast-Only}

interval

<seconds>

flags {Managed | Other}

preference {Low | Medium | High}

mtu <number>

lifetime <seconds>

Mode

net-config [radvd]

Keyword (might consist of two separate words)

Associated Keyword to

Select or Parameter to Type enable Y

or N

Description

Enables the RADVD process to allow stateless autoconfiguration of the IPv6 DMZ.

mode Unsolicited-Multicast

or Unicast-Only

Sets the advertisement mode:

Unsolicited-Multicast. Allows unsolicited multicast and unicast communication with the hosts. Router advertisements (RAs) are sent to all interfaces at the rate that is defined by the

interval

keyword and associated parameter.

Unicast-Only. Responds to unicast packet requests only. No unsolicited packets are advertised.

interval

seconds

The interval in seconds (integer) between unsolicited multicast RAs. Enter a period from 10 to 1800 seconds. The default is 30 seconds.

Net Mode Configuration Commands

62

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to

Select or Parameter to Type

Description flags Managed

flag:

Managed. Specifies that the DHCPv6 stateful protocol is used for autoconfiguration of the address.

Other. Specifies that the DHCPv6 stateful protocol is used for autoconfiguration of other

(that is, nonaddress) information.

preference Low

, Medium, or High

mtu life_time

number seconds

The wireless VPN firewall’s preference in relation to other hosts and routers in the DMZ.

The MTU size (integer) that is used in the RAs to ensure that all nodes in the network use the same

MTU size. The default is 1500 seconds.

The advertisement lifetime in seconds (integer) of the route. The default is 3600 seconds.

Command example:

FVS318N> net radvd configure dmz net-config[radvd]> enable Y net-config[radvd]> mode Unicast-Only net-config[radvd]> flags Managed net-config[radvd]> preference High net-config[radvd]> mtu 1500 net-config[radvd]> life_time 7200 net-config[radvd]> save

Related show command:

show net radvd dmz setup

net radvd pool dmz add

This command configures the IPv6 RADVD pool of advertisement prefixes for the DMZ. After you have issued the net radvd pool dmz add command, you enter the net-config [radvd-pool-dmz] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

net radvd pool dmz add

Mode

net

Format

prefix_type {6To4 {sla_id <ID number>} | Global-Local-ISATAP

{prefix_address <ipv6-address>} {prefix_length

<prefix length>}}

prefix_life_time <seconds>

Mode

net-config [radvd-pool-dmz]

Net Mode Configuration Commands

63

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword prefix_type sla_id prefix_address prefix_length prefix_life_time

Associated Keyword to

Select or Parameter to Type

Description

6To4

or

Global-Local-ISATAP

The prefix type that specifies the type of communication between the interfaces:

6To4. The prefix is for a 6to4 address. You need to issue the sla_id keyword and specify the interface

ID.

Global-Local-ISATAP. The prefix is for a global, local, or ISATAP address. This needs to be a global prefix, not the site-local or link-local prefix. You need to issue the prefix_address and

prefix_length

keywords and associated parameters.

ID number ipv6-address

The site-level aggregation identifier (SLA ID) (integer) in the 6to4 address prefix is the ID of the interface from which the advertisements are sent.

The IPv6 address for a global, local, or ISATAP prefix.

prefix length seconds

The IPv6 prefix length (integer) for a global, local, or

ISATAP prefix. This is a decimal value that indicates the number of contiguous, higher-order bits of the address that make up the network portion of the address.

The period in seconds (integer) during which the requesting router is allowed to use the prefix.

Command example:

FVS318N> net radvd pool dmz add net-config[radvd-pool-dmz]> prefix_type Global-Local-ISATAP net-config[radvd-pool-dmz]> prefix_address 2002:3a2b net-config[radvd-pool-dmz]> prefix_length 64 net-config[radvd-pool-dmz]> prefix_life_time 3600 net-config[radvd-pool-dmz]> save

Related show command:

show net radvd dmz setup

net radvd pool dmz edit <row id>

This command configures an existing IPv6 RADVD address pool for the DMZ. After you have issued the net radvd pool dmz edit command to specify the row to be edited, you enter the net-config [radvd-pool-dmz] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1 Format

net radvd pool dmz edit <row id>

Mode

net

Net Mode Configuration Commands

64

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 2 Format

prefix_type {6To4 {sla_id <ID number>} | Global-Local-ISATAP

{prefix_address <ipv6-address>} {prefix_length

<prefix length>}}

prefix_life_time <seconds>

Mode

net-config [radvd-pool-dmz]

Keyword prefix_type sla_id prefix_address prefix_length prefix_life_time

Associated Keyword to

Select or Parameter to Type

Description

6To4

or

Global-Local-ISATAP

The prefix type that specifies the type of communication between the interfaces:

6To4. The prefix is for a 6to4 address. You need to issue the sla_id keyword and specify the interface

ID.

Global-Local-ISATAP. The prefix is for a global, local, or ISATAP address. This needs to be a global prefix, not the site-local or link-local prefix. You need to issue the prefix_address and

prefix_length

keywords and associated parameters.

ID number ipv6-address prefix length seconds

The site-level aggregation identifier (SLA ID) (integer) in the 6to4 address prefix is the ID of the interface from which the advertisements are sent.

The IPv6 address for a global, local, or ISATAP prefix.

The IPv6 prefix length (integer) for a global, local, or

ISATAP prefix. This is a decimal value that indicates the number of contiguous, higher-order bits of the address that make up the network portion of the address.

The period in seconds (integer) during which the requesting router is allowed to use the prefix.

Related show command:

show net radvd dmz setup

net radvd pool dmz delete <row id>

This command deletes a RADVD pool for the DMZ by deleting its row ID.

Format

Mode

net radvd pool dmz delete <row id> net

Related show command:

show net radvd dmz setup

Net Mode Configuration Commands

65

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

IPv4 Routing Commands

net routing static ipv4 configure <route name>

This command configures an IPv4 static route. After you have issued the net routing

static ipv4 configure

command to specify the name of the new route, you enter the net-config [static-routing-ipv4] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

net routing static ipv4 configure <route name>

Mode

net

Format

active_flag {Y | N}

private_flag {Y | N}

destination_address <ipaddress>

subnet_mask <subnet mask>

interface {custom_vlan <VLAN name> | dmz | lan | wan}

gateway_address <ipaddress>

metric <number>

Mode

net-config [static-routing-ipv4]

Keyword Associated Keyword to

Select or Parameter to Type active_flag Y

or N

Description private_flag gateway_address metric

Y

or N

ipaddress number

Specifies whether or not the route is an active route.

Specifies whether or not the route can be shared with other gateways when RIP is enabled.

destination_address ipaddress

subnet_mask interface

The destination IP address.

The destination subnet mask.

subnet mask

custom_vlan <VLAN

name>, dmz, lan, or wan

The interface for which the route is applied. The

DMZ, LAN, and WAN interfaces are self-explanatory. If you select the custom_vlan keyword, you also need to specify the VLAN name.

The gateway IP address.

The metric (integer) for this route. The number can be from 2 to 15.

Command example:

FVS318N> net routing static ipv4 configure Orly net-config[static-routing-ipv4]> active_flag Y net-config[static-routing-ipv4]> private_flag Y net-config[static-routing-ipv4]> destination_address 10.118.215.178

Net Mode Configuration Commands

66

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

net-config[static-routing-ipv4]> subnet_mask 255.255.255.0 net-config[static-routing-ipv4]> interface wan net-config[static-routing-ipv4]> gateway_address 10.192.44.13 net-config[static-routing-ipv4]> metric 7 net-config[static-routing-ipv4]> save

Related show command:

show net routing static ipv4 setup

net routing static ipv4 delete <route name>

This command deletes a static IPv4 route by deleting its name.

Format

Mode

net routing static ipv4 delete <route name> net

Related show command:

show net routing static ipv4 setup

net routing static ipv4 delete_all

This command deletes all static IPv4 routes.

Format

Mode

net routing static ipv4 delete_all net

Related show command:

show net routing static ipv4 setup

net routing dynamic configure

This command configures RIP and the associated MD5 key information. After you have issued the net routing dynamic configure command, you enter the net-config [dynamic-routing] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1 Format net routing dynamic configure

Mode

net

Net Mode Configuration Commands

67

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 2 Format

authentication_enable {Y | N}

direction {None | In-only | Out-only | Both}

version {Disabled | Rip1 | Rip2B | Rip2M}

first_key authentication_id <authentication key>

first_key id_number <number>

first_key valid_from {day <day>}

first_key valid_from {month <month>}

first_key valid_from {year <year>}}

first_key valid_from {hour <hour> |

first_key valid_from {minute <minute>}

first_key valid_from {second <second>}

first_key valid_to {day <day>}

first_key valid_to {month <month>}

first_key valid_to {year <year>}}

first_key valid_to {hour <hour> |

first_key valid_to {minute <minute>}

first_key valid_to {second <second>}

second_key authentication_id <authentication key>

second_key id_number <number>

second_key valid_from {day <day>}

second_key valid_from {month <month>}

second_key valid_from {year <year>}}

second_key valid_from {hour <hour> |

second_key valid_from {minute <minute>}

second_key valid_from {second <second>}

second_key valid_to {day <day>}

second_key valid_to {month <month>}

second_key valid_to {year <year>}}

second_key valid_to {hour <hour> |

second_key valid_to {minute <minute>}

second_key valid_to {second <second>}

Mode

net-config [dynamic-routing]

Keyword (might consist of two separate words)

Associated Keyword to

Select or Parameter to Type

Description

General authentication_enable Y

or N

direction

Enable or disables authentication for

RIP-2B or RIP-2M.

None

, In-only, Out-only, or Both.

The RIP direction.

Net Mode Configuration Commands

68

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words) version

Associated Keyword to

Select or Parameter to Type

Description

Disabled

, Rip1, Rip2B, or

Rip2M

The RIP version.

First key

first_key authentication_id authentication key

first_key id_number first_key valid_from day first_key valid_from year first_key valid_from hour

number day

first_key valid_from month month

year hour

first_key valid_from minute minute

The first MD5 authentication key

(alphanumeric string).

The first MD5 key ID (integer).

The day in the format DD

(01 to 31).

The month in the format

MM (01 to 12).

The year in the format

YYYY (1970 to 2037).

The hour in the 24-hour format HH (00 to 23).

The day and time on which the validity of the first MD5 authentication key starts.

The minute in the format

MM (00 to 59).

first_key valid_from second second

first_key valid_to day first_key valid_to month first_key valid_to year first_key valid_to hour first_key valid_to minute

day month year hour minute

The second in the format

SS (00 to 59).

The day in the format DD

(01 to 31).

The month in the format

MM (01 to12).

The year in the format

YYYY (1970 to 2037).

The hour in the 24-hour format HH (00 to 23).

The day and time on which the validity of the first MD5 authentication key expires.

The minute in the format

MM (00 to 59).

first_key valid_to second

second

The second in the format

SS (00 to 59).

Second key

Note:

The keywords and parameters for the second key follow the same format as those for the first key.

Command example:

FVS318N> net routing dynamic configure net-config[dynamic-routing]> authentication_enable Y net-config[dynamic-routing]> direction Both net-config[dynamic-routing]> version Rip2M

Net Mode Configuration Commands

69

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

net-config[dynamic-routing]> first_key authentication_id 2rt!00jkl26ll7Oo0 net-config[dynamic-routing]> first_key id_number 1 net-config[dynamic-routing]> first_key valid_from day 01 net-config[dynamic-routing]> first_key valid_from month 12 net-config[dynamic-routing]> first_key valid_from year 2011 net-config[dynamic-routing]> first_key valid_from hour 07 net-config[dynamic-routing]> first_key valid_from minute 00 net-config[dynamic-routing]> first_key valid_from second 00 net-config[dynamic-routing]> first_key valid_to day 31 net-config[dynamic-routing]> first_key valid_to month 12 net-config[dynamic-routing]> first_key valid_to year 2011 net-config[dynamic-routing]> first_key valid_to hour 23 net-config[dynamic-routing]> first_key valid_to minute 59 net-config[dynamic-routing]> first_key valid_to second 59 net-config[dynamic-routing]> second_key authentication_id 3gry!!99OoiI net-config[dynamic-routing]> second_key id_number 2 net-config[dynamic-routing]> second_key valid_from day 31 net-config[dynamic-routing]> second_key valid_from month 12 net-config[dynamic-routing]> second_key valid_from year 2011 net-config[dynamic-routing]> second_key valid_from hour 24 net-config[dynamic-routing]> second_key valid_from minute 00 net-config[dynamic-routing]> second_key valid_from second 00 net-config[dynamic-routing]> second_key valid_to day 31 net-config[dynamic-routing]> second_key valid_to month 03 net-config[dynamic-routing]> second_key valid_to year 2012 net-config[dynamic-routing]> second_key valid_to hour 23 net-config[dynamic-routing]> second_key valid_to minute 59 net-config[dynamic-routing]> second_key valid_to second 59 net-config[dynamic-routing]> save

Related show command:

show net routing dynamic setup

IPv6 Routing Commands

net routing static ipv6 configure <route name>

This command configures an IPv6 static route. After you have issued the net routing

static ipv6 configure

command to specify the name of the new route, you enter the net-config [static-routing-ipv6] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1 Format

net routing static ipv6 configure <route name>

Mode

net

Net Mode Configuration Commands

70

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 2 Format

active_flag {Y | N}

destination_address <ipv6-address>

prefix <prefix length>

gateway_address <ipv6-address>

interface {Dedicated-WAN | LAN | Sit0-WAN1}

metric <number>

Mode

net-config [static-routing-ipv6]

Keyword Associated Keyword to

Select or Parameter to Type

Description active_flag Y

or N

destination_address ipv6-address

Specifies whether or not the route is an active route.

The destination IP address.

prefix interface gateway_address metric

prefix length

Dedicated-WAN

Sit0-WAN1

ipv6-address number

, LAN, or

The IPv6 prefix length (integer). This is a decimal value that indicates the number of contiguous, higher-order bits of the address that make up the network portion of the address.

The physical or virtual network interface through which the route is accessible:

Dedicated-WAN. The dedicated WAN interface.

LAN. A LAN interface.

Sit0-WAN1. The 6to4-WAN interface.

The gateway IP address.

The metric (integer) for this route. The number can be from 2 to 15.

Command example:

FVS318N> net routing static ipv6 configure SFO2 net-config[static-routing-ipv6]> active_flag Y net-config[static-routing-ipv6]> destination_address 2002:201b:24e2::1001 net-config[static-routing-ipv6]> prefix 64 net-config[static-routing-ipv6]> interface Dedicated-WAN net-config[static-routing-ipv6]> gateway_address FE80::2001:5efe:ab23 net-config[static-routing-ipv6]> metric 2 net-config[static-routing-ipv6]> save

Related show command:

show net routing static ipv6 setup

Net Mode Configuration Commands

71

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net routing static ipv6 delete <route name>

This command deletes a static IPv6 route by deleting its name.

Format

Mode

net routing static ipv6 delete <route name> net

Related show command:

show net routing static ipv6 setup

net routing static ipv6 delete_all

This command deletes all static IPv6 routes.

Format

Mode net routing static ipv6 delete_all

net

Related show command:

show net routing static ipv6 setup

Net Mode Configuration Commands

72

4.

Security Mode Configuration

Commands

4

This chapter explains the configuration commands, keywords, and associated parameters in the security mode. The chapter includes the following sections:

Security Services Commands

Security Schedules Commands

IPv4 Add Firewall Rule and Edit Firewall Rule Commands

IPv4 General Firewall Commands

IPv6 Firewall Commands

Attack Check Commands

Session Limit, Time-Out, and Advanced Commands

Address Filter and IP/MAC Binding Commands

Port Triggering Commands

UPnP Command

Bandwidth Profile Commands

Content Filtering Commands

IMPORTANT:

After you have issued a command that includes the word configure

, add, or edit, you need to save (or cancel) your

changes. For more information, see

Save Commands

on page 13.

Security Services Commands

security services add

This command configures a new firewall custom service. After you have issued the

security services add

command, you enter the security-config [custom-service] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

73

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 1

Step 2

Format

security services add

Mode

security

Format

name <service name>

protocol {TCP {start_port <number>} {finish_port <number>} |

UDP {start_port <number>} {finish_port <number>} |

ICMP {icmp_type <number> | ICMPv6 {icmp_type <number>}}

qos_priority {Normal-Service | Minimize-Cost |

Maximize-Reliability | Maximize-Throughput | Minimize-Delay}

Mode

security-config [custom-service]

Keyword name

Associated Keyword to

Select or Parameter to Type

Description

service name

TCP

, UDP, ICMP, or ICMPv6

Name (string) of the service.

The protocol type that applies to the service.

protocol start_port finish_port

number number

For TCP and UPD, the start port number (integer) of the range used by the destination user. Valid numbers are from 0 to 65535.

For TCP and UPD, the end port number (integer) of the range used by the destination user. Valid numbers are from 0 to 65535.

The port number (integer) used by the destination user.

icmp_type

number

qos_priority Normal-Service

,

Minimize-Cost

,

Maximize-Reliability

,

Maximize-Throughput

, or

Minimize-Delay

The type of QoS that applies to the service. The keywords are self-explanatory.

Command example:

FVS318N> security services add security-config[custom-service]> name Traceroute security-config[custom-service]> protocol ICMP security-config[custom-service]> icmp_type 20 security-config[custom-service]> qos_priority Minimize-Delay security-config[custom-service]> save

Related show command:

show security services setup

Security Mode Configuration Commands

74

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security services edit <row id>

This command configures an existing firewall custom service. After you have issued the

security services edit

command to specify the row to be edited, you enter the security-config [custom-service] mode, and then you can edit the service.

Step 1

Step 2

Format

security services edit <row id>

Mode

security

Format

name <service name>

protocol {TCP {start_port <number>} {finish_port <number>} |

UDP {start_port <number>} {finish_port <number>} |

ICMP {icmp_type <number> | ICMPv6 {icmp_type <number>}}

qos_priority {Normal-Service | Minimize-Cost |

Maximize-Reliability | Maximize-Throughput | Minimize-Delay}

Mode

security-config [custom-service]

Keyword name

Associated Keyword to

Select or Parameter to Type

Description

service name

TCP

, UDP, ICMP, or ICMPv6

Name (string) of the service.

The protocol type that applies to the service.

protocol start_port finish_port

number number

For TCP and UPD, the start port number (integer) of the range used by the destination user. Valid numbers are from

0 to 65535.

For TCP and UPD, the end port number (integer) of the range used by the destination user. Valid numbers are from

0 to 65535.

The port number (integer) used by the destination user.

icmp_type

number

qos_priority Normal-Service

,

Minimize-Cost

,

Maximize-Reliability

,

Maximize-Throughput

, or

Minimize-Delay

The type of QoS that applies to the service. The keywords are self-explanatory.

Related show command:

show security services setup

security services delete <row id>

This command deletes a custom security service by deleting its row ID.

Format

Mode

security services delete <row id> security

Security Mode Configuration Commands

75

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Related show command:

show security services setup

Security Schedules Commands

security schedules edit <1 | 2 | 3>

This command configures one of the three security schedules. After you have issued the

security schedule edit

command to specify the row (that is, the schedule: 1, 2, or 3) to be edited, you enter the security-config [schedules] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

security schedules edit

Mode

security

Format

days {all {Y | N {[days sunday {Y | N}] [days monday {Y | N}]

[days tuesday {Y | N}] [days wednesday {Y | N}] [days thursday

{Y | N}] [days friday {Y | N}] [days saturday {Y | N}]}}}

time_of-day {all_enable {Y | N {time_of_day start hours <hour>}

{time_of_day start mins <minute>} {time_of_day start meridiem

{AM | PM}} {time_of_day end hours <hour>} {time_of_day end

mins <minute>} {time_of_day end meridiem {AM | PM}}}}

Mode

security-config [schedules}

Keyword (consists of two separate words) days all days sunday days monday days tuesday days wednesday days thursday days friday days saturday

Associated Keyword to

Select or Parameter to Type

Description

Y

or N

Y

Y

Y

Y

Y

Y

Y

or N

or N

or N

or N

or N

or N

or N

Specifies whether or not the schedule is active on all days.

Specifies whether or not the schedule is active on Sundays.

Specifies whether or not the schedule is active on Mondays.

Specifies whether or not the schedule is active on Tuesdays.

Specifies whether or not the schedule is active on Wednesdays.

Specifies whether or not the schedule is active on Thursdays.

Specifies whether or not the schedule is active on Fridays.

Specifies whether or not the schedule is active on Saturdays.

Security Mode Configuration Commands

76

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (consists of two separate words) time_of_day all_enable time_of_day start hours time_of_day start mins time_of_day start meridiem time_of_day end hours time_of_day end mins time_of_day end meridiem

Associated Keyword to

Select or Parameter to Type

Description

Y

or N

hour

Specifies whether or not the schedule is active all day.

The schedule starts at the specified hour in the 12-hour format HH (00 to 12).

minute

AM

hour minute

AM

or PM

or PM

The schedule starts at the specified minute in the format MM (00 to 59).

The meridiem for the start time.

The schedule ends at the specified hour in the 12-hour format HH (00 to 12).

The schedule ends at the specified minute in the format MM (00 to 59).

Specifies the meridiem for the end time.

Command example:

FVS318N> security schedule edit 1 security-config[schedules]> days monday Y security-config[schedules]> days tuesday Y security-config[schedules]> days wednesday Y security-config[schedules]> days thursday Y security-config[schedules]> days friday Y security-config[schedules]> time_of_day start hours 07 security-config[schedules]> time_of_day start mins 30 security-config[schedules]> time_of_day start meridiem AM security-config[schedules]> time_of_day end hours 08 security-config[schedules]> time_of_day start mins 00 security-config[schedules]> time_of_day start meridiem PM security-config[schedules]> save

Related show command:

show security schedules setup

IPv4 Add Firewall Rule and Edit Firewall Rule Commands

security firewall ipv4 add_rule lan_wan outbound

This command configures a new IPv4 LAN WAN outbound firewall rule. After you have issued the security firewall ipv4 add_rule lan_wan outbound command, you enter the security-config [firewall-ipv4-lan-wan-outbound] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you

Security Mode Configuration Commands

77

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule.

Step 1

Step 2

Format

security firewall ipv4 add_rule lan_wan outbound

Mode

security

Format

service_name {default_services <default service name> |

{custom_services <custom service name>}

action {ALWAYS_BLOCK | ALWAYS_ALLOW |

BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 |

Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK

{schedule {Schedule1 | Schedule2 | Schedule3}}}

Mode

lan_users {address_wise {ANY | SINGLE_ADDRESS {lan_user_start_ip

<ipaddress>} | ADDRESS_RANGE {lan_user_start_ip <ipaddress>}

{lan_user_end_ip <ipaddress>}} | group_wise <group name>}

wan_users {ANY | SINGLE_ADDRESS {wan_user_start_ip <ipaddress>}

| ADDRESS_RANGE {wan_user_start_ip <ipaddress>}

{wan_user_end_ip <ipaddress>}}

qos_priority {Normal-Service | Minimize-Cost |

Maximize-Reliability | Maximize-Throughput | Minimize-Delay}

log {NEVER | ALWAYS}

bandwidth_profile <profile name>

nat_ip type {WAN_INTERFACE_ADDRESS | SINGLE_ADDRESS

{address <ipaddress>}} security-config [firewall-ipv4-lan-wan-outbound]

Security Mode Configuration Commands

78

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Service name, action, and schedule lan_user_start_ip lan_user_end_ip

ipaddress ipaddress

Description service_name default_services

ANY

, AIM, BGP, BOOTP_CLIENT,

BOOTP_SERVER

, CU-SEEME:UDP,

CU-SEEME:TCP

, DNS:UDP, DNS:TCP,

FINGER

, FTP, HTTP, HTTPS,

ICMP-TYPE-3

, ICMP-TYPE-4,

ICMP-TYPE-5

, ICMP-TYPE-6,

ICMP-TYPE-7

, ICMP-TYPE-8,

ICMP-TYPE-9

, ICMP-TYPE-10,

ICMP-TYPE-11

, ICMP-TYPE-13,

ICQ

, IMAP2, IMAP3, IRC, NEWS, NFS,

NNTP

, PING, POP3, PPTP, RCMD,

REAL-AUDIO

, REXEC, RLOGIN,

RTELNET

, RTSP:TCP, RTSP:UDP,

SFTP

, SMTP, SNMP:TCP, SNMP:UDP,

SNMP-TRAPS:TCP

,

SNMP-TRAPS:UDP

, SQL-NET,

SSH:TCP

, SSH:UDP, STRMWORKS,

TACACS

, TELNET, TFTP, RIP, IKE,

SHTTPD

, IPSEC-UDP-ENCAP, IDENT,

VDOLIVE

, SSH, SIP-TCP, or SIP-UDP

The default service and protocol to which the firewall rule applies.

service_name custom_services action

custom service name

schedule Schedule1

, Schedule2, or

Schedule3

The custom service that you have configured with the

security services add

command.

ALWAYS_BLOCK

, ALWAYS_ALLOW,

BLOCK_BY_SCHEDULE_ELSE_ALLOW

, or

ALLOW_BY_SCHEDULE_ELSE_BLOCK

The type of action to be enforced by the rule.

The schedule, if any, that is applicable to the rule.

LAN user addresses or LAN group and WAN user addresses lan_users address_wise ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The type of LAN address.

There are two options:

• The IP address if the lan_users

address_wise

keywords are set to SINGLE_ADDRESS.

• The start IP address if the

lan_users

address_wise keywords are set to

ADDRESS_RANGE

.

The end IP address if the

lan_users address_wise

keywords are set to

ADDRESS_RANGE

.

Security Mode Configuration Commands

79

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Description lan_users group_wise

group name

The name of the LAN group. The group name is either a default name (Group1, Group2, Group3, and so on) or a custom name that you specified with the

net lan lan_groups edit <row id> <new group name>

command.

The type of WAN address.

wan_users ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE wan_user_start_ip wan_user_end_ip

ipaddress ipaddress

There are two options:

• The IP address if the wan_users keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

wan_users

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

wan_users

keyword is set to

ADDRESS_RANGE

.

QoS profile, logging, bandwidth profile, and NAT IP address qos_priority log

Normal-Service

, Minimize-Cost,

Maximize-Reliability

,

Maximize-Throughput

, or

Minimize-Delay

The type of QoS that applies to the rule.

NEVER

or ALWAYS

bandwidth_profile

profile name

Enables or disables logging.

The profile that you have configured with the

security bandwidth profile add

command.

nat_ip type WAN_INTERFACE_ADDRESS

or

SINGLE_ADDRESS nat_ip address

ipaddress

Specifies the type of NAT IP address:

WAN_INTERFACE_ADDRESS.

The IP address of the WAN

(broadband) interface.

SINGLE_ADDRESS. Another IP address, which you need to configure using the nat_ip

address

keywords.

The NAT IP address, if the nat_ip

type

keywords are set to

SINGLE_ADDRESS

.

Command example:

FVS318N> security firewall ipv4 add_rule lan_wan outbound security-config[firewall-ipv4-lan-wan-outbound]> service_name default_services PING

Security Mode Configuration Commands

80

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

security-config[firewall-ipv4-lan-wan-outbound]> action

ALWAYS_ALLOW

security-config[firewall-ipv4-lan-wan-outbound]> lan_users address_wise ANY security-config[firewall-ipv4-lan-wan-outbound]> wan_users ADDRESS_RANGE security-config[firewall-ipv4-lan-wan-outbound]> wan_user_start_ip 10.120.114.217 security-config[firewall-ipv4-lan-wan-outbound]> wan_user_end_ip 10.120.114.245 security-config[firewall-ipv4-lan-wan-outbound]> qos_profile Normal-Service security-config[firewall-ipv4-lan-wan-outbound]> log ALWAYS security-config[firewall-ipv4-lan-wan-outbound]> save

Related show command:

show security firewall ipv4 setup lan_wan

security firewall ipv4 edit_rule lan_wan outbound <row id>

This command configures an existing IPv4 LAN WAN outbound firewall rule. After you have issued the security firewall ipv4 edit_rule lan_wan outbound command to

specify the row to be edited (for row information, see the output of the

show security firewall ipv4 setup lan_wan

command), you enter the security-config [firewall-ipv4-lan-wan-outbound] mode. You can then edit one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.

Step 1

Step 2

Format

security firewall ipv4 edit_rule lan_wan outbound <row id>

Mode

security

Format

service_name {default_services <default service name> |

{custom_services <custom service name>}

action {ALWAYS_BLOCK | ALWAYS_ALLOW |

BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 |

Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK

{schedule {Schedule1 | Schedule2 | Schedule3}}}

Mode

lan_users {address_wise {ANY | SINGLE_ADDRESS {lan_user_start_ip

<ipaddress>} | ADDRESS_RANGE {lan_user_start_ip <ipaddress>}

{lan_user_end_ip <ipaddress>}} | group_wise <group name>}

wan_users {ANY | SINGLE_ADDRESS {wan_user_start_ip <ipaddress>}

| ADDRESS_RANGE {wan_user_start_ip <ipaddress>}

{wan_user_end_ip <ipaddress>}}

qos_priority {Normal-Service | Minimize-Cost |

Maximize-Reliability | Maximize-Throughput | Minimize-Delay}

log {NEVER | ALWAYS}

bandwidth_profile <profile name>

nat_ip type {WAN_INTERFACE_ADDRESS | SINGLE_ADDRESS

{address <ipaddress>}} security-config [firewall-ipv4-lan-wan-outbound]

Security Mode Configuration Commands

81

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Service name, action, and schedule

Description service_name default_services lan_users address_wise

ANY

, AIM, BGP, BOOTP_CLIENT,

BOOTP_SERVER

, CU-SEEME:UDP,

CU-SEEME:TCP

, DNS:UDP, DNS:TCP,

FINGER

, FTP, HTTP, HTTPS,

ICMP-TYPE-3

, ICMP-TYPE-4,

ICMP-TYPE-5

, ICMP-TYPE-6,

ICMP-TYPE-7

, ICMP-TYPE-8,

ICMP-TYPE-9

, ICMP-TYPE-10,

ICMP-TYPE-11

, ICMP-TYPE-13,

ICQ

, IMAP2, IMAP3, IRC, NEWS, NFS,

NNTP

, PING, POP3, PPTP, RCMD,

REAL-AUDIO

, REXEC, RLOGIN,

RTELNET

, RTSP:TCP, RTSP:UDP,

SFTP

, SMTP, SNMP:TCP, SNMP:UDP,

SNMP-TRAPS:TCP

,

SNMP-TRAPS:UDP

, SQL-NET,

SSH:TCP

, SSH:UDP, STRMWORKS,

TACACS

, TELNET, TFTP, RIP, IKE,

SHTTPD

, IPSEC-UDP-ENCAP, IDENT,

VDOLIVE

, SSH, SIP-TCP, or SIP-UDP

The default service and protocol to which the firewall rule applies.

service_name custom_services action

custom service name

schedule Schedule1

Schedule3

, Schedule2, or

LAN user addresses or LAN group and WAN user addresses

The custom service that you have configured with the

security services add

command.

ALWAYS_BLOCK

, ALWAYS_ALLOW,

BLOCK_BY_SCHEDULE_ELSE_ALLOW

, or

ALLOW_BY_SCHEDULE_ELSE_BLOCK

The type of action to be enforced by the rule.

The schedule, if any, that is applicable to the rule.

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The type of LAN address.

lan_user_start_ip lan_user_end_ip

ipaddress ipaddress

There are two options:

• The IP address if the lan_users

address_wise

keywords are set to SINGLE_ADDRESS.

• The start IP address if the

lan_users address_wise

keywords are set to

ADDRESS_RANGE

.

The end IP address if the

lan_users address_wise

keywords are set to

ADDRESS_RANGE

.

Security Mode Configuration Commands

82

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Description lan_users group_wise

group name

The name of the LAN group. The group name is either a default name (Group1, Group2, Group3, and so on) or a custom name that

you specified with the

net lan lan_groups edit <row id> <new group name>

command.

The type of WAN address.

wan_users ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE wan_user_start_ip wan_user_end_ip

QoS profile, logging, bandwidth profile, and NAT IP address qos_priority log

Normal-Service

, Minimize-Cost,

Maximize-Reliability

,

Maximize-Throughput

, or

Minimize-Delay

The type of QoS that applies to the rule.

NEVER

or ALWAYS

bandwidth_profile

profile name

Enables or disables logging.

The profile that you have configured with the

security bandwidth profile add

command.

nat_ip type nat_ip address

ipaddress ipaddress

WAN_INTERFACE_ADDRESS

or

SINGLE_ADDRESS

ipaddress

There are two options:

• The IP address if the wan_users keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

wan_users

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

wan_users

keyword is set to

ADDRESS_RANGE

.

Specifies the type of NAT IP address:

WAN_INTERFACE_ADDRESS.

The IP address of the WAN

(broadband) interface.

SINGLE_ADDRESS. Another IP address, which you need to configure using the nat_ip

address

keywords.

The NAT IP address, if the nat_ip

type

keywords are set to

SINGLE_ADDRESS

.

Security Mode Configuration Commands

83

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Command example: See the command example for the

security firewall ipv4 add_rule lan_wan outbound

command.

Related show command:

show security firewall ipv4 setup lan_wan

security firewall ipv4 add_rule lan_wan inbound

This command configures a new IPv4 LAN WAN outbound firewall rule. After you have issued the security firewall ipv4 add_rule lan_wan inbound command, you enter the security-config [firewall-ipv4-lan-wan-inbound] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule.

Step 1

Step 2

Format

security firewall ipv4 add_rule lan_wan inbound

Mode

security

Format

service_name {default_services <default service name> |

{custom_services <custom service name>}

action {ALWAYS_BLOCK | ALWAYS_ALLOW |

BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 |

Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK

{schedule {Schedule1 | Schedule2 | Schedule3}}}

Mode

send_to_lan_server {SINGLE_ADDRESS {send_to_lan_server_start_ip

<ipaddress>} | ADDRESS_RANGE {send_to_lan_server_start_ip

<ipaddress>} {send_to_lan_server_end_ip <ipaddress>}}

translate_to_port_number enable {N | Y

{translate_to_port_number port <number>}}

wan_destination_ip_address {WAN | OTHERS

{wan_destination_ip_address_start <ipaddress>} | RANGE

{wan_destination_ip_address_start <ipaddress>}

{wan_destination_ip_address_end <ipaddress>}}

lan_user {address_wise {ANY | SINGLE_ADDRESS {lan_user_start_ip

<ipaddress>} | ADDRESS_RANGE {lan_user_start_ip <ipaddress>}

{lan_user_end_ip <ipaddress>}} | group_wise <group name>}

wan_user {ANY | SINGLE_ADDRESS {wan_user_start_ip <ipaddress>}

| ADDRESS_RANGE {wan_user_start_ip <ipaddress>}

{wan_user_end_ip <ipaddress>}}

log {NEVER | ALWAYS}

bandwidth_profile <profile name> security-config [firewall-ipv4-lan-wan-inbound]

Security Mode Configuration Commands

84

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Service name, action, and schedule

Associated Keyword to Select or

Parameter to Type

Description service_name default_services service_name custom_services

ANY

, AIM, BGP, BOOTP_CLIENT,

BOOTP_SERVER

, CU-SEEME:UDP,

CU-SEEME:TCP

, DNS:UDP,

DNS:TCP

, FINGER, FTP, HTTP,

HTTPS

, ICMP-TYPE-3,

ICMP-TYPE-4

, ICMP-TYPE-5,

ICMP-TYPE-6

, ICMP-TYPE-7,

ICMP-TYPE-8

, ICMP-TYPE-9,

ICMP-TYPE-10

, ICMP-TYPE-11,

ICMP-TYPE-13

, ICQ, IMAP2,

IMAP3

, IRC, NEWS, NFS, NNTP,

PING

, POP3, PPTP, RCMD,

REAL-AUDIO

, REXEC, RLOGIN,

RTELNET

, RTSP:TCP, RTSP:UDP,

SFTP

, SMTP, SNMP:TCP, SNMP:UDP,

SNMP-TRAPS:TCP

,

SNMP-TRAPS:UDP

, SQL-NET,

SSH:TCP

, SSH:UDP, STRMWORKS,

TACACS

, TELNET, TFTP, RIP, IKE,

SHTTPD

, IPSEC-UDP-ENCAP,

IDENT

, VDOLIVE, SSH, SIP-TCP, or

SIP-UDP

The default service and protocol to which the firewall rule applies.

custom service name

The custom service that you have configured with the

security services add

command.

action ALWAYS_BLOCK

, ALWAYS_ALLOW,

BLOCK_BY_SCHEDULE_ELSE_ALLOW

, or ALLOW_BY_SCHEDULE_ELSE_BLOCK

The type of action to be enforced by the rule.

schedule Schedule1

, Schedule2, or

Schedule3

The schedule, if any, that is applicable to the rule.

LAN server addresses, port number translation, and WAN destination addresses send_to_lan_server ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The type of LAN address.

send_to_lan_server_start_ip send_to_lan_server_end_ip

ipaddress ipaddress

There are two options:

• The IP address if the

send_to_lan_server

keyword is to SINGLE_ADDRESS.

• The start IP address if the

send_to_lan_server

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

send_to_lan_server

keyword is set to ADDRESS_RANGE.

Security Mode Configuration Commands

85

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words) translate_to_port_number enable translate_to_port_number port wan_destination_ip_address wan_destination_ip_address_start wan_destination_ip_address_end

Associated Keyword to Select or

Parameter to Type

Description

Y

or N Enables or disables port forwarding.

number

WAN

, OTHERS, or RANGE

The port number (integer) if port forwarding is enabled. Valid numbers are 0 through 65535.

The type of destination WAN address for an inbound rule:

WAN. The default IP address of the WAN (broadband) interface.

OTHERS. Another public IP address, which you need to configure by issuing the

wan_destination_ip_address_start

keyword and specifying an IPv4 address.

RANGE. A range of public IP addresses, which you need to configure by issuing the

wan_destination_ip_address_start

and

wan_destination_ip_address_end

keywords and specifying IPv4 addresses.

ipaddress ipaddress

There are two options:

• The IP address if the

wan_destination_ip_address

keyword is set to OTHERS.

• The start IP address if the

wan_destination_ip_address

keyword is set to RANGE.

The end IP address if the

wan_destination_ip_address

keyword is set to RANGE.

LAN user addresses or LAN group and WAN user addresses lan_user address_wise ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE lan_user_start_ip

ipaddress

The type of LAN address.

For an inbound rule, this option is available only when the WAN mode is Classical Routing.

There are two options:

• The IP address if the lan_user

address_wise

keywords are set to SINGLE_ADDRESS.

• The start IP address if the

lan_user address_wise

keywords are set to

ADDRESS_RANGE

.

Security Mode Configuration Commands

86

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words) lan_user_end_ip lan_user group_wise wan_user wan_user_start_ip wan_user_end_ip

Associated Keyword to Select or

Parameter to Type

Description

ipaddress group name

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The end IP address if the

lan_user address_wise

keywords are set to

ADDRESS_RANGE

.

The name of the LAN group. The group name is either a default name (Group1, Group2, Group3, and so on) or a custom name that

you specified with the

net lan lan_groups edit <row id> <new group name>

command.

For an inbound rule, this option is available only when the WAN mode is Classical Routing.

The type of WAN address.

ipaddress ipaddress

There are two options:

• The IP address if the wan_user keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

wan_user

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

wan_user

keyword is set to

ADDRESS_RANGE

.

Logging and bandwidth profile log bandwidth_profile

NEVER

or ALWAYS

profile name

Enables or disables logging.

The profile that you have configured with the

security bandwidth profile add

command.

Command example:

FVS318N> security firewall ipv4 add_rule lan_wan inbound security-config[firewall-ipv4-lan-wan-inbound]> service_name default_services HTTP security-config[firewall-ipv4-lan-wan-inbound]> action

ALWAYS_ALLOW

security-config[firewall-ipv4-lan-wan-inbound]> send_to_lan_server SINGLE_ADDRESS security-config[firewall-ipv4-lan-wan-inbound]> send_to_lan_server_start_ip 192.168.5.69 security-config[firewall-ipv4-lan-wan-inbound]> wan_destination_ip_address WAN security-config[firewall-ipv4-lan-wan-inbound]> wan_user ANY security-config[firewall-ipv4-lan-wan-inbound]> log NEVER security-config[firewall-ipv4-lan-wan-inbound]> save

Related show command:

show security firewall ipv4 setup lan_wan

Security Mode Configuration Commands

87

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv4 edit_rule lan_wan inbound <row id>

This command configures an existing IPv4 LAN WAN inbound firewall rule. After you have issued the security firewall ipv4 edit_rule lan_wan inbound command to specify the row to be edited (for row information, see the output of the

show security firewall ipv4 setup lan_wan

command), you enter the security-config [firewall-ipv4-lan-wan-outbound] mode. You can then edit one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.

Step 1

Step 2

Format

security firewall ipv4 edit_rule lan_wan inbound <row id>

Mode

security

Format

service_name {default_services <default service name> |

{custom_services <custom service name>}

action {ALWAYS_BLOCK | ALWAYS_ALLOW |

BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 |

Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK

{schedule {Schedule1 | Schedule2 | Schedule3}}}

Mode

send_to_lan_server {SINGLE_ADDRESS {send_to_lan_server_start_ip

<ipaddress>} | ADDRESS_RANGE {send_to_lan_server_start_ip

<ipaddress>} {send_to_lan_server_end_ip <ipaddress>}}

translate_to_port_number enable {N | Y

{translate_to_port_number port <number>}}

wan_destination_ip_address {WAN | OTHERS

{wan_destination_ip_address_start <ipaddress>} | RANGE

{wan_destination_ip_address_start <ipaddress>}

{wan_destination_ip_address_end <ipaddress>}}

lan_user {address_wise {ANY | SINGLE_ADDRESS {lan_user_start_ip

<ipaddress>} | ADDRESS_RANGE {lan_user_start_ip <ipaddress>}

{lan_user_end_ip <ipaddress>}} | group_wise <group name>}

wan_user {ANY | SINGLE_ADDRESS {wan_user_start_ip <ipaddress>}

| ADDRESS_RANGE {wan_user_start_ip <ipaddress>}

{wan_user_end_ip <ipaddress>}}

log {NEVER | ALWAYS}

bandwidth_profile <profile name> security-config [firewall-ipv4-lan-wan-inbound]

Security Mode Configuration Commands

88

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Service name, action, and schedule

Associated Keyword to Select or

Parameter to Type

Description service_name default_services service_name custom_services

ANY

, AIM, BGP, BOOTP_CLIENT,

BOOTP_SERVER

, CU-SEEME:UDP,

CU-SEEME:TCP

, DNS:UDP,

DNS:TCP

, FINGER, FTP, HTTP,

HTTPS

, ICMP-TYPE-3,

ICMP-TYPE-4

, ICMP-TYPE-5,

ICMP-TYPE-6

, ICMP-TYPE-7,

ICMP-TYPE-8

, ICMP-TYPE-9,

ICMP-TYPE-10

, ICMP-TYPE-11,

ICMP-TYPE-13

, ICQ, IMAP2,

IMAP3

, IRC, NEWS, NFS, NNTP,

PING

, POP3, PPTP, RCMD,

REAL-AUDIO

, REXEC, RLOGIN,

RTELNET

, RTSP:TCP, RTSP:UDP,

SFTP

, SMTP, SNMP:TCP, SNMP:UDP,

SNMP-TRAPS:TCP

,

SNMP-TRAPS:UDP

, SQL-NET,

SSH:TCP

, SSH:UDP, STRMWORKS,

TACACS

, TELNET, TFTP, RIP, IKE,

SHTTPD

, IPSEC-UDP-ENCAP,

IDENT

, VDOLIVE, SSH, SIP-TCP, or

SIP-UDP

The default service and protocol to which the firewall rule applies.

custom service name

The custom service that you have configured with the

security services add

command.

action ALWAYS_BLOCK

, ALWAYS_ALLOW,

BLOCK_BY_SCHEDULE_ELSE_ALLOW

, or ALLOW_BY_SCHEDULE_ELSE_BLOCK

The type of action to be enforced by the rule.

schedule Schedule1

, Schedule2, or

Schedule3

The schedule, if any, that is applicable to the rule.

LAN server addresses, port number translation, and WAN destination addresses send_to_lan_server ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The type of LAN address.

send_to_lan_server_start_ip send_to_lan_server_end_ip

ipaddress ipaddress

There are two options:

• The IP address if the

send_to_lan_server

keyword is to SINGLE_ADDRESS.

• The start IP address if the

send_to_lan_server

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

send_to_lan_server

keyword is set to ADDRESS_RANGE.

Security Mode Configuration Commands

89

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words) translate_to_port_number enable translate_to_port_number port wan_destination_ip_address wan_destination_ip_address_start wan_destination_ip_address_end

Associated Keyword to Select or

Parameter to Type

Description

Y

or N Enables or disables port forwarding.

number

WAN

, OTHERS, or RANGE

The port number (integer) if port forwarding is enabled. Valid numbers are 0 through 65535.

The type of destination WAN address for an inbound rule:

WAN. The default IP address of the WAN (broadband) interface.

OTHERS. Another public IP address, which you need to configure by issuing the

wan_destination_ip_address_start

keyword and specifying an IPv4 address.

RANGE. A range of public IP addresses, which you need to configure by issuing the

wan_destination_ip_address_start

and

wan_destination_ip_address_end

keywords and specifying IPv4 addresses.

ipaddress ipaddress

There are two options:

• The IP address if the

wan_destination_ip_address

keyword is set to OTHERS.

• The start IP address if the

wan_destination_ip_address

keyword is set to RANGE.

The end IP address if the

wan_destination_ip_address

keyword is set to RANGE.

LAN user addresses or LAN group and WAN user addresses lan_user address_wise ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE lan_user_start_ip

ipaddress

The type of LAN address.

For an inbound rule, this option is available only when the WAN mode is Classical Routing.

There are two options:

• The IP address if the lan_users

address_wise

keywords are set to SINGLE_ADDRESS.

• The start IP address if the

lan_users address_wise

keywords are set to

ADDRESS_RANGE

.

Security Mode Configuration Commands

90

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words) lan_user_end_ip lan_users group_wise wan_user wan_user_start_ip wan_user_end_ip

Associated Keyword to Select or

Parameter to Type

Description

ipaddress group name

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The end IP address if the

lan_users address_wise

keywords are set to

ADDRESS_RANGE

.

The name of the LAN group. The group name is either a default name (Group1, Group2, Group3, and so on) or a custom name that

you specified with the

net lan lan_groups edit <row id> <new group name>

command.

For an inbound rule, this option is available only when the WAN mode is Classical Routing.

The type of WAN address.

ipaddress ipaddress

There are two options:

• The IP address if the wan_user keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

wan_user

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

wan_user

keyword is set to

ADDRESS_RANGE

.

Logging and bandwidth profile log bandwidth_profile

NEVER

or ALWAYS

profile name

Enables or disables logging.

The profile that you have configured with the

security bandwidth profile add

command.

Command example: See the command example for the

security firewall ipv4 add_rule lan_wan inbound

command.

Related show command:

show security firewall ipv4 setup lan_wan

security firewall ipv4 add_rule dmz_wan outbound

This command configures a new IPv4 DMZ WAN outbound firewall rule. After you have issued the security firewall ipv4 add_rule dmz_wan outbound command, you enter the security-config [firewall-ipv4-dmz-wan-outbound] mode, and then you can configure

Security Mode Configuration Commands

91

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule.

Step 1

Step 2

Format

security firewall ipv4 add_rule dmz_wan outbound

Mode

security

Format

service_name {default_services <default service name> |

{custom_services <custom service name>}

action {ALWAYS_BLOCK | ALWAYS_ALLOW |

BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 |

Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK

{schedule {Schedule1 | Schedule2 | Schedule3}}}

Mode

dmz_users {ANY | SINGLE_ADDRESS {dmz_user_start_ip <ipaddress>}

| ADDRESS_RANGE {dmz_user_start_ip <ipaddress>}

{dmz_user_end_ip <ipaddress>}}

wan_users {ANY | SINGLE_ADDRESS {wan_user_start_ip <ipaddress>}

| ADDRESS_RANGE {wan_user_start_ip <ipaddress>}

{wan_user_end_ip <ipaddress>}}

qos_priority {Normal-Service | Minimize-Cost |

Maximize-Reliability | Maximize-Throughput | Minimize-Delay}

log {NEVER | ALWAYS}

nat_ip type {WAN_INTERFACE_ADDRESS | SINGLE_ADDRESS

{address <ipaddress>}} security-config [firewall-ipv4-dmz-wan-outbound]

Security Mode Configuration Commands

92

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Service name, action, and schedule dmz_user_start_ip dmz_user_end_ip wan_users

ipaddress ipaddress

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

Description service_name default_services

ANY

, AIM, BGP, BOOTP_CLIENT,

BOOTP_SERVER

, CU-SEEME:UDP,

CU-SEEME:TCP

, DNS:UDP, DNS:TCP,

FINGER

, FTP, HTTP, HTTPS,

ICMP-TYPE-3

, ICMP-TYPE-4,

ICMP-TYPE-5

, ICMP-TYPE-6,

ICMP-TYPE-7

, ICMP-TYPE-8,

ICMP-TYPE-9

, ICMP-TYPE-10,

ICMP-TYPE-11

, ICMP-TYPE-13,

ICQ

, IMAP2, IMAP3, IRC, NEWS, NFS,

NNTP

, PING, POP3, PPTP, RCMD,

REAL-AUDIO

, REXEC, RLOGIN,

RTELNET

, RTSP:TCP, RTSP:UDP,

SFTP

, SMTP, SNMP:TCP, SNMP:UDP,

SNMP-TRAPS:TCP

,

SNMP-TRAPS:UDP

, SQL-NET,

SSH:TCP

, SSH:UDP, STRMWORKS,

TACACS

, TELNET, TFTP, RIP, IKE,

SHTTPD

, IPSEC-UDP-ENCAP, IDENT,

VDOLIVE

, SSH, SIP-TCP, or SIP-UDP

The default service and protocol to which the firewall rule applies.

service_name custom_services action

custom service name

schedule Schedule1

, Schedule2, or

Schedule3

The custom service that you have configured with the

security services add

command.

ALWAYS_BLOCK

, ALWAYS_ALLOW,

BLOCK_BY_SCHEDULE_ELSE_ALLOW

, or

ALLOW_BY_SCHEDULE_ELSE_BLOCK

The type of action to be enforced by the rule.

The schedule, if any, that is applicable to the rule.

DMZ user addresses and WAN user addresses dmz_users ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The type of DMZ address.

There are two options:

• The IP address if the dmz_users keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

dan_users

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

dan_users

keyword is set to

ADDRESS_RANGE

.

The type of WAN address.

Security Mode Configuration Commands

93

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Description wan_user_start_ip wan_user_end_ip

ipaddress ipaddress

There are two options:

• The IP address if the wan_users keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

wan_users

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

wan_users

keyword is set to

ADDRESS_RANGE

.

QoS profile, logging, and NAT IP address qos_priority log

Normal-Service

, Minimize-Cost,

Maximize-Reliability

,

Maximize-Throughput

, or

Minimize-Delay

The type of QoS that applies to the rule.

Enables or disables logging.

nat_ip type

NEVER

or ALWAYS

WAN_INTERFACE_ADDRESS

or

SINGLE_ADDRESS

Specifies the type of NAT IP address:

WAN_INTERFACE_ADDRESS.

The IP address of the WAN

(broadband) interface.

SINGLE_ADDRESS. Another IP address, which you need to configure using the nat_ip

address

keywords.

nat_ip address

ipaddress

The NAT IP address, if the nat_ip

type

keywords are set to

SINGLE_ADDRESS

.

Command example:

FVS318N> security firewall ipv4 add_rule dmz_wan outbound security-config[firewall-ipv4-dmz-wan-outbound]> service_name default_services FTP security-config[firewall-ipv4-dmz-wan-outbound]> action ALLOW_BY_SCHEDULE_ELSE_BLOCK security-config[firewall-ipv4-dmz-wan-outbound]> schedule Schedule2 security-config[firewall-ipv4-dmz-wan-outbound]> dmz_users ANY security-config[firewall-ipv4-dmz-wan-outbound]> wan_users ANY security-config[firewall-ipv4-dmz-wan-outbound]> qos_profile Maximize-Reliability security-config[firewall-ipv4-dmz-wan-outbound]> log Never security-config[firewall-ipv4-dmz-wan-outbound]> save

Related show command:

show security firewall ipv4 setup dmz_wan

Security Mode Configuration Commands

94

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv4 edit_rule dmz_wan outbound <row id>

This command configures an existing IPv4 DMZ WAN outbound firewall rule. After you have issued the security firewall ipv4 edit_rule dmz_wan outbound command to

specify the row to be edited (for row information, see the output of the

show security firewall ipv4 setup dmz_wan

command), you enter the security-config

[firewall-ipv4-dmz-wan-outbound] mode. You can then edit one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.

Step 1

Step 2

Format

security firewall ipv4 edit_rule dmz_wan outbound <row id>

Mode

security

Format

service_name {default_services <default service name> |

{custom_services <custom service name>}

action {ALWAYS_BLOCK | ALWAYS_ALLOW |

BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 |

Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK

{schedule {Schedule1 | Schedule2 | Schedule3}}}

Mode

dmz_users {ANY | SINGLE_ADDRESS {dmz_user_start_ip <ipaddress>}

| ADDRESS_RANGE {dmz_user_start_ip <ipaddress>}

{dmz_user_end_ip <ipaddress>}}

wan_users {ANY | SINGLE_ADDRESS {wan_user_start_ip <ipaddress>}

| ADDRESS_RANGE {wan_user_start_ip <ipaddress>}

{wan_user_end_ip <ipaddress>}}

qos_priority {Normal-Service | Minimize-Cost |

Maximize-Reliability | Maximize-Throughput | Minimize-Delay}

log {NEVER | ALWAYS}

nat_ip type {WAN_INTERFACE_ADDRESS | SINGLE_ADDRESS

{address <ipaddress>}} security-config [firewall-ipv4-dmz-wan-outbound]

Security Mode Configuration Commands

95

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Service name, action, and schedule

Description service_name default_services dmz_users

ANY

, AIM, BGP, BOOTP_CLIENT,

BOOTP_SERVER

, CU-SEEME:UDP,

CU-SEEME:TCP

, DNS:UDP, DNS:TCP,

FINGER

, FTP, HTTP, HTTPS,

ICMP-TYPE-3

, ICMP-TYPE-4,

ICMP-TYPE-5

, ICMP-TYPE-6,

ICMP-TYPE-7

, ICMP-TYPE-8,

ICMP-TYPE-9

, ICMP-TYPE-10,

ICMP-TYPE-11

, ICMP-TYPE-13,

ICQ

, IMAP2, IMAP3, IRC, NEWS, NFS,

NNTP

, PING, POP3, PPTP, RCMD,

REAL-AUDIO

, REXEC, RLOGIN,

RTELNET

, RTSP:TCP, RTSP:UDP,

SFTP

, SMTP, SNMP:TCP, SNMP:UDP,

SNMP-TRAPS:TCP

,

SNMP-TRAPS:UDP

, SQL-NET,

SSH:TCP

, SSH:UDP, STRMWORKS,

TACACS

, TELNET, TFTP, RIP, IKE,

SHTTPD

, IPSEC-UDP-ENCAP, IDENT,

VDOLIVE

, SSH, SIP-TCP, or SIP-UDP

The default service and protocol to which the firewall rule applies.

service_name custom_services action

custom service name

schedule Schedule1

Schedule3

, Schedule2, or

DMZ user addresses and WAN user addresses

The custom service that you have configured with the

security services add

command.

ALWAYS_BLOCK

, ALWAYS_ALLOW,

BLOCK_BY_SCHEDULE_ELSE_ALLOW

, or

ALLOW_BY_SCHEDULE_ELSE_BLOCK

The type of action to be enforced by the rule.

The schedule, if any, that is applicable to the rule.

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The type of DMZ address.

dmz_user_start_ip dmz_user_end_ip wan_users

ipaddress ipaddress

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

There are two options:

• The IP address if the dmz_users keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

dan_users

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

dan_users

keyword is set to

ADDRESS_RANGE

.

The type of WAN address.

Security Mode Configuration Commands

96

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Description wan_user_start_ip wan_user_end_ip

QoS profile, logging, and NAT IP address qos_priority Normal-Service

, Minimize-Cost,

Maximize-Reliability

,

Maximize-Throughput

, or

Minimize-Delay

The type of QoS that applies to the rule.

log nat_ip type nat_ip address

ipaddress ipaddress

NEVER

or ALWAYS

WAN_INTERFACE_ADDRESS

or

SINGLE_ADDRESS

ipaddress

There are two options:

• The IP address if the wan_users keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

wan_users

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

wan_users

keyword is set to

ADDRESS_RANGE

.

Enables or disables logging.

Specifies the type of NAT IP address:

WAN_INTERFACE_ADDRESS.

The IP address of the WAN

(broadband) interface.

SINGLE_ADDRESS. Another IP address, which you need to configure using the nat_ip

address

keywords.

The NAT IP address, if the nat_ip

type

keywords are set to

SINGLE_ADDRESS

.

Command example: See the command example for the

security firewall ipv4 add_rule dmz_wan outbound

command.

Related show command:

show security firewall ipv4 setup dmz_wan

security firewall ipv4 add_rule dmz_wan inbound

This command configures a new IPv4 DMZ WAN inbound firewall rule. After you have issued the security firewall ipv4 add_rule dmz_wan inbound command, you enter the security-config [firewall-ipv4-dmz-wan-inbound] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you

Security Mode Configuration Commands

97

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule.

Step 1

Step 2

Format

security firewall ipv4 add_rule dmz_wan inbound

Mode

security

Format

service_name {default_services <default service name> |

{custom_services <custom service name>}

action {ALWAYS_BLOCK | ALWAYS_ALLOW |

BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 |

Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK

{schedule {Schedule1 | Schedule2 | Schedule3}}}

Mode

send_to_dmz_server_ip <ipaddress>

translate_to_port_number enable {N | Y

{translate_to_port_number port <number>}}

wan_destination_ip_address {WAN | OTHERS

{wan_destination_ip_address_start <ipaddress>}

dmz_users {ANY | SINGLE_ADDRESS {dmz_user_start_ip <ipaddress>}

| ADDRESS_RANGE {dmz_user_start_ip <ipaddress>}

{dmz_user_end_ip <ipaddress>}}

wan_users {ANY | SINGLE_ADDRESS {wan_user_start_ip <ipaddress>}

| ADDRESS_RANGE {wan_user_start_ip <ipaddress>}

{wan_user_end_ip <ipaddress>}}

log {NEVER | ALWAYS} security-config [firewall-ipv4-dmz-wan-inbound]

Security Mode Configuration Commands

98

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Service name, action, and schedule

Associated Keyword to Select or

Parameter to Type

Description service_name default_services service_name custom_services

ANY

, AIM, BGP, BOOTP_CLIENT,

BOOTP_SERVER

, CU-SEEME:UDP,

CU-SEEME:TCP

, DNS:UDP,

DNS:TCP

, FINGER, FTP, HTTP,

HTTPS

, ICMP-TYPE-3,

ICMP-TYPE-4

, ICMP-TYPE-5,

ICMP-TYPE-6

, ICMP-TYPE-7,

ICMP-TYPE-8

, ICMP-TYPE-9,

ICMP-TYPE-10

, ICMP-TYPE-11,

ICMP-TYPE-13

, ICQ, IMAP2,

IMAP3

, IRC, NEWS, NFS, NNTP,

PING

, POP3, PPTP, RCMD,

REAL-AUDIO

, REXEC, RLOGIN,

RTELNET

, RTSP:TCP, RTSP:UDP,

SFTP

, SMTP, SNMP:TCP, SNMP:UDP,

SNMP-TRAPS:TCP

,

SNMP-TRAPS:UDP

, SQL-NET,

SSH:TCP

, SSH:UDP, STRMWORKS,

TACACS

, TELNET, TFTP, RIP, IKE,

SHTTPD

, IPSEC-UDP-ENCAP,

IDENT

, VDOLIVE, SSH, SIP-TCP, or

SIP-UDP

The default service and protocol to which the firewall rule applies.

custom service name

The custom service that you have configured with the

security services add

command.

action ALWAYS_BLOCK

, ALWAYS_ALLOW,

BLOCK_BY_SCHEDULE_ELSE_ALLOW

, or ALLOW_BY_SCHEDULE_ELSE_BLOCK

The type of action to be enforced by the rule.

schedule Schedule1

, Schedule2, or

Schedule3

The schedule, if any, that is applicable to the rule.

DMZ server address, port number translation, and WAN destination address send_to_dmz_server_ip

ipaddress

The IP address of the DMZ server.

translate_to_port_number enable translate_to_port_number port

Y

or N

number

Enables or disables port forwarding.

The port number (integer) if port forwarding is enabled. Valid numbers are 0 through 65535.

Security Mode Configuration Commands

99

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words) wan_destination_ip_address wan_destination_ip_address_start

Associated Keyword to Select or

Parameter to Type

Description

WAN

or OTHERS The type of destination WAN address for an inbound rule:

WAN. The default IP address of the WAN (broadband) interface.

OTHERS. Another public IP address, which you need to configure by issuing the

wan_destination_ip_address_start

keyword and specifying an IPv4 address.

ipaddress

The IP address if the

wan_destination_ip_address

keyword is set to OTHERS.

DMZ user addresses and WAN user addresses dmz_users ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE dmz_user_start_ip dmz_user_end_ip wan_users

ipaddress ipaddress

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The type of DMZ address.

For an inbound rule, this option is available only when the WAN mode is Classical Routing.

There are two options:

• The IP address if the dmz_users keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

dmz_users

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

dmz_users

keyword is set to

ADDRESS_RANGE

.

The type of WAN address.

wan_user_start_ip wan_user_end_ip

ipaddress ipaddress

There are two options:

• The IP address if the wan_users keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

wan_users

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

wan_users

keyword is set to

ADDRESS_RANGE

.

Logging log NEVER

or ALWAYS Enables or disables logging.

Security Mode Configuration Commands

100

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Command example:

FVS318N> security firewall ipv4 add_rule dmz_wan inbound security-config[firewall-ipv4-dmz-wan-inbound]> service_name custom_services Traceroute security-config[firewall-ipv4-lan-wan-inbound]> action ALWAYS_ALLOW security-config[firewall-ipv4-lan-wan-inbound]> send_to_dmz_server_ip 176.21.214.2 security-config[firewall-ipv4-lan-wan-inbound]> translate_to_port_number enable Y security-config[firewall-ipv4-lan-wan-inbound]> translate_to_port_number port 4500 security-config[firewall-ipv4-lan-wan-inbound]> wan_destination_ip_address OTHERS security-config[firewall-ipv4-lan-wan-inbound]> wan_destination_ip_address_start 10.115.97.174 security-config[firewall-ipv4-lan-wan-inbound]> wan_users ANY security-config[firewall-ipv4-lan-wan-inbound]> log Always security-config[firewall-ipv4-lan-wan-inbound]> save

Related show command:

show security firewall ipv4 setup dmz_wan

security firewall ipv4 edit_rule dmz_wan inbound <row id>

This command configures an existing IPv4 DMZ WAN inbound firewall rule. After you have issued the security firewall ipv4 edit_rule dmz_wan inbound command to

specify the row to be edited (for row information, see the output of the

show security firewall ipv4 setup dmz_wan

command), you enter the security-config [firewall-ipv4-dmz-wan-inbound] mode. You can then edit one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.

Step 1

Step 2

Format

security firewall ipv4 edit_rule dmz_wan inbound <row id>

Mode

security

Format

service_name {default_services <default service name> |

{custom_services <custom service name>}

action {ALWAYS_BLOCK | ALWAYS_ALLOW |

BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 |

Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK

{schedule {Schedule1 | Schedule2 | Schedule3}}}

send_to_dmz_server_ip <ipaddress>

translate_to_port_number enable {N | Y

{translate_to_port_number port <number>}}

wan_destination_ip_address {WAN | OTHERS

{wan_destination_ip_address_start <ipaddress>}

dmz_users {ANY | SINGLE_ADDRESS {dmz_user_start_ip <ipaddress>}

| ADDRESS_RANGE {dmz_user_start_ip <ipaddress>}

{dmz_user_end_ip <ipaddress>}}

wan_users {ANY | SINGLE_ADDRESS {wan_user_start_ip <ipaddress>}

| ADDRESS_RANGE {wan_user_start_ip <ipaddress>}

{wan_user_end_ip <ipaddress>}}

Security Mode Configuration Commands

101

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

log {NEVER | ALWAYS} security-config [firewall-ipv4-dmz-wan-inbound]

Mode

Keyword (might consist of two separate words)

Service name, action, and schedule

Associated Keyword to Select or

Parameter to Type

Description service_name default_services service_name custom_services

ANY

, AIM, BGP, BOOTP_CLIENT,

BOOTP_SERVER

, CU-SEEME:UDP,

CU-SEEME:TCP

, DNS:UDP,

DNS:TCP

, FINGER, FTP, HTTP,

HTTPS

, ICMP-TYPE-3,

ICMP-TYPE-4

, ICMP-TYPE-5,

ICMP-TYPE-6

, ICMP-TYPE-7,

ICMP-TYPE-8

, ICMP-TYPE-9,

ICMP-TYPE-10

, ICMP-TYPE-11,

ICMP-TYPE-13

, ICQ, IMAP2,

IMAP3

, IRC, NEWS, NFS, NNTP,

PING

, POP3, PPTP, RCMD,

REAL-AUDIO

, REXEC, RLOGIN,

RTELNET

, RTSP:TCP, RTSP:UDP,

SFTP

, SMTP, SNMP:TCP, SNMP:UDP,

SNMP-TRAPS:TCP

,

SNMP-TRAPS:UDP

, SQL-NET,

SSH:TCP

, SSH:UDP, STRMWORKS,

TACACS

, TELNET, TFTP, RIP, IKE,

SHTTPD

, IPSEC-UDP-ENCAP,

IDENT

, VDOLIVE, SSH, SIP-TCP, or

SIP-UDP

The default service and protocol to which the firewall rule applies.

custom service name

The custom service that you have configured with the

security services add

command.

action ALWAYS_BLOCK

, ALWAYS_ALLOW,

BLOCK_BY_SCHEDULE_ELSE_ALLOW

, or ALLOW_BY_SCHEDULE_ELSE_BLOCK

The type of action to be enforced by the rule.

schedule Schedule1

, Schedule2, or

Schedule3

The schedule, if any, that is applicable to the rule.

DMZ server address, port number translation, and WAN destination address send_to_dmz_server_ip

ipaddress

The IP address of the DMZ server.

translate_to_port_number enable translate_to_port_number port

Y

or N

number

Enables or disables port forwarding.

The port number (integer) if port forwarding is enabled. Valid numbers are 0 through 65535.

Security Mode Configuration Commands

102

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words) wan_destination_ip_address wan_destination_ip_address_start

Associated Keyword to Select or

Parameter to Type

Description

WAN

or OTHERS

ipaddress

The type of destination WAN address for an inbound rule:

WAN. The default IP address of the WAN (broadband) interface.

OTHERS. Another public IP address, which you need to configure by issuing the

wan_destination_ip_address_start

keyword and specifying an IPv4 address.

The IP address if the

wan_destination_ip_address

keyword is set to OTHERS.

DMZ user addresses and WAN user addresses dmz_users ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE dmz_user_start_ip dmz_user_end_ip wan_users

ipaddress ipaddress

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The type of DMZ address.

For an inbound rule, this option is available only when the WAN mode is Classical Routing.

There are two options:

• The IP address if the dmz_users keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

dmz_users

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

dmz_users

keyword is set to

ADDRESS_RANGE

.

The type of WAN address.

wan_user_start_ip wan_user_end_ip

ipaddress ipaddress

There are two options:

• The IP address if the wan_users keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

wan_users

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

wan_users

keyword is set to

ADDRESS_RANGE

.

Logging log NEVER

or ALWAYS Enables or disables logging.

Security Mode Configuration Commands

103

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Command example: See the command example for the

security firewall ipv4 add_rule dmz_wan inbound

command.

Related show command:

show security firewall ipv4 setup dmz_wan

security firewall ipv4 add_rule lan_dmz outbound

This command configures a new IPv4 LAN DMZ outbound firewall rule. After you have issued the security firewall ipv4 add_rule lan_dmz outbound command, you enter the security-config [firewall-ipv4-lan-dmz-outbound] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule.

Step 1

Step 2

Format

security firewall ipv4 add_rule lan_dmz outbound

Mode

security

Format

service_name {default_services <default service name> |

{custom_services <custom service name>}

action {ALWAYS_BLOCK | ALWAYS_ALLOW |

BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 |

Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK

{schedule {Schedule1 | Schedule2 | Schedule3}}}

Mode

lan_users {address_wise {ANY | SINGLE_ADDRESS {lan_user_start_ip

<ipaddress>} | ADDRESS_RANGE {lan_user_start_ip <ipaddress>}

{lan_user_end_ip <ipaddress>}} | group_wise <group name>}

dmz_users {ANY | SINGLE_ADDRESS {dmz_user_start_ip <ipaddress>}

| ADDRESS_RANGE {dmz_user_start_ip <ipaddress>}

{dmz_user_end_ip <ipaddress>}}

log {NEVER | ALWAYS} security-config [firewall-ipv4-lan-dmz-outbound]

Security Mode Configuration Commands

104

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Service name, action, and schedule lan_user_start_ip lan_user_end_ip

ipaddress ipaddress

Description service_name default_services

ANY

, AIM, BGP, BOOTP_CLIENT,

BOOTP_SERVER

, CU-SEEME:UDP,

CU-SEEME:TCP

, DNS:UDP, DNS:TCP,

FINGER

, FTP, HTTP, HTTPS,

ICMP-TYPE-3

, ICMP-TYPE-4,

ICMP-TYPE-5

, ICMP-TYPE-6,

ICMP-TYPE-7

, ICMP-TYPE-8,

ICMP-TYPE-9

, ICMP-TYPE-10,

ICMP-TYPE-11

, ICMP-TYPE-13,

ICQ

, IMAP2, IMAP3, IRC, NEWS, NFS,

NNTP

, PING, POP3, PPTP, RCMD,

REAL-AUDIO

, REXEC, RLOGIN,

RTELNET

, RTSP:TCP, RTSP:UDP,

SFTP

, SMTP, SNMP:TCP, SNMP:UDP,

SNMP-TRAPS:TCP

,

SNMP-TRAPS:UDP

, SQL-NET,

SSH:TCP

, SSH:UDP, STRMWORKS,

TACACS

, TELNET, TFTP, RIP, IKE,

SHTTPD

, IPSEC-UDP-ENCAP, IDENT,

VDOLIVE

, SSH, SIP-TCP, or SIP-UDP

The default service and protocol to which the firewall rule applies.

service_name custom_services action

custom service name

schedule Schedule1

, Schedule2, or

Schedule3

The custom service that you have configured with the

security services add

command.

ALWAYS_BLOCK

, ALWAYS_ALLOW,

BLOCK_BY_SCHEDULE_ELSE_ALLOW

, or

ALLOW_BY_SCHEDULE_ELSE_BLOCK

The type of action to be enforced by the rule.

The schedule, if any, that is applicable to the rule.

LAN user addresses or LAN group and DMZ user addresses lan_users address_wise ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The type of LAN address.

There are two options:

• The IP address if the lan_users

address_wise

keywords are set to SINGLE_ADDRESS.

• The start IP address if the

lan_users

address_wise keywords are set to

ADDRESS_RANGE

.

The end IP address if the

lan_users address_wise

keywords are set to

ADDRESS_RANGE

.

Security Mode Configuration Commands

105

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type lan_users group_wise

group name

dmz_users

Description

The name of the LAN group. The group name is either a default name (Group1, Group2, Group3, and so on) or a custom name that you specified with the

net lan lan_groups edit <row id> <new group name>

command.

The type of DMZ address.

dmz_user_start_ip

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

ipaddress

dmz_user_end_ip

ipaddress

There are two options:

• The IP address if the dmz_users keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

dan_users

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

dan_users

keyword is set to

ADDRESS_RANGE

.

Logging log NEVER

or ALWAYS Enables or disables logging.

Command example:

FVS318N> security firewall ipv4 add_rule lan_dmz outbound security-config[firewall-ipv4-lan-dmz-outbound]> service_name default_services FTP security-config[firewall-ipv4-lan-dmz-outbound]> action ALWAYS_ALLOW security-config[firewall-ipv4-lan-dmz-outbound]> lan_users group_wise GROUP3 security-config[firewall-ipv4-lan-dmz-outbound]> dmz_users ADDRESS_RANGE security-config[firewall-ipv4-lan-dmz-outbound]> dmz_user_start_ip 176.16.2.65 security-config[firewall-ipv4-lan-dmz-outbound]> dmz_user_end_ip 176.16.2.85 security-config[firewall-ipv4-lan-dmz-outbound]> log Never security-config[firewall-ipv4-lan-dmz-outbound]> save

Related show command:

show security firewall ipv4 setup lan_dmz

security firewall ipv4 edit_rule lan_dmz outbound <row id>

This command configures an existing IPv4 LAN DMZ outbound firewall rule. After you have issued the security firewall ipv4 edit_rule lan_dmz outbound command to specify the row to be edited (for row information, see the output of the

show security firewall ipv4 setup lan_dmz

command), you enter the security-config [firewall-ipv4-lan-dmz-outbound] mode. You can then edit one keyword and associated parameter or associated keyword at a

Security Mode Configuration Commands

106

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.

Step 1

Step 2

Format

security firewall ipv4 edit_rule lan_dmz outbound <row id>

Mode

security

Format

service_name {default_services <default service name> |

{custom_services <custom service name>}

action {ALWAYS_BLOCK | ALWAYS_ALLOW |

BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 |

Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK

{schedule {Schedule1 | Schedule2 | Schedule3}}}

lan_users {address_wise {ANY | SINGLE_ADDRESS {lan_user_start_ip

<ipaddress>} | ADDRESS_RANGE {lan_user_start_ip <ipaddress>}

{lan_user_end_ip <ipaddress>}} | group_wise <group name>}

dmz_users {ANY | SINGLE_ADDRESS {dmz_user_start_ip <ipaddress>}

| ADDRESS_RANGE {dmz_user_start_ip <ipaddress>}

{dmz_user_end_ip <ipaddress>}}

log {NEVER | ALWAYS} security-config [firewall-ipv4-lan-dmz-outbound]

Mode

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Service name, action, and schedule service_name default_services service_name custom_services

Description

ANY

, AIM, BGP, BOOTP_CLIENT,

BOOTP_SERVER

, CU-SEEME:UDP,

CU-SEEME:TCP

, DNS:UDP, DNS:TCP,

FINGER

, FTP, HTTP, HTTPS,

ICMP-TYPE-3

, ICMP-TYPE-4,

ICMP-TYPE-5

, ICMP-TYPE-6,

ICMP-TYPE-7

, ICMP-TYPE-8,

ICMP-TYPE-9

, ICMP-TYPE-10,

ICMP-TYPE-11

, ICMP-TYPE-13,

ICQ

, IMAP2, IMAP3, IRC, NEWS, NFS,

NNTP

, PING, POP3, PPTP, RCMD,

REAL-AUDIO

, REXEC, RLOGIN,

RTELNET

, RTSP:TCP, RTSP:UDP,

SFTP

, SMTP, SNMP:TCP, SNMP:UDP,

SNMP-TRAPS:TCP

,

SNMP-TRAPS:UDP

, SQL-NET,

SSH:TCP

, SSH:UDP, STRMWORKS,

TACACS

, TELNET, TFTP, RIP, IKE,

SHTTPD

, IPSEC-UDP-ENCAP, IDENT,

VDOLIVE

, SSH, SIP-TCP, or SIP-UDP

The default service and protocol to which the firewall rule applies.

custom service name

The custom service that you have configured with the

security services add

command.

Security Mode Configuration Commands

107

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type action

Description

ALWAYS_BLOCK

, ALWAYS_ALLOW,

BLOCK_BY_SCHEDULE_ELSE_ALLOW

, or

ALLOW_BY_SCHEDULE_ELSE_BLOCK

The type of action to be enforced by the rule.

schedule Schedule1

, Schedule2, or

Schedule3

The schedule, if any, that is applicable to the rule.

LAN user addresses or LAN group and DMZ user addresses lan_users address_wise ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The type of LAN address.

lan_user_start_ip lan_user_end_ip lan_users group_wise dmz_users

ipaddress ipaddress group name

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

There are two options:

• The IP address if the lan_users

address_wise

keywords are set to SINGLE_ADDRESS.

• The start IP address if the

lan_users

address_wise keywords are set to

ADDRESS_RANGE

.

The end IP address if the

lan_users address_wise

keywords are set to

ADDRESS_RANGE

.

The name of the LAN group. The group name is either a default name (Group1, Group2, Group3, and so on) or a custom name that you specified with the

net lan lan_groups edit <row id> <new group name>

command.

The type of DMZ address.

dmz_user_start_ip dmz_user_end_ip

ipaddress ipaddress

There are two options:

• The IP address if the dmz_users keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

dan_users

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

dan_users

keyword is set to

ADDRESS_RANGE

.

Logging log NEVER

or ALWAYS Enables or disables logging.

Security Mode Configuration Commands

108

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Command example: See the command example for the

security firewall ipv4 add_rule lan_dmz outbound

command.

Related show command:

show security firewall ipv4 setup lan_dmz

security firewall ipv4 add_rule lan_dmz inbound

This command configures a new IPv4 LAN DMZ inbound firewall rule. After you have issued the security firewall ipv4 add_rule lan_dmz inbound command, you enter the security-config [firewall-ipv4-lan-dmz-outbound] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule.

Step 1

Step 2

Format

security firewall ipv4 add_rule lan_dmz inbound

Mode

security

Format

service_name {default_services <default service name> |

{custom_services <custom service name>}

action {ALWAYS_BLOCK | ALWAYS_ALLOW |

BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 |

Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK

{schedule {Schedule1 | Schedule2 | Schedule3}}}

Mode

lan_users {address_wise {ANY | SINGLE_ADDRESS {lan_user_start_ip

<ipaddress>} | ADDRESS_RANGE {lan_user_start_ip <ipaddress>}

{lan_user_end_ip <ipaddress>}} | group_wise <group name>}

dmz_users {ANY | SINGLE_ADDRESS {dmz_user_start_ip <ipaddress>}

| ADDRESS_RANGE {dmz_user_start_ip <ipaddress>}

{dmz_user_end_ip <ipaddress>}}

log {NEVER | ALWAYS} security-config [firewall-ipv4-lan-dmz-inbound]

Security Mode Configuration Commands

109

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Service name, action, and schedule

Description service_name default_services lan_users address_wise

ANY

, AIM, BGP, BOOTP_CLIENT,

BOOTP_SERVER

, CU-SEEME:UDP,

CU-SEEME:TCP

, DNS:UDP, DNS:TCP,

FINGER

, FTP, HTTP, HTTPS,

ICMP-TYPE-3

, ICMP-TYPE-4,

ICMP-TYPE-5

, ICMP-TYPE-6,

ICMP-TYPE-7

, ICMP-TYPE-8,

ICMP-TYPE-9

, ICMP-TYPE-10,

ICMP-TYPE-11

, ICMP-TYPE-13,

ICQ

, IMAP2, IMAP3, IRC, NEWS, NFS,

NNTP

, PING, POP3, PPTP, RCMD,

REAL-AUDIO

, REXEC, RLOGIN,

RTELNET

, RTSP:TCP, RTSP:UDP,

SFTP

, SMTP, SNMP:TCP, SNMP:UDP,

SNMP-TRAPS:TCP

,

SNMP-TRAPS:UDP

, SQL-NET,

SSH:TCP

, SSH:UDP, STRMWORKS,

TACACS

, TELNET, TFTP, RIP, IKE,

SHTTPD

, IPSEC-UDP-ENCAP, IDENT,

VDOLIVE

, SSH, SIP-TCP, or SIP-UDP

The default service and protocol to which the firewall rule applies.

service_name custom_services action

custom service name

schedule Schedule1

Schedule3

, Schedule2, or

LAN user addresses or LAN group and DMZ user addresses

The custom service that you have configured with the

security services add

command.

ALWAYS_BLOCK

, ALWAYS_ALLOW,

BLOCK_BY_SCHEDULE_ELSE_ALLOW

, or

ALLOW_BY_SCHEDULE_ELSE_BLOCK

The type of action to be enforced by the rule.

The schedule, if any, that is applicable to the rule.

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The type of LAN address.

lan_user_start_ip lan_user_end_ip

ipaddress ipaddress

There are two options:

• The IP address if the lan_users

address_wise

keywords are set to SINGLE_ADDRESS.

• The start IP address if the

lan_users

address_wise keywords are set to

ADDRESS_RANGE

.

The end IP address if the

lan_users address_wise

keywords are set to

ADDRESS_RANGE

.

Security Mode Configuration Commands

110

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type lan_users group_wise

group name

dmz_users

Description

The name of the LAN group. The group name is either a default name (Group1, Group2, Group3, and so on) or a custom name that

you specified with the

net lan lan_groups edit <row id> <new group name>

command.

The type of DMZ address.

dmz_user_start_ip

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

ipaddress

dmz_user_end_ip

ipaddress

There are two options:

• The IP address if the dmz_users keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

dan_users

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

dan_users

keyword is set to

ADDRESS_RANGE

.

Logging log NEVER

or ALWAYS Enables or disables logging.

Command example:

FVS318N> security firewall ipv4 add_rule lan_dmz inbound security-config[firewall-ipv4-lan-dmz-inbound]> service_name default_services SSH:UDP security-config[firewall-ipv4-lan-dmz-inbound]> action BLOCK_BY_SCHEDULE_ELSE_ALLOW security-config[firewall-ipv4-lan-dmz-inbound]> schedule Schedule1 security-config[firewall-ipv4-lan-dmz-inbound]> lan_users address_wise SINGLE_ADDRESS security-config[firewall-ipv4-lan-dmz-inbound]> lan_user_start_ip 192.168.4.109 security-config[firewall-ipv4-lan-dmz-inbound]> dmz_users SINGLE_ADDRESS security-config[firewall-ipv4-lan-dmz-inbound]> dmz_user_start_ip 176.16.2.211 security-config[firewall-ipv4-lan-dmz-inbound]> log Always security-config[firewall-ipv4-lan-dmz-inbound]> save

Related show command:

show security firewall ipv4 setup lan_dmz

security firewall ipv4 edit_rule lan_dmz inbound <row id>

This command configures an existing IPv4 LAN DMZ inbound firewall rule. After you have issued the security firewall ipv4 edit_rule lan_dmz inbound command to

specify the row to be edited (for row information, see the output of the

show security firewall ipv4 setup lan_dmz

command), you enter the security-config [firewall-ipv4-lan-dmz-outbound]

Security Mode Configuration Commands

111

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

mode. You can then edit one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.

Step 1

Step 2

Format

security firewall ipv4 edit_rule lan_dmz inbound <row id>

Mode

security

Format

service_name {default_services <default service name> |

{custom_services <custom service name>}

action {ALWAYS_BLOCK | ALWAYS_ALLOW |

BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 |

Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK

{schedule {Schedule1 | Schedule2 | Schedule3}}}

lan_users {address_wise {ANY | SINGLE_ADDRESS {lan_user_start_ip

<ipaddress>} | ADDRESS_RANGE {lan_user_start_ip <ipaddress>}

{lan_user_end_ip <ipaddress>}} | group_wise <group name>}

dmz_users {ANY | SINGLE_ADDRESS {dmz_user_start_ip <ipaddress>}

| ADDRESS_RANGE {dmz_user_start_ip <ipaddress>}

{dmz_user_end_ip <ipaddress>}}

log {NEVER | ALWAYS} security-config [firewall-ipv4-lan-dmz-inbound]

Mode

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Description

Service name, action, and schedule service_name default_services

ANY

, AIM, BGP, BOOTP_CLIENT,

BOOTP_SERVER

, CU-SEEME:UDP,

CU-SEEME:TCP

, DNS:UDP, DNS:TCP,

FINGER

, FTP, HTTP, HTTPS,

ICMP-TYPE-3

, ICMP-TYPE-4,

ICMP-TYPE-5

, ICMP-TYPE-6,

ICMP-TYPE-7

, ICMP-TYPE-8,

ICMP-TYPE-9

, ICMP-TYPE-10,

ICMP-TYPE-11

, ICMP-TYPE-13,

ICQ

, IMAP2, IMAP3, IRC, NEWS, NFS,

NNTP

, PING, POP3, PPTP, RCMD,

REAL-AUDIO

, REXEC, RLOGIN,

RTELNET

, RTSP:TCP, RTSP:UDP,

SFTP

, SMTP, SNMP:TCP, SNMP:UDP,

SNMP-TRAPS:TCP

,

SNMP-TRAPS:UDP

, SQL-NET,

SSH:TCP

, SSH:UDP, STRMWORKS,

TACACS

, TELNET, TFTP, RIP, IKE,

SHTTPD

, IPSEC-UDP-ENCAP, IDENT,

VDOLIVE

, SSH, SIP-TCP, or SIP-UDP

The default service and protocol to which the firewall rule applies.

Security Mode Configuration Commands

112

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Description service_name custom_services action

custom service name

schedule Schedule1

Schedule3

, Schedule2, or

LAN user addresses or LAN group and DMZ user addresses

The custom service that you have configured with the

security services add

command.

ALWAYS_BLOCK

, ALWAYS_ALLOW,

BLOCK_BY_SCHEDULE_ELSE_ALLOW

, or

ALLOW_BY_SCHEDULE_ELSE_BLOCK

The type of action to be enforced by the rule.

The schedule, if any, that is applicable to the rule.

lan_users address_wise ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The type of LAN address.

lan_user_start_ip lan_user_end_ip lan_users group_wise dmz_users

ipaddress ipaddress group name

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

There are two options:

• The IP address if the lan_users

address_wise

keywords are set to SINGLE_ADDRESS.

• The start IP address if the

lan_users

address_wise keywords are set to

ADDRESS_RANGE

.

The end IP address if the

lan_users address_wise

keywords are set to

ADDRESS_RANGE

.

The name of the LAN group. The group name is either a default name (Group1, Group2, Group3, and so on) or a custom name that

you specified with the

net lan lan_groups edit <row id> <new group name>

command.

The type of DMZ address.

dmz_user_start_ip dmz_user_end_ip

ipaddress ipaddress

There are two options:

• The IP address if the dmz_users keyword is set to

SINGLE_ADDRESS

.

• The start IP address if the

dan_users

keyword is set to

ADDRESS_RANGE

.

The end IP address if the

dan_users

keyword is set to

ADDRESS_RANGE

.

Security Mode Configuration Commands

113

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Logging log NEVER

or ALWAYS

Description

Enables or disables logging.

Command example: See the command example for the

security firewall ipv4 add_rule lan_dmz inbound

command.

Related show command:

show security firewall ipv4 setup lan_dmz

IPv4 General Firewall Commands

security firewall ipv4 default_outbound_policy {Allow | Block}

This command allows or blocks the IPv4 firewall default outbound policy.

Format

Mode

security firewall ipv4 default_outbound_policy {Allow | Block} security

Related show command:

show security firewall ipv4 setup lan_wan

,

show security firewall ipv4 setup dmz_wan

, and

show security firewall ipv4 setup lan_dmz

security firewall ipv4 delete <row id>

This command deletes an IPv4 firewall rule by deleting its row ID.

Format

Mode

security firewall ipv4 delete <row id> security

Related show command:

show security firewall ipv4 setup lan_wan

,

show security firewall ipv4 setup dmz_wan

, and

show security firewall ipv4 setup lan_dmz

Security Mode Configuration Commands

114

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv4 disable <row id>

This command disables an IPv4 firewall rule by specifying its row ID.

Format

Mode

security firewall ipv4 disable <row id> security

Related show command:

show security firewall ipv4 setup lan_wan

,

show security firewall ipv4 setup dmz_wan

, and

show security firewall ipv4 setup lan_dmz

security firewall ipv4 enable <row id>

This command enables an IPv4 firewall rule by specifying its row ID.

Format

Mode

security firewall ipv4 enable <row id> security

Related show command:

show security firewall ipv4 setup lan_wan

,

show security firewall ipv4 setup dmz_wan

, and

show security firewall ipv4 setup lan_dmz

IPv6 Firewall Commands

security firewall ipv6 default_outbound_policy {Allow | Block}

This command allows or blocks the IPv6 firewall default outbound policy.

Format

Mode

security firewall ipv6 default_outbound_policy {Allow | Block} security

Related show command:

show security firewall ipv6 setup

security firewall ipv6 configure

This command configures a new IPv6 firewall rule. After you have issued the security

firewall ipv6 configure

command, you enter the security-config [firewall-ipv6] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.

Security Mode Configuration Commands

115

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 1

Step 2

Format

security firewall ipv6 configure

Mode

security

Format

from_zone {LAN | WAN | DMZ}

to_zone {LAN | WAN | DMZ}

service_name {default_services <default service name> |

custom_services <custom service name>}

action {ALWAYS_BLOCK | ALWAYS_ALLOW |

BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 |

Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK

{schedule {Schedule1 | Schedule2 | Schedule3}}}

source_address_type {ANY | SINGLE_ADDRESS {source_start_address

<ipv6-address>} | ADDRESS_RANGE {source_start_address

<ipv6-address>} {source_end_address <ipv6-address>}}

destination_address_type {ANY | SINGLE_ADDRESS

{destination_start_address <ipv6-address>} | ADDRESS_RANGE

{destination_start_address <ipv6-address>}

{destination_end_address <ipv6-address>}}

qos_priority {Normal-Service | Minimize-Cost |

Maximize-Reliability | Maximize-Throughput | Minimize-Delay}

log {NEVER | ALWAYS} security-config [firewall-ipv6]

Mode

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Direction of service, service name, action, and schedule from_zone LAN

, WAN, or DMZ

to_zone LAN

, WAN, or DMZ

Description

Select the outbound direction:

LAN. From the LAN.

WAN. From the WAN.

DMZ. From the DMZ.

Select the inbound direction:

LAN. To the LAN.

WAN. To the WAN.

DMZ. To the DMZ.

Security Mode Configuration Commands

116

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words) service_name default_services

Associated Keyword to Select or

Parameter to Type

Description

ANY

, AIM, BGP, BOOTP_CLIENT,

BOOTP_SERVER

, CU-SEEME:UDP,

CU-SEEME:TCP

, DNS:UDP, DNS:TCP,

FINGER

, FTP, HTTP, HTTPS,

ICMP-TYPE-3

, ICMP-TYPE-4,

ICMP-TYPE-5

, ICMP-TYPE-6,

ICMP-TYPE-7

, ICMP-TYPE-8,

ICMP-TYPE-9

, ICMP-TYPE-10,

ICMP-TYPE-11

, ICMP-TYPE-13,

ICQ

, IMAP2, IMAP3, IRC, NEWS, NFS,

NNTP

, PING, POP3, PPTP, RCMD,

REAL-AUDIO

, REXEC, RLOGIN,

RTELNET

, RTSP:TCP, RTSP:UDP,

SFTP

, SMTP, SNMP:TCP, SNMP:UDP,

SNMP-TRAPS:TCP

,

SNMP-TRAPS:UDP

, SQL-NET,

SSH:TCP

, SSH:UDP, STRMWORKS,

TACACS

, TELNET, TFTP, RIP, IKE,

SHTTPD

, IPSEC-UDP-ENCAP, IDENT,

VDOLIVE

, SSH, SIP-TCP, or SIP-UDP

The default service and protocol to which the firewall rule applies.

service_name custom_services action

custom service name

schedule Schedule1

, Schedule2, or

Schedule3

The custom service that you have

configured with the

security services add

command.

ALWAYS_BLOCK

, ALWAYS_ALLOW,

BLOCK_BY_SCHEDULE_ELSE_ALLOW

, or

ALLOW_BY_SCHEDULE_ELSE_BLOCK

The type of action to be taken by the rule.

The schedule, if any, that is applicable to the rule.

LAN, WAN, and DMZ source and destination IP addresses source_address_type ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The type of source address.

source_start_address source_end_address

ipv6-address ipv6-address

There are two options:

• The IPv6 address if the

source_address_type

keyword is set to

SINGLE_ADDRESS

.

• The start IPv6 address if the

source_address_type

keyword is set to

ADDRESS_RANGE

.

The end IPv6 address if the

source_address_type

keyword is set to

ADDRESS_RANGE

.

Security Mode Configuration Commands

117

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words) destination_address_type

Associated Keyword to Select or

Parameter to Type

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE destination_start_address

ipv6-address

destination_end_address

ipv6-address

Description

The type of destination address.

There are two options:

• The IPv6 address if the

destination_address_type

keyword is set to

SINGLE_ADDRESS

.

• The start IPv6 address if the

destination_address_type

keyword is set to

ADDRESS_RANGE

.

The end IPv6 address if the

destination_address_type

keyword is set to

ADDRESS_RANGE

.

QoS profile and logging qos_priority log

Normal-Service

, Minimize-Cost,

Maximize-Reliability

,

Maximize-Throughput

, or

Minimize-Delay

The type of QoS that applies to the rule. You can apply QoS to

LAN WAN and DMZ WAN outbound rules only.

NEVER

or ALWAYS Enables or disables logging.

Command example:

FVS318N> security firewall ipv6 configure security-config[firewall-ipv6]> from_zone WAN security-config[firewall-ipv6]> to_zone LAN security-config[firewall-ipv6]> service_name default_services RTELNET security-config[firewall-ipv6]> action ALWAYS_ALLOW security-config[firewall-ipv6]> source_address_type SINGLE_ADDRESS security-config[firewall-ipv6]> source_start_address 2002::B32:AAB1:fD41 security-config[firewall-ipv6]> destination_address_type SINGLE_ADDRESS security-config[firewall-ipv6]> destination_start_address FEC0::db8:145 security-config[firewall-ipv6]> log ALWAYS security-config[firewall-ipv6]> save

Related show command:

show security firewall ipv6 setup

security firewall ipv6 edit <row id>

This command configures an existing IPv6 firewall rule. After you have issued the security

firewall ipv6 edit

command to specify the row to be edited (for row information, see

Security Mode Configuration Commands

118

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

the output of the

show security firewall ipv6 setup

command), you enter the security-config

[firewall-ipv6] mode.You can then edit one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.

Step 1

Step 2

Format

security firewall ipv6 edit <row id>

Mode

security

Format

from_zone {LAN | WAN | DMZ}

to_zone {LAN | WAN | DMZ}

service_name {default_services <default service name> |

custom_services <custom service name>}

action {ALWAYS_BLOCK | ALWAYS_ALLOW |

BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 |

Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK

{schedule {Schedule1 | Schedule2 | Schedule3}}}

source_address_type {ANY | SINGLE_ADDRESS {source_start_address

<ipv6-address>} | ADDRESS_RANGE {source_start_address

<ipv6-address>} {source_end_address <ipv6-address>}}

destination_address_type {ANY | SINGLE_ADDRESS

{destination_start_address <ipv6-address>} | ADDRESS_RANGE

{destination_start_address <ipv6-address>}

{destination_end_address <ipv6-address>}}

qos_priority {Normal-Service | Minimize-Cost |

Maximize-Reliability | Maximize-Throughput | Minimize-Delay}

log {NEVER | ALWAYS} security-config [firewall-ipv6]

Mode

Keyword (might consist of two separate words)

Associated Keyword to Select or

Parameter to Type

Direction of service, service name, action, and schedule from_zone LAN

, WAN, or DMZ

to_zone LAN

, WAN, or DMZ

Description

Select the outbound direction:

LAN. From the LAN.

WAN. From the WAN.

DMZ. From the DMZ.

Select the inbound direction:

LAN. To the LAN.

WAN. To the WAN.

DMZ. To the DMZ.

Security Mode Configuration Commands

119

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words) service_name default_services

Associated Keyword to Select or

Parameter to Type

Description

ANY

, AIM, BGP, BOOTP_CLIENT,

BOOTP_SERVER

, CU-SEEME:UDP,

CU-SEEME:TCP

, DNS:UDP, DNS:TCP,

FINGER

, FTP, HTTP, HTTPS,

ICMP-TYPE-3

, ICMP-TYPE-4,

ICMP-TYPE-5

, ICMP-TYPE-6,

ICMP-TYPE-7

, ICMP-TYPE-8,

ICMP-TYPE-9

, ICMP-TYPE-10,

ICMP-TYPE-11

, ICMP-TYPE-13,

ICQ

, IMAP2, IMAP3, IRC, NEWS, NFS,

NNTP

, PING, POP3, PPTP, RCMD,

REAL-AUDIO

, REXEC, RLOGIN,

RTELNET

, RTSP:TCP, RTSP:UDP,

SFTP

, SMTP, SNMP:TCP, SNMP:UDP,

SNMP-TRAPS:TCP

,

SNMP-TRAPS:UDP

, SQL-NET,

SSH:TCP

, SSH:UDP, STRMWORKS,

TACACS

, TELNET, TFTP, RIP, IKE,

SHTTPD

, IPSEC-UDP-ENCAP, IDENT,

VDOLIVE

, SSH, SIP-TCP, or SIP-UDP

The default service and protocol to which the firewall rule applies.

service_name custom_services action

custom service name

schedule Schedule1

Schedule3

, Schedule2, or

LAN, WAN, and DMZ source and destination IP addresses

The custom service that you have configured with the

security services add

command.

ALWAYS_BLOCK

, ALWAYS_ALLOW,

BLOCK_BY_SCHEDULE_ELSE_ALLOW

, or

ALLOW_BY_SCHEDULE_ELSE_BLOCK

The type of action to be taken by the rule.

The schedule, if any, that is applicable to the rule.

source_address_type ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE

The type of source address.

source_start_address source_end_address

ipv6-address ipv6-address

There are two options:

• The IPv6 address if the

source_address_type

keyword is set to

SINGLE_ADDRESS

.

• The start IPv6 address if the

source_address_type

keyword is set to

ADDRESS_RANGE

.

The end IPv6 address if the

source_address_type

keyword is set to

ADDRESS_RANGE

.

Security Mode Configuration Commands

120

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words) destination_address_type

Associated Keyword to Select or

Parameter to Type

ANY

, SINGLE_ADDRESS, or

ADDRESS_RANGE destination_start_address

ipv6-address

destination_end_address

ipv6-address

Description

The type of destination address.

There are two options:

• The IPv6 address if the

destination_address_type

keyword is set to

SINGLE_ADDRESS

.

• The start IPv6 address if the

destination_address_type

keyword is set to

ADDRESS_RANGE

.

The end IPv6 address if the

destination_address_type

keyword is set to

ADDRESS_RANGE

.

QoS profile and logging qos_priority log

Normal-Service

, Minimize-Cost,

Maximize-Reliability

,

Maximize-Throughput

, or

Minimize-Delay

The type of QoS that applies to the rule. You can apply QoS to

LAN WAN and DMZ WAN outbound rules only.

NEVER

or ALWAYS Enables or disables logging.

Command example: See the command example for the

security firewall ipv6 configure

command.

Related show command:

show security firewall ipv6 setup

security firewall ipv6 delete <row id>

This command deletes an IPv6 firewall rule by deleting its row ID.

Format

Mode

security firewall ipv6 delete <row id> security

Related show command:

show security firewall ipv6 setup

Security Mode Configuration Commands

121

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv6 disable <row id>

This command disables an IPv6 firewall rule by specifying its row ID.

Format

Mode

security firewall ipv6 disable <row id> security

Related show command:

show security firewall ipv6 setup

security firewall ipv6 enable <row id>

This command enables an IPv6 firewall rule by specifying its row ID.

Format

Mode

security firewall ipv6 enable <row id> security

Related show command:

show security firewall ipv6 setup

Attack Check Commands

security firewall attack_checks configure ipv4

This command configures ipv4 WAN and LAN security attack checks. After you have issued the security firewall attack_checks configure ipv4 command, you enter the security-config [attack-checks-ipv4] mode, and then you can edit one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format security firewall attack_checks configure ipv4

Mode

security

Format

respond_to_ping_on_internet_ports {Y | N}

enable_stealth_mode {Y | N}

block_tcp_flood {Y | N}

block_udp_flood {Y | N}

disable_ping_reply_on_lan {Y | N}

Mode

security-config [attack-checks-ipv4]

Security Mode Configuration Commands

122

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword Associated Keyword to Select

Description

WAN security checks respond_to_ping_on_internet_ports Y

or N Enables or disables the response to a ping from the WAN port.

enable_stealth_mode Y

or N

block_tcp_flood Y

or N

Enables or disables stealth mode.

Blocks or allows TCP floods on the WAN port.

LAN security checks block_udp_flood disable_ping_reply_on_lan

Y

or N

Y

or N

Blocks or allows UDP floods on LAN ports.

Enables or disables ping replies from

LAN ports.

Command example:

FVS318N> security firewall attack_checks configure ipv4 security-config[attack-checks-ipv4]> respond_to_ping_on_internet_ports N security-config[attack-checks-ipv4]> enable_stealth_mode Y security-config[attack-checks-ipv4]> block_tcp_flood Y security-config[attack-checks-ipv4]> block_udp_flood N security-config[attack-checks-ipv4]> disable_ping_reply_on_lan Y security-config[attack-checks-ipv4]> save

Related show command:

show security firewall attack_checks setup ipv4

security firewall attack_checks igmp setup

This command enables or disables multicast pass-through by enabling or disabling the IGMP proxy for IPv4 traffic. After you have issued the security firewall attack_checks

igmp setup

command, you enter the security-advanced-config [igmp] mode, and then you can enable or disable the IGMP proxy.

Step 1

Step 2

Format security firewall attack_checks igmp setup

Mode

security

Format

enable_igmp_proxy {Y | N}

Mode

security-advanced-config [igmp]

Related show command:

show security firewall attack_checks igmp

Security Mode Configuration Commands

123

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall attack_checks jumboframe setup

This command enables or disables jumbo frames for IPv4 traffic. After you have issued the

security firewall attack_checks jumboframe setup

command, you enter the security-advanced-config [jumbo-frame] mode, and then you can enable or disable jumbo frames.

Step 1

Step 2

Format security firewall attack_checks jumboframe setup

Mode

security

Format

enable_jumboframe {Y | N}

Mode

security-advanced-config [jumbo-frame]

Related show command:

show security firewall attack_checks jumboframe

security firewall attack_checks vpn_passthrough configure

This command configures VPN pass-through for IPv4 traffic. After you have issued the

security firewall attack_checks vpn_passthrough configure

command, you enter the security-config [vpn-passthrough] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format security firewall attack_checks vpn_passthrough configure

Mode

security

Format

ipsec_enable {Y | N}

l2tp_enable {Y | N}

pptp_enable {Y | N}

Mode

security-config [vpn-passthrough]

Keyword Associated Keyword to Select

Description ipsec_enable Y

or N

l2tp_enable Y

or N

pptp_enable Y

or N

Enables or disables IPSec pass-through.

Enables or disables L2TP pass-through.

Enables or disables PPTP pass-through.

Command example:

FVS318N> security firewall attack_checks vpn_passthrough configure security-config[vpn-passthrough]> ipsec_enable Y security-config[vpn-passthrough]> l2tp_enable Y security-config[vpn-passthrough]> pptp_enable N security-config[vpn-passthrough]> save

Security Mode Configuration Commands

124

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Related show command:

show security firewall attack_checks vpn_passthrough setup

security firewall attack_checks configure ipv6

This command configures ipv6 WAN security attack checks. After you have issued the

security firewall attack_checks configure ipv6

command, you enter the security-config [attack-checks-ipv6] mode, and then you can edit one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format security firewall attack_checks configure ipv6

Mode

security

Format

respond_to_ping_on_internet_ports {Y | N}

vpn_ipsec_passthrough {Y | N}

Mode

security-config [attack-checks-ipv6]

Keyword Associated Keyword to Select

Description respond_to_ping_on_internet_ports Y

or N

vpn_ipsec_passthrough Y

or N

Enables or disables the response to a ping from the WAN port.

Enables or disables IPSec VPN traffic that is initiated from the LAN to reach the

WAN, irrespective of the default firewall outbound policy and custom firewall rules.

Command example:

FVS318N> security firewall attack_checks configure ipv6 security-config[attack-checks-ipv6]> respond_to_ping_on_internet_ports N security-config[attack-checks-ipv6]> vpn_ipsec_passthrough Y security-config[attack-checks-ipv6]> save

Related show command:

show security firewall attack_checks setup ipv4

Session Limit, Time-Out, and Advanced Commands

security firewall session_limit configure

This command configures global session limits. After you have issued the security

firewall session_limit configure

command, you enter the security-config [session-limit] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Security Mode Configuration Commands

125

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 1

Step 2

Format

security firewall session_limit configure

Mode

security

Format

enable {Y | N}

conn_limit_type {Percentage_Of_MaxSessions | Number_Of_Sessions}

user_limit <number>

Mode

security-config [session-limit]

Keyword Associated Keyword to Select or Parameter to Type

Description enable user_limit

Y

or N

number

Enables or disables session limits.

conn_limit_type Percentage_Of_MaxSessions

or Number_Of_Sessions

The type of session limits:

Percentage_Of_MaxSessions. Specifies a percentage of the total session connection capacity on the wireless VPN firewall.

Number_Of_Sessions. An absolute number of maximum sessions.

The percentage of the total session connection capacity on the wireless VPN firewall or an absolute number of maximum sessions.

Command example:

FVS318N> security firewall session_limit configure security-config[session-limit]> enable Y security-config[session-limit]> conn_limit_type Percentage_Of_MaxSessions security-config[session-limit]> user_limit 80 security-config[session-limit]> save

Related show command:

show security firewall session_limit

security firewall session_settings configure

This command configures global session time-outs. After you have issued the security

firewall session_settings configure

command, you enter the security-config [session-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1 Format

security firewall session_settings configure

Mode

security

Security Mode Configuration Commands

126

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 2 Format

tcp_session_timeout <seconds>

udp_session_timeout <seconds>

icmp_session_timeout <seconds>

Mode

security-config [session-settings]

Keyword tcp_session_timeout udp_session_timeout icmp_session_timeout

Associated Parameter to Type

Description

seconds seconds seconds

Configures the TCP session timeout period (integer) in seconds.

Configures the UDP session timeout period (integer) in seconds.

Configures the ICMP session timeout period (integer) in seconds.

Command example:

FVS318N> security firewall session_settings configure security-config[session-settings]> tcp_session_timeout 3600 security-config[session-settings]> udp_session_timeout 180 security-config[session-settings]> icmp_session_timeout 120 security-config[session-settings]> save

Related show command:

show security firewall session_settings

security firewall advanced algs

This command configures Session Initiation Protocol (SIP) support for the application level gateway (ALG). After you have issued the security firewall advanced algs command, you enter the security-config [firewall-alg] mode, and then you can configure SIP support.

Step 1

Step 2

Format

security firewall advanced algs

Mode

security

Format

sip {Y | N}

Mode

security-config [firewall-alg]

Keyword

Sip

Associated Keyword to Select

Description

Y

or N Enables or disables SIP for the ALG.

Related show command:

show security firewall advanced algs

Security Mode Configuration Commands

127

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Address Filter and IP/MAC Binding Commands

security address_filter mac_filter configure

This command configures the source MAC address filter. After you have issued the

security address_filter mac_filter configure

command, you enter the

security-config [mac-filter] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

security address_filter mac_filter configure

Mode

security

Format

enable {N | Y {policy {Permit-And-Block-Rest |

Block-And-Permit-Rest}}

Mode

security-config [mac-filter]

Keyword enable policy

Associated Keyword to

Select or Parameter to Type

Description

Y

or N Enables or disables the source MAC address filter.

Permit-And-Block-Rest

or

Block-And-Permit-Rest

Sets the policy of the source MAC address filter.

Command example:

FVS318N> security address_filter mac_filter configure security-config[mac-filter]> enable Y security-config[mac-filter]> policy Block-And-Permit-Rest security-config[mac-filter]> save

Related show command:

show security address_filter mac_filter setup

security address_filter mac_filter source add

This command adds a new MAC address to the MAC address table for the source MAC address filter. After you have issued the security address_filter mac_filter

source add

command, you enter the security-config [mac-filter-source] mode, and then you can add a MAC address.

Step 1

Step 2

Format

security address_filter mac_filter source add

Mode

security

Format

address <mac address>

Mode

security-config [mac-filter-source]

Security Mode Configuration Commands

128

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Related show command:

show security address_filter mac_filter setup

security address_filter mac_filter source delete <row id>

This command deletes a MAC address from the MAC address table by deleting its row ID.

Format

Mode

security address_filter mac_filter source delete <row id> security

Related show command:

show security address_filter mac_filter setup

security address_filter ip_or_mac_binding add

This command configures a new IP/MAC binding rule. After you have issued the security

address_filter ip_or_mac_binding add

command, you enter the security-config [ip-or-mac-binding] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

security address_filter ip_or_mac_binding add

Mode

security

Format

name <rule name>

mac_address <mac address>

ip_version {IPv4 {ip_address <ipaddress>} | IPv6 {ip_address6

<ipv6-address>}}

log_dropped_packets {Y | N}

Mode

security-config [ip-or-mac-binding]

Keyword name mac_address ip_version ip_address

Associated Keyword to

Select or Parameter to Type

Description

rule name mac address

The name (alphanumeric string) of the IP/MAC binding rule.

The MAC address to which the IP/MAC binding rule is applied.

IPv4

or IPv6

ipaddress

Specifies the type of IP address to which the

IP/MAC binding rule is applied:

IPv4. You need to issue the ip_address keyword and specify an IPv4 address.

IPv6. You need to issue the ip_address6 keyword and specify an IPv6 address.

The IPv4 address to which the IP/MAC binding rule is applied.

Security Mode Configuration Commands

129

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword ip_address6

Associated Keyword to

Select or Parameter to Type

Description

ipv6-address

The IPv6 address to which the IP/MAC binding rule is applied.

log_dropped_packets Y

or N Enables or disables logging for the IP/MAC binding rule.

Command example:

FVS318N> security address_filter ip_or_mac_binding add security-config[ip-or-mac-binding]> name Rule1 security-config[ip-or-mac-binding]> 00:aa:23:be:03:a1 security-config[ip-or-mac-binding]> ip_version IPv4 security-config[ip-or-mac-binding]> 192.168.10.153 security-config[ip-or-mac-binding]> log_dropped_packets Y security-config[ip-or-mac-binding]> save

Related show command:

show security address_filter ip_or_mac_binding setup

security address_filter ip_or_mac_binding edit <row id>

This command configures an existing IP/MAC binding rule. After you have issued the

security address_filter ip_or_mac_binding edit

command to specify the row to be edited, you enter the security-config [ip-or-mac-binding] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

security address_filter ip_or_mac_binding edit <row id>

Mode

security

Format

name <rule name>

mac_address <mac address>

ip_version {IPv4 {ip_address <ipaddress>} | IPv6 {ip_address6

<ipv6-address>}}

log_dropped_packets {Y | N}

Mode

security-config [ip-or-mac-binding]

Keyword name mac_address

Associated Keyword to

Select or Parameter to Type

Description

rule name mac address

The name (alphanumeric string) of the IP/MAC binding rule.

The MAC address to which the IP/MAC binding rule is applied.

Security Mode Configuration Commands

130

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword ip_version ip_address ip_address6 log_dropped_packets

Associated Keyword to

Select or Parameter to Type

Description

IPv4

or IPv6 Specifies the type of IP address to which the

IP/MAC binding rule is applied:

IPv4. You need to issue the ip_address keyword and specify an IPv4 address.

IPv6. You need to issue the ip_address6 keyword and specify an IPv6 address.

ipaddress ipv6-address

Y

or N

The IPv4 address to which the IP/MAC binding rule is applied.

The IPv6 address to which the IP/MAC binding rule is applied.

Enables or disables logging for the IP/MAC binding rule.

Related show command:

show security address_filter ip_or_mac_binding setup

security address_filter ip_or_mac_binding delete <row id>

This command deletes an IP/MAC binding rule by deleting its row ID.

Format

Mode

security address_filter ip_or_mac_binding delete <row id> security

Related show command:

show security address_filter ip_or_mac_binding setup

security address_filter ip_or_mac_binding enable_email_log <ip version>

This command configures the email log for IP/MAC binding violations. After you have issued the security address_filter ip_or_mac_binding enable_email_log command to specify the IP version (IPv4 or IPv6), you enter the security-config [ip-or-mac-binding] mode, and then you can configure the email log setting.

Step 1

Step 2

Format

security address_filter ip_or_mac_binding enable_email_log

Mode

security

Format

enable_email_logs {Y | N}

Mode

security-config [ip-or-mac-binding]

Security Mode Configuration Commands

131

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword Associated Keyword to Select

Description enable_email_logs Y

or N Enables or disables the email log or IP/MAC Binding violations.

Related show command:

show security address_filter enable_email_log

Port Triggering Commands

security porttriggering_rules add

This command configures a new port triggering rule. After you have issued the security

porttriggering_rules add

command, you enter the security-config [porttriggering-rules] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

security porttriggering_rules add

Mode

security

Format

name <rule name>

enable_rule {Y | N}

protocol {TCP | UDP}

outgoing_start_port <number>

outgoing_end_port <number>

incoming_start_port <number>

incoming_end_port <number>

Mode

security-config [porttriggering-rules]

Keyword name enable_rule protocol outgoing_start_port outgoing_end_port

Associated Keyword to

Select or Parameter to Type

Description

rule name

The name (alphanumeric string) of the port triggering rule.

Y

or N

TCP

or UDP

number number

Enables or disables the port triggering rule.

Specifies whether the port uses the TCP or UDP protocol.

The start port number (integer) of the outgoing traffic range. Valid numbers are from 0 to 65535.

The end port number (integer) of the outgoing traffic range. Valid numbers are from 0 to 65535.

Security Mode Configuration Commands

132

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword incoming_start_port incoming_end_port

Associated Keyword to

Select or Parameter to Type

Description

number number

The start port number (integer) of the incoming traffic range. Valid numbers are from 0 to 65535.

The end port number (integer) of the incoming traffic range. Valid numbers are from 0 to 65535.

Command example:

FVS318N> security porttriggering_rules add security-config[porttriggering-rules]> name AccInq security-config[porttriggering-rules]> enable_rule Y security-config[porttriggering-rules]> protocol TCP security-config[porttriggering-rules]> outgoing_start_port 20020 security-config[porttriggering-rules]> outgoing_end_port 20022 security-config[porttriggering-rules]> incoming_start_port 30030 security-config[porttriggering-rules]> incoming_end_port 30040 security-config[porttriggering-rules]> save

Related show command:

show security porttriggering_rules setup

and

show security porttriggering_rules status

security porttriggering_rules edit <row id>

This command configures an existing port triggering rule. After you have issued the

security porttriggering_rules edit

command to specify the row to be edited, you enter the security-config [porttriggering-rules] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

security porttriggering_rules edit <row id>

Mode

security

Format

name <rule name>

enable_rule {Y | N}

protocol {TCP | UDP}

outgoing_start_port <number>

outgoing_end_port <number>

incoming_start_port <number>

incoming_end_port <number>

Mode

security-config [porttriggering-rules]

Security Mode Configuration Commands

133

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword name enable_rule protocol

Associated Keyword to

Select or Parameter to Type

Description

rule name

The name (alphanumeric string) of the port triggering rule.

Y

or N

TCP

or UDP

outgoing_start_port number

Enables or disables the port triggering rule.

Specifies whether the port uses the TCP or UDP protocol.

The start port number (integer) of the outgoing traffic range. Valid numbers are from 0 to 65535.

outgoing_end_port

incoming_start_port number

incoming_end_port

number number

The end port number (integer) of the outgoing traffic range. Valid numbers are from 0 to 65535.

The start port number (integer) of the incoming traffic range. Valid numbers are from 0 to 65535.

The end port number (integer) of the incoming traffic range. Valid numbers are from 0 to 65535.

Related show command:

show security porttriggering_rules setup

and

show security porttriggering_rules status

security porttriggering_rules delete <row id>

This command deletes a port triggering rule by deleting its row.

Format

Mode

security porttriggering_rules delete <row id> security

Related show command:

show security porttriggering_rules setup

and

show security porttriggering_rules status

UPnP Command

security upnp configure

This command configures Universal Plug and Play (UPnP). After you have issued the net

security upnp configure

command, you enter the security-config [upnp] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Security Mode Configuration Commands

134

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 1

Step 2

Format security upnp configure

Mode

security

Format

enable {Y | N}

advertisement period <seconds>

advertisement time_to_live <seconds>

Mode

security-config [upnp]

Keyword (might consist of two separate words) enable advertisement period

Associated Keyword to

Select or Parameter to Type

Description

Y

or N seconds

Enables or disables UPnP.

The advertisement period in seconds, from 1 to 86400 seconds.

advertisement time_to_live

seconds The advertisement time-to-live period in seconds, from 1 to 255 seconds.

Command example:

FVS318N> security upnp configure security-config[upnp]> enable Y security-config[upnp]> advertisement period 60 security-config[upnp]> advertisement time_to_live 6 security-config[upnp]> save

Related show command:

show security upnp setup

and

show security upnp portmap

Bandwidth Profile Commands

security bandwidth profile add

This command configures a new bandwidth profile. After you have issued the security

bandwidth profile add

command, you enter the security-config [bandwidth-profile] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1 Format

security bandwidth profile add

Mode

security

Security Mode Configuration Commands

135

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 2 Format

name <profile name>

direction {Inbound | Outbound | Both _Directions}

inbound_minimum_rate <kbps>

inbound_maximum_rate <kbps>

outbound_minimum_rate <kbps>

outbound_maximum_rate <kbps>

is_group {Individual | Group}

Mode

security-config [bandwidth-profile]

Keyword name direction inbound_minimum_rate inbound_maximum_rate outbound_minimum_rate outbound_maximum_rate is_group

Associated Keyword to

Select or Parameter to Type

Description

profile name

Inbound, Outbound

, or

Both_Directions

The profile name (alphanumeric string).

The direction to which the bandwidth profile applies.

kbps kbps kbps kbps

Individual

or Group

The minimum inbound bandwidth in kbps (0 to

100000) provided to the group or individual user.

The maximum inbound bandwidth in kbps (110 to

100000) provided to the group or individual user.

The minimum outbound bandwidth in kbps (0 to

100000) provided to the group or individual user.

The maximum outbound bandwidth in kbps (110 to 100000) provided to the group or individual user.

The type for the bandwidth profile:

Individual. The profile applies to an individual user.

Group. The profile applies to a group.

Command example:

FVS318N> security bandwidth profile add security-config[bandwidth-profile]> name BW_Sales security-config[bandwidth-profile]> direction Both _Directions security-config[bandwidth-profile]> inbound_minimum_rate 1000 security-config[bandwidth-profile]> inbound_maximum_rate 10000 security-config[bandwidth-profile]> outbound_minimum_rate 1000 security-config[bandwidth-profile]> outbound_maximum_rate 10000 security-config[bandwidth-profile]> is_group Group security-config[bandwidth-profile]> save

Related show command:

show security bandwidth profile setup

Security Mode Configuration Commands

136

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security bandwidth profile edit <row id>

This command configures an existing bandwidth profile. After you have issued the security

bandwidth profile edit

command to specify the row to be edited, you enter the security-config [bandwidth-profile] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.s

Step 1

Step 2

Format

security bandwidth profile edit <row id>

Mode

security

Format

name <profile name>

direction {Inbound | Outbound | Both _Directions}

inbound_minimum_rate <kbps>

inbound_maximum_rate <kbps>

outbound_minimum_rate <kbps>

outbound_maximum_rate <kbps>

is_group {Individual | Group}

Mode

security-config [bandwidth-profile]

Keyword name direction inbound_minimum_rate

Associated Keyword to

Select or Parameter to Type

Description

profile name

Inbound, Outbound

, or

Both_Directions

kbps

The profile name (alphanumeric string).

The direction to which the bandwidth profile applies.

The minimum inbound bandwidth in kbps (0 to

100000) provided to the group or individual user.

inbound_maximum_rate outbound_minimum_rate outbound_maximum_rate is_group

kbps kbps kbps

Individual

or Group

The maximum inbound bandwidth in kbps (110 to

100000) provided to the group or individual user.

The minimum outbound bandwidth in kbps (0 to

100000) provided to the group or individual user.

The maximum outbound bandwidth in kbps (110 to 100000) provided to the group or individual user.

The type for the bandwidth profile:

Individual. The profile applies to an individual user.

Group. The profile applies to a group.

Related show command:

show security bandwidth profile setup

Security Mode Configuration Commands

137

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security bandwidth profile delete <row id>

This command deletes a bandwidth profile by deleting its row ID.

Format

Mode

net bandwidth profile delete <row id> security

Related show command:

show security bandwidth profile setup

Content Filtering Commands

security content_filter content_filtering configure

This command globally enables or disables content filtering and configures web components

After you have issued the security content_filter content_filtering configure command, you enter the security-config [content-filtering] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer. .

Step 1

Step 2

Format

security content_filter content_filtering configure

Mode

security

Format

content_filtering {Y | N}

activex_enable {Y | N}

cookies_enable {Y | N}

java_enable {Y | N}

proxy_enable {Y | N}

Mode

security-config [content-filtering]

Keyword Associated Keyword to Select

Description content_filtering Y

or N

activex_enable Y

or N

Enables or disables content filtering globally.

Enables or disables ActiveX.

cookies_enable Y

or N

java_enable Y

or N

proxy_enable Y

or N

Enables or disables cookies.

Enables or disables Java.

Enables or disables the proxy server.

Command example:

FVS318N> security content_filter content_filtering configure security-config[content-filtering]> content_filtering Y security-config[content-filtering]> activex_enable Y

Security Mode Configuration Commands

138

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

security-config[content-filtering]> cookies_enable Y security-config[content-filtering]> java_enable Y security-config[content-filtering]> proxy_enable N security-config[content-filtering]> save

Related show command:

show security content_filter content_filtering

security content_filter block_group enable

This command applies content filtering to selected groups or to all groups. After you have issued the security content_filter block_group enable command, you enter the security-config[block-group-enable] mode, and then you can select a group, several groups, or all groups.

Step 1

Step 2

Format

security content_filter block_group enable

Mode

security

Format

group all {Y}

group group1 {Y}

group group2 {Y}

group group3 {Y}

group group4 {Y}}

group group5 {Y}

group group6 {Y}

group group7 {Y}

group group8 {Y}

Mode

security-config[block-group-enable]

Keyword group all group group1 group group2 group group3 group group4 group group5 group group6 group group7 group group8

Y

Y

Y

Y

Y

Y

Y

Y

Associated Keyword to Select

Description

Y

Enables content filtering for all groups.

Enables content filtering for the selected group.

Security Mode Configuration Commands

139

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Command example:

FVS318N> security content_filter blocked_group enable security-config[block-group-enable]> group group1 Y security-config[block-group-enable]> group group2 Y security-config[block-group-enable]> group group3 Y security-config[block-group-enable]> group group8 Y security-config[block-group-enable]> save

Related show command:

show security content_filter block_group

security content_filter block_group disable

This command removes content filtering from selected groups or from all groups. After you have issued the security content_filter block_group disable command, you enter the security-config [block-group-disable] mode, and then you can select a group, several groups, or all groups.

Step 1

Step 2

Format

security content_filter block_group disable

Mode

security

Format

group all {Y}

group group1 {Y}

group group2 {Y}

group group3 {Y}

group group4 {Y}}

group group5 {Y}

group group6 {Y}

group group7 {Y}

group group8 {Y}

Mode

security-config [block-group-disable]

Keyword group all

Associated Keyword to Select

Description

Y

Disables content filtering for all groups.

Security Mode Configuration Commands

140

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword group group1 group group2 group group3 group group4 group group5 group group6 group group7 group group8

Y

Y

Y

Y

Y

Y

Y

Y

Associated Keyword to Select

Description

Disables content filtering for the selected group.

Command example:

FVS318N> security content_filter blocked_group disable security-config[block-group-disable]> group group3 Y security-config[block-group-disable]> group group8 Y security-config[block-group-disable]> save

Related show command:

show security content_filter block_group

security content_filter blocked_keywords add

This command configures a new blocked keyword for content filtering. After you have issued the security content_filter blocked_keywords add command, you enter the security-config [blocked-keywords] mode, and then you can configure one keyword a time.

Step 1

Step 2

Format

security content_filter blocked_keywords add

Mode

security

Format

blocked_keyword <keyword>

Mode

security-config [blocked-keywords]

Keyword blocked_keyword

Associated

Parameter to Type

Description

keyword

The keyword (string) that needs to be blocked.

Related show command:

show security content_filter blocked_keywords

Security Mode Configuration Commands

141

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security content_filter blocked_keywords edit <row id>

This command configures an existing blocked keyword for content filtering. After you have issued the security content_filter blocked_keywords edit command to specify the row to be edited, you enter the security-config [blocked-keywords] mode, and then you can edit the keyword.

Step 1

Step 2

Format

security content_filter blocked_keywords edit

Mode

security

Format

blocked_keyword <keyword>

Mode

security-config [blocked-keywords]

Keyword blocked_keyword

Assocated

Parameter to Type

Description

keyword

The keyword (string) that needs to be blocked.

Related show command:

show security content_filter blocked_keywords

security content_filter blocked_keywords delete <row id>

This command deletes a blocked keyword by deleting its row ID.

Format

Mode

security content_filter blocked_keywords delete <row id> security

Related show command:

show security content_filter blocked_keywords

security content_filter trusted_domain add

This command configures a new trusted domain for content filtering. After you have issued the security content_filter trusted_domain add command, you enter the security-config [approved-urls] mode, and then you can add a URL.

Step 1

Step 2

Format

security content_filter trusted_domain add

Mode

security

Format

url <url>

Mode

security-config [approved-urls]

Security Mode Configuration Commands

142

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Related show command:

show security content_filter trusted_domains

security content_filter trusted_domain edit <row id>

This command configures an existing trusted domain for content filtering. After you have issued the security content_filter trusted_domain edit command to specify the row to be edited, you enter the security-config [approved-urls] mode, and then you can edit the URL.

Step 1

Step 2

Format

security content_filter trusted_domain edit <row id>

Mode

security

Format

url <url>

Mode

security-config [approved-urls]

Related show command:

show security content_filter trusted_domains

security content_filter trusted_domain delete <row id>

This command deletes a trusted domain by deleting its row ID.

Format

Mode

security content_filter trusted_domain delete <row id> security

Related show command:

show security content_filter trusted_domains

Security Mode Configuration Commands

143

5.

System Mode Configuration Commands

5

This chapter explains the configuration commands, keywords, and associated parameters in the system mode. The chapter includes the following sections:

Remote Management Commands

SNMP Commands

Time Zone Command

Traffic Meter Command

Firewall Logs and Email Alerts Commands

IMPORTANT:

After you have issued a command that includes the word configure

, add, or edit, you need to save (or cancel) your

changes. For more information, see

Save Commands

on page 13.

Remote Management Commands

system remote_management https configure

This command configures remote management over HTTPS. After you have issued the

system remote_management https configure

command, you enter the system-config [https] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Note:

You can configure remote management over HTTPS for both IPv4 and IPv6 connections because these connections are not mutually exclusive.

Step 1 Format

system remote_management https configure

Mode

system

144

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 2 Format

ip_version {IPv4 | IPv6}

enable_ipv4 {Y | N}

access_type {Everyone | IP_Range {from_address <ipaddress>}

{end_address <ipaddress>} | To_this_PC_only {only_this_pc_ip

<ipaddress>}}

port <number>

enable_ipv6 {Y | N}

access_type6 {Everyone | IP_Range {from_address6

<ipv6-address>} {end_address6 <ipv6-address>} |

To_this_PC_only {only_this_pc_ipv6 <ipv6-address>}}

port <number> system-config [https]

Mode

Keyword Associated Keyword to

Select or Parameter to Type

Description

Specifies the configuration of IPv4 or IPv6.

ip_version IPv4

or IPv6

HTTPS over an IPv4 connection enable_ipv4 access_type

Y

or N

Everyone

, IP_Range, or

To_this_PC_only

Enables or disables remote management over

HTTPS for an IPv4 connection.

Specifies the type of access:

Everyone. Enables access to all IP addresses.

You do not need to configure any IP address.

IP_Range. Enables access to a range of IP addresses. You also need to configure the

from_address

and end_address keywords and associated parameters.

To_this_PC_only. Enables access to a single IP address. You also need to configure the

only_this_pc_ip

keyword and associated parameter.

from_address end_address only_this_pc_ip port

ipaddress ipaddress ipaddress number

The start IP address if you have set the

access_type

keyword to IP_Range.

The end IP address if you have set the

access_type

keyword to IP_Range.

The single IP address if you have set the

access_type

keyword to To_this_PC_only.

The number of the port through which access is allowed.

HTTPS over an IPv6 connection enable_ipv6 Y

or N Enables or disables remote management over

HTTPS for an IPv6 connection.

System Mode Configuration Commands

145

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword access_type6 from_address6 end_address6 only_this_pc_ip6 port

Associated Keyword to

Select or Parameter to Type

Description

Everyone

, IP_Range, or

To_this_PC_only

Specifies the type of access:

Everyone. Enables access to all IP addresses.

You do not need to configure any IP address.

IP_Range. Enables access to a range of IP addresses. You also need to configure the

from_address6

and end_address6 keywords and associated parameters.

To_this_PC_only. Enables access to a single IP address. You also need to configure the

only_this_pc_ip6

keyword and associated parameter.

ipv6-address ipv6-address ipaddress number

The start IP address if you have set the

access_type6

keyword to IP_Range.

The end IP address if you have set the

access_type6

keyword to IP_Range.

The single IP address if you have set the

access_type6

keyword to To_this_PC_only.

The number of the port through which access is allowed.

Command example:

FVS318N> system remote_management https configure system-config[https]> ip_version IPv4 system-config[https]> enable_ipv4 Y system-config[https]> access_type Everyone system-config[https]> port 445 system-config[https]> save

Related show command:

show system remote_management setup

system remote_management telnet configure

This command configures remote management over Telnet. After you have issued the

system remote_management telnet configure

command, you enter the system-config [telnet] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

System Mode Configuration Commands

146

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Note:

You can configure remote management over Telnet for both IPv4 and IPv6 connections because these connections are not mutually exclusive.

Step 1

Step 2

Format

system remote_management telnet configure

Mode

system

Format

ip_version {IPv4 | IPv6}

enable_ipv4 {Y | N}

access_type {Everyone | IP_Range {from_address <ipaddress>}

{end_address <ipaddress>} | To_this_PC_only {only_this_pc_ip

<ipaddress>}}

enable_ipv6 {Y | N}

access_type6 {Everyone | IP_Range {from_address6

<ipv6-address>} {end_address6 <ipv6-address>} |

To_this_PC_only {only_this_pc_ip6 <ipv6-address>}} system-config [telnet]

Mode

Keyword Associated Keyword to

Select or Parameter to Type

Description

Specifies the configuration of IPv4 or IPv6.

ip_version IPv4

or IPv6

Telnet over an IPv4 connection enable_ipv4 Y

or N

access_type from_address end_address

Everyone

, IP_Range, or

To_this_PC_only

ipaddress ipaddress

Enables or disables remote management over Telnet for an IPv4 connection.

Specifies the type of access:

Everyone. Enables access to all IP addresses. You do not need to configure any IP address.

IP_Range. Enables access to a range of IP addresses. You also need to configure the

from_address

and end_address keywords and associated parameters.

To_this_PC_only. Enables access to a single IP address. You also need to configure the

only_this_pc_ip

keyword and associated parameter.

The start IP address if you have set the

access_type

keyword to IP_Range.

The end IP address if you have set the access_type keyword to IP_Range.

System Mode Configuration Commands

147

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword only_this_pc_ip

Associated Keyword to

Select or Parameter to Type

Description

ipaddress

The single IP address if you have set the

access_type

keyword to To_this_PC_only.

Telnet over an IPv6 connection enable_ipv6 Y

or N

access_type6 Everyone

, IP_Range, or

To_this_PC_only

Enables or disables remote management over Telnet for an IPv6 connection.

Specifies the type of access:

Everyone. Enables access to all IP addresses. You do not need to configure any IP address.

IP_Range. Enables access to a range of IP addresses. You also need to configure the

from_address6

and end_address6 keywords and associated parameters.

To_this_PC_only. Enables access to a single IP address. You also need to configure the

only_this_pc_ip6

keyword and associated parameter.

from_address6 end_address6 only_this_pc_ip6

ipv6-address ipv6-address ipaddress

The start IP address if you have set the

access_type6

keyword to IP_Range.

The end IP address if you have set the

access_type6

keyword to IP_Range.

The single IP address if you have set the

access_type6

keyword to To_this_PC_only.

Command example:

FVS318N> system remote_management telnet configure system-config[telnet]> ip_version IPv6 system-config[telnet]> enable_ipv6 Y system-config[telnet]> access_type6 IP_Range system-config[telnet]> from_address6 FEC0::3001 system-config[telnet]> end_address6 FEC0::3100 system-config[telnet]> save

Related show command:

show system remote_management setup

System Mode Configuration Commands

148

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

SNMP Commands

system snmp trap configure <ip address>

This command configures a new or existing SNMP agent to which trap information is forwarded. After you have issued the system snmp trap configure command to specify the IP address of the agent, you enter the system-config [snmp-trap] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

system snmp trap configure <ipaddress>

Mode

system

Format

subnet_mask <subnet mask>

port <number>

community <community name>

agent <ipaddress>

Mode

system-config [snmp-trap]

Keyword subnet_mask port community agent

Associated

Parameter to Type

Description

subnet mask

The subnet mask used to determine the list of allowed SNMP agents that are part of the subnet. To allow any IP address on the network to manage the device, specify 255.255.255.0. For a specific host, specify 255.255.255.255. To allow global access, specify 0.0.0.0.

number

The SNMP port (integer) to which the trap messages are forwarded. Valid numbers are from 0 to 65535.

community name

The string that represents the community to which the agent belongs. Most agents are configured to listen for traps in the public community.

ipaddress

This keyword and parameter allow you change the existing agent

IP address that you issued to enter the system-config [snmp-trap] mode.

Command example:

FVS318N> system snmp trap configure 10.118.33.245 system-config[snmp-trap]> subnet_mask 255.255.255.0 system-config[snmp-trap]> port 162 system-config[snmp-trap]> community public system-config[snmp-trap]> save

Related show command:

show system snmp trap [agent ipaddress]

System Mode Configuration Commands

149

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N system snmp trap delete <ipaddress>

This command deletes an SNMP agent by deleting its IP address.

Format

Mode

system snmp trap delete <ipaddress> system

Related show command:

show system snmp trap [agent ipaddress]

system snmp sys configure

This command configures the SNMP system information. After you have issued the system

snmp sys configure

command, you enter the system-config [snmp-system] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

system snmp sys configure

Mode

system

Format

sys-contact <contact name>

sys-location <location name>

sys-name <system name>

Mode

system-config [snmp-system]

Keyword sys-contact sys-location sys-name

Associated

Parameter to Type

Description

contact name

The system contact name (alphanumeric string).

location name

The system location name (alphanumeric string).

system name

The system name (alphanumeric string).

Command example:

FVS318N> system snmp sys configure system-config[snmp-system]> sys-contact [email protected] system-config[snmp-system]> sys-location San Jose system-config[snmp-system]> sys-name FVS318N-Bld3 system-config[snmp-system]> save

Related show command:

show system snmp sys

System Mode Configuration Commands

150

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Time Zone Command

system time configure

This command configures the system time, date, and NTP servers. After you have issued the

system time configure

command, you enter the system-config [time] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

system time configure

Mode

system

Format

timezone <timezone>

auto_daylight {Y | N}

resolve_ipv6_address {Y | N}

use_default_servers {Y | N}

configure_ntp_servers {Y | N {ntp_server1 {<ipaddress> |

<domain name>}} {ntp_server2 {<ipaddress> | <domain name>}}}

Mode

system-config [time]

Keyword timezone auto_daylight

Associated Keyword to

Select or Parameter to Type

Description

timezone keyword

Y

or N

For a list of time zones that you can enter, see

Table 12

.

Specifies whether or not the wireless VPN firewall automatically adjusts for daylight savings time.

resolve_ipv6_address use_default_servers configure_ntp_servers ntp_server1 ntp_server2

Y

Y

Y

or N

or N

or N

Specifies whether or not the wireless VPN firewall automatically resolves a domain name for an NTP server to an IPv6 address:

Y. A domain name is resolved to an IPv6 address.

N. A domain name is resolved to an IPv4 address.

Enables or disables the use of default NTP servers.

Enables or disables the use of custom NTP servers. If you enable the use of custom NTP servers, you need to specify the server IP addresses or domain names with the

ntp_server1

and ntp_server2 keywords.

ipaddress

or domain name The IP address of domain name of the first custom NTP server.

ipaddress

or domain name The IP address of domain name of the second custom NTP server.

System Mode Configuration Commands

151

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 12. Timezone keywords

GMT time and location

Note:

Enter the keywords exactly as stated (you can use autocompletion keys). If there are two locations for the same time zone, enter the location exactly as stated.

For example, either enter GMT-11:00::Samoa or enter GMT-10:00::Hawaii.

GMT::Edinburgh--London

GMT-12:00::Eniwetok--Kwajalein

GMT-11:00::Midway-Island

GMT-11:00::Samoa

GMT-10:00::Hawaii

GMT-09:30::Marquesas-Is

GMT-09:00::Alaska

GMT-08:00::Pitcairn-Is

GMT-08:00::Pacific-Time-Canada--Pacific-Time-US

GMT-08:00::Tijuana

GMT-07:00::Mountain-Time-Canada--Mountain-Time-US

GMT-06:00::Central-Time-Canada--Central-Time-US

GMT-05:00::Eastern-Time-Canada--Eastern-TimeUS

GMT-05:00::Eastern-Time-Lima

GMT-04:30::Caracas

GMT-04:00::Atlantic-Time-Canada

GMT-03:30::Newfoundland

GMT-03:00::Brasilia

GMT-03:00::Buenos-Aires

GMT-02:00::Mid-Atlantic

GMT-01:00::Azores--Cape-Verde-Is

GMT+01:00::Europe

GMT+02:00::Athens--Istanbul

GMT+02:00::Minsk

GMT+02:00::Cairo

GMT+03:00::Baghdad--Kuwait

System Mode Configuration Commands

152

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 12. Timezone keywords (continued)

GMT time and location

Note:

Enter the keywords exactly as stated (you can use autocompletion keys). If there are two locations for the same time zone, enter the location exactly as stated.

For example, either enter GMT-11:00::Samoa or enter GMT-10:00::Hawaii.

GMT+03:00::Moscow

GMT+03:30::Tehran

GMT+04:00::Abu-Dhabi--Muscat

GMT+04:00::Baku

GMT+04:30::Kabul

GMT+05:00::Ekaterinburg

GMT+05:00::Islamabad--Karachi

GMT+05:30::Bombay--Calcutta--Madras--Delhi

GMT+05:30::Colombo

GMT+06:00::Almaty

GMT+06:00::Dhaka

GMT+06:30::Burma

GMT+07:00::Bangkok--Hanoi--Jakarta

GMT+08:00::Beijing--Chongqing--Hong-Kong

GMT+08:00::AWST-Perth

GMT+09:00::Osaka--Sapporo--Tokyo--Seoul

GMT+09:30::ACST-Adelaide

GMT+09:30::ACST-Darwin

GMT+09:30::ACST-Broken-Hill--NSW

GMT+10:00::AEST-Brisbane--Guam--Port-Moresby

GMT+10:00::AEST-Canberra--Melbourne--Sydney--Hobart

GMT+10:30::Lord-Howe-Is.

GMT+11:00::Magadan

GMT+11:00::Solomon-Is.--New-Caledonia

GMT+11:30::Norfolk-I.

GMT+12:00::Auckland--Wellington--New-Zealand

GMT+12:00::Fiji

System Mode Configuration Commands

153

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 12. Timezone keywords (continued)

GMT time and location

Note:

Enter the keywords exactly as stated (you can use autocompletion keys). If there are two locations for the same time zone, enter the location exactly as stated.

For example, either enter GMT-11:00::Samoa or enter GMT-10:00::Hawaii.

GMT+13:00::Tonga

GMT+14:00::Kiribati

Command example:

FVS318N> system time configure system-config[time]> timezone GMT-08:00::Pacific-Time-Canada--Pacific-Time-US system-config[time]> auto_daylight Y system-config[time]> use_default_servers Y system-config[time]> save

Related show command:

show system time setup

Traffic Meter Command

system traffic_meter configure

This command configures the traffic meter. After you have issued the system

traffic_meter configure

command, you enter the system-config [traffic-meter] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

system traffic_meter configure

Mode

system

Format

enable {Y | N}

limit_type {Nolimit | Downloadonly | BothDirections}

monthly_limit <number>

increase_limit_enable {N | Y {increase_limit_by <number>}}

counter {RestartCounter | SpecificTime {day_of_month <day>}

{time_hour <hour>} {AM | PM} {time_minute <minute>}}

send_email_report {Y | N}

System Mode Configuration Commands

154

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

block_type {Block-all-traffic | Block-all-traffic-except-email}

send_email_alert {Y | N} system-config [traffic-meter]

Mode

Keyword

Traffic meter configuration enable limit_type monthly_limit increase_limit_enable increase_limit_by

Associated Keyword to Select or

Parameter to Type

Y

Y

or N

Nolimit

, Downloadonly, or

BothDirections

number

or N

number

Description

Enables or disables the traffic meter.

The type of traffic limit, if any:

Nolimit. There is no traffic limit.

Downloadonly. The traffic limit applies to downloaded traffic only.

BothDirections. The traffic limit applies to both downloaded and uploaded traffic.

The monthly limit for the traffic meter in MB.

Enables or disables automatic increase of the limit after the meter has exceeded the configured limit.

The number in MB to increase the configured limit of the traffic meter.

Traffic counter configuration counter SpecificTime

or RestartCounter

day_of_month

day

Specifies how the traffic counter is restarted:

SpecificTime. Restarts the traffic counter on a specific day and time.

You need to set the

day_of_month

, time_hour,

time_meridian

, and

time_minute

keywords and associated parameters.

RestartCounter. Restarts the traffic counter when you specify the

counter

keyword and the

RestartCounter

associated keyword.

The day in the format DD (01 to 31) that the traffic counter restarts. This keyword applies only when you have set the counter keyword to

SpecificTime

.

System Mode Configuration Commands

155

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword Associated Keyword to Select or

Parameter to Type

Description time_hour time_meridian time_minute send_email_report

hour

AM

minutes

Y

or PM

or N

The hour in the format HH (00 to 12) that the traffic counter restarts. This keyword applies only when you have set the counter keyword to

SpecificTime

.

The meridiem for the hour that the traffic counter restarts. This keyword applies only when you have set the

counter

keyword to

SpecificTime

.

The minutes in the format MM (00 to

59) that the traffic counter restarts.

This keyword applies only when you have set the counter keyword to

SpecificTime

.

Specifies whether or not an email report is sent when the traffic counter restarts.

Action when limit is reached block_type Block-all-traffic

, or

Block-all-traffic-except-email

Specifies the type of traffic blocking after the meter has exceeded the configured limit.

send_email_alert Y

or N Specifies whether or not an email alert is sent when the traffic limit is reached.

Command example:

FVS318N> system traffic_meter configure system-config[traffic-meter]> enable Y system-config[traffic-meter]> limit_type Downloadonly system-config[traffic-meter]> monthly_limit 150000 system-config[traffic-meter]> increase_limit_enable Y system-config[traffic-meter]> increase_limit_by 50000 system-config[traffic-meter]> counter SpecificTime system-config[traffic-meter]> day_of_month 01 system-config[traffic-meter]> time_hour 00 system-config[traffic-meter]> time_minute 00 system-config[traffic-meter]> send_email_report Y system-config[traffic-meter]> block_type Block-all-traffic-except-email system-config[traffic-meter]> send_email_alert Y system-config[traffic-meter]> save

Related show command:

show system traffic_meter setup

System Mode Configuration Commands

156

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Firewall Logs and Email Alerts Commands

system logging configure

This command configures routing logs for accepted and dropped IPv4 and IPv6 packets, selected system logs, and logs for other events. After you have issued the system

logging configure

command, you enter the system-config [logging-ipv4-ipv6] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

system logging configure

Mode

system

Format

lan_wan_accept_packet_logs {Y | N}

lan_wan_drop_packet_logs {Y | N}

lan_dmz_accept_packet_logs {Y | N}

lan_dmz_drop_packet_logs {Y | N}

dmz_wan_accept_packet_logs {Y | N}

dmz_wan_drop_packet_logs {Y | N}

wan_lan_accept_packet_logs {Y | N}

wan_lan_drop_packet_logs {Y | N}

dmz_lan_accept_packet_logs {Y | N}

dmz_lan_drop_packet_logs {Y | N}

wan_dmz_accept_packet_logs {Y | N}

wan_dmz_drop_packet_logs {Y | N}

Mode

change_of_time_by_NTP_logs {Y | N}

login_attempts_logs {Y | N}

secure_login_attempts_logs {Y | N}

reboot_logs {Y | N}

unicast_traffic_logs {Y | N}

broadcast_or_multicast_traffic_logs {Y | N}

WAN_status_logs {Y | N}

resolved_DNS_names_logs {Y | N}

vpn_logs {Y | N}

dhcp_server_logs {Y | N}

source_mac_filter_logs {Y | N}

session_limit_logs {Y | N}

bandwidth_limit_logs {Y | N} system-config [logging-ipv4-ipv6]

System Mode Configuration Commands

157

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword Associated

Keyword to Select

Description

Routing logs lan_wan_accept_packet_logs lan_wan_drop_packet_logs

Y

or N

Y

or N

lan_dmz_accept_packet_logs Y

or N

lan_dmz_drop_packet_logs Y

or N

dmz_wan_accept_packet_logs dmz_wan_drop_packet_logs wan_lan_accept_packet_logs wan_lan_drop_packet_logs dmz_lan_accept_packet_logs Y

or N

Y

or N

dmz_lan_drop_packet_logs wan_dmz_accept_packet_logs Y

or N

Y

or N

wan_dmz_drop_packet_logs

System logs

Y

or N

Y

or N

Y

or N

Y

or N

change_of_time_by_NTP_logs Y

or N

Enables or disables packet logging for the traffic direction and type of packet

(accepted or dropped) that is defined in the keyword.

login_attempts_logs Y secure_login_attempts_logs Y reboot_logs Y unicast_traffic_logs Y broadcast_or_multicast_traffic_logs Y wan_status_logs Y resolved_DNS_names_logs Y vpn_logs Y dhcp_server_logs Y

or N

or N

or N

or N

or N

or N

or N

or N

or N

Enables or disables logging of time changes of the wireless VPN firewall.

Enables or disables logging of login attempts.

Enables or disables logging of secure login attempts.

Enables or disables logging of rebooting of the wireless VPN firewall.

Enables or disables logging of unicast traffic.

Enables or disables logging of broadcast and multicast traffic.

Enables or disables logging of WAN link–status-related events.

Enables or disables logging of resolved

DNS names.

Enables or disables logging of VPN negotiation messages.

Enables or disables logging of DHCP server events.

System Mode Configuration Commands

158

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword Associated

Keyword to Select

Description

Other event logs source_mac_filter_logs Y

or N

session_limit_logs Y

or N

Enables or disables logging of packets from MAC addresses that match the source MAC address filter settings.

Enables or disables logging of packets that are dropped because the session limit has been exceeded.

bandwidth_limit_logs Y

or N Enables or disables logging of packets that are dropped because the bandwidth limit has been exceeded.

Command example:

FVS318N> system logging configure system-config[logging-ipv4-ipv6]> lan_wan_drop_packet_logs Y system-config[logging-ipv4-ipv6]> wan_lan_drop_packet_logs Y system-config[logging-ipv4-ipv6]> change_of_time_by_NTP_logs Y system-config[logging-ipv4-ipv6]> secure_login_attempts_logs Y system-config[logging-ipv4-ipv6]> reboot_logs Y system-config[logging-ipv4-ipv6]> unicast_traffic_logs Y system-config[logging-ipv4-ipv6]> bandwidth_limit_logs Y system-config[logging-ipv4-ipv6]> save

Related show command:

show system logging setup

and

show system logs

system logging remote configure

This command configures email logs and alerts, schedules email logs and alerts, and configures a syslog server. After you have issued the system logging remote

configure

command, you enter the system-config [logging-remote] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

system logging remote configure

Mode

system

Format

log_identifier <identifier>

System Mode Configuration Commands

159

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

email_logs_enable {Y | N}

email_server {ipaddress | domain name}

return_email <email address>

send_to_email <email address>

smtp_custom_port <number>

smtp_auth type {None | Plain {smtp_auth username <user name>}

{smtp_auth password <password>} | CRAM-MD5 {smtp_auth

username <user name>} {smtp_auth password <password>}}

identd_from_smtp_server_enable {Y | N}

schedule unit {Never | Hourly | Daily {schedule time {0:00 |

1:00 | 2:00 | 3:00 | 4:00 | 5:00 | 6:00 | 7:00 | 8:00 |

9:00 | 10:00 | 11:00}} {schedule meridiem {AM | PM}} | Weekly

{schedule day {Sunday | Monday | Tuesday | Wednesday |

Thursday | Friday | Saturday}} {schedule time {0:00 | 1:00 |

2:00 | 3:00 | 4:00 | 5:00 | 6:00 | 7:00 | 8:00 | 9:00 |

10:00 | 11:00}} {schedule meridiem {AM | PM}}}

syslog_server {ipaddress | domain name}

syslog_severity {LOG_EMERG | LOG_ALERT | LOG_CRITICAL |

LOG_ERROR | LOG_WARNING | LOG_NOTICE | LOG_INFO | LOG_DEBUG} system-config [logging-remote]

Mode

Keyword (might consist of two separate words)

Log identifier

Associated Keyword to

Select or Parameter to Type

Description log_identifier

identifier

The log identifier (alphanumeric string).

Email log configuration email_logs_enable Y

or N

email_server

Enables or disables emailing of logs.

ipaddress

or domain name The IP address or domain name of the SMTP server.

return_email send_to_email smtp_custom_port

email address email address number

The email address (alphanumeric string) to which the SMTP server replies are sent.

The email address (alphanumeric string) to which the logs and alerts are sent.

The port number of the SMTP server for the outgoing email. The default port number is 25.

System Mode Configuration Commands

160

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words) smtp_auth type smtp_auth username smtp_auth password identd_from_smtp_server_enable

Associated Keyword to

Select or Parameter to Type

Description

None

, Plain, or CRAM-MD5 The type of authentication for the

SMTP server. If you select Plain or

CRAM-MD5

, you also need to configure the

smtp_auth username

and

smtp_auth password

keywords and associated parameters.

user name password

Y

or N

The user name for SMTP authentication if you have set the

smtp_auth type

keyword type to

Plain

or CRAM-MD5.

The password for SMTP authentication if you have set

smtp_auth typ

e keyword to

Plain

or CRAM-MD5.

Allows or rejects Identd protocol messages from the SMTP server.

Email log schedule schedule unit schedule day schedule time schedule meridiem

Never

Weekly

0:00

, Hourly, Daily, or

, 1:00, 2:00, 3:00,

4:00

, 5:00, 6:00, 7:00,

8:00

, 9:00, 10:00, or

11:00

AM

or PM

The type of schedule for the emailing of logs and alerts. Note the following:

• If you select Never or Hourly, you do not need to further configure the schedule.

• If you select Daily, you also need to configure the schedule time and schedule meridiem keywords and their associated keywords.

• If you select Weekly, you also need to configure the

schedule day

,

schedule time

, and

schedule meridiem

keywords and their associated keywords.

Sunday

, Monday, Tuesday,

Wednesday

, Thursday,

Friday

, or Saturday

The scheduled day if you have set the schedule unit keyword to

Weekly

.

The scheduled time if you have set the schedule unit keyword to

Daily

or Weekly.

The meridiem for the start time if you have set the schedule unit keyword to Daily or Weekly.

System Mode Configuration Commands

161

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Syslog server syslog_server

Associated Keyword to

Select or Parameter to Type

Description syslog_severity

ipaddress

or domain name The IP address or domain name of the syslog server.

LOG_EMERG

, LOG_ALERT,

LOG_CRITICAL

,

LOG_ERROR

, LOG_WARNING,

LOG_NOTICE

, LOG_INFO, or

LOG_DEBUG

The syslog severity level. The keywords are self-explanatory.

Note:

All the logs with a severity that is equal to and above the severity that you specify are logged on the specified syslog server. For example, if you select

LOG_CRITICAL

as the severity, then the logs with the severities

LOG_CRITICAL

, LOG_ALERT, and

LOG_EMERG

are logged.

Command example:

FVS318N> system logging remote configure system-config[logging-remote]> log_identifier FVS318N-Bld3 system-config[logging-remote]> email_logs_enable Y system-config[logging-remote]> email_server SMTP.Netgear.com system-config[logging-remote]> return_email [email protected] system-config[logging-remote]> send_to_email [email protected] system-config[logging-remote]> smtp_custom_port 2025 system-config[logging-remote]> smtp_auth type None system-config[logging-remote]> schedule unit Weekly system-config[logging-remote]> schedule day Sunday system-config[logging-remote]> schedule time 00 system-config[logging-remote]> schedule meridiem AM system-config[logging-remote]> syslog_server fe80::a0ca:f072:127f:b028%21 system-config[logging-remote]> syslog_severity LOG_EMERG system-config[logging-remote]> save

Related show command:

show system logging remote setup

System Mode Configuration Commands

162

6.

Dot11 Mode Configuration Commands

6

This chapter explains the configuration commands, keywords, and associated parameters in the dot11 mode. The chapter includes the following sections:

Wireless Radio Commands

Wireless Profile Commands

IMPORTANT:

After you have issued a command that includes the word configure

, add, or edit, you need to save (or cancel) your

changes. For more information, see

Save Commands

on page 13.

Wireless Radio Commands

dot11 radio configure

This command configures the basic radio settings. After you have issued the dot11 radio

configure

command, you enter the dot11-config [radio] mode, and then you can configure one keyword and associated parameter or associated keyword at a time. You first need to configure the geographical area and country of operation.

Step 1

Step 2

Format

dot11 radio configure

Mode

dot11

Format

country {africa <country> | asia <country> | europe <country> |

middle_east <country> | oceania <country> | united_states

<country>}

Mode

mode {g_and_b | g_only | ng {channel_spacing {20-40MHz |

20MHz}} | n_only {channel_spacing {20-40MHz | 20MHz}}}

channel {Auto | <channel>}

default_transmit_power <number>

transmission_rate {Best_Automatic | <rate>} dot11-config [radio]

163

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword country mode channel_spacing channel

Associated Keyword to Select or

Parameter to Type

Description africa

, asia,

europe

,

middle_east

,

oceania

, or

united_states

country keyword

After you have selected a geographical region, select a predefined country name within the selected region. For a list of countries that you can enter, see

Table 13

.

g_and_b

, g_only, ng, or n_only The wireless mode in the 2.4-GHz band:

g_and_b. In addition to 802.11b- and

802.11g-compliant devices,

802.11n-compliant devices can connect to the wireless access point because they are backward compatible.

g_only. 802.11g- and 802.11n-compliant devices can connect to the wireless access point, but 802.11n-compliant devices function below their capacity in

802.11g mode. 802.11b-compliant devices cannot connect.

ng. This is the default setting. 802.11g- and 802.11n-compliant devices can connect to the wireless access point.

802.11b-compliant devices cannot connect.

n_only. Only 802.11n-compliant devices can connect to the wireless access point.

20-40MHz

or 20MHz For the ng and n_only modes, the channel spacing:

20-40MHz. Select this option to improve the performance. Some legacy devices can operate only at 20 MHz.

20MHz. Select this option if your network includes legacy devices.

Note:

The channel spacing is fixed at

20 MHz for the g_and_b and g_only modes.

auto

or the keyword for a specific channel.

The 2.4 GHz channel that is used by the radio. Either select auto to enable the wireless access point to select its own channel, or select a specific channel.

Note:

The available channels depend on the country selection and are displayed on the CLI screen.

Dot11 Mode Configuration Commands

164

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword Associated Keyword to Select or

Parameter to Type

Description

default_transmit_power number

The default transmit power in dBm, which can range from 0 to 31.

transmission_rate

Note:

If the country regulation does not allow the transmit power that you configure, the power will be automatically adjusted to the legally allowed power.

Best_Automatic

,

MCS15-130[270]

,

MCS14-117[243]

,

MCS13-104[216]

,

MCS12-78[162]

,

MCS11-52[108]

, MCS10-39[81],

MCS9-26[54]

, MCS8-13[27],

MCS7-65[135]

,

MCS6-58.5[121.5]

,

MCS5-52[108]

, MCS4-39[81],

MCS3-26[54]

,

MCS2-19.5[40.5]

,

MCS1-13[27]

, MCS0-6.5[13.5],

54

, 48, 36, 24, 18, 12, 11, 9, 6,

5.5

, 2, or 1

The transmission data rate. Either select

Best_Automatic

to enable the wireless access point to select its own data rate, or select a specific data rate.

Note:

The available transmission data rates depend on the country selection and are displayed on the CLI screen.

Table 13. Region and country keywords

Region

Africa

Asia

Country

Algeria

Egypt

Kenya

Morocco

SouthAfrica

Tunisia

Zimbabwe

Azerbaijan

Bangladesh

BruneiDarussalam

China

HongKong

India

Dot11 Mode Configuration Commands

165

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 13. Region and country keywords (continued)

Region

Asia

(continued)

Europe

Country

Indonesia

Japan

Kazakhstan

KoreaRepublic

Macau

Malaysia

Nepal

NorthKorea

Pakistan

Philippines

Singapore

SriLanka

Taiwan

Thailand

Uzbekistan

Vietnam

Albania

Armenia

Austria

Belarus

Belgium

BosniaAndHerzegowina

Bulgaria

Croatia

Cyprus

CzechRepublic

Denmark

Estonia

Finland

Dot11 Mode Configuration Commands

166

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 13. Region and country keywords (continued)

Region

Europe

(continued)

Country

France

Georgia

Note:

This keyword might be located under another region.

The command syntax might change in a future release.

Germany

Greece

Hungary

Iceland

Ireland

Italy

Latvia

Liechtenstein

Lithuania

Luxembourg

Macedonia_TheFormerYugoslavRepublicOfMacedonia

Malta

Monaco

Netherlands

Norway

Poland

Portugal

Romania

RussianFederation_RU1

SerbiaAndMontenegro

Note:

This keyword might be located under another region.

The command syntax might change in a future release.

SlovakRepublic

Slovenia

Spain

Sweden

Dot11 Mode Configuration Commands

167

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 13. Region and country keywords (continued)

Region

Europe

(continued)

MiddleEast

Oceania

UnitedStates

Country

Switzerland

Turkey

Ukraine

UnitedKingdom

Iran_IslamicRepublicOf

Israel

Bahrain

Jordan

Kuwait

Lebanon

Oman

Qatar

SaudiArabia

Syria

UnitedArabEmirates

Yemen

Australia

NewZealand

PapuaNewGuinea

Argentina

Belize

Bolivia

Brazil

Canada

Chile

Colombia

CostaRica

DominicanRepublic

Ecuador

Dot11 Mode Configuration Commands

168

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 13. Region and country keywords (continued)

Region

UnitedStates

(continued)

Country

ElSalvador

Guatemala

Honduras

Jamaica

Mexico

Panama

Peru

PuertoRico

TrinidadAndTobago

UnitedStates_US

Uruguay

Venezuela

Command example:

FVS318N> dot11 radio configure dot11-config[radio]> country united_states UnitedStates_US dot11-config[radio]> 2.4mode ng dot11-config[radio]> channel_spacing 20-40MHz dot11-config[radio]> channel Auto dot11-config[radio]> default_transmit_power 25 dot11-config[radio]> transmission_rate dot11-config[radio]> transmission_rate Best_Automatic dot11-config[radio]> save

Related show command:

show dot11 radio

dot11 radio advanced configure

This command configures the advanced radio settings. After you have issued the dot11

radio advanced configure

command, you enter the dot11-config [radio-advance] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1 Format

dot11 radio advanced configure

Mode

dot11

Dot11 Mode Configuration Commands

169

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 2 Format

beacon_interval <milliseconds>

dtim_interval <milliseconds>

rts_threshold <bytes>

fragmentation_threshold <bytes>

preamble_mode <Long | Short>

protection_mode {CTS-to-Self_Protection | None}

power_save_enable {Y | N}

Mode

dot11-config [radio-advance]

Keyword beacon_interval dtim_interval

Associated Keyword to

Select or Parameter to Type

Description

milliseconds milliseconds

The time in milliseconds between the beacon transmissions.

The time in milliseconds between each delivery traffic indication message (DTIM).

rts_threshold fragmentation_threshold preamble_mode protection_mode power_save_enable

bytes bytes

Long

or Short

The Request to Send (RTS) threshold in bytes.

The maximum length of the frame in bytes.

The type of 802.11b preamble that is prepended to every frame:

Long. A long transmit preamble might provide a more reliable connection or a slightly longer range.

Short. A short transmit preamble gives better performance.

CTS-to-Self_Protection

or None

The Clear to Send (CTS)-to-self protection mode:

CTS-to-Self_Protection. CTS-to-self protection mode is enabled. This mode increases the performance but reduces the throughput slightly.

None. CTS-to-self protection mode is disabled.

Y

or N Enables or disables Wi-Fi Multimedia (WMM) power save.

Command example:

FVS318N> dot11 radio advanced configure dot11-config[radio-advance]> beacon_interval 120 dot11-config[radio-advance]> dtim_interval 4 dot11-config[radio-advance]> rts_threshold 1820 dot11-config[radio-advance]> fragmentation_threshold 1820 dot11-config[radio-advance]> preamble_mode Short dot11-config[radio-advance]> protection_mode CTS-to-Self_Protection

Dot11 Mode Configuration Commands

170

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

dot11-config[radio-advance]> power_save_enable Y dot11-config[radio-advance]> save

Related show command:

show dot11 radio

Wireless Profile Commands

dot11 profile configure <profile name>

This command configures a new or existing profile. After you have issued the dot11

profile configure

command to specify the name of a profile, you enter the dot11-config

[profile] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

dot11 profile configure <profile name>

Mode

dot11

Format

ssid <ssid name>

broadcast-ssid {Y | N}

security_type {Open | WEP | WPA | WPA2 | WPA+WPA2}

vlan_profile <vlan name>

wep authentication {Automatic | Open-System | Shared-Key}

wep encryption {64-bit-WEP | 128-bit-WEP}

wep {passphrase {{1 | 2 | 3 | 4} <passphrase>} | wep key

{{1 | 2 | 3 | 4} <key>}}

wpa encryption {TKIP | CCMP | TKIP+CCMP}

wpa authentication {PSK {wpa wpa-password <password>} | RADIUS |

PSK+RADIUS {wpa wpa_password <password>}}

pre-authentication {Y | N}

enable_active_time {N | Y {start hour <hour>} {start meridiem

{AM | PM}} {start minute <minute>} {stop hour <hour>}

{stop meridiem {AM | PM}} {stop minute <minute>}}

wlan_partition {Y | N} dot11-config [profile]

Mode

Keyword (might consist of two separate words)

Associated Keyword to Select or Parameter to Type

Description ssid

ssid name

broadcast_ssid Y

or N

The name of the 802.11 profile SSID.

Enables or disables the SSID broadcast.

Dot11 Mode Configuration Commands

171

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or Parameter to Type

Description security_type Open

, WEP, WPA, WPA2, or

WPA+WPA2

The type of security and associated encryption.

Your selection determines which other keywords and associated parameters and keywords you need to set.

vlan_profile

vlan name

The VLAN to which the wireless profile is allocated. If you do not specify a VLAN, the wireless profile is assigned to the default VLAN.

WEP wep authentication Automatic

,

Open-System

, or

Shared-Key

The type of WEP authentication:

Automatic. A key is required to connect to this profile. You need to configure the wep

passphrase

keyword and its associated parameter and keyword for automatic generation of the WEP key. You also need to set the

wep encryption

keyword and its associated keyword.

Open-System. Anyone can connect to this profile. You need to set the wep encryption keyword and its associated keyword.

Shared-Key. A key is required to connect to this profile. You need to set the wep key keyword and its associated parameter and keyword for manual generation of the WEP key. You also need to set the wep encryption keyword and its associated keyword.

wep encryption wep passphrase wep key

64-bit-WEP

or 128-bit-WEP The type of WEP encryption.

1

, 2, 3, or 4 and passphrase Both the number of the WEP key (the index) and the passphrase to generate the WEP key from.

You have to set both.

1

, 2, 3, or 4 and key Both the number of the WEP key (the index) and the actual key.

Note:

If you have used the wep passphrase keyword and its associated parameter and keyword, you do not need to set the wep key keyword and its associated parameter and keyword.

WPA wpa encryption TKIP

, CCMP, or TKIP+CCMP The WPA encryption type. Note the following:

• WPA supports TKIP and TKIP+CCMP.

• WPA2 supports CCMP and TKIP+CCMP.

• WPA+WPA2 supports TKIP+CCMP.

Dot11 Mode Configuration Commands

172

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated Keyword to Select or Parameter to Type

Description wpa authentication PSK

, RADIUS, or PSK+RADIUS The WPA authentication type. Note the following:

PSK. Requires you to set the

wpa wpa_password

keyword and associated parameter.

RADIUS. Requires you to configure the RADIUS settings.

PSK_RADIUS. Requires you to set the wpa

wpa_password

keyword and associated parameter and to configure the RADIUS settings.

wpa wpa_password pre-authentication

password

Y

or N

The WPA password, which you need to set only if you have set the wpa authentication keyword to PSK or PSK_RADIUS.

Enables or disables RADIUS preauthentication, which is possible only if you have set the

security_type

keyword to WPA2 and the wpa

authentication

keywords to RADIUS.

Active timer and WLAN partition enable_active_time Y

or N

start hour start meridiem start minute stop hour stop meridiem stop minute wlan_partition

hour

AM

minute hour

AM

minute

Y

or PM

or PM

or N

Enables or disables the daily timer for the wireless profile. If you enable the timer, you need to set all

start

and stop keywords and associated parameters and keywords.

The hour in the format H or HH (1 through 12) that the timer starts, if you have enabled the timer.

The meridiem that the timer starts, if you have enabled the timer.

The minute in the format MM (00 to 59) that the timer starts, if you have enabled the timer.

The hour in the format H or HH (1 through 12) that the timer stops, if you have enabled the timer.

The meridiem that the timer stops, if you have enabled the timer.

The minute in the format MM (00 to 59) that the timer stops, if you have enabled the timer.

Enables or disables WLAN partition.

Command example:

FVS318N> dot11 profile add Employees dot11-config[profile]> ssid CompanyWide dot11-config[profile]> broadcast_ssid Y dot11-config[profile]> security_type WPA+WPA2 dot11-config[profile]> wpa encryption TKIP+CCMP

Dot11 Mode Configuration Commands

173

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

dot11-config[profile]> wpa authentication PSK dot11-config[profile]> wpa wpa_password Se36cu37re38! dot11-config[profile]> enable_active_time Y dot11-config[profile]> start hour 8 dot11-config[profile]> start meridiem AM dot11-config[profile]> start minute 00 dot11-config[profile]> stop hour 5 dot11-config[profile]> stop meridiem PM dot11-config[profile]> stop minute 00 dot11-config[profile]> wlan_partition N dot11-config[profile]> save

Related show command:

show dot11 profile [profile name]

and

show dot11 profile status <profile name>

dot11 profile delete <profile name>

This command deletes a profile by deleting its name. You cannot delete the default profile

(default1).

Format

Mode

dot11 profile delete <profile name> dot11

Related show command:

show dot11 profile [profile name]

dot11 profile disable <profile name>

This command disables a profile by specifying its name.

Format

Mode

dot11 profile disable <profile name> dot11

Related show command:

show dot11 profile [profile name]

dot11 profile enable <profile name>

This command enables a profile by specifying its name.

Format

Mode

dot11 profile enable <profile name> dot11

Dot11 Mode Configuration Commands

174

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Related show command:

show dot11 profile [profile name]

dot11 profile acl configure <profile name>

This command adds a MAC address to or deletes a MAC address from an access control list

(ACL) and configures the ACL setting for a selected profile. After you have issued the dot11

profile acl configure

command to specify a profile, you enter the dot11-config [ap-acl] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer. You can add multiple MAC addresses to the

ACL for a profile.

Step 1

Step 2

Format

dot11 profile acl configure <profile name>

Mode

dot11

Format

mac_address {add <mac address> | delete <mac address>}

acl_policy {Open | Allow | Deny}

Mode

dot11-config [ap-acl]

Keyword (might consist of two separate words)

Associated Keyword to

Select or Parameter to Type

Description mac_address add mac_address delete acl_policy

mac address mac address

Open

, Allow, or Deny

The mac address that is added to the ACL.

The mac address that is deleted from the ACL.

The default ACL policy for the profile:

Open. All MAC addresses are allowed to connect to the profile.

Allow. Only MAC addresses that you have added to the ACL are allowed to connect to the profile.

Deny. MAC addresses that you have added to the

ACL are denied access to the profile.

Command example:

FVS318N> dot11 profile acl configure Employees dot11-config[ap-acl]> mac_address add a1:23:04:e6:de:bb dot11-config[ap-acl]> mac_address add c2:ee:d2:10:34:fe dot11-config[ap-acl]> acl_policy Allow dot11-config[ap-acl]> save

Related show command:

show dot11 acl <profile name>

Dot11 Mode Configuration Commands

175

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N dot11 profile wps configure

This command configures Wi-Fi Protected Setup™ (WPS) for as SSID. After you have issued the dot11 profile wps configure command, you enter the dot11-config [ap-wps] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

dot11 profile wps configure

Mode

dot11

Format

ap_ssid <ssid name>

wps_status {Enable | Disable}

configure_via_pbc {Y | N}

configure_via_pin {N | Y {station_pin <pin>}}

Mode

dot11-config [ap-wps]

Keyword ap_ssid wps_status

Associated Keyword to

Select or Parameter to Type

Description

ssid name

Enable configure_via_pbc Y

or N

or Disable

The name of the SSID for which you configure WPS.

Enables or disables WPS.

configure_via_pin station_pin

Y

or N

pin

Enables or disables the push button configuration

(PBC) method.

Enables or disables the PIN method. If you enable the PIN method, you also need to set the

station_pin

keyword and associated parameter.

The pin for the PIN method, if the PIN method is enabled.

Command example:

FVS318N> dot11 profile wps configure dot11-config[ap-wps]> ap_ssid CompanyWide dot11-config[ap-wps]> wps_status Enable dot11-config[ap-wps]> configure_via_pin Y dot11-config[ap-wps]> station_pin 3719 dot11-config[ap-wps]> save

Related show command:

show dot11 wps

Dot11 Mode Configuration Commands

176

7.

VPN Mode Configuration Commands

7

This chapter explains the configuration commands, keywords, and associated parameters in the vpn mode. The chapter includes the following sections:

IPSec VPN Wizard Command

IPSec IKE Policy Commands

IPSec VPN Policy Commands

IPSec VPN Mode Config Commands

SSL VPN Portal Layout Commands

SSL VPN Authentication Domain Commands

SSL VPN Authentication Group Commands

SSL VPN User Commands

SSL VPN Port Forwarding Commands

SSL VPN Client Commands

SSL VPN Resource Commands

SSL VPN Policy Commands

RADIUS Server Command

L2TP Server Commands

IMPORTANT:

After you have issued a command that includes the word configure

, add, or edit, you need to save (or cancel) your

changes. For more information, see

Save Commands

on page 13.

177

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

IPSec VPN Wizard Command

vpn ipsec wizard configure <Gateway | VPN_Client>

This command configures the IPSec VPN wizard for a gateway-to-gateway or gateway-to-VPN client connection. After you have issued the vpn ipsec wizard

configure

command to specify the type of peer for which you want to configure the wizard, you enter the vpn-config [wizard] mode, and then you can configure one keyword and associated parameter or associated keyword or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

vpn ipsec wizard configure {Gateway | VPN_Client}

Mode

vpn

Format

ip_version {IPv4 | IPv6}

conn_name <name>

preshared_key <key>

remote_wan_ipaddress {<ipaddress> | <ipv6-address> |

<domain name>}

local_wan_ipaddress {<ipaddress> | <ipv6-address> |

<domain name>}

Keyword conn_name

Mode ip_version

remote_lan_ipaddress <ipaddress>

remote_lan_net_mask <subnet mask>

remote_lan_ipv6address <ipv6-address>

remote_lan_prefixLength <prefix length> vpn-config [wizard]

Associated Keyword to

Select or Parameter to Type

Description

IPv4 or IPv6

connection name

Specifies the IP address version for both the local and remote endpoints:

IPv4. Both endpoints use IPv4 addresses.

For the remote LAN IP address, you need to issue the remote_lan_ipaddress and

remote_lan_netMask

keywords and specify the associated parameters.

IPv6. Both endpoints use IPv6 addresses.

For the remote LAN IP address, you need to issue the remote_lan_ipv6address and

remote_lan_prefixLength

keywords and specify the associated parameters.

The unique connection name (alphanumeric string).

VPN Mode Configuration Commands

178

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword preshared_key

Associated Keyword to

Select or Parameter to Type

Description

key

The key (alphanumeric string) that needs to be entered on both peers.

remote_wan_ipaddress local_wan_ipaddress ipaddress

,

ipv6-address

, or domain

name

Depending on the setting of the ip_version keyword, specifies an IPv4 or IPv6 local WAN address. You can also specify a domain name.

ipaddress

,

ipv6-address

, or domain

name

Depending on the setting of the ip_version keyword, specifies an IPv4 or IPv6 local WAN address. You can also specify a domain name.

Remote LAN IPv4 address information remote_lan_ipaddress remote_lan_net_mask

ipaddress subnet mask

The IPv4 remote LAN address when the

ip_version

keyword is set to IPv4.

The IPv4 remote LAN subnet mask when the

ip_version

keyword is set to IPv4.

Remote LAN IPv6 address information remote_lan_ipv6address remote_lan_prefixLength

ipv6-address prefix length

The IPv6 remote LAN address when the

ip_version

keyword is set to IPv6.

The IPv6 remote LAN prefix length when the

ip_version

keyword is set to IPv6.

Command example:

FVS318N> vpn ipsec wizard configure Gateway vpn-config[wizard]> ip_version IPv6 vpn-config[wizard]> conn_name FVS318N-to-Peer44 vpn-config[wizard]> preshared_key 2%sgd55%!@GH vpn-config[wizard]> remote_wan_ipaddress peer44.com vpn-config[wizard]> local_wan_ipaddress fe80::a8ab:bbff:fe00:2 vpn-config[wizard]> remote_lan_ipv6address fe80::a4bb:ffdd:fe01:2 vpn-config[wizard]> remote_lan_prefixLength 64 vpn-config[wizard]> save

Related show command:

show vpn ipsec vpnpolicy setup

,

show vpn ipsec ikepolicy setup

, and

show vpn ipsec vpnpolicy status

To display the VPN policy configuration that the wizard created through the vpn ipsec

wizard configure

command, issue the show vpn ipsec vpnpolicy setup command:

FVS318N> show vpn ipsec vpnpolicy setup

Status Name Type IPSec Mode Local Remote Auth Encr

_______ _________________ ___________ ___________ ______________________________________ ______________________________ _____ ____

Enabled FVS318N-to-Peer44 Auto Policy Tunnel Mode 2002:408b:36e4:a:a8ab:bbff:fe00:1 / 64 fe80::a4bb:ffdd:fe01:2 / 64 SHA-1 3DES

Enabled FVS-to-Paris Auto Policy Tunnel Mode 192.168.1.0 / 255.255.255.0 192.168.50.0 / 255.255.255.255 SHA-1 3DES

VPN Mode Configuration Commands

179

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

To display the IKE policy configuration that the wizard created through the vpn ipsec

wizard configure

command, issue the show vpn ipsec ikepolicy setup command:

FVS318N> show vpn ipsec ikepolicy setup

List of IKE Policies

____________________

Name Mode Local ID Remote ID Encryption Authentication DH Group

_________________ __________ ______________________ _____________ __________ ______________ ____________

FVS318N-to-Peer44 main fe80::a8ab:bbff:fe00:2 peer44.com 3DES SHA-1 Group 2 (1024 bit)

FVS-to-Paris main 10.139.54.228 10.112.71.154 3DES SHA-1 Group 2 (1024 bit) iphone aggressive 10.139.54.228 0.0.0.0 AES-128 SHA-1 Group 2 (1024 bit)

IPSec IKE Policy Commands

vpn ipsec ikepolicy configure <ike policy name>

This command configures a new or existing manual IPSec IKE policy. After you have issued the vpn ipsec ikepolicy configure command to specify the name of a new or existing IKE policy, you enter the vpn-config [ike-policy] mode, and then you can configure one keyword and associated parameter or associated keyword or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

vpn ipsec ikepolicy configure <ike policy name>

Mode

vpn

Format

enable_mode_config {N | Y {mode_config_record <record name>}}

direction_type {Initiator | Responder | Both}

exchange_mode {Main | Aggresive}

ip_version {IPv4 | IPv6}

local_identtype {Local_Wan_IP | FQDN | User-FQDN | DER_ASN1_DN}

{local_identifier <identifier>}

remote_identtype {Remote_Wan_IP | FQDN | User-FQDN | DER_ASN1_DN}

{remote_identifier <identifier>}

encryption_algorithm {DES | 3DES | AES_128 | AES_192 | AES_256}

auth_algorithm {MD5 | SHA-1}

auth_method {Pre_shared_key {pre_shared_key <key>} |

RSA_Signature}

dh_group {Group1_768_bit | Group2_1024_bit | Group5_1536_bit}

lifetime <seconds>

enable_dead_peer_detection {N | Y {detection_period <seconds>}

{reconnect_failure_count <number>}}

VPN Mode Configuration Commands

180

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

extended_authentication {None | IPSecHost {xauth_username

<user name>} {xauth_password <password>} | EdgeDevice

{extended_authentication_type {User-Database | RadiusPap |

RadiusChap}}} vpn-config [ike-policy]

Mode

Keyword Associated Keyword to

Select or Parameter to Type

Description

Mode Config record selection and general policy settings enable_mode_config Y

or N

mode_config_record

record name

Specifies whether or not the IKE policy uses a Mode Config record.

If the enable_mode_config keyword is set to Y, specifies the Mode Config record that should be used. For information about configuring Mode Config records,

see the

vpn ipsec mode_config configure

<record name>

command.

direction_type Initiator

, Responder, or

Both

The IKE direction type:

Initiator. The wireless VPN firewall initiates the connection to the remote endpoint.

Responder. The wireless VPN firewall responds only to an IKE request from the remote endpoint.

Both. The wireless VPN firewall can both initiate a connection to the remote endpoint and respond to an IKE request from the remote endpoint.

exchange_mode Main

or Aggresive The exchange mode:

Main. This mode is slower than the

Aggressive mode but more secure.

Aggressive. This mode is faster than the Main mode but less secure. When the IKE policy uses a Mode Config record, the exchange mode needs to be set to Aggresive.

VPN Mode Configuration Commands

181

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword Associated Keyword to

Select or Parameter to Type

Description

Local and remote identifiers ip_version IPv4

or IPv6

local_identtype Local_Wan_IP local_identifier

User-FQDN

, or

DER_ASN1_DN

identifier

, FQDN,

If the local_identtype and

remote_identtype

keywords are set to

Local_Wan_IP

, specifies the IP address version for both the local and remote endpoints:

IPv4. Both endpoints use IPv4 addresses. You need to specify IPv4 addresses for the local_identifier and remote_identifier keywords.

IPv6. Both endpoints use IPv6 addresses. You need to specify IPv6 addresses for the local_identifier and remote_identifier keywords.

Specifies the ISAKMP identifier to be used by the wireless VPN firewall:

Local_Wan_IP. The WAN IP address of the wireless VPN firewall. The setting of the ip_version keyword determines if you need to specify an IPv4 or IPv6 address for the local_identifier keyword.

FQDN. The domain name for the wireless VPN firewall.

User-FQDN. The email address for a local VPN client or the wireless VPN firewall.

DER_ASN1_DN. A distinguished name

(DN) that identifies the wireless VPN firewall in the DER encoding and ASN.1 format.

The identifier of the wireless VPN firewall.

The setting of the local_identtype and ip_version keywords determines the type of identifier that you need to specify.

VPN Mode Configuration Commands

182

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword remote_identtype Remote_Wan_IP

, FQDN,

User-FQDN

, or

DER_ASN1_DN remote_identifier

Associated Keyword to

Select or Parameter to Type

Description

identifier

Specifies the ISAKMP identifier to be used by the wireless VPN firewall:

Remote_Wan_IP. The WAN IP address of the remote endpoint. The setting of the ip_version keyword determines if you need to specify an IPv4 or IPv6 address for the local_identifier keyword.

FQDN. The domain name for the wireless VPN firewall.

User-FQDN. The email address for a local VPN client or the wireless VPN firewall.

DER_ASN1_DN. A distinguished name

(DN) that identifies the wireless VPN firewall in the DER encoding and ASN.1 format.

The identifier of the remote endpoint. The setting of the remote_identtype and

ip_version

keywords determines the type of identifier that you need to specify.

IKE SA settings encryption_algorithm DES

, 3DES, AES_128,

AES_192

, or AES_256

auth_algorithm MD5

or SHA-1

Specifies the algorithm to negotiate the security association (SA):

DES. Data Encryption Standard (DES).

3DES. Triple DES.

AES_128. Advanced Encryption

Standard (AES) with a 128-bit key size.

AES_192. AES with a 192-bit key size.

AES_256. AES with a 256-bit key size.

Specifies the algorithm to be used in the

VPN header for the authentication process:

SHA-1. Hash algorithm that produces a

160-bit digest.

MD5. Hash algorithm that produces a

128-bit digest.

VPN Mode Configuration Commands

183

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword Associated Keyword to

Select or Parameter to Type

Description auth_method Pre_shared_key

or

RSA_Signature

Specifies the authentication method:

Pre_shared_key. A secret that is shared between the wireless VPN firewall and the remote endpoint. You also need to issue the

pre_shared_key

keyword and specify the key.

RSA_Signature. Uses the active self-signed certificate that you uploaded on the Certificates screen of the web management interface.

pre_shared_key

key

dh_group Group1_768_bit

,

lifetime enable_dead_peer_detection detection_period reconnect_failure_count

Group2_1024_bit

, or

Group5_1536_bit

seconds

Y

or N

seconds number

Note:

You cannot upload certificates by using the CLI.

If the auth_method keyword is set to

Pre_shared_key

, specifies a key with a minimum length of 8 characters and no more than 49 characters.

The DH Group sets the strength of the algorithm in bits. The higher the group, the more secure the exchange.

The period in seconds for which the IKE

SA is valid. When the period times out, the next rekeying occurs.

Enables or disables dead peer detection

(DPD). When DPD is enabled, you also need to issue the detection_period and reconnect_failure_count keywords and associated parameters.

The period in seconds between consecutive DPD R-U-THERE messages, which are sent only when the

IPSec traffic is idle.

The maximum number of DPD failures before the wireless VPN firewall tears down the connection and then attempts to reconnect to the peer.

VPN Mode Configuration Commands

184

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword Associated Keyword to

Select or Parameter to Type

Description

Extended authentication settings extended_authentication None

, IPSecHost, or

EdgeDevice

Specifies whether or not Extended

Authentication (XAUTH) is enabled, and, if enabled, which device is used to verify user account information:

None. XAUTH is disabled. This the default setting.

IPSecHost. The wireless VPN firewall functions as a VPN client of the remote gateway. In this configuration the wireless VPN firewall is authenticated by a remote gateway. You need to issue the xauth_username and

xauth_password

keywords and specify the associated parameters.

EdgeDevice. The wireless VPN firewall functions as a VPN concentrator on which one or more gateway tunnels terminate. You need to issue the

extended_authentication_type

keyword and select an associated keyword.

extended_authentication_type User-Database

,

RadiusPap

, or RadiusChap

If the extended_authentication keyword is set to EdgeDevice, specifies the authentication type:

User-Database. XAUTH occurs through the wireless VPN firewall’s user database.

RadiusPap. XAUTH occurs through

RADIUS Password Authentication

Protocol (PAP).

RadiusChap. XAUTH occurs through

RADIUS Challenge Handshake

Authentication Protocol (CHAP).

xauth_username xauth_password

user name password

Note:

For information about how to configure a RADIUS server for authentication of VPN connections, see

RADIUS Server Command

.

If the extended_authentication keyword is set to IPSecHost, specifies a user name.

If the extended_authentication keyword is set to IPSecHost, specifies a password.

VPN Mode Configuration Commands

185

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Command example:

FVS318N> vpn ipsec ikepolicy configure FVS-to-Paris vpn-config[ike-policy]> enable_mode_config N vpn-config[ike-policy]> direction_type Both vpn-config[ike-policy]> exchange_mode Main vpn-config[ike-policy]> ip_version ipv4 vpn-config[ike-policy]> local_identtype Local_Wan_IP vpn-config[ike-policy]> local_identifier 10.139.54.228 vpn-config[ike-policy]> remote_identtype Remote_Wan_IP vpn-config[ike-policy]> remote_identifier 10.112.71.154 vpn-config[ike-policy]> encryption_algorithm 3DES vpn-config[ike-policy]> auth_algorithm SHA-1 vpn-config[ike-policy]> auth_method Pre_shared_key vpn-config[ike-policy]> pre_shared_key 3Tg67!JXL0Oo? vpn-config[ike-policy]> dh_group Group2_1024_bit vpn-config[ike-policy]> lifetime 28800 vpn-config[ike-policy]> enable_dead_peer_detection Y vpn-config[ike-policy]> detection_period 20 vpn-config[ike-policy]> reconnect_failure_count 3 vpn-config[ike-policy]> extended_authentication EdgeDevice vpn-config[ike-policy]> extended_authentication_type RadiusChap vpn-config[ike-policy]> save

Related show command:

show vpn ipsec ikepolicy setup

vpn ipsec ikepolicy delete <ike policy name>

This command deletes an IKE policy by specifying the name of the IKE policy.

Format

Mode

vpn ipsec ikepolicy delete <ike policy name> vpn

Related show command:

show vpn ipsec ikepolicy setup

IPSec VPN Policy Commands

vpn ipsec vpnpolicy configure <vpn policy name>

This command configures a new or existing auto IPSec VPN policy or manual IPSec VPN policy. After you have issued the vpn ipsec vpnpolicy configure command to specify the name of a new or existing VPN policy, you enter the vpn-config [vpn-policy] mode, and then you can configure one keyword and associated parameter or associated keyword or associated keyword at a time in the order that you prefer.

VPN Mode Configuration Commands

186

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 1

Step 2

Format

vpn ipsec vpnpolicy configure <vpn policy name>

Mode

vpn

Format

general_policy_type {Auto-Policy | Manual-Policy}

general_ip_version {IPv4 | IPv6}

general_remote_end_point_type {FQDN {general_remote_end_point

fqdn <domain name> | IP-Address {general_remote_end_point

ip_address <ipaddress> | {general_remote_end_point

ipv6_address <ipv6-address>}}

general_enable_netbios {N | Y}

auto_initiate_policy {N | Y}

general_enable_keep_alive {N | Y {general_ping_ipaddress

<ipaddress> | {general_ping_ipaddress6 <ipv6-address>}

{general_keep_alive_detection_period <seconds>}

{general_keep_alive_failureCount <number>}}

general_local_network_type {ANY | SINGLE

{general_local_start_address <ipaddress> |

general_local_start_address_ipv6 <ipv6-address>} | RANGE

{{general_local_start_address <ipaddress>}

{general_local_end_address <ipaddress>} |

{general_local_start_address_ipv6 <ipv6-address>}

{general_local_end_address_ipv6 <ipv6-address>}} | SUBNET

{{general_local_start_address <ipaddress>}

{general_local_subnet_mask <subnet mask>} |

{general_local_start_address_ipv6 <ipv6-address>}

{general_local_ipv6_prefix_length <prefix length>}}}

general_remote_network_type {ANY | SINGLE

{general_remote_start_address <ipaddress> |

general_remote_start_address_ipv6 <ipv6-address>} | RANGE

{{general_remote_start_address <ipaddress>}

{general_remote_end_address <ipaddress>} |

{general_remote_start_address_ipv6 <ipv6-address>}

{general_remote_end_address_ipv6 <ipv6-address>}} | SUBNET

{{general_remote_start_address <ipaddress>}

{general_remote_subnet_mask <subnet mask>} |

{general_remote_start_address_ipv6 <ipv6-address>}

{general_remote_ipv6_prefix_length <prefix length>}}}

manual_spi_in <number>

manual_encryption_algorithm {None | DES | 3DES | AES-128 |

AES-192 | AES-256}

manual_encryption_key_in <key>

manual_encryption_key_out <key>

VPN Mode Configuration Commands

187

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

manual_spi_out <number>

manual_authentication_algorithm {MD5 | SHA-1}

manual_authentication_key_in <key>

manual_authentication_key_out <key>

Mode

auto_sa_lifetime {bytes <number> | {seconds <seconds>}

auto_encryption_algorithm {None | DES | 3DES | AES-128 |

AES-192 | AES-256}

auto_authentication_algorithm {MD5 | SHA-1}

auto_enable_pfskeygroup {N | Y {auto_dh_group {Group1_768_bit |

Group2_1024_bit | Group5_1536_bit}}}

auto_select_ike_policy <ike policy name> vpn-config [vpn-policy]

Keyword (might consist of two separate words)

Associated

Keyword to Select or Parameter to

Type

Description

General policy settings general_policy_type Auto-Policy

or

Manual-Policy

Species whether the policy type is an auto or manual VPN policy:

Auto-Policy. The inbound and outbound policy settings for the VPN tunnel are automatically generated after you have issued the keywords and associated parameters that are listed in the Auto policy settings section of this table. All other VPN policy settings need to be specified manually.

Manual-Policy. All settings need to be specified manually, excluding the ones in the Auto policy settings section of this table.

VPN Mode Configuration Commands

188

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated

Keyword to Select or Parameter to

Type

Description general_ip_version IPv4

or IPv6

general_remote_end_point_type IP-Address

FQDN

or

If the general_remote_end_point_type keyword is set to IP-Address, specifies the

IP address version for the remote endpoint, local address information, and remote address information:

IPv4. The IPv4 selection requires you to specify IPv4 addresses for the following keywords:

-

general_remote_end_point ipaddress

- general_local_start_address

- general_local_end_address

- general_remote_start_address

- general_remote_end_address

IPv6. The IPv6 selection requires you to specify IPv6 addresses for the following keywords:

- general_remote_end_point ipv6address

- general_local_start_address_ipv6

- general_local_end_address_ipv6

- general_remote_start_address_ipv6

- general_remote_end_address_ipv6

Specifies whether the remote endpoint is defined by an IP address or a domain name:

IP-Address. Depending on the setting of the general_ip_version keyword, you need to either issue the

general_remote_end_point ip_address

keyword and specify an IPv4 address or issue the

general_remote_end_point ipv6_adress

keyword and specify an

IPv6 address.

FQDN. You need to issue the

general_remote_end_point fqdn

keyword and specify a domain name.

general_remote_end_point fqdn general_remote_end_point ip_adress

domain name ipaddress

If the general_remote_end_point_type keyword is set to FQDN, the domain name

(FQDN) of the remote endpoint.

If the general_remote_end_point_type keyword is set to IP-Address, and if the

general_ip_version

keyword is set to

IPv4

, the IPv4 address of the remote endpoint.

VPN Mode Configuration Commands

189

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated

Keyword to Select or Parameter to

Type

Description general_remote_end_point ipv6_adress general_enable_netbios

ipv6-address

Y

or N

If the general_remote_end_point_type keyword is set to IP-Address, and if the

general_ip_version

keyword is set to

IPv6

, the IPv6 address of the remote endpoint.

Enables or disables NetBIOS broadcasts to travel over the VPN tunnel.

auto_initiate_policy Y

or N

Note:

If you enable NetBIOS, you do not have to configure the remote address information for the traffic selector settings

(that is, you do not need to issue any keywords that start with general_remote).

Enables or disables the automatic establishment of the VPN tunnel when there is no traffic.

general_enable_keep_alive general_ping_ipaddress general_ping_ipaddress6 general_keep_alive_detection_period

Y

or N

ipaddress ipv6-address seconds

Note:

You cannot enable automatic establishment of the VPN tunnel if the

direction_type

keyword under the

vpn ipsec ikepolicy configure <ike policy name>

command is set to Responder.

Enables or disables the wireless VPN firewall to send keep-alive requests (ping packets) to the remote endpoint to keep the tunnel alive.

If you enable keep-alives, you also need to issue the following keywords:

• Either general_ping_ipaddress to specify an IPv4 address or

general_ping_ipaddress6

to specify an IPv6 address.

general_keep_alive_detection_period

to specify the detection period.

general_keep_alive_failue_count to specify the failure count.

The IPv4 address to send keep-alive requests to.

The IPv6 address to send keep-alive requests to.

The period in seconds between consecutive keep-alive requests, which are sent only when the IPSec traffic is idle.

VPN Mode Configuration Commands

190

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated

Keyword to Select or Parameter to

Type

Description general_keep_alive_failue_count

number

The maximum number of keep-alive request failures before the wireless VPN firewall tears down the connection and then attempts to reconnect to the peer.

Traffic selector settings—Local address information general_local_network_type ANY

, SINGLE,

RANGE

, or SUBNET

general_local_start_address

ipaddress

Specifies the address or addresses that are part of the VPN tunnel on the wireless VPN firewall:

ANY. All computers and devices on the network.

SINGLE. A single IP address on the network. Depending on the setting of the

general_ip_version

keyword, issue one of the following keywords:

- general_local_start_address to specify an IPv4 address.

-

general_local_start_address_ipv6

to specify an IPv6 address.

RANGE. A range of IP addresses on the network. Depending on the setting of the

general_ip_version

keyword, issue one of the following sets of keywords:

- general_local_start_address and general_local_end_address to specify IPv4 addresses.

-

general_local_start_address_ipv6

and

general_local_end_address_ipv6

to specify IPv6 addresses.

SUBNET. A subnet on the network.

Depending on the setting of the

general_ip_version

keyword, issue one of the following sets of keywords:

- general_local_start_address to specify an IPv4 address and

general_local_subnet_mask

to specify a subnet mask.

-

general_local_start_address_ipv6

to specify an IPv6 address and

general_local_ipv6_prefix_length

to specify a prefix length.

If the general_local_network_type keyword is set to SINGLE, RANGE, or SUBNET, and if the

general_ip_version

keyword is set to

IPv4

, specifies the local IPv4 (start) address.

VPN Mode Configuration Commands

191

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated

Keyword to Select or Parameter to

Type

Description general_local_end_address general_local_subnet_mask

ipaddress subnet mask

If the general_local_network_type keyword is set to RANGE, and if the

general_ip_version

keyword is set to

IPv4

, specifies the local IPv4 end address.

If the general_local_network_type keyword is set to SUBNET, and if the

general_ip_version

keyword is set to

IPv4

, specifies the subnet mask.

general_local_start_address_ipv6 general_local_end_address_ipv6 general_local_ipv6_prefix_length

ipv6-address ipv6-address prefix length

If the general_local_network_type keyword is set to SINGLE, RANGE, or

SUBNET

, and if the general_ip_version keyword is set to IPv6, specifies the local

IPv6 (start) address.

If the general_local_network_type keyword is set to RANGE, and if the

general_ip_version

keyword is set to

IPv6

, specifies the local IPv6 end address.

If the general_local_network_type keyword is set to SUBNET, and if the

general_ip_version

keyword is set to

IPv6

, specifies the prefix length.

VPN Mode Configuration Commands

192

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated

Keyword to Select or Parameter to

Type

Description

Traffic selector settings—Remote address information general_remote_network_type ANY

, SINGLE,

RANGE

, or SUBNET

Specifies the address or addresses that are part of the VPN tunnel on the remote end:

ANY. All computers and devices on the network.

SINGLE. A single IP address on the network. Depending on the setting of the

general_ip_version

keyword, issue one of the following keywords:

- general_remote_start_address to specify an IPv4 address.

-

general_remote_start_address_ipv6

to specify an IPv6 address.

RANGE. A range of IP addresses on the network. Depending on the setting of the

general_ip_version

keyword, issue one of the following sets of keywords:

- general_remote_start_address and

general_remote_end_address

to specify IPv4 addresses.

-

general_remote_start_address_ipv6

and

general_remote_end_address_ipv6

to specify IPv6 addresses.

SUBNET. A subnet on the network.

Depending on the setting of the

general_ip_version

keyword, issue one of the following sets of keywords:

- general_remote_start_address to specify an IPv4 address and

general_remote_subnet_mask

to specify a subnet mask.

-

general_remote_start_address_ipv6

to specify an IPv6 address and

general_remote_ipv6_prefix_length

to specify a prefix length.

general_remote_start_address general_remote_end_address

ipaddress ipaddress

If the general_remote_network_type keyword is set to SINGLE, RANGE, or

SUBNET

, and if the general_ip_version keyword is set to IPv4, specifies the remote

IPv4 (start) address.

If the general_remote_network_type keyword is set to RANGE, and if the

general_ip_version

keyword is set to

IPv4

, specifies the remote IPv4 end address.

VPN Mode Configuration Commands

193

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated

Keyword to Select or Parameter to

Type

Description general_remote_subnet_mask general_remote_start_address_ipv6

subnet mask ipv6-address

If the general_remote_network_type keyword is set to SUBNET, and if the

general_ip_version keyword

is set to

IPv4

, specifies the subnet mask.

If the general_remote_network_type keyword is set to SINGLE, RANGE, or

SUBNET

, and if the general_ip_version keyword is set to IPv6, specifies the remote

IPv6 (start) address.

general_remote_end_address_ipv6 general_remote_ipv6_prefix_length

ipv6-address prefix length

If the general_remote_network_type keyword is set to RANGE, and if the

general_ip_version

keyword is set to

IPv6

, specifies the remote IPv6 end address.

If the general_remote_network_type keyword is set to SUBNET, and if the

general_ip_version

keyword is set to

IPv6

, specifies the prefix length.

Manual policy settings—Inbound policy manual_spi_in manual_encryption_algorithm manual_encryption_key_in manual_encryption_key_out

number

The Security Parameter Index (SPI) for the inbound policy as an hexadecimal value between 3 and 8 characters.

None

, DES, 3DES,

AES-128

, AES-192,

AES-256

Specifies the encryption algorithm, if any, to negotiate the security association (SA):

None.

DES. Data Encryption Standard (DES).

3DES. Triple DES.

AES-128. Advanced Encryption Standard

(AES) with a 128-bit key size.

AES-192. AES with a 192-bit key size.

AES-256. AES with a 256-bit key size.

key key

The encryption key for the inbound policy.

The length of the key depends on setting of the manual_encryption_algorithm keyword.

The encryption key for the outbound policy.

The length of the key depends on setting of the manual_encryption_algorithm keyword.

VPN Mode Configuration Commands

194

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated

Keyword to Select or Parameter to

Type

Description

Manual policy settings—Outbound policy manual_spi_out manual_authentication_algorithm manual_authentication_key_in manual_authentication_key_out

number

MD5

key

or SHA-1

key

The Security Parameters Index (SPI) for the outbound policy as an hexadecimal value between 3 and 8 characters.

Specifies the authentication algorithm to negotiate the security association (SA):

SHA-1. Hash algorithm that produces a

160-bit digest.

MD5. Hash algorithm that produces a

128-bit digest.

The encryption key for the inbound policy.

The length of the key depends on setting of the

manual_authentication_algorithm

keyword.

The encryption key for the outbound policy.

The length of the key depends on setting of the

manual_authentication_algorithm

keyword.

Auto policy settings auto_sa_lifetime bytes auto_sa_lifetime seconds auto_encryption_algorithm

number seconds

The lifetime of the security association (SA) is the period or the amount of transmitted data after which the SA becomes invalid and needs to be renegotiated. Either issue the

auto_sa_lifetime bytes

keyword and specify the number of bytes, or issue the

auto_sa_lifetime seconds

keyword and specify the period in seconds.

None

, DES, 3DES,

AES-128

, AES-192,

AES-256

Specifies the encryption algorithm, if any, to negotiate the security association (SA):

None.

DES. Data Encryption Standard (DES).

3DES. Triple DES.

AES-128. Advanced Encryption Standard

(AES) with a 128-bit key size.

AES-192. AES with a 192-bit key size.

AES-256. AES with a 256-bit key size.

VPN Mode Configuration Commands

195

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword (might consist of two separate words)

Associated

Keyword to Select or Parameter to

Type

Description auto_authentication_algorithm MD5

or SHA-1 Specifies the authentication algorithm to negotiate the security association (SA):

SHA-1. Hash algorithm that produces a

160-bit digest.

MD5. Hash algorithm that produces a

128-bit digest.

auto_enable_pfskeygroup auto_dh_group auto_select_ike_policy

Y

or N Enables or disables Perfect Forward Secrecy

(PFS). If you enable PFS, you need to issue the auto_dh_group keyword to specify a group.

Group1_768_bit

,

Group2_1024_bit

, or

Group5_1536_bit

Specifies a Diffie-Hellman (DH) group, which sets the strength of the algorithm in bits. The higher the group, the more secure the exchange.

ike policy name

Select an existing IKE policy that defines the authentication negotiation.

Command example:

FVS318N> vpn ipsec vpnpolicy configure FVS-to-Paris vpn-config[vpn-policy]> general_policy_type Auto-Policy vpn-config[vpn-policy]> general_ip_version IPv4 vpn-config[vpn-policy]> general_remote_end_point_type IP-Address vpn-config[vpn-policy]> general_remote_end_point ip_address 10.112.71.154 vpn-config[vpn-policy]> general_local_network_type SUBNET vpn-config[vpn-policy]> general_local_start_address 192.168.1.0 vpn-config[vpn-policy]> general_local_subnet_mask 255.255.255.0 vpn-config[vpn-policy]> general_remote_network_type SUBNET vpn-config[vpn-policy]> general_remote_start_address 192.168.50.0 vpn-config[vpn-policy]> general_remote_subnet_mask 255.255.255.255 vpn-config[vpn-policy]> auto_sa_lifetime seconds 3600 vpn-config[vpn-policy]> auto_encryption_algorithm 3DES vpn-config[vpn-policy]> auto_authentication_algorithm SHA-1 vpn-config[vpn-policy]> auto_select_ike_policy FVS-to-Paris vpn-config[vpn-policy]> save

Related show command:

show vpn ipsec vpnpolicy setup

and

show vpn ipsec vpnpolicy status

VPN Mode Configuration Commands

196

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn ipsec vpnpolicy delete <vpn policy name>

This command deletes a VPN policy by specifying the name of the VPN policy.

Format

Mode

vpn ipsec vpnpolicy delete <vpn policy name> vpn

Related show command:

show vpn ipsec vpnpolicy setup

vpn ipsec vpnpolicy disable <vpn policy name>

This command disables a VPN connection by specifying the name of the VPN policy.

Format

Mode

vpn ipsec vpnpolicy disable <vpn policy name> vpn

Related show command:

show vpn ipsec vpnpolicy setup

vpn ipsec vpnpolicy enable <vpn policy name>

This command enables a VPN connection by specifying the name of the VPN policy.

Format

Mode

vpn ipsec vpnpolicy enable <vpn policy name> vpn

Related show command:

show vpn ipsec vpnpolicy setup

vpn ipsec vpnpolicy connect <vpn policy name>

This command establishes a VPN connection by specifying the name of the VPN policy.

Format

Mode

vpn ipsec vpnpolicy connect <vpn policy name> vpn

Related show command:

show vpn ipsec vpnpolicy setup

and

show vpn ipsec vpnpolicy status

VPN Mode Configuration Commands

197

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn ipsec vpnpolicy drop <vpn policy name>

This command terminates an active VPN connection by specifying the name of the VPN policy.

Format

Mode

vpn ipsec vpnpolicy drop <vpn policy name> vpn

Related show command:

show vpn ipsec vpnpolicy setup

and

show vpn ipsec vpnpolicy status

IPSec VPN Mode Config Commands

vpn ipsec mode_config configure <record name>

This command configures a Mode Config record. After you have issued the vpn ipsec

mode_config configure

command to specify a record name, you enter the vpn-config [modeConfig] mode, and then you can configure one keyword and associated parameter or associated keyword or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

vpn ipsec mode_config configure <record name>

Mode

vpn

Format

first_pool_start_ip <ipaddress>

first_pool_end_ip <ipaddress>

second_pool_start_ip <ipaddress>

second_pool_end_ip <ipaddress>

third_pool_start_ip <ipaddress>

third_pool_end_ip <ipaddress>

wins_server_primary_ip <ipaddress>

wins_server_secondary_ip <ipaddress>

dns_server_primary_ip <ipaddress>

dns_server_secondary_ip <ipaddress>

VPN Mode Configuration Commands

198

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword

Mode

pfs_key_group {N | Y {dh_group {Group1_768_bit |

Group2_1024_bit | Group5_1536_bit}}}

sa_lifetime_type {Seconds {sa_lifetime <seconds>} | KBytes

{sa_lifetime <KBytes>})

encryption_algorithm {None | DES | 3DES | AES-128 |

AES-192 | AES-256}

integrity_algorithm {MD5 | SHA-1}

local_ip <ipaddress>

local_subnet_mask <subnet mask> vpn-config [modeConfig]

Associated Keyword to

Select or Parameter to Type

Description

Client pool first_pool_start_ip

ipaddress

first_pool_end_ip second_pool_start_ip second_pool_end_ip third_pool_start_ip third_pool_end_ip wins_server_primary_ip wins_server_secondary_ip dns_server_primary_ip dns_server_secondary_ip

ipaddress ipaddress ipaddress ipaddress ipaddress ipaddress ipaddress ipaddress ipaddress

The start IP address for the first Mode

Config pool.

The end IP address for the first Mode Config pool.

The start IP address for the second Mode

Config pool.

The end IP address for the second Mode

Config pool.

The start IP address for the third Mode

Config pool.

The end IP address for the third Mode

Config pool.

The IP address of the first WINS server.

The IP address of the second WINS server.

The IP address of the first DNS server that is used by remote VPN clients.

The IP address of the second DNS server that is used by remote VPN clients.

Traffic tunnel security level pfs_key_group Y

or N

dh_group Group1_768_bit

,

Group2_1024_bit

Group5_1536_bit

, or

Enables or disables Perfect Forward

Secrecy (PFS). If you enable PFS, you need to issue the dh_group keyword to specify a group.

Specifies a Diffie-Hellman (DH) group, which sets the strength of the algorithm in bits. The higher the group, the more secure the exchange.

VPN Mode Configuration Commands

199

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword sa_lifetime_type sa_lifetime encryption_algorithm integrity_algorithm local_ip

Associated Keyword to

Select or Parameter to Type

Description

Seconds

or KBytes Specifies whether the sa_lifetime keyword is set in seconds or Kbytes.

seconds

or number

None

, DES, 3DES, AES-128,

AES-192

, or AES-256

Specifies the encryption algorithm, if any, to negotiate the security association (SA):

None.

DES. Data Encryption Standard (DES).

3DES. Triple DES.

AES-128. Advanced Encryption Standard

(AES) with a 128-bit key size.

AES-192. AES with a 192-bit key size.

AES-256. AES with a 256-bit key size.

MD5

or SHA-1

Depending on the setting of the

sa_lifetime_type

keyword, the SA lifetime in seconds or in KBytes.

Specifies the authentication (integrity) algorithm to negotiate the security association (SA):

SHA-1. Hash algorithm that produces a

160-bit digest.

MD5. Hash algorithm that produces a

128-bit digest.

ipaddress subnet mask

The local IPv4 address to which remote VPN clients have access. If you do not specify a local IP address, the wireless VPN firewall’s default LAN IP address is used.

The local subnet mask.

local_subnet_mask

Command example:

FVS318N> vpn ipsec mode_config configure iphone vpn-config[modeConfig]> first_pool_start_ip 10.100.10.1 vpn-config[modeConfig]> first_pool_end_ip 10.100.10.12 vpn-config[modeConfig]> dns_server_primary_ip 192.168.1.1 vpn-config[modeConfig]> pfs_key_group Y vpn-config[modeConfig]> dh_group Group2_1024_bit vpn-config[modeConfig]> sa_lifetime_type Seconds vpn-config[modeConfig]> sa_lifetime 3600 vpn-config[modeConfig]> encryption_algorithm 3DES vpn-config[modeConfig]> integrity_algorithm SHA-1 vpn-config[modeConfig]> local_ip 192.168.1.0 vpn-config[modeConfig]> local_subnet_mask 255.255.255.0 vpn-config[modeConfig]> save

Related show command:

show vpn ipsec mode_config setup

VPN Mode Configuration Commands

200

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn ipsec modeConfig delete <record name>

This command deletes a Mode Config record by specifying its record name.

Format

Mode

vpn ipsec modeConfig delete <record name> vpn

Related show command:

show vpn ipsec mode_config setup

SSL VPN Portal Layout Commands

vpn sslvpn portal-layouts add

This command configures a new SSL VPN portal layout. After you have issued the vpn

sslvpn portal-layouts add

command, you enter the [portal-settings] mode, and then you can configure one keyword and associated parameter or associated keyword or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

vpn sslvpn portal-layouts add

Mode

vpn

Format

portal_name <portal name>

portal_title <portal title>

banner_title <banner title>

banner_message <message text>

display_banner {Y | N}

enable_httpmetatags {Y | N}

enable_activex_web_cache_cleaner {Y | N}

enable_vpntunnel {Y | N}

enable_portforwarding {Y | N}

Mode

[portal-settings]

Keyword portal_name portal_title

Associated Keyword to

Select or Parameter to Type

Description

portal name portal title

The portal name (alphanumeric string).

The portal title (alphanumeric string). Place text that consists of more than one word between quotes.

VPN Mode Configuration Commands

201

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword banner_title banner_message display_banner enable_httpmetatags

Associated Keyword to

Select or Parameter to Type

Description

banner name

The banner title (alphanumeric string). Place text that consists of more than one word between quotes.

message text

The banner message

(alphanumeric string). Place text that consists of more than one word between quotes.

Y

or N

Y enable_activex_web_cache_cleaner Y

or N

or N

Specifies whether or not the banner message is displayed.

Specifies whether or not HTTP meta tags are enabled.

Specifies whether or not the

ActiveX web cache cleaner is enabled.

enable_vpntunnel enable_portforwarding

Y

or N

Y

or N

Specifies whether or not the VPN tunnel is enabled.

Specifies whether or not port forwarding is enabled.

Command example:

FVS318N> vpn sslvpn portal-layouts add

[portal-settings]> portal_name CSup

[portal-settings]> portal_title “Customer Support”

[portal-settings]> banner_title “Welcome to Customer Support”

[portal-settings]> banner_message “In case of login difficulty, call

123-456-7890.”

[portal-settings]> display_banner Y

[portal-settings]> enable_httpmetatags Y

[portal-settings]> enable_activex_web_cache_cleaner Y

[portal-settings]> enable_vpntunnel Y

[portal-settings]> save

Related show command:

show vpn sslvpn portal-layouts

vpn sslvpn portal-layouts edit <row id>

This command configures an existing SSL VPN portal layout. After you have issued the vpn

sslvpn portal-layouts edit

command to specify the row to be edited, you enter the

[portal-settings] mode, and then you can configure one keyword and associated parameter or associated keyword or associated keyword at a time in the order that you prefer.

VPN Mode Configuration Commands

202

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 1

Step 2

Format

vpn sslvpn portal-layouts edit <row id>

Mode

vpn

Format

portal_name <portal name>

portal_title <portal title>

banner_title <banner title>

banner_message <message text>

display_banner {Y | N}

enable_httpmetatags {Y | N}

enable_activex_web_cache_cleaner {Y | N}

enable_vpntunnel {Y | N}

enable_portforwarding {Y | N}

Mode

[portal-settings]

Keyword portal_name portal_title banner_title banner_message display_banner enable_httpmetatags

Associated Keyword to

Select or Parameter to Type

Description

portal name portal title

The portal name (alphanumeric string).

The portal title (alphanumeric string). Place text that consists of more than one word between quotes.

banner name message text

Y

Y enable_activex_web_cache_cleaner Y enable_vpntunnel enable_portforwarding

Y

Y

or N

or N

or N

or N

or N

The banner title (alphanumeric string). Place text that consists of more than one word between quotes.

The banner message

(alphanumeric string). Place text that consists of more than one word between quotes.

Specifies whether or not the banner message is displayed.

Specifies whether or not HTTP meta tags are enabled.

Specifies whether or not the

ActiveX web cache cleaner is enabled.

Specifies whether or not the VPN tunnel is enabled.

Specifies whether or not port forwarding is enabled.

Related show command:

show vpn sslvpn portal-layouts

VPN Mode Configuration Commands

203

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn portal-layouts delete <row id>

This command deletes an SSL VPN portal layout by specifying its row ID.

Format

Mode

vpn sslvpn portal-layouts delete <row id> vpn

Related show command:

show vpn sslvpn portal-layouts

SSL VPN Authentication Domain Commands

vpn sslvpn users domains add

This command configures a new authentication domain that is not limited to SSL VPN users.

After you have issued the vpn sslvpn users domains add command, you enter the users-config [domains] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

vpn sslvpn users domains add

Mode

vpn

Format

domain_name <domain name>

portal <portal name>

authentication_type {LocalUserDatabase | Radius-PAP |

Radius-CHAP | Radius-MSCHAP | Radius-MSCHAPv2 | WIKID-PAP |

WIKID-CHAP | MIAS-PAP | MIAS-CHAP | NTDomain |

ActiveDirectory | LDAP}

authentication_server1 <ipaddress>

authentication_secret <secret>

workgroup <group name>

ldap_base_dn <distinguished name>

active_directory_domain <domain name>

Mode

users-config [domains]

Keyword domain_name portal

Associated Keyword to

Select or Parameter to Type

Description

domain name portal name

The domain name (alphanumeric string).

The portal name (alphanumeric string).

Note:

For information about how to configure

a portal, see

SSL VPN Portal Layout

Commands

.

VPN Mode Configuration Commands

204

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword authentication_type authentication_server1 authentication_secret workgroup ldap_base_dn active_directory_domain

Associated Keyword to

Select or Parameter to Type

Description

LocalUserDatabase

,

Radius-PAP

, Radius-CHAP,

Radius-MSCHAP

,

Radius-MSCHAPv2

,

WIKID-PAP

, WIKID-CHAP,

MIAS-PAP

, MIAS-CHAP,

NTDomain

,

ActiveDirectory

, or LDAP

The authentication method that is applied to the domain:

• For all selections with the exception of

LocalUserDatabase

, you need to issue the authentication_server1 keyword and specify an IP address.

• For all PAP and CHAP selections, you need to issue the authentication_secret keyword and specify a secret.

• For the NTDomain selection, you need to issue the workgroup keyword and specify the workgroup.

• For the ActiveDirectory selection, you need to issue the

active_directory_domain

keyword and specify the Active Directory.

• For the LDAP selection, you need to issue the ldap_base_dn keyword and specify a

DN.

ipaddress secret group name distinguished name domain name

The IP address of the authentication server.

The authentication secret (alphanumeric string).

The NT domain workgroup name

(alphanumeric string).

The LDAP base distinguished name (DN; alphanumeric string). Do not include spaces.

The Active Directory domain name

(alphanumeric string).

Command example:

FVS318N> vpn sslvpn users domains add users-config[domains]> active_directory_domain Headquarter users-config[domains]> portal CSup users-config[domains]> authentication_type LDAP users-config[domains]> authentication_server1 192.168.24.118 users-config[domains]> ldap_base_dn dc=netgear,dc=com users-config[domains]> save

Related show command:

show vpn sslvpn users domains

VPN Mode Configuration Commands

205

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users domains edit <row id>

This command configures an existing authentication domain that is not limited to SSL VPN users. After you have issued the vpn sslvpn users domains edit command to specify the row to be edited, you enter the users-config [domains] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

vpn sslvpn users domains edit <row id>

Mode

vpn

Format

domain_name <domain name>

portal <portal name>

authentication_type {LocalUserDatabase | Radius-PAP |

Radius-CHAP | Radius-MSCHAP | Radius-MSCHAPv2 | WIKID-PAP |

WIKID-CHAP | MIAS-PAP | MIAS-CHAP | NTDomain |

ActiveDirectory | LDAP}

authentication_server1 <ipaddress>

authentication_secret <secret>

workgroup <group name>

ldap_base_dn <distinguished name>

active_directory_domain <domain name>

Mode

users-config [domains]

Keyword domain_name portal

Associated Keyword to

Select or Parameter to Type

Description

domain name portal name

The domain name (alphanumeric string).

The portal name (alphanumeric string).

Note:

For information about how to configure

a portal, see

SSL VPN Portal Layout

Commands

.

VPN Mode Configuration Commands

206

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword authentication_type authentication_server1 authentication_secret workgroup ldap_base_dn active_directory_domain

Associated Keyword to

Select or Parameter to Type

Description

LocalUserDatabase

,

Radius-PAP

, Radius-CHAP,

Radius-MSCHAP

,

Radius-MSCHAPv2

,

WIKID-PAP

, WIKID-CHAP,

MIAS-PAP

, MIAS-CHAP,

NTDomain

,

ActiveDirectory

, or LDAP

The authentication method that is applied to the domain:

• For all selections with the exception of

LocalUserDatabase

, you need to issue the authentication_server1 keyword and specify an IP address.

• For all PAP and CHAP selections, you need to issue the authentication_secret keyword and specify a secret.

• For the NTDomain selection, you need to issue the workgroup keyword and specify the workgroup.

• For the ActiveDirectory selection, you need to issue the

active_directory_domain

keyword and specify the Active Directory.

• For the LDAP selection, you need to issue the ldap_base_dn keyword and specify a

DN.

ipaddress secret group name distinguished name domain name

The IP address of the authentication server.

The authentication secret (alphanumeric string).

The NT domain workgroup name

(alphanumeric string).

The LDAP base distinguished name (DN; alphanumeric string). Do not include spaces.

The Active Directory domain name

(alphanumeric string).

Related show command:

show vpn sslvpn users domains

vpn sslvpn users domains delete <row id>

This command deletes an SSL VPN authentication domain by specifying its row ID.

Format

Mode

vpn sslvpn users domains delete <row id> vpn

Related show command:

show vpn sslvpn users domains

VPN Mode Configuration Commands

207

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

SSL VPN Authentication Group Commands

vpn sslvpn users groups add

This command configures a new authentication group that is not limited to SSL VPN users.

After you have issued the vpn sslvpn users groups add command, you enter the users-config [groups] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

vpn sslvpn users groups add

Mode

vpn

Format

domain_name <domain name>

group_name <group name>

idle_timeout <minutes>

Mode

users-config [groups]

Keyword domain_name group_name idle_timeout

Associated

Parameter to Type

Description

domain name

The domain name (alphanumeric string) to which the group belongs.

group name minutes

Note:

For information about configuring domains, see

SSL VPN

Authentication Domain Commands

.

The group name (alphanumeric string).

The idle time-out in minutes.

Command example:

FVS318N> vpn sslvpn users groups add users-config[groups]> domain_name Headquarter users-config[groups]> group_name Sales users-config[groups]> idle_timeout 15 users-config[groups]> save

Related show command:

show vpn sslvpn users groups

vpn sslvpn users groups edit <row id>

This command configures an existing authentication group that is not limited to SSL VPN users. After you have issued the vpn sslvpn users groups edit command to specify the row to be edited, you enter the users-config [groups] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

VPN Mode Configuration Commands

208

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 1

Step 2

Format

vpn sslvpn users groups edit <row id>

Mode

vpn

Format

domain_name <domain name>

group_name <group name>

idle_timeout <minutes>

Mode

users-config [groups]

Keyword domain_name group_name idle_timeout

Associated

Parameter to Type

Description

domain name

The domain name (alphanumeric string) to which the group belongs.

group name minutes

Note:

For information about configuring domains, see

SSL VPN

Authentication Domain Commands

.

The group name (alphanumeric string).

The idle time-out in minutes.

Related show command:

show vpn sslvpn users groups

vpn sslvpn users groups delete <row id>

This command deletes an authentication group by specifying its row ID.

Format

Mode

vpn sslvpn users groups delete <row id> vpn

Related show command:

show vpn sslvpn users groups

SSL VPN User Commands

vpn sslvpn users users add

This command configures a new user account. The command is not limited to SSL VPN users. After you have issued the vpn sslvpn users users add command, you enter the users-config [users] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

VPN Mode Configuration Commands

209

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 1

Step 2

Format

vpn sslvpn users users add

Mode

vpn

Format

user_name <user name>

user_type {SSLVPNUser | Administrator | Guest | IPSECVPNUser |

L2TPUser}

group <group name>

password <password>

confirm_password <password>

idle_timeout <minutes>

Mode

users-config [users]

Keyword user_name user_type group password confirm_password idle_timeout

Associated Keyword to Select or Parameter to Type

Description

user name group name

The user name (alphanumeric string)

SSLVPNUser

, Administrator,

Guest

, IPSECVPNUser, and

L2TPUser

The user type.

The group name (alphanumeric string) to which the user belongs.

password password minutes

Note:

For information about how to configure groups, see

SSL VPN Authentication Group

Commands

.

The password (alphanumeric string) that is assigned to the user. You need to issue the

confirm_password

keyword and confirm the password.

The confirmation of the password.

The idle time-out in minutes.

Command example:

FVS318N> vpn sslvpn users users add users-config[users]> user_name PeterBrown users-config[users]> user_type SSLVPNUser users-config[users]> group Sales users-config[users]> password 3goTY5!Of6hh users-config[users]> confirm_password 3goTY5!Of6hh users-config[users]> idle_timeout 10 users-config[users]> save

Related show command:

show vpn sslvpn users users

VPN Mode Configuration Commands

210

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users edit <row id>

This command configures an existing user account. The command is not limited to SSL VPN users. After you have issued the vpn sslvpn users users edit command to specify the row to be edited, you enter the users-config [users] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

vpn sslvpn users users edit <row id>

Mode

vpn

Format

user_name <user name>

user_type {SSLVPNUser | Administrator | Guest | IPSECVPNUser |

L2TPUser}

group <group name>

password <password>

confirm_password <password>

idle_timeout <minutes>

Mode

users-config [users]

Keyword user_name user_type group password confirm_password idle_timeout

Associated Keyword to Select or Parameter to Type

Description

user name group name

The user name (alphanumeric string)

SSLVPNUser

, Administrator,

Guest

, IPSECVPNUser, and

L2TPUser

The user type.

The group name (alphanumeric string) to which the user belongs.

password password minutes

Note:

For information about how to configure

groups, see

SSL VPN Authentication Group

Commands

.

The password (alphanumeric string) that is assigned to the user. You need to issue the

confirm_password

keyword and confirm the password.

The confirmation of the password.

The idle time-out in minutes.

Related show command:

show vpn sslvpn users users

VPN Mode Configuration Commands

211

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users delete <row id>

This command deletes a user account by specifying its row ID.

Format

Mode

vpn sslvpn users users delete <row id> vpn

Related show command:

show vpn sslvpn users users

vpn sslvpn users users login_policies <row id>

This command configures the login policy for a user. The command is not limited to SSL VPN users. After you have issued the vpn sslvpn users users login_policies command to specify the row ID that represents the user, you enter the users-config [login-policy] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

vpn sslvpn users users login_policies <row id>

Mode

vpn

Format

deny_login_from_wan_interface {Y | N}

disable_login {Y | N}

Mode

users-config [login-policy]

Keyword Associated Keyword to Select

Description deny_login_from_wan_interface Y

or N

disable_login Y

or N

Enables or disables login from the WAN interface.

Enables or disables login from any interface.

Command example:

FVS318N> vpn sslvpn users users login_policies 5 users-config[login-policy]> disable_login Y users-config[login-policy]> save

Related show command:

show vpn sslvpn users users

and

show vpn sslvpn users login_policies

<row id>

VPN Mode Configuration Commands

212

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users ip_policies configure <row id>

This command configures source IP addresses from which a user is either allowed or denied access. The command is not limited to SSL VPN users. After you have issued the vpn

sslvpn users users ip_policies configure

command to specify the row ID that represents the user, you enter the users-config [ip-policy] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

vpn sslvpn users users ip_policies configure <row id>

Mode

vpn

Format

allow_login_from_defined_addresses {Y | N}

ip_version {IPv4 | IPv6}

source_address_type {IPAddress {{source_address <ipaddress>} |

{source_address6 <ipv6-address>}} | IPNetwork

{{source_address <ipaddress>} {mask_length <mask length>} |

{source_address6 <ipv6-address>} {prefix_length

<prefix length>}}}

Mode

users-config [ip-policy]

Keyword Associated Keyword to

Select or Parameter to Type

Description allow_login_from_defined_addresses Y

or N

ip_version IPv4

or IPv6

Allows or denies login from a single-source IP address or network IP addresses.

Specifies the IP version of the source

IP address:

IPv4. The IP address or network address is defined by an IPv4 address. You need to issue the

source_address

keyword and specify an IPv4 address. For a network address, you also need to issue the mask_length keyword and specify a subnet mask length.

IPv6. The IP address or network address is defined by an IPv6 address. You need to issue the

source_address6

keyword and specify an IPv6 address. For a network address, you also need to issue the prefix_length keyword and specify a prefix length.

VPN Mode Configuration Commands

213

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword source_address_type source_address mask_length source_address6 prefix_length

Associated Keyword to

Select or Parameter to Type

Description

IPAddress

or IPNetwork The source address type:

IPAddress. A single IP address. The setting of the ip_version keyword determines whether you need to issue the source_address keyword and specify an IPv4 address or issue the source_address6 keyword and specify an IPv6 address.

IPNetwork. A subnet of IP addresses. The setting of the

ip_version

keyword determines whether you need to issue the

mask_length

keyword and specify an IPv4 subnet mask or issue the

prefix_length

keyword and specify an IPv6 prefix length.

ipaddress mask length

The IPv4 IP address or network address if the ip_version keyword is set to IPv4.

If the source_address_type keyword is set to IPNetwork and the

ip_version

keyword is set to IPv4, the mask length of the IPv4 network.

ipv6-address prefix length

The IPv6 IP address or network address if the ip_version keyword is set to IPv6.

If the source_address_type keyword is set to IPNetwork and the

ip_version

keyword is set to IPv6, the prefix length of the IPv6 network.

Command example:

FVS318N> vpn sslvpn users users ip_policies configure 5 users-config[ip-policy]> allow_login_from_defined_addresses Y users-config[ip-policy]> ip_version IPv4 users-config[ip-policy]> source_address_type IPAddress users-config[ip-policy]> source_address 10.156.127.39 users-config[ip-policy]> save

Related show command:

show vpn sslvpn users users

and

show vpn sslvpn users ip_policies <row id>

VPN Mode Configuration Commands

214

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users ip_policies delete <row id>

This command deletes a source IP address for a user by specifying the row ID of the table.

Format

Mode

vpn sslvpn users ip_policies delete <row id> vpn

Related show command:

show vpn sslvpn users users

and

show vpn sslvpn users ip_policies <row id>

vpn sslvpn users users browser_policies <row id>

This command configures the client browsers from which a user is either allowed or denied access. The command is not limited to SSL VPN users. After you have issued the vpn

sslvpn users users browser_policies

command to specify the row ID that represents the user, you enter the users-config [browser-policy] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer. You can add multiple browsers to the browser list.

Step 1

Step 2

Format

vpn sslvpn users users browser_policies <row id>

Mode

vpn

Format add browser

{InternetExplorer | NetscapeNavigator | Opera | Firefox |

Mozilla

}

delete_browser

{InternetExplorer | NetscapeNavigator | Opera | Firefox

Mozilla

}

enable_or_disable_login_from_defined_browsers

{Y | N}

Mode

users-config [browser-policy]

Keyword add_browser

Associated Keyword to

Select or Parameter to Type

Description

InternetExplorer

,

NetscapeNavigator

,

Opera

, Firefox, Mozilla

Adds a browser to the browser list. By default, there are no browsers on the browser list.

VPN Mode Configuration Commands

215

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword delete_browser

Associated Keyword to

Select or Parameter to Type

Description

InternetExplorer

,

NetscapeNavigator

,

Opera

, Firefox, Mozilla

Removes a browser from the browser list (after you first have added the browser to the browser list).

enable_or_disable_login_from_defined_browsers Y

access through the browsers on the browser list is allowed or denied:

Yes. Allows access through the browsers on the browser list.

No. Denies access through the browsers on the browser list.

Command example:

FVS318N> vpn sslvpn users users browser_policies 5 users-config[browser-policy]> add_browser NetscapeNavigator users-config[browser-policy]> add_browser InternetExplorer users-config[browser-policy]> enable_or_disable_login_from_defined_browsers N users-config[browser-policy]> save

Related show command:

show vpn sslvpn users users

and

show vpn sslvpn users browser_policies

<row id>

SSL VPN Port Forwarding Commands

vpn sslvpn portforwarding appconfig add

This command configures a new SSL port forwarding application. After you have issued the

vpn sslvpn portforwarding appconfig add

command, you enter the

[portforwarding-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

vpn sslvpn portforwarding appconfig add

Mode

vpn

Format

server_ip <ipaddress>

port <number>

Mode

[portforwarding-settings]

VPN Mode Configuration Commands

216

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword server_ip port

Associated

Parameter to Type

Description

ipaddress number

The IP address of the local server that hosts the application.

The TCP port number of the local server that hosts the application.

Command example:

FVS318N> vpn sslvpn portforwarding appconfig add

[portforwarding-settings]> server_ip 192.168.51.227

[portforwarding-settings]> port 3389

[portforwarding-settings]> save

Related show command:

show vpn sslvpn portforwarding appconfig

vpn sslvpn portforwarding appconfig delete <row id>

This command deletes an SSL port forwarding application by specifying its row ID.

Format

Mode

vpn sslvpn portforwarding appconfig delete <row id> vpn

Related show command:

show vpn sslvpn portforwarding appconfig

vpn sslvpn portforwarding hostconfig add

This command configures a new host name for an SSL port forwarding application. After you have issued the vpn sslvpn portforwarding hostconfig add command, you enter the [portforwarding-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

vpn sslvpn portforwarding hostconfig add

Mode

vpn

Format

server_ip <ipaddress>

domain_name <domain name>

Mode

[portforwarding-settings]

VPN Mode Configuration Commands

217

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword server_ip

Associated

Parameter to Type

Description

ipaddress

The IP address of the local server that hosts the application.

domain name

Note:

The IP address needs to be the same as the IP address

that you assigned through the

vpn sslvpn portforwarding appconfig add

command for the same application.

The domain name for the local server that hosts the application.

domain_name

Command example:

FVS318N> vpn sslvpn portforwarding hostconfig add

[portforwarding-settings]> server_ip 192.168.51.227

[portforwarding-settings]> domain_name RemoteDesktop

[portforwarding-settings]> save

Related show command:

show vpn sslvpn portforwarding hostconfig

vpn sslvpn portforwarding hostconfig delete <row id>

This command deletes a host name for an SSL port forwarding application by specifying the row ID of the host name.

Format

Mode

vpn sslvpn portforwarding hostconfig delete <row id> vpn

Related show command:

show vpn sslvpn portforwarding hostconfig

SSL VPN Client Commands

vpn sslvpn client ipv4

This command configures the SSL client IP address range. After you have issued the vpn

sslvpn client ipv4

command, you enter the [sslvpn-client-ipv4-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1 Format vpn sslvpn client ipv4

Mode

vpn

VPN Mode Configuration Commands

218

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 2 Format

enable_full_tunnel {Y | N}

dns_suffix <suffix>

primary_dns <ipaddress>

secondary_dns <ipaddress>

begin_client_address <ipaddress>

end_client_address <ipaddress>

Mode

[sslvpn-client-ipv4-settings]

Keyword enable_full_tunnel dns_suffix primary_dns secondary_dns begin_client_address end_client_address

Associated Keyword to

Select or Parameter to Type

Description

Y

or N Enables or disables full-tunnel support:

Yes. Enables full-tunnel support.

No. Disables full-tunnel support and enables split-tunnel support. If you enable split-tunnel support and you assign an entirely different subnet to the VPN tunnel clients from the subnet that is used by the local network, you need to add a client route to ensure that a VPN tunnel client connects to the local network over

the VPN tunnel (see the

vpn sslvpn route add

command).

suffix ipaddress

The DNS suffix to be appended to incomplete

DNS search strings. This setting is optional.

The IP address of the primary DNS server. This setting is optional.

ipaddress ipaddress ipaddress

Note:

If you do not assign a DNS server, the

DNS settings remain unchanged in the VPN client after a VPN tunnel has been established.

The IP address of the secondary DNS server.

This setting is optional.

The start IP address of the IPv4 client range. The default address is 192.168.251.1.

The end IP address of the IPv4 client range. The default address is 192.168.251.254.

Command example:

FVS318N> vpn sslvpn client ipv4

[sslvpn-client-ipv4-settings]> enable_full_tunnel N

[sslvpn-client-ipv4-settings]> primary_dns 192.168.10.5

[sslvpn-client-ipv4-settings]> secondary_dns 192.168.10.6

[sslvpn-client-ipv4-settings]> begin_client_address 192.168.200.50

[sslvpn-client-ipv4-settings]> end_client_address 192.168.200.99

[sslvpn-client-ipv4-settings]> save

Related show command:

show vpn sslvpn client

VPN Mode Configuration Commands

219

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn client ipv6

This command configures the SSL client IP address range. After you have issued the vpn

sslvpn client ipv6

command, you enter the [sslvpn-client-ipv6-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format vpn sslvpn client ipv6

Mode

vpn

Format

enable_full_tunnel {Y | N}

begin_client_address <ipaddress>

end_client_address <ipaddress>

Mode

[sslvpn-client-ipv6-settings]

Keyword enable_full_tunnel begin_client_address end_client_address

Associated Keyword to

Select or Parameter to Type

Description

Y

or N Enables or disables full-tunnel support:

Yes. Enables full-tunnel support.

No. Disables full-tunnel support and enables split-tunnel support. If you enable split-tunnel support and you assign an entirely different subnet to the VPN tunnel clients from the subnet that is used by the local network, you need to add a client route to ensure that a VPN tunnel client connects to the local network over

the VPN tunnel (see the

vpn sslvpn route add

command).

ipaddress ipaddress

The start IP address of the IPv6 client range. The default address is 4000::1.

The end IP address of the IPv6 client range. The default address is 4000::200.

Command example:

FVS318N> vpn sslvpn client ipv6

[sslvpn-client-ipv6-settings]> enable_full_tunnel N

[sslvpn-client-ipv6-settings]> begin_client_address 4000::1000:2

[sslvpn-client-ipv6-settings]> end_client_address 4000::1000:50

[sslvpn-client-ipv6-settings]> save

Related show command:

show vpn sslvpn client

VPN Mode Configuration Commands

220

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn route add

This command configures a static client route to a destination network. After you have issued the vpn sslvpn route add command, you enter the [sslvpn-route-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Note:

When full-tunnel support is enabled, client routes are not operable.

For clients routes to be operable, split-tunnel support should be enabled.

Step 1

Step 2

Format vpn sslvpn route add

Mode

vpn

Format ip_version

{IPv4 {destination_network <ipaddress>} {subnet_mask

<subnet mask>}

| IPv6 {destination_network6 <ipv6-address>}

{prefix_length <prefix length>

}}

Mode

[sslvpn-route-settings]

Keyword ip_version

Associated

Parameter to Type

Description

IPv4

or IPv6 Specifies the IP version of the destination network for the route:

IPv4. The network address is an IPv4 address. You need to issue the destination_network and subnet_mask keywords and specify an IPv4 address and subnet mask.

IPv6. The network address is an IPv6 address. You need to issue the destination_network6 and prefix_length keywords and specify an IPv6 address and prefix length.

destination_network subnet_mask

ipaddress subnet mask

If the ip_version keyword is set to IPv4, the IPv4 address of the destination network for the route.

If the ip_version keyword is set to IPv4, the subnet mask of the destination network for the route.

destination_network6 ipv6-address

prefix_length

If the ip_version keyword is set to IPv6, the IPv6 address of the destination network for the route.

prefix length

If the ip_version keyword is set to IPv6, the prefix length of the destination network for the route.

Command example:

FVS318N> vpn sslvpn route add

[sslvpn-route-settings]> ip_version IPv4

[sslvpn-route-settings]> destination_network 192.168.4.20

VPN Mode Configuration Commands

221

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

[sslvpn-route-settings]> subnet_mask 255.255.255.254

[sslvpn-route-settings]> save

Related show command:

show vpn sslvpn route

vpn sslvpn route delete <row id>

This command deletes a client route by specifying its row ID.

Format

Mode

vpn sslvpn route delete <row id> vpn

Related show command:

show vpn sslvpn route

SSL VPN Resource Commands

vpn sslvpn resource add

This command adds a new resource. After you have issued the vpn sslvpn resource

add

command, you enter the [sslvpn-resource-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format vpn sslvpn resource add

Mode

vpn

Format

resource_name <resource name>

service_type {VPNTunnel | PortForwarding | All}

Mode

[sslvpn-resource-settings]

Keyword resource_name service_type

Associated Keyword to

Select or Parameter to Type

Description

The resource name (alphanumeric string).

resource name

VPNTunnel

,

PortForwarding

, or All

The type of service to which the resource applies:

VPNTunnel. The resource applies only to a VPN tunnel.

PortForwarding. The resource applies only to port forwarding.

All. The resource applies both to a VPN tunnel and to port forwarding.

VPN Mode Configuration Commands

222

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Command example:

FVS318N> vpn sslvpn resource add

[sslvpn-resource-settings]> resource_name TopSecure

[sslvpn-resource-settings]> service_type PortForwarding

[sslvpn-resource-settings]> save

Related show command:

show vpn sslvpn resource

vpn sslvpn resource delete <row id>

This command deletes a resource by specifying its row ID.

Format

Mode

vpn sslvpn resource delete <row id> vpn

Related show command:

show vpn sslvpn resource

vpn sslvpn resource configure add <resource name>

This command configures a resource. (You first need to a add a resource with the

vpn sslvpn resource add

command.) After you have issued the vpn sslvpn resource

configure add

command to specify the resource that you want to configure, you enter the

[sslvpn-resource-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format vpn sslvpn resource configure add

<resource name

>

Mode

vpn

Format

object_type {IPAddress | IPNetwork}

For a single IP address:

ip_version {IPv4 {object_address <ipaddress>} | IPv6

{object_address6 <ipv6-address>}}

start_port <port number>

end_port <port number>

VPN Mode Configuration Commands

223

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

For an IP network:

ip_version {IPv4 {object_address <ipaddress>} {mask_length

<subnet mask length>} | IPv6 {object_address6

<ipv6-address>} {mask_length <prefix length>}}

start_port <port number>

end_port <port number>

[sslvpn-resource-settings]

Mode

Keyword object_type ip_version object_address object_address6

Associated Keyword to

Select or Parameter to Type

Description

IPAddress

or IPNetwork The source address type for the object:

IPAddress. A single IP address. The setting of the

ip_version

keyword determines whether you need to issue the object_address keyword and specify an IPv4 address or the object_address6 keyword and specify an IPv6 address.

IPNetwork. A subnet of IP addresses. The setting of the ip_version keyword determines whether you need to issue the object_address and

mask_length

keywords and specify an IPv4 network address and mask length or issue the

object_address6

and mask_length keywords and specify an IPv6 network address and prefix length.

IPv4

or IPv6 The IP version of the IP address or IP network:

IPv4. The IP address or IP network is defined by an

IPv4 address. You need to issue the

object_address

keyword and specify an IPv4 address. For a network address, you also need to issue the mask_length keyword and specify a subnet mask length.

IPv6. The IP address or network address is defined by an IPv6 address. You need to issue the

object_address6

keyword and specify an IPv6 address. For a network address, you also need to issue the mask_length keyword and specify a prefix length.

ipaddress ipv6-address

The IPv4 address, if the policy is for an IPv4 address or IPv4 network.

The IPv6 address, if the policy is for an IPv6 address or IPv6 network.

VPN Mode Configuration Commands

224

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword mask_length start_port end_port

Associated Keyword to

Select or Parameter to Type

Description

subnet mask length

or

prefix length

The nature of this keyword and parameter depend on the setting of the ip_version and object_type keywords:

• If the ip_version keyword is set to IPv4 and the

object_type

keyword is set to IPNetwork, the subnet mask length of the IPv4 network.

• If the ip_version keyword is set to IPv6 and the

object_type

keyword is set to IPNetwork, the prefix length of the IPv6 network.

number number

The start port number for the port range that applies to the object.

The end port number for the port range that applies to the object.

Command example:

FVS318N> vpn sslvpn resource configure add TopSecure

[sslvpn-resource-settings]> object_type IPNetwork

[sslvpn-resource-settings]> ip_version IPv4

[sslvpn-resource-settings]> object_address 192.168.30.56

[sslvpn-resource-settings]> mask_length 24

[sslvpn-resource-settings]> start_port 3391

[sslvpn-resource-settings]> end_port 3393

[sslvpn-resource-settings]> save

Related show command:

show vpn sslvpn resource-object <resource name>

SSL VPN Policy Commands

vpn sslvpn policy add

This command configures a new SSL VPN policy. After you have issued the vpn sslvpn

policy add

command, you enter the [sslvpn-policy-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1 Format vpn sslvpn policy add

Mode

vpn

VPN Mode Configuration Commands

225

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Step 2 Format

policy_name <policy name>

policy type {Global | Group {policy_owner <group name>} |

User {policy_owner <user name>}}

destination_object_type {NetworkResource | IPAddress |

IPNetwork | All}

In addition to a policy name, policy type, and destination object type, configure the following for a network resource:

ip_version {IPv4 | IPv6}

resource_name <resource name>

policy_permission {Permit | Deny}

In addition to a policy name, policy type, and destination object type, configure the following for an IP address:

ip_version {IPv4 {policy_address <ipaddress>} | IPv6

{policy_address6 <ipv6-address>}}

start_port <port number>

end_port <port number>

service_type {VPNTunnel | PortForwarding | All}

policy_permission {Permit | Deny}

Mode

In addition to a policy name, policy type, and destination object type, configure the following for an IP network:

ip_version {IPv4 {policy_address <ipaddress>}

{policy_mask_length <subnet mask>} | IPv6 {policy_address6

<ipv6-address>} {policy_ipv6_prefix_length <prefix length>}}

start_port <port number>

end_port <port number>

service_type {VPNTunnel | PortForwarding | All}

policy_permission {Permit | Deny}

In addition to a policy name, policy type, and destination object type, configure the following for all addresses (that is, the destination_object_type keyword is set to

All

):

ip_version {IPv4 | IPv6}

start_port <port number>

end_port <port number>

service_type {VPNTunnel | PortForwarding | All}

policy_permission {Permit | Deny}

[sslvpn-policy-settings]

VPN Mode Configuration Commands

226

Keyword policy_name policy_type policy_owner

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Associated Keyword to

Select or Parameter to Type

Description

policy name

Global

, Group, or User

The policy name (alphanumeric string).

The SSL VPN policy type:

Global. The policy is global and includes all groups and users.

Group. The policy is limited to a single group.

For information about how to create groups, see

SSL VPN Authentication Group

Commands

. You need to issue the

policy_owner

keyword and specify the group name.

User. The policy is limited to a single user.

For information about how to create user

accounts, see

SSL VPN User Commands

.

You need to issue the policy_owner keyword and specify the user name.

group name

or user name The owner of the policy depends on the setting of the policy_type keyword:

Group. Specify the group name to which the policy applies.

User. Specify the user name to which the policy applies.

VPN Mode Configuration Commands

227

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword destination_object_type

Associated Keyword to

Select or Parameter to Type

Description

NetworkResource

,

IPAddress

, IPNetwork, or

All

The policy destination type, which determines how the policy is applied, and, in turn, which keywords you need to issue to specify the policy:

NetworkResource. The policy is applied to an existing IPv4 or IPv6 resource. For information about how to create and configure network resources, see

SSL VPN

Resource Commands

. You need to issue the following keywords and their associated parameters and keywords:

- policy_name

- ip_version

- resource_name

- policy_permission

- policy_owner if the policy_type keyword is set to Group or User.

IPAddress. The policy is applied to a single

IPv4 or IPv6 address. You need to issue the following keywords and their associated parameters and keywords:

- policy_name

- ip_version

- policy_address or

policy_address6

(depending on the setting of the ip_version keyword)

- start_port and end_port

- service_type

- policy_permission

- policy_owner if the policy_type keyword is set to Group or User.

VPN Mode Configuration Commands

228

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword destination_object_type

(continued)

resource_name policy_permission

Associated Keyword to

Select or Parameter to Type

Description

NetworkResource

,

IPAddress

, IPNetwork, or

All

(continued)

IPNetwork. The policy is applied to an IPv4 or IPv6 network address. You need to issue the following keywords and their associated parameters and keywords:

- policy_name

- ip_version

- policy_address and

policy_mask_length

or

policy_address6

and

policy_ipv6_prefix_length

(depending on the setting of the

ip_version

keyword)

- start_port and end_port

- service_type

- policy_permission

- policy_owner if the policy_type keyword is set to Group or User.

All. The policy is applied to all addresses.

You need to issue the following keywords and their associated parameters and keywords:

- policy_name

- ip_version

- start_port and end_port

- service_type

- policy_permission

- policy_owner if the policy_type keyword is set to Group or User.

resource name

Permit

or Deny

The name of a resource that you configured

with the

vpn sslvpn resource add

command.

This keyword and parameter apply only if the policy is for a network resource.

Specifies whether the policy permits or denies access.

VPN Mode Configuration Commands

229

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword ip_version policy_address policy_mask_length policy_address6 policy_ipv6_prefix_length start_port end_port service_type

Associated Keyword to

Select or Parameter to Type

Description

IPv4

or IPv6 The IP version that applies to the policy:

IPv4. The policy is for an IPv4 network resource, IPv4 address, IPv4 network, or for all IPv4 addresses.

For an IP address or IP network, you need to issue the policy_address keyword and specify an IPv4 address. For a network address, you also need to issue the

policy_mask_length

keyword and specify a subnet mask.

IPv6. The policy is for an IPv6 network resource, IPv6 address, IPv6 network, or for all IPv6 addresses.

For an IP address or IP network, you need to issue the policy_address6 keyword and specify an IPv6 address. For a network address, you also need to issue the

policy_ipv6_prefix_length

keyword and specify a prefix length.

ipaddress subnet mask ipv6-address

The IPv4 address, if the policy is for an IPv4 address or IPv4 network.

The subnet mask, if the policy is for an IPv4 network.

The IPv6 address, if the policy is for an IPv6 address or IPv6 network.

prefix length port number port number

VPNTunnel

,

PortForwarding

, or All

The prefix length, if the policy is for an IPv6 network.

The start port number for a policy port range.

(This does not apply if the policy is for a network resource.)

The end port number for a policy port range.

(This does not apply if the policy is for a network resource.)

The service type for the policy:

VPNTunnel. The policy is applied only to a

VPN tunnel.

PortForwarding. The policy is applied only to port forwarding.

All. The policy is applied both to a VPN tunnel and to port forwarding.

Command example:

FVS318N> vpn sslvpn policy add

[sslvpn-policy-settings]> policy_name RemoteWorkers

[sslvpn-policy-settings]> ip_version IPv4

VPN Mode Configuration Commands

230

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

[sslvpn-policy-settings]> policy_type Global

[sslvpn-policy-settings]> destination_object_type NetworkResource

[sslvpn-policy-settings]> resource_name TopSecure

[sslvpn-policy-settings]> policy_permission Permit

[sslvpn-policy-settings]> save

[sslvpn-policy-settings]> policy_name Management

[sslvpn-policy-settings]> ip_version IPv4

[sslvpn-policy-settings]> policy_type Group

[sslvpn-policy-settings]> policy_owner Headquarter

[sslvpn-policy-settings]> destination_object_type All

[sslvpn-policy-settings]> start_port 15652

[sslvpn-policy-settings]> end_port 15658

[sslvpn-policy-settings]> service_type VPNTunnel

[sslvpn-policy-settings]> policy_permission Permit

[sslvpn-policy-settings]> save

Related show command:

show vpn sslvpn policy

vpn sslvpn policy edit <row id>

This command configures an existing SSL VPN policy. After you have issued the vpn

sslvpn policy edit

command to specify the row to be edited (for row information, see the output of the

show vpn sslvpn policy

command), you enter the [sslvpn-policy-settings] mode. You can then configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

vpn sslvpn policy edit <row id>

Mode

vpn

Format

policy_name <policy name>

policy type {Global | Group {policy_owner <group name>} |

User {policy_owner <user name>}}

destination_object_type {NetworkResource | IPAddress |

IPNetwork | All}

In addition to a policy name, policy type, and destination object type, configure the following for a network resource:

ip_version {IPv4 | IPv6}

resource_name <resource name>

policy_permission {Permit | Deny}

VPN Mode Configuration Commands

231

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Mode

Keyword policy_name policy_type

In addition to a policy name, policy type, and destination object type, configure the following for an IP address:

ip_version {IPv4 {policy_address <ipaddress>} | IPv6

{policy_address6 <ipv6-address>}}

start_port <port number>

end_port <port number>

service_type {VPNTunnel | PortForwarding | All}

policy_permission {Permit | Deny}

In addition to a policy name, policy type, and destination object type, configure the following for an IP network:

ip_version {IPv4 {policy_address <ipaddress>}

{policy_mask_length <subnet mask>} | IPv6 {policy_address6

<ipv6-address>} {policy_ipv6_prefix_length <prefix length>}}

start_port <port number>

end_port <port number>

service_type {VPNTunnel | PortForwarding | All}

policy_permission {Permit | Deny}

In addition to a policy name, policy type, and destination object type, configure the following for all addresses (that is, the destination_object_type keyword is set to

All

):

ip_version {IPv4 | IPv6}

start_port <port number>

end_port <port number>

service_type {VPNTunnel | PortForwarding | All}

policy_permission {Permit | Deny}

[sslvpn-policy-settings]

Associated Keyword to

Select or Parameter to Type

Description

policy name

Global

, Group, or User

The policy name (alphanumeric string).

The SSL VPN policy type:

Global. The policy is global and includes all groups and users.

Group. The policy is limited to a single group.

For information about how to create groups, see

SSL VPN Authentication Group

Commands

. You need to issue the

policy_owner

keyword and specify the group name.

User. The policy is limited to a single user.

For information about how to create user accounts, see

SSL VPN User Commands

.

You need to issue the policy_owner keyword and specify the user name.

VPN Mode Configuration Commands

232

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword policy_owner destination_object_type

Associated Keyword to

Select or Parameter to Type

Description

group name

or user name The owner of the policy depends on the setting of the policy_type keyword:

Group. Specify the group name to which the policy applies.

User. Specify the user name to which the policy applies.

NetworkResource

IPAddress

All

,

, IPNetwork, or

Note:

You cannot change an existing destination object type.

The policy destination type, which determines how the policy is applied, and, in turn, which keywords you need to issue to specify the policy:

NetworkResource. The policy is applied to an existing IPv4 or IPv6 resource. For information about how to create and configure network resources, see

SSL VPN

Resource Commands

. You need to issue the

following keywords and their associated parameters and keywords:

- policy_name

- ip_version

- resource_name

- policy_permission

- policy_owner if the policy_type keyword is set to Group or User.

IPAddress. The policy is applied to a single

IPv4 or IPv6 address. You need to issue the following keywords and their associated parameters and keywords:

- policy_name

- ip_version

- policy_address or

policy_address6

(depending on the setting of the ip_version keyword)

- start_port and end_port

- service_type

- policy_permission

- policy_owner if the policy_type keyword is set to Group or User.

VPN Mode Configuration Commands

233

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword destination_object_type

(continued)

resource_name policy_permission

Associated Keyword to

Select or Parameter to Type

Description

NetworkResource

,

IPAddress

, IPNetwork, or

All

(continued)

IPNetwork. The policy is applied to an IPv4 or IPv6 network address. You need to issue the following keywords and their associated parameters and keywords:

- policy_name

- ip_version

- policy_address and

policy_mask_length

or

policy_address6

and

policy_ipv6_prefix_length

(depending on the setting of the

ip_version

keyword)

- start_port and end_port

- service_type

- policy_permission

- policy_owner if the policy_type keyword is set to Group or User.

All. The policy is applied to all addresses.

You need to issue the following keywords and their associated parameters and keywords:

- policy_name

- ip_version

- start_port and end_port

- service_type

- policy_permission

- policy_owner if the policy_type keyword is set to Group or User.

resource name

Permit

or Deny

The name of a resource that you configured with the

vpn sslvpn resource add

command.

This keyword and parameter apply only if the policy is for a network resource.

Specifies whether the policy permits or denies access.

VPN Mode Configuration Commands

234

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword ip_version policy_address policy_mask_length policy_address6 policy_ipv6_prefix_length

Associated Keyword to

Select or Parameter to Type

Description

IPv4

or IPv6 The IP version that applies to the policy:

IPv4. The policy is for an IPv4 network resource, IPv4 address, IPv4 network, or for all IPv4 addresses.

For an IP address or IP network, you need to issue the policy_address keyword and specify an IPv4 address. For a network address, you also need to issue the

policy_mask_length

keyword and specify a subnet mask.

IPv6. The policy is for an IPv6 network resource, IPv6 address, IPv6 network, or for all IPv6 addresses.

For an IP address or IP network, you need to issue the policy_address6 keyword and specify an IPv6 address. For a network address, you also need to issue the

policy_ipv6_prefix_length

keyword and specify a prefix length.

ipaddress subnet mask ipv6-address prefix length

The IPv4 address, if the policy is for an IPv4 address or IPv4 network.

The subnet mask, if the policy is for an IPv4 network.

The IPv6 address, if the policy is for an IPv6 address or IPv6 network.

The prefix length, if the policy is for an IPv6 network.

start_port end_port service_type

port number port number

VPNTunnel

,

PortForwarding

, or All

The start port number for a policy port range.

(This does not apply if the policy is for a network resource.)

The end port number for a policy port range.

(This does not apply if the policy is for a network resource.)

The service type for the policy:

VPNTunnel. The policy is applied only to a

VPN tunnel.

PortForwarding. The policy is applied only to port forwarding.

All. The policy is applied both to a VPN tunnel and to port forwarding.

VPN Mode Configuration Commands

235

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Command example: See the command example for the

vpn sslvpn policy add

command.

Related show command:

show vpn sslvpn policy

vpn sslvpn policy delete <row id>

This command deletes an SSL VPN policy by specifying its row ID.

Format

Mode

vpn sslvpn policy delete <row id> vpn

Related show command:

show vpn sslvpn policy

RADIUS Server Command

vpn radius configure

This command configures a RADIUS server. After you have issued the vpn radius

configure

command, you enter the [radius-config] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format system radius configure

Mode

vpn

Format

enable {Y | N}

radius-server <ipaddress>

secret <secret>

nas_identifier <identifier>

Mode

backup_server_enable {Y | N}

backup-radius_server <ipaddress>

backup_server_secret <secret>

backup_server_nas_identifier <identifier>

timeout <seconds>

retries <number>

[radius-config]

VPN Mode Configuration Commands

236

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Keyword Associated Keyword to

Select or Parameter to Type

Description

Primary RADIUS server enable radius-server secret nas_identifier

Y

or N

ipaddress secret identifier

Specifies whether or not the primary

RADIUS server is enabled.

The IPv4 address of the primary

RADIUS server.

The secret phrase (alphanumeric string) for the primary RADIUS server.

The NAS ID for the primary RADIUS server.

Backup RADIUS server backup_server_enable backup_radius_server backup_server_secret

Y

or N

ipaddress secret

backup_server_nas_identifier

identifier

Specifies whether or not the backup

RADIUS server is enabled.

The IPv4 address of the backup

RADIUS server.

The secret phrase (alphanumeric string) for the backup RADIUS server.

The NAS ID for the backup RADIUS server.

Connection configuration timeout retries

seconds number

The connection time-out in seconds for the RADIUS server.

The number of connection retry attempts for the RADIUS server.

Command example:

FVS318N> vpn radius configure radius-config> enable Y radius-config> radius-server 192.168.1.2 radius-config> secret Hlo0ole1H12aaq43 radius-config> nas_identifier FVS318N-Bld3 radius-config> backup_server_enable Y radius-config> backup_radius-server 192.168.1.3 radius-config> backup_server_secret Hduo0oplH54bqX91 radius-config> backup_server_nas_identifier FVS318N-Bld3 radius-config> timeout 30 radius-config> retries 4 radius-config> save

Related show command:

show vpn radius [ipaddress]

VPN Mode Configuration Commands

237

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

L2TP Server Commands

vpn l2tp server configure

This command configures the L2TP server. After you have issued the vpn l2tp server

configure

command, you enter the l2tp-server-config [policy] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.

Step 1

Step 2

Format

vpn l2tp server configure

Mode

vpn

Format

enable {Y | N}

start_address <ipaddress>

end_address <ipaddress>

idle_timeout <minutes>

Mode

l2tp-server-config [policy]

Keyword Associated Keyword to

Select or Parameter to Type

Description enable Y

or N

start_address

ipaddress

Enables or disables the L2TP server.

The start IPv4 address of the L2TP server range.

end_address idle_timeout

ipaddress minutes

The end IPv4 address of the L2TP server range.

The idle time-out after which the connection is terminated.

Command example:

FVS318N> vpn l2tp server configure l2tp-server-config[policy]> enable Y l2tp-server-config[policy]> start_address 192.168.112.1 l2tp-server-config[policy]> end_address 192.168.112.25 l2tp-server-config[policy]> idle_timeout 10 l2tp-server-config[policy]> save

Related show command:

show vpn l2tp server setup

and

show vpn l2tp server connections

VPN Mode Configuration Commands

238

8.

Overview of the Show Commands

This chapter provides an overview of all show commands for the five configuration command modes. The chapter includes the following sections:

Network Settings (Net Mode) Show Commands

Security Settings (Security Mode) Show Commands

Administrative and Monitoring Settings (System Mode) Show Commands

Wireless Settings (Dot11 Mode) Show Commands

VPN Settings (VPN Mode) Show Commands

Network Settings (Net Mode) Show Commands

Enter the show net ? command at the CLI prompt to display the categories of show commands in the net mode. The following table lists the commands in alphabetical order:

Table 14. Show commands: show net mode

Submode

ddns dmz ethernet

Command Name

show net ddns setup

show net dmz ipv4 setup show net dmz ipv6 setup

show net ethernet {interface name | all}

ipv6 ipv6_tunnel lan

show net ipv6 ipmode setup show net ipv6_tunnel setup show net ipv6_tunnel status

show net lan available_lan_hosts list

show net lan dhcp leased_clients list

show net lan dhcp logs

Purpose

Display the Dynamic DNS configuration.

Display the IPv4 DMZ configuration.

Display the IPv6 DMZ configuration.

Display the MAC address and VLAN status for a single or all Ethernet interfaces.

Display the IPv6 routing mode configuration.

Display the IPv6 tunnel configuration.

Display the status of the IPv6 tunnels.

Display the IPv4 hosts.

Display the LAN clients that received a leased

DHCP IP address.

Display the LAN DHCP log.

8

239

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 14. Show commands: show net mode (continued)

Submode

lan

(continued) radvd routing statistics

Command Name

show net lan dhcp reserved_ip setup

Purpose

Display information about the DHCP clients, including the assigned (reserved) IP addresses.

show net lan ipv4 advanced setup

Display the advanced IPv4 LAN configuration.

show net lan ipv4 detailed setup <vlan id>

Display the detailed configuration for a VLAN.

show net lan ipv4 setup

show net lan ipv6 setup

Display the IPv4 LAN configuration.

Display the IPv6 LAN configuration.

show net lan lan_groups show net lan ipv4 multiHoming

show net lan ipv6 multiHoming

show net radvd dmz setup

show net radvd lan setup

show net routing dynamic setup

show net routing static ipv4 setup show net routing static ipv6 setup show net statistics {interface name | all}

Display the LAN groups.

Display the LAN secondary IPv4 addresses.

Display the LAN secondary IPv6 addresses.

Display the DMZ RADVD configuration.

Display the LAN RADVD configuration.

Display the dynamic routing configuration.

Display the IPv4 static routes configuration.

Display the IPv6 static routes configuration.

Display the network statistics for a single or all

Ethernet interfaces.

wan

show net wan mode show net wan port_setup show net wan wan1 ipv4 setup

show net wan wan1 ipv4 status show net wan wan1 ipv6 setup show net wan wan1 ipv6 status

wan_settings

show net wan_settings wanmode

Display the WAN mode configuration.

Display the configuration of the WAN port.

Display the IPv4 WAN configuration.

Display the IPv4 WAN connection status.

Display the IPv6 WAN configuration.

Display the IPv6 WAN connection status.

Display the IPv4 WAN routing mode.

Overview of the Show Commands

240

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Security Settings (Security Mode) Show Commands

Enter the show security ? command at the CLI prompt to display the categories of show commands in the security mode. The following table lists the commands in alphabetical order:

Table 15. Show commands: show security mode

Submode

address_filter bandwidth content_filter firewall

Command Name

show security address_filter enable_email_log show security address_filter ip_or_mac_binding setup

Purpose

Display the configuration of the IP/MAC binding log.

Display the IPv4 and IPv6 MAC bindings.

show security address_filter mac_filter setup

Display the MAC addresses for source

MAC filtering.

show security bandwidth profile setup

show security content_filter block_group

Display the configured bandwidth profiles.

Display the groups for which content filtering is enabled.

Display the keywords that are blocked.

show security content_filter blocked_keywords

show security content_filter content_filtering

Display the status of content filtering and the web components.

show security content_filter trusted_domains

Display the trusted domains.

show security firewall advanced algs

Display whether or not SIP ALG is enabled.

show security firewall attack_checks igmp

Display whether or not the IGMP proxy is enabled.

Display whether or not jumbo frames are enabled.

show security firewall attack_checks jumboframe

show security firewall attack_checks setup ipv4 show security firewall attack_checks setup ipv6

Display which WAN and LAN security checks are enabled for IPv4.

Display which WAN and LAN security checks are enabled for IPv6.

show security firewall attack_checks vpn_passthrough setup

Display which VPN pass-through features are enabled.

show security firewall ipv4 setup lan_wan

Display the IPv4 LAN WAN firewall rules.

show security firewall ipv4 setup dmz_wan

Display the IPv4 DMZ WAN firewall rules.

show security firewall ipv4 setup lan_dmz

show security firewall ipv6 setup

Display the IPv4 LAN DMZ firewall rules.

Display all IPv6 firewall rules.

Overview of the Show Commands

241

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 15. Show commands: show security mode (continued)

Submode

firewall

(continued)

Command Name

show security firewall session_limit show security firewall session_settings

porttriggering_rules

show security porttriggering_rules setup show security porttriggering_rules status

schedules services upnp

show security schedules setup

show security services setup

show security upnp portmap

show security upnp setup

Purpose

Display the session limit settings.

Display the session time-out settings.

Display the port triggering rules.

Display the port triggering status.

Display the configured schedules.

Display the configured custom services.

Display the UPnP portmap table.

Display the UPnP configuration.

Administrative and Monitoring Settings (System Mode)

Show Commands

Enter the show system ? command at the CLI prompt to display the categories of show commands in the system mode. The following table lists the commands in alphabetical order:

Table 16. Show commands: show system mode

Submode

not applicable

Command Name

show sysinfo

Purpose

Display system information, including MAC addresses, serial number, and firmware version.

show system firmware_version

show system logging setup

Display the firmware version.

Display the configuration of the IPv4 and

IPv6 logs.

logging snmp

show system logging remote setup

Display the configuration and the schedule of the email logs.

Display the system logs.

logs

show system logs

remote_management

show system remote_management setup

Display the configuration of remote management for Telnet and HTTPS access.

show system snmp sys

Display the SNMP system configuration of the SNMP agent and the SNMP system information of the wireless VPN firewall.

status

show system snmp trap [agent ipaddress]

Display the SNMP trap configuration of the

SNMP agent.

show system status

Display the system status information.

Overview of the Show Commands

242

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 16. Show commands: show system mode (continued)

Submode

time

Command Name

show system time setup

traffic_meter

show system traffic_meter setup

Purpose

Display the time configuration and the configuration of the NTP server.

Display the configuration of the traffic meter and the Internet traffic statistics.

Wireless Settings (Dot11 Mode) Show Commands

Enter the show dot11 ? command at the CLI prompt to display the categories of show commands in the dot11 mode. The following table lists the commands in alphabetical order:

Table 17. Show commands: show dot11 mode

Submode

acl profile radio statistics wps

Command Name

show dot11 acl <profile name>

Purpose

Display the ACL policy and MAC addresses for a specified profile.

show dot11 profile [profile name] show dot11 profile status <profile name>

Display traffic statistics for a specified profile.

show dot11 radio

Display the basic and advanced radio configuration.

show dot11 statistics

Display basic information for all profiles or basic and advanced information for a specified profile.

show dot11 wps

Display cumulative wireless traffic statistics for all profiles.

Display the WPS configuration.

VPN Settings (VPN Mode) Show Commands

Enter the show vpn ? command at the CLI prompt to display the categories of show commands in the vpn mode. The following table lists the commands in alphabetical order:

Table 18. Show commands: show vpn mode

Submode Command Name

show vpn ipsec ikepolicy setup

ipsec

show vpn ipsec logs show vpn ipsec mode_config setup

Purpose

Display the IKE policies.

Display the IPSec VPN logs.

Display the Mode Config records.

Overview of the Show Commands

243

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 18. Show commands: show vpn mode (continued)

Submode

ipsec

(continued) l2tp radius sslvpn

Command Name

show vpn ipsec vpnpolicy setup show vpn ipsec vpnpolicy status

Purpose

Display the IPSec VPN policies.

Display status information about the active and nonactive IPSec VPN policies.

show vpn l2tp server connections show vpn l2tp server setup

show vpn radius [ipaddress]

show vpn sslvpn client

Display the users that are connected through the L2TP server.

Display the configuration of the L2TP server.

Display the configuration of a specific

RADIUS server.

Display the SSL VPN client range and configuration.

Display the SSL VPN logs.

Display the SSL VPN policies.

show vpn sslvpn logs

show vpn sslvpn policy show vpn sslvpn portal-layouts

show vpn sslvpn portforwarding appconfig

Display the SSL VPN portal layout.

Display the SSL VPN port forwarding application configuration.

show vpn sslvpn portforwarding hostconfig

Display the SSL VPN port forwarding host configuration.

Display the SSL VPN resource configuration.

show vpn sslvpn resource

show vpn sslvpn resource-object <resource name>

Display the detailed configuration for a specific resource object.

show vpn sslvpn route

show vpn sslvpn users active_users

Display the SSL VPN client routes.

Display the active SSL VPN users.

show vpn sslvpn users browser_policies <row id>

Display the login restrictions based on web browsers for a specific user.

show vpn sslvpn users domains

show vpn sslvpn users groups

show vpn sslvpn users ip_policies <row id>

Display the domain configurations.

Display the group configurations.

Display the login restrictions based on IP addresses for a specific user.

show vpn sslvpn users login_policies <row id> show vpn sslvpn users users

Display the login restrictions based on login policies for a specific user.

Display the user account configurations.

Overview of the Show Commands

244

9.

Show Commands

9

This chapter explains the show commands and associated parameters for the five configuration command modes. The chapter includes the following sections:

Network Settings (Net Mode) Show Commands

Security Settings (Security Mode) Show Commands

Administrative and Monitoring Settings (System Mode) Show Commands

Wireless Settings (Dot11 Mode) Show Commands

VPN Settings (VPN Mode) Show Commands

Network Settings (Net Mode) Show Commands

This section contains the following subsections:

WAN (IPv4 and IPv6) Show Commands

IPv6 Mode and IPv6 Tunnel Show Commands

LAN DHCP Show Commands

Dynamic DNS Show Commands

IPv4 LAN Show Commands

IPv6 LAN Show Commands

DMZ Show Commands

Routing Show Commands

Network Statistics Show Commands

WAN (IPv4 and IPv6) Show Commands

show net wan_settings wanmode

This command displays the IPv4 WAN routing mode:

Routing Mode between WAN and LAN

__________________________________

NAT is Enabled

245

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net wan mode

This command displays the WAN mode configuration:

WAN MODE Setup

______________

Routing Mode: NAT

IP Mode: IPv4/IPv6 mode

show net wan port_setup

This command displays the configuration of the WAN port:

WAN Port Setup

______________

MTU Type: Default

Port Speed: Auto Sense

Router's MAC Address: Use Default Address

show net wan wan1 ipv4 setup

This command displays the IPv4 WAN configuration:

Broadband Setup

_______________

STATIC Configuration:

Internet (IP) Address Source: Use Static IP Address

IP Address: 10.139.54.228

IP Subnet Mask: 255.255.255.248

Gateway IP Address: 10.139.54.225

Domain Name Servers (DNS) Source: Use these DNS Servers

Primary DNS Server: 10.80.130.23

Secondary DNS Server: 10.80.130.24

Show Commands

246

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net wan wan1 ipv4 status

This command displays the IPv4 WAN connection status:

WAN Status

__________

MAC Address: AA:AB:BB:00:00:02

IPv4 Address: 10.139.54.228 / 255.255.255.248

Wan State: UP

NAT (IPv4 only): Enabled

IPv4 Connection Type: STATIC

IPv4 Connection State: Connected

Link State: LINK UP

Gateway: 10.139.54.225

Primary DNS: 10.80.130.23

Secondary DNS:

show net wan wan1 ipv6 setup

This command displays the IPv6 WAN configuration

IPv6 WAN1 Setup

_______________

Dynamic IPv6 (DHCP) Configuration:

Stateless Address Auto Configuration: Enabled

show net wan wan1 ipv6 status

This command displays the IPv6 WAN1 connection status:

IPv6 WAN1 Status

________________

IPv6 Connection Type: Dynamic IPv6 (DHCP)

IPv6 Connection State: Not Yet Available

IPv6 Address: fe80::a8ab:bbff:fe00:2

IPv6 Prefix Length: 64

Default IPv6 Gateway:

Primary DNS Server:

Secondary DNS Server:

Show Commands

247

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

IPv6 Mode and IPv6 Tunnel Show Commands

show net ipv6 ipmode setup

This command displays the IPv6 routing mode configuration:

IP MODE

_______

IPv4 only mode : Disabled

IPv4/IPv6 mode : Enabled

show net ipv6_tunnel setup

This command displays the IPv6 tunnel configuration:

IPv6 Tunnels

____________

6 to 4 Tunneling

Automatic Tunneling is Enabled

List of Available ISATAP Tunnels

ROW ID LocalEndpoint ISATAP Subnet Prefix

______ _____________ ____________________

1 192.168.1.1 FE80::2006

2 10.29.33.4 FE80::DEFC

show net ipv6_tunnel status

This command displays the status of the IPv6 tunnels:

Tunnel Name IPv6 Address(es)

___________ __________________________________________________ sit0-WAN1 2002:408b:36e4::408b:36e4/64, ::127.0.0.1/96, ::192.168.1.1/96,

::10.139.54.228/96 isatap1-LAN fe80::5efe:421:1d0a/64, fe80::5efe:a1d:2104/64, fe80::fe5e:0:a1d:2104/64

LAN DHCP Show Commands

show net lan dhcp leased_clients list

This command displays the LAN clients that received a leased DHCP IP address:

List of Available DHCP Leased Clients

_____________________________________

Show Commands

248

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net lan dhcp logs

This command displays the LAN DHCP log:

Jan 1 00:02:26 FVS318N local7.info dhcpd: Sending on

LPF/bdg1/aa:ab:bb:00:00:01/192.168.1.0/24

Jan 1 00:02:26 FVS318N local7.info dhcpd: Sending on

Socket/fallback/fallback-net

Jan 1 00:02:34 FVS318N local7.info dhcpd: Wrote 0 leases to leases file.

Jan 1 00:02:34 FVS318N local7.info dhcpd: Listening on

LPF/bdg1/aa:ab:bb:00:00:01/192.168.1.0/24

Jan 1 00:02:34 FVS318N local7.info dhcpd: Sending on

LPF/bdg1/aa:ab:bb:00:00:01/192.168.1.0/24

Jan 1 00:02:34 FVS318N local7.info dhcpd: Sending on

Socket/fallback/fallback-net

show net lan dhcp reserved_ip setup

This command displays information about the DHCP clients, including the assigned

(reserved) IP addresses:

List of DHCP Reserved Addresses

_______________________________

Name: IPAD_227

IP Address: 192.168.1.23

MAC Address: aa:11:bb:22:cc:33

Group: 1

Dynamic DNS Show Commands

show net ddns setup

This command displays the Dynamic DNS configuration:

Dynamic DNS service currently disabled

IPv4 LAN Show Commands

show net lan ipv4 setup

This command displays the IPv4 LAN configuration:

LAN Setup (IPv4)

________________

Show Commands

249

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

VLAN Profiles

_____________

Status Profile Name VLAN Id IPv4 Address Subnet Mask DHCP Status Server Address

_______ ____________ _______ ____________ _______________ ___________ _______________________________

Enabled Default 1 192.168.1.1 255.255.255.0 DHCP Server 192.168.1.100 - 192.168.1.254

Enabled Sales 20 192.168.70.1 255.255.255.0 DHCP Server 192.168.70.100 - 192.168.70.254

Enabled Marketing 40 192.168.90.5 255.255.255.128 Disabled Not Applicable

Default VLAN

____________

Port1: Default

Port2: Default

Port3: Marketing

Port4: Default

Port5: Sales

Port6: Sales

Port7: Sales

Port8: Default

show net lan ipv4 detailed setup <vlan id>

This command displays the detailed configuration for a VLAN:

Detailed Setup (IPv4) of VLAN :- Default

________________________________________

Status: : Enabled

Profile Name: : Default

VLAN Id: : 1

IPv4 Address: : 192.168.1.1

Subnet Mask: : 255.255.255.0

DHCP Status: : DHCP Server

Server Address: : 192.168.1.100 - 192.168.1.254

Primary DNS Server: :

Secondary DNS Server: :

WINS Server: :

Lease Time: : 24

LDAP Status: : Disabled

DNS Proxy: : Enabled

Inter VLAN Routing: : Disabled

Show Commands

250

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net ethernet {interface name | all}

This command displays the MAC address and VLAN status for a single or all Ethernet interfaces:

FVS318N> show net ethernet eth1

MAC Address: AA:AB:BB:00:00:02

VLAN ID: 1

Interface Name: eth1

VLAN Enabled: N

Native VLAN: N

FVS318N> show net ethernet all

Ethernet Interfaces

___________________

VLAN ID Interface Name VLAN Enabled Native VLAN

_______ ______________ ____________ ___________

1 eth0 N N

1 eth1 N N

show net lan ipv4 advanced setup

This command displays the advanced IPv4 LAN configuration:

LAN Advanced Setup

__________________

VLAN MAC Settings:

MAC Address for VLANs: Same

Advanced Settings:

ARP Broadcast: Enabled

show net lan available_lan_hosts list

This command displays the IPv4 hosts (that is, the known computers and devices in the

LAN):

List of Available Lan Hosts

___________________________

Show Commands

251

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net lan lan_groups

This command displays the LAN groups:

Row ID : Group Name

___________________

1 GROUP1

2 GROUP2

3 GROUP3

4 GROUP4

5 Management

6 SalesEMEA

7 SalesAmericas

8 GROUP8

show net lan ipv4 multiHoming

This command displays the LAN secondary IP addresses:

IPv4 LAN Multi-homing

_____________________

Available Secondary LAN IPs :-

______________________________

Row Id IP Address Subnet Mask

______ ______________ _______________

1 192.168.20.1 255.255.255.0

2 192.168.70.240 255.255.255.128

IPv6 LAN Show Commands

show net lan ipv6 setup

This command displays the IPv6 LAN configuration:

IPv6 LAN Configuration

______________________

LAN TCP/IP Setup:

IPv6 Address: FEC0::1

IPv6 Prefix Length: 64

DHCPv6:

Show Commands

252

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

DHCP Status: Enable DHCPv6 Server

DHCP Mode: Stateless

Domain Name: netgear.com

Server Preference: 255

DNS Servers: Use DNS from ISP

Lease/Rebind Time: 86400

List of IPv6 Address Pools

__________________________

Start Address End Address

__________________ __________________

FEC0::db8:2 FEC0::db8:199

FEC0::db8:10a1:100 FEC0::db8:10a1:300

show net radvd lan setup

This command displays the LAN RADVD configuration:

Router Advertisement Daemon ( RADVD )

_____________________________________

RADVD Status: Enabled

Advertise Mode: Unsolicited Multicast

Advertise Interval: 30

RA Flags

Managed: Disabled

Other: Enabled

Router Preference: High

MTU: 1500

Router Lifetime: 3600 Seconds

List of Available Prefixes to Advertise

_______________________________________

ROW ID IPv6 Prefix IPv6 Prefix Length Life Time

______ __________________ __________________ _________

1 2002:408b:36e4:a:: 64 43200

2 FE80:0:0:CC40:: 64 21600

Show Commands

253

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net lan ipv6 multiHoming

This command displays the LAN secondary IPv6 addresses:

IPv6 LAN Multi-homing

_____________________

Available Secondary LAN IPs :-

______________________________

Row Id: 1

IPv6 Address: 2001:db8:3000::2192

Prefix Length: 10

DMZ Show Commands

show net dmz ipv4 setup

This command displays the IPv4 DMZ configuration:

DMZ Setup

_________

DMZ Disabled.

show net dmz ipv6 setup

This command displays the IPv6 DMZ configuration:

DHCP Setup Configuration

________________________

IPv6 Address: 2001:176::1

Prefix Length: 64

DHCP Status: DHCP Server Enabled

Mode: Stateful

Domain Name: netgear.com

DNS Server: Use DNS Proxy

Lease Time in Sec : 43200

Starting IP Address : 2001::1100

Ending IP Address : 2001::1120

Pool Prefix Length : 56

Show Commands

254

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net radvd dmz setup

This command displays the DMZ RADVD configuration:

Router Advertisement Daemon ( RADVD )

_____________________________________

RADVD Status: Enabled

Advertise Mode: Unicast only

Advertise Interval: 30

RA Flags

Managed: Disabled

Other: Enabled

Router Preference: High

MTU: 1500

Router Lifetime: 7200 Seconds

List of Available Prefixes to Advertise

_______________________________________

ROW ID IPv6 Prefix IPv6 Prefix Length Life Time

______ ___________ __________________ _________

1 2002:3a2b 64 3600

2 2002:3a2b 64 3600

Routing Show Commands

show net routing dynamic setup

This command displays the dynamic routing configuration:

Dynamic Routing

_______________

RIP

___

RIP Direction Both

RIP Version RIP-2M

Authentication for RIP-2B/2M: Enabled

First Key Parameters

MD5 Key Id: 1

MD5 Auth Key: *****

Not Valid Before: 2011/12/01@07:00:00

Show Commands

255

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Not Valid After: 2011/12/31@23:59:59

Second Key Parameters

MD5 Key Id: 2

MD5 Auth Key: *****

Not Valid Before: 2011/12/31@24:00:00

Not Valid After: 2012/03/31@23:59:59

show net routing static ipv4 setup

This command displays the IPv4 static routes configuration:

Name Destination Gateway Interface Metric Active Private

---- ----------- ------- --------- ------ ------- -------

Orly 10.118.215.178 10.192.44.13 WAN1 7 1 1

show net routing static ipv6 setup

This command displays the IPv6 static routes configuration:

Name Destination Gateway Interface Metric Active

---- ----------- ------- --------- ------ -------

SFO2 2002:201b:24e2::1001 FE80::2001:5efe:ab23 WAN1 2 1

Network Statistics Show Commands

show net statistics {interface name | all}

This command displays the network statistics for a single or all Ethernet interfaces:

FVS318N> show net statistics eth0

Interface Statistics

____________________

IFACE: eth0

PktRx: 5688 ktTx: 5651

ByteRx: 654963

ByteTx: 4834187

ErrRx: 0

ErrTx: 0

DropRx: 0

DropTx: 0

Show Commands

256

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Mcast: 0

Coll: 0

FVS318N> show net statistics all

Interface Statistics

____________________

IFACE PktRx PktTx ByteRx ByteTx ErrRx ErrTx DropRx DropTx Mcast Coll

_____ ______ ______ ________ ________ _____ _____ ______ ______ _____ ____ eth0 20802 31569 2148358 38409384 0 0 0 0 0 0 eth1 359059 186965 61156441 28586367 0 0 0 0 0 0

Security Settings (Security Mode) Show Commands

This section contains the following subsections:

Services Show Command

Schedules Show Command

Firewall Rules Show Command

Attack Checks Show Commands

Session Limits Show Commands

Advanced Firewall Show Commands

Address Filter Show Commands

Port Triggering Show Commands

UPnP Show Commands

Bandwidth Profiles Show Command

Content Filtering Show Commands

Services Show Command

show security services setup

This command displays the configured custom services:

List of Available Custom Services

_________________________________

ROW ID Name Type ICMP Type / Port Range QoS

______ ________________ ______ ______________________ ___________________

74 Ixia TCP 10115-10117 Normal-Service

75 RemoteManagement TCP 8888-8888 Maximize-Throughput

Show Commands

257

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Schedules Show Command

show security schedules setup

This command displays the configured schedules:

Schedules

_________

List of Available Schedules

ROW ID Name Days Start Time End Time

______ _________ _________________________ __________ ________

1 schedule1 Monday, Wednesday, Friday 07:15 AM 06:30 PM

2 schedule2 All Days 12:00 AM 11:59 PM

3 schedule3 All Days 12:00 AM 12:00 AM

Firewall Rules Show Command

show security firewall ipv4 setup lan_wan

This command displays the configured IPv4 LAN WAN firewall rules:

Default Outbound Policy for IPv4 : Allow Always

LAN WAN Outbound Rules.

_______________________

ROWID Status Service Name Filter LAN User WAN User Priority Bandwidth Profile Log

_____ _______ ____________ ____________ ________ _______________________________ ______________ _________________ ______

103 Enabled CU-SEEME:TCP BLOCK Always Any Any Normal-Service NONE Never

104 Enabled PING ALLOW Always Any 10.120.114.217 - 10.120.114.245 Normal-Service NONE Always

LAN WAN Inbound Rules.

______________________

ROWID: 102

Status: Enabled

Service Name: HTTP

Filter: ALLOW Always

LAN Server IP Address: 192.168.5.69

LAN User:

WAN User: Any

Show Commands

258

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Destination: Broadband

Bandwidth Profile: NONE

Log: Never

show security firewall ipv4 setup dmz_wan

This command displays the configured IPv4 DMZ WAN firewall rules:

Default Outbound Policy for IPv4 : Allow Always

DMZ WAN Outbound Rules.

_______________________

ROWID: 105

Status: Enabled

Service Name: FTP

Filter: ALLOW by schedule,otherwise block

DMZ User: Any

WAN User: Any

Priority: Maximize-Reliability

Log: Never

DMZ WAN Inbound Rules.

______________________

ROWID Status Service Name Filter DMZ Server IP Address DMZ User WAN User Destination Log

_____ _______ ____________ ____________ _____________________ ________ ________ _____________ ______

106 Enabled Traceroute ALLOW Always 176.21.214.2 Any 10.115.97.174 Always

107 Enabled TELNET ALLOW Always 176.21.214.2 Any Broadband Always

show security firewall ipv4 setup lan_dmz

This command displays the configured IPv4 LAN DMZ firewall rules:

Default Outbound Policy for IPv4 : Allow Always

LAN DMZ Outbound Rules.

_______________________

ROWID: 100

Status: Enabled

Service Name: FTP

Filter: ALLOW Always

LAN User: GROUP3

Show Commands

259

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

DMZ User: 176.16.2.65 - 176.16.2.85

Log: Never

LAN DMZ Inbound Rules.

______________________

ROWID: 101

Status: Enabled

Service Name: SSH:UDP

Filter: BLOCK by schedule,otherwise allow

DMZ User: 176.16.2.211

LAN User: 192.168.4.109

Log: Always

show security firewall ipv6 setup

This command displays all configured IPv6 firewall rules:

Default Outbound Policy

_______________________

For IPv6 : Allow Always

List of Available IPv6 Firewall Rules

_____________________________________

ROW ID Status Rule Type Service Action Source Users Destination Users Log Qos Priority Schedule

______ _______ __________ _______________ _________________________________ _______________________________________ ________________________ ______ ______________ _________

130 Enabled WAN To LAN RTELNET ALLOW Always 2002::B32:AAB1:fD41 FEC0::db8:145 Always Normal-Service

131 Enabled WAN To LAN HTTP ALLOW Always Any

132 Enabled LAN To WAN HTTP ALLOW Always Any

Any Never Normal-Service

Any Never Normal-Service

133 Enabled LAN To WAN HTTPS ALLOW Always Any Any Never Normal-Service

134 Enabled DMZ To WAN FTP ALLOW by schedule,otherwise block FEC0::db8:10a1:201 - FEC0::db8:10a1:299 2001:db6::30f4:fbbf:ccbc Never Normal-Service schedule1

135 Enabled WAN To DMZ VDOLIVE BLOCK Always Any

136 Enabled DMZ To LAN RTSP:TCP BLOCK Always Any

137 Enabled DMZ To LAN RTSP:UDP BLOCK Always Any

138 Enabled LAN To DMZ ICMPv6-TYPE-134 BLOCK Always Any

176::1150 - 176::1200 Always Normal-Service

Any Always Normal-Service

Any Always Normal-Service

176::1121 - 176::1142 Always Normal-Service

Attack Checks Show Commands

show security firewall attack_checks igmp

This command displays whether or not the IGMP proxy is enabled:

IGMP Configuration

__________________

Igmp Proxy: Disabled

show security firewall attack_checks jumboframe

This command displays whether or not jumbo frames are enabled:

Jumbo Frame Configuration

_________________________

Jumbo Frame Support: Enabled

Show Commands

260

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security firewall attack_checks setup ipv4

This command displays which WAN and LAN security checks are enabled for IPv4:

Attack Checks

_____________

WAN Security Checks:

_____________________

Respond to ping on Wan : Yes

Enable Stealth mode : Yes

Block TCP Flood : Yes

LAN Security Checks:

_____________________

Block UDP Flood : Yes

Disable Ping Reply on LAN Ports : No

show security firewall attack_checks setup ipv6

This command displays which security checks are enabled for IPv6:

Attack Checks IPv6

__________________

WAN Security Checks:

Respond to ping on Wan

VPN IPSec Passthrough

: Yes

: Yes

show security firewall attack_checks vpn_passthrough setup

This command displays which VPN pass-through features are enabled:

Passthrough

___________

IPSec VPN Passthrough:

IPSec Passthrough : Enabled

PPTP Passthrough : Enabled

L2TP Passthrough : Enabled

Show Commands

261

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Session Limits Show Commands

show security firewall session_limit

This command displays the session limit settings:

Session Settings

________________

Session Limit Enable: Enabled

Connection Limit Type: 1

User Connection Limit: 6

TCP Session Timeout Duration: 1800(Secs)

UDP Session Timeout Duration: 120(Secs)

ICMP Session Timeout Duration: 60(Secs)

show security firewall session_settings

This command displays the session time-out settings:

Session Settings

________________

TCP Session Timeout Duration:1800(Secs)

UDP Session Timeout Duration:120(Secs)

ICMP Session Timeout Duration:60(Secs)

Advanced Firewall Show Commands

show security firewall advanced algs

This command displays whether or not SIP ALG is enabled:

ALGs

____

Sip: Disabled

Show Commands

262

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Address Filter Show Commands

show security address_filter enable_email_log

This command displays the configuration of the IP/MAC binding log:

Email logs for IP/MAC binding violation

_______________________________________

Email logs for IP/MAC binding violation: Enabled

Email logs for IP/MAC binding violation IPv6

____________________________________________

Email logs for IP/MAC binding violation: Disabled

show security address_filter ip_or_mac_binding setup

This command displays the IP/MAC bindings:

ROW ID Name MAC Address IP Address Log Dropped Packets IP Version

______ _____ _________________ _____________________ ___________________ __________

1 Rule1 00:aa:23:be:03:a1 192.168.10.153 Enabled IPv4

2 CFO a1:b2:c3:d4:ee:da 2001:3063:21a2:28e4:: Enabled IPv6

show security address_filter mac_filter setup

This command displays the configuration of the MAC filter and the MAC addresses for source MAC filtering:

Source MAC Filter

__________________

MAC Filtering: Enabled

Policy for MAC Addresses: Block and Permit the rest

List of Available MAC Addresses

________________________________

ROW ID MAC Address

______ _________________

1 AA:11:BB:22:CC:33

2 a1:b2:c3:de:11:22

3 a1:b2:c3:de:11:25

Show Commands

263

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Port Triggering Show Commands

show security porttriggering_rules setup

This command displays the port triggering rules:

Port Triggering

_______________

List of Available Port Triggering Rules

_______________________________________

ROW ID: 1

Name: AccInq

Enable: Yes

Type: TCP

Interface: LAN

Outgoing Start Port: 20020

Outgoing End Port: 20022

Incoming Start Port: 30030

Incoming End Port: 30040

show security porttriggering_rules status

This command displays the port triggering status:

PortTriggering Rules Status

___________________________

UPnP Show Commands

show security upnp portmap

This command displays the UPnP portmap table:

UPnP Portmap Table

__________________

Show Commands

264

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security upnp setup

This command displays the UPnP configuration:

UPnP configuration

__________________

Advertisement Period: 30

Advertisement Time To Live: 4

Bandwidth Profiles Show Command

show security bandwidth profile setup

This command displays the configured bandwidth profiles:

List of Available Bandwidth Profiles

____________________________________

ROW ID Name Direction Outbound Bandwidth Range Inbound Bandwidth Range Is Group

______ ________ _______________ ________________________ _______________________ ________

1 BW1 Outbound 500-1500 NA 0

2 BW_Sales Both Directions 1000-10000 1000-10000 1

Content Filtering Show Commands

show security content_filter content_filtering

This command displays the status of content filtering and the web components:

Content Filtering

_________________

WAN Security Checks

Content Filtering : Enabled

LAN Security Checks

-------------------

Proxy : Enabled

Java : Enabled

ActiveX : Enabled

Cookies : Disabled

Show Commands

265

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security content_filter block_group

This command displays the groups for which content filtering is enabled:

Blocked Groups

______________

List of Blocked Groups

Blocked Groups:

Unblocked Groups : GROUP1, GROUP2, GROUP3, GROUP4, Management, SalesEMEA,

SalesAmericas, GROUP8

show security content_filter blocked_keywords

This command displays the keywords that are blocked:

Blocked Keywords

________________

List of available Blocked Keywords

ROW ID Blocked Keyword Status

______ ________________ _______

2 casino Enabled

3 nude Enabled

4 gambl* Enabled

5 guns Enabled

show security content_filter trusted_domains

This command displays the trusted domains:

List of available Approved URLS

ROW ID Domain

______ __________

1 yahoo.com

2 google.com

3 irs.gov

Show Commands

266

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Administrative and Monitoring Settings (System Mode)

Show Commands

This section contains the following subsections:

Remote Management Show Command

SNMP Show Commands

Time Show Command

Firmware Version Show Command

Status Show Command

Traffic Meter Show Command

Logging Configuration Show Commands

Logs Show Commands

Note:

The VPN logs and RADIUS logs are part of the VPN Mode show commands (see

VPN Settings (VPN Mode) Show Commands

on page 280).

Remote Management Show Command

show system remote_management setup

This command displays the configuration of remote management for Telnet and HTTPS access:

Remote Mgmt Configuration for telnet

____________________________________

IPv4 access granted to everyone

IPv6 access granted to a range of IPs from : FEC0::3001 to FEC0::3100 port being used : 23

Remote Mgmt Configuration for https

___________________________________

IPv4 access granted to everyone

IPv6 access granted to everyone port being used : 445

Show Commands

267

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

SNMP Show Commands

show system snmp trap [agent ipaddress]

This command displays the SNMP trap configuration of an SNMP agent:

Trap Agent IP Address

_____________________

IP Address: 10.118.33.245

Subnet Mask: 255.255.255.255

Port: 162

Community: public

show system snmp sys

This command displays the SNMP system configuration of the wireless VPN firewall:

SNMP System Configuration

_________________________

SysContact: [email protected]

SysLocation: San Jose

SysName: FVS318N-Bld3

Time Show Command

show system time setup

This command displays the time configuration and the configuration of the NTP server:

Time Zone & NTP Servers Configuration

_____________________________________

Current Time: Friday, April 13, 2012, 01:22:40 (GMT -0700)

Timezone: (GMT-08:00) Pacific Time(Canada), Pacific Time(US)

Automatically Adjust for Daylight Savings Time: Yes

Default NTP servers used : Yes

Show Commands

268

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Firmware Version Show Command

show system firmware_version

This command displays the firmware version:

Firmware Version : 4.1.1-8

Status Show Command

show system status

This command displays the system status (also referred to as router status) information:

System Info

___________

System Name: FVS318N

Firmware Version: 4.1.1-8

Lan Port 1 Information

______________________

VLAN Profile: Default

VLAN ID: 1

MAC Address: E0:46:9A:1D:1A:9C

IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0

DHCP Status: Enabled

Lan Port 2 Information

______________________

VLAN Profile: Default

VLAN ID: 1

MAC Address: E0:46:9A:1D:1A:9C

IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0

DHCP Status: Enabled

Lan Port 3 Information

______________________

VLAN Profile: Marketing

VLAN ID: 40

MAC Address: E0:46:9A:1D:1A:9C

Show Commands

269

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

IP Address: 192.168.90.5

Subnet Mask: 255.255.255.128

DHCP Status: Disabled

Lan Port 4 Information

______________________

VLAN Profile: Default

VLAN ID: 1

MAC Address: E0:46:9A:1D:1A:9C

IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0

DHCP Status: Enabled

Lan Port 5 Information

______________________

VLAN Profile: Sales

VLAN ID: 20

MAC Address: E0:46:9A:1D:1A:9C

IP Address: 192.168.70.1

Subnet Mask: 255.255.255.0

DHCP Status: Enabled

Lan Port 6 Information

______________________

VLAN Profile: Sales

VLAN ID: 20

MAC Address: E0:46:9A:1D:1A:9C

IP Address: 192.168.70.1

Subnet Mask: 255.255.255.0

DHCP Status: Enabled

Lan Port 7 Information

______________________

VLAN Profile: Sales

VLAN ID: 20

MAC Address: E0:46:9A:1D:1A:9C

IP Address: 192.168.70.1

Subnet Mask: 255.255.255.0

DHCP Status: Enabled

Lan Port 8/DMZ Information

___________________________

Show Commands

270

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

VLAN Profile: Default

VLAN ID: 1

MAC Address: E0:46:9A:1D:1A:9C

IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0

DHCP Status: Enabled

Broadband Information

_____________________

MAC Address: AA:AB:BB:00:00:02

IPv4 Address: 10.139.54.228 / 255.255.255.248

IPv6 Address: fe80::a8ab:bbff:fe00:2 / 64

Wan State: UP

NAT (IPv4 only): Enabled

IPv4 Connection Type: STATIC

IPv6 Connection Type: Dynamic IP (DHCPv6)

IPv4 Connection State: Connected

IPv6 Connection State: Connected

Link State: LINK UP

Gateway: 10.139.54.225

Primary DNS: 10.80.130.23

Secondary DNS: 10.80.130.24

Gateway (IPv6):

Primary DNS(IPv6):

Secondary DNS(IPv6):

Wireless LAN Information

________________________

Wireless Status: Enable

SSID: FVS318N_1

Mode: N Only

Security Setting: WPA+WPA2

Region: North America

Channel: 1-2.452 GHz

AP MAC Address: E0:46:9A:1D:1A:AE

Show Commands

271

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Traffic Meter Show Command

show system traffic_meter setup

This command displays the configuration of the traffic meter and the Internet traffic statistics:

Enable Traffic Meter

____________________

Traffic Meter is Enabled

Limit Type Download only

Monthly Limit in (MB): 150000

Increase this month limit: Enabled

Increase limit by in (MB): 50000

This month limit:

Traffic Counter

________________

Traffic Counter: Specific Time

Restart Time (HH/MM-Day of Month): 12/0-1

Send e-mail before restarting: Enabled

When Limit is reached

______________________

Traffic Block Status: Block All Traffic Except Email

Send e-mail alert: Enabled

Internet Traffic Statistics

____________________________

Start Date / Time: Fri Dec 9 18:09:49 2011

Outgoing Traffic Volume: 2057

Incoming Traffic Volume: 2070

Average per day: 4127

% of Standard Limit: 0

% of this Month's Limit: 0

Show Commands

272

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Logging Configuration Show Commands

show system logging setup

This command displays the configuration of the IPv4 and IPv6 logs:

Logging Config

______________

Routing Logs

____________

LAN to WAN

__________

Accepted Packets: Disabled

Dropped Packets: Disabled

WAN to LAN

__________

Accepted Packets: Disabled

Dropped Packets: Disabled

DMZ to WAN

__________

Accepted Packets: Disabled

Dropped Packets: Disabled

WAN to DMZ

__________

Accepted Packets: Disabled

Dropped Packets: Disabled

LAN to DMZ

__________

Accepted Packets: Disabled

Dropped Packets: Disabled

DMZ to LAN

__________

Accepted Packets: Disabled

Dropped Packets: Disabled

System Logs

Show Commands

273

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

___________

Change of time by NTP: Disabled

Login attempts: Enabled

Secure Login attempts: Enabled

Reboots: Enabled

All Unicast Traffic: Disabled

All Broadcast/Multicast Traffic: Disabled

WAN Status: Disabled

Resolved DNS Names: Disabled

VPN Logs: Disabled

DHCP Server: Disabled

Other Event Logs

________________

Source MAC Filter: Disabled

Session Limit: Disabled

Bandwidth Limit: Disabled

show system logging remote setup

This command displays the configuration and the schedule of the email logs:

Log Identifier: FVS318N-BLD3

Enable E-Mail Logs

__________________

E-Mail Server Address: SMTP.Netgear.com

Return E-Mail Address: [email protected]

Send to E-Mail Address: [email protected]

Authentication: No Authentication

Respond to Identd from SMTP Server: N

Send E-mail logs by Schedule

____________________________

Unit: Weekly

Day: Sunday

Time: 03 AM

Syslog Configuration

____________________

Show Commands

274

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Syslog Server: Disabled

Logs Show Commands

show system logs

This command displays the system logs (the following example shows only part of the command output):

Wed Dec 7 14:06:23 2011(GMT) [FVS318N][System][NTP] Looking Up time-g.netgear.com

.netgear.com

time

-g.netgear.com

Wed Dec 7 14:06:26 2011(GMT) [FVS318N][System][NTP] Timezone difference :480 after

2 Hours time-g is

Logged-Out successfully from host 74.116.205.101

Wed Dec 7 15:31:00 2011(GMT) [FVS318N][Kernel][KERNEL] WAN_PING[DROP]IN=eth1

OUT= MAC=aa:ab:bb:00:00:02:00:22:10:9c:23:10:08:00 SRC=10.136.73.53 DST=

10.139.54. 228 LEN=92 TOS=0x00 PREC=0x20 TTL=108 ID=8004 PROTO=ICMP TYPE=8

CODE=0 ID=512 SEQ=5702

show sysinfo

This command displays system information, including MAC addresses, serial number, and firmware version:

System - Manufacturer Information

************************** hwver: 00:00:A0:03reginfo: 0x0005 numofimages : 1 currimage: 1 mac address : E0469A1D1A9C

Show Commands

275

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

wireless MAC[0] : e0469a1d1aae wireless MAC[1] : e0469a1d1aaf wireless MAC[2] : e0469a1d1ab0 wireless MAC[3] : e0469a1d1ab1 vlan[0] MAC : e0469a1d1a9f vlan[1] MAC : e0469a1d1aa0 vlan[2] MAC : e0469a1d1aa1 vlan[3] MAC : e0469a1d1aa2 vlan[4] MAC : e0469a1d1aa3 vlan[5] MAC : e0469a1d1aa4 vlan[6] MAC : e0469a1d1aa5 vlan[7] MAC : e0469a1d1aa6 vlan[8] MAC : e0469a1d1aa7 vlan[9] MAC : e0469a1d1aa8 vlan[10] MAC : e0469a1d1aa9 vlan[11] MAC : e0469a1d1aaa vlan[12] MAC : e0469a1d1aab vlan[13] MAC : e0469a1d1aac vlan[14] MAC : e0469a1d1aad

WAN MAC : e0469a1d1a9d pcbasn number : S.YX218U00E0

serial number : 2JF119BY001B0 image 0 : 4.1.1-8 image 1 : 0 productId : FVS318N maccnt0: 0x22 maccnt1: 0x0 maccnt2: 0x0 maccnt3: 0x0

**************************

Show Commands

276

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Wireless Settings (Dot11 Mode) Show Commands

This section contains the following subsections:

Radio Show Command

Profile Show Commands

Wireless Statistics Commands

Radio Show Command

show dot11 radio

This command displays the configuration information for the radio:

Radio Configuration

___________________

Region: North America

Country: US

Operating Frequency: 2.4 GHz

Mode: n only

Channel Spacing: 20/40 MHz

Current Channel: 9-2.452 GHz

Channel: 1-2.412GHz

Default Transmit Power: Half(dBm)

Transmit Power: 15 dBm

Transmit Rate: Best(Automatic)

Radio Advanced Configuration

____________________________

Beacon Interval: 100 (Milliseconds)

DTIM Interval: 2

RTS Threshold: 2346 (Bytes)

Frag Threshold: 2346 (Bytes)

Preamble Mode: Long

Protection Mode: None

Power save enable: N

Show Commands

277

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Profile Show Commands

show dot11 profile [profile name]

This command displays basic information for all profiles or basic and advanced information for a specified profile:

All profiles:

FVS318N> show dot11 profile

Status Profile Name SSID Broadcast Security Encryption Authentication Active Time Start Time Stop Time

________ ____________ _________ _________ ________ __________ ______________ ___________ __________ _________

Enabled default1 FVS318N_1 Y WPA+WPA2 TKIP+CCMP PSK Disabled - -

Disabled 1st_Floor WorkToDo Y WPA+WPA2 TKIP+CCMP PSK Enabled 7:0 AM 8:0 PM

A specified profile

FVS318N> show dot11 profile 1st_Floor

Profile Configuration

_____________________

Profile Name: 1st_Floor

SSID: WorkToDo

Broadcast SSID: Enabled

Security: WPA+WPA2

Authentication: PSK

Encryption: TKIP+CCMP

WPA Password: **********

Profile Advanced Configuration:

Association Timeout Interval (in Seconds): 10

Authentication Timeout Interval (in Seconds): 10

Group Key Refresh Interval (in Seconds): 3600

PMKSA LifeTime (in Seconds): 3600

802.1X Re-authentication Interval (in Seconds): 3600

show dot11 profile status <profile name>

This command displays traffic statistics for the specified profile (note that the profile is called an access point and that, in this example, it is indicated by ap2):

Access Point Status

___________________

AP Name: ap2

Radio: 1

PktRx: 0

Show Commands

278

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

PktTx: 0

ByteRx: 0

ByteTx: 0

ErrRx: 0

ErrTx: 0

DropRx: 0

DropTx: 11301

MCast: 0

#Coll: 0

Connected Clients

_________________

show dot11 acl <profile name>

This command displays the ACL policy and MAC addresses for the specified profile:

Default ACL Policy

__________________

ACL Policy Status: Allow

List of MAC Address

___________________

_________________ a1:23:04:e6:de:bb c2:ee:d2:10:34:fe

show dot11 wps

This command displays the WPS configuration:

Access Point Name: ap1

WPS Enabled: Y

Show Commands

279

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Wireless Statistics Commands

show dot11 statistics

This command displays the cumulative wireless traffic statistics for all wireless profiles (note that the profiles are indicated by ap1, ap2, ap3, and so on):

Wireless Statistics

___________________

AP Name Radio PktRx PktTx ByteRx ByteTx ErrRx ErrTx DropRx DropTx MCast #coll

_______ _____ _____ _____ ______ ______ _____ _____ ______ ______ _____ _____ ap1 1 0 0 0 0 0 0 0 83 0 0 ap2 1 0 0 0 0 0 0 0 0 0 0 ap3 1 0 0 0 0 0 0 0 80 0 0

VPN Settings (VPN Mode) Show Commands

This section contains the following subsections:

IPSec VPN Show Commands

SSL VPN Show Commands

SSL VPN User Show Commands

RADIUS Server Show Command

L2TP Server Show Commands

IPSec VPN Show Commands

show vpn ipsec ikepolicy setup

This command displays the IKE policies:

List of IKE Policies

____________________

Name Mode Local ID Remote ID Encryption Authentication DH Group

_________________ __________ ______________________ _____________ __________ ______________ ____________ iphone aggressive 10.139.54.228 0.0.0.0 AES-128 SHA-1 Group 2 (1024 bit)

FVS318N-to-Peer44 main fe80::a8ab:bbff:fe00:2 peer44.com 3DES SHA-1 Group 2 (1024 bit)

FVS-to-Paris main 10.139.54.228 10.112.71.154 3DES SHA-1 Group 2 (1024 bit)

Show Commands

280

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn ipsec vpnpolicy setup

This command displays the IPSec VPN policies:

Status Name Type IPSec Mode Local Remote Auth Encr

_______ _________________ ___________ ___________ ______________________________________ ______________________________ _____ ____

Enabled FVS318N-to-Peer44 Auto Policy Tunnel Mode 2002:408b:36e4:a:a8ab:bbff:fe00:1 / 64 fe80::a4bb:ffdd:fe01:2 / 64 SHA-1 3DES

Enabled FVS-to-Paris Auto Policy Tunnel Mode 192.168.1.0 / 255.255.255.0 192.168.50.0 / 255.255.255.255 SHA-1 3DES

show vpn ipsec vpnpolicy status

This command displays status information about the active and nonactive IPSec VPN policies (this example does not relate to the previous two examples):

Row Id Policy Name Endpoint tx ( KB ) tx ( Packets ) State Action

______ _______________ ______________________________ _________ ______________ ________________________ _______

1 GW1-to-GW2 10.144.28.226 0.00 0 IPsec SA Not Established Connect

2 FVS-to-IPv6Peer 2001::da21:1316:df17:dfee:e33c 0.00 0 IPsec SA Not Established Connect

3 100.10.10.1 100.153.46.20 7.01 31 IPsec SA Established Drop

4 100.10.10.2 100.153.46.20 6.68 29 IPsec SA Established Drop

show vpn ipsec mode_config setup

This command displays the Mode Config records:

List of Mode Config Records

___________________________

Record Name Pool Start IP Pool End IP

___________ ___________________ ___________________

Beijing 192.168.2.100 192.168.2.150

iphone 10.100.100.1 100.10.100.12

show vpn ipsec logs

This command displays the IPSec VPN logs (the following example shows only part of the command output):

Tue Apr 10 12:24:36 2012 (GMT -0700): [FVS318N] [IKE] INFO: Using IPsec SA configuration: anonymous

Tue Apr 10 12:24:36 2012 (GMT -0700): [FVS318N] [IKE] INFO: Re-using previously generated policy: 100.10.10.2/32[0] 0.0.0.0/0[0] proto=any dir=in

Tue Apr 10 12:24:36 2012 (GMT -0700): [FVS318N] [IKE] WARNING: less key length proposed, mine:128 peer:256. Use initiaotr's one.

Tue Apr 10 12:24:36 2012 (GMT -0700): [FVS318N] [IKE] INFO: IPsec-SA established: ESP/Tunnel 173.11.109.158->64.139.54.228 with spi=

73255174(0x45dc906)

Tue Apr 10 12:24:36 2012 (GMT -0700): [FVS318N] [IKE] INFO: IPsec-SA established: ESP/Tunnel 64.139.54.228->173.11.109.158 with spi=

7343706(0x700e5a)

Show Commands

281

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Tue Apr 10 12:27:25 2012 (GMT -0700): [FVS318N] [IKE] INFO: Sending

Informational Exchange: notify payload[10637]

SSL VPN Show Commands

show vpn sslvpn client

This command displays the SSL VPN client ranges and configurations:

SSL VPN Client(IPv4)

____________________

Enable Full Tunnel Support: No

DNS Suffix:

Primary DNS Server: 192.168.10.5

Secondary DNS Server: 192.168.10.6

Client Address Range Begin: 192.168.200.50

Client Address Range End: 192.168.200.99

SSL VPN Client(IPv6)

____________________

Enable Full Tunnel Support: No

DNS Suffix:

Primary DNS Server: 192.168.10.5

Secondary DNS Server: 192.168.10.6

Client Address Range Begin: 4000::1000:2

Client Address Range End: 4000::1000:50

show vpn sslvpn logs

This command displays the SSL VPN logs:

Fri Dec 9 20:19:03 2011(GMT) [FVS318N][System][SSLVPN] SSL_INFO :user admin2 is

Logged-Out successfully from host 10.116.205.103

Sat Dec 10 09:12:50 2011(GMT) [FVS318N][System][SSLVPN] SSL_INFO : Login

Successful for Local Admin user admin2 from host 10.116.205.103

Sat Dec 10 14:07:32 2011(GMT) [FVS318N][System][PLATFORM] platformHandleDBUpdate:SSLVPNUserLoginPolicyDefinedBrowser op=18 row=2

Sat Dec 10 14:12:10 2011(GMT) [FVS318N][System][PLATFORM] platformHandleDBUpdate:SSLVPNUserLoginPolicyDefinedAddress op=18 row=1

Sat Dec 10 14:12:26 2011(GMT) [FVS318N][System][SSLVPN] Edit operation done on user PeterBrown

Show Commands

282

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Sat Dec 10 14:20:10 2011(GMT) [FVS318N][System][SSLVPN] SSL_INFO :user admin2 is Logged-Out successfully from host 10.116.205.103

Sat Dec 10 18:04:50 2011(GMT) [FVS318N][System][SSLVPN] SSL_INFO : Login

Successful for Local Admin user admin2 from host 10.116.205.103

Sat Dec 10 18:09:50 2011(GMT) [FVS318N][System][PLATFORM] platformHandleDBUpdate:SSLVPNPortalLayout op=23 row=1

Sat Dec 10 18:09:51 2011(GMT) [FVS318N][System][SSLVPN] Portal 'SSL-VPN' is set as default

Sat Dec 10 18:09:53 2011(GMT) [FVS318N][System][SSLVPN] Domain Headquarter is successfully added. Authentication Type: ldapPortal Layout Name: SSL-VPN

Sat Dec 10 18:10:21 2011(GMT) [FVS318N][System][SSLVPN] Group Sales is successfully added. Domain Name:Headquarter

show vpn sslvpn policy

This command displays the SSL VPN policies:

SSL VPN Policies

________________

Row Id Policy Name Service Type Destination Object Permission

______ _____________ _______________ ___________________ __________

1 RemoteWorkers Port Forwarding TopSecure Permit

2 Management VPN Tunnel 0.0.0.0:15652-15658 Permit

show vpn sslvpn portal-layouts

This command displays the SSL VPN portal layouts:

List of Layouts

_______________

Row Id Layout Name Description Use Count Portal URL (IPv4) Portal URL (IPV6)

______ ___________ ______________________________ _________ ____________________________________ __________________________________________________

1 SSL-VPN* Welcome to Netgear Configur... 4 https://64.139.54.228/portal/SSL-VPN https://[fe80::e246:9aff:fe1d:1a9d]/portal/SSL-VPN

2 CSup In case of login difficulty... 1 https://64.139.54.228/portal/CSup https://[fe80::e246:9aff:fe1d:1a9d]/portal/CSup

Show Commands

283

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn portforwarding appconfig

This command displays the SSL VPN port forwarding application configuration:

Port Forwarding Application Configuration

_________________________________________

Row Id Server IP Port

______ ______________ ____

1 192.168.51.227 3389

2 192.168.51.230 4009

show vpn sslvpn portforwarding hostconfig

This command displays the SSL VPN port forwarding host configuration:

Port Forwarding Host Configuration

__________________________________

Row Id: 1

Server IP: 192.168.51.227

FQDN Name: RemoteDesktop

show vpn sslvpn resource

This command displays the SSL VPN resource configuration:

RESOURCES

_________

Row Id Resource Name Service

______ _____________ _______________

1 TopSecure Port Forwarding

2 FTPServer Port Forwarding

3 RoadWarrior VPN Tunnel

Show Commands

284

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn resource-object <resource name>

This command displays the detailed configuration for the specified resource object:

RESOURCE OBJECTS

________________

Row Id: 1

Object Type: IP Network

Object Address: 192.168.30.56

Mask Length: 24

Start Port: 3391

End Port: 3393

show vpn sslvpn route

This command displays the SSL VPN client routes:

Configured Client Routes

________________________

Row Id Destination Network Subnet Mask

______ _______________________ _______________

1 192.168.4.20 255.255.255.254

2 2001:abcf:1241:dffe::22 10

SSL VPN User Show Commands

show vpn sslvpn users domains

This command displays the domain configurations:

List of Domains

_______________

Row_Id Domain Name Authentication Type Portal Layout Name

______ ______________ ___________________ __________________

1 geardomain* Local User Database SSL-VPN

2 Headquarter LDAP CSup

3 LevelI_Support Local User Database SSL-VPN

4 TEST wikid_pap SSL-VPN

Show Commands

285

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn users groups

This command displays the group configurations:

List of Groups

______________

Row_Id Name Domain

______ _______________ ______________

1 geardomain* geardomain

2 Headquarter Headquarter

3 Sales Headquarter

4 LevelI_Support LevelI_Support

5 TEST TEST

show vpn sslvpn users users

This command displays the user account configurations:

List of Users

_____________

Row_Id User Name Group Type Authentication Domain Login Status

______ ______________ ______________ ______________ _____________________ _____________________

1 admin* geardomain Administrator geardomain Enabled (LAN and WAN)

2 guest* geardomain Guest geardomain Enabled (LAN only)

3 admin2 geardomain Administrator geardomain Enabled (LAN and WAN)

4 PeterBrown Sales SSL VPN User Headquarter Enabled (LAN and WAN)

5 JohnD_Company LevelI_Support SSL VPN User LevelI_Support Enabled (LAN and WAN)

6 chin geardomain Administrator geardomain Enabled (LAN and WAN)

7 iphone IPSEC VPN User Enabled (LAN and WAN)

show vpn sslvpn users login_policies <row id>

Note:

The row ID refers to the List of Users table in the output of the show vpn

sslvpn users users

command.

This command displays the login restrictions based on login policies for the specified user:

User Login Policies

___________________

User Name: PeterBrown

Disable Login: No

Deny Login from Wan Interface: No

Show Commands

286

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn users ip_policies <row id>

Note:

The row ID refers to the List of Users table in the output of the show vpn

sslvpn users users

command.

This command displays the login restrictions based on IP addresses for the specified user:

User Ip Policies

________________

User Name: PeterBrown

Allow Login from Defined Address: Yes

Ip Addresses

____________

Row_Id: 1

Source Address Type: IP Address

Network/IP Address: 10.156.127.39

Mask Length: 32

show vpn sslvpn users browser_policies <row id>

Note:

The row ID refers to the List of Users table in the output of the show vpn

sslvpn users users

command.

This command displays the login restrictions based on web browsers for the specified user:

User Browser Policies

_____________________

User Name: PeterBrown

Allow Login from Defined Browser: No

Defined Browsers

________________

Navigator

MSIE

Show Commands

287

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn users active_users

This command displays the active SSL VPN users:

UserName: : admin

GroupName: : geardomain

LoginAddress: : 74.116.205.166

LoginTime: : Fri Apr 13 11:55:33 2012 (GMT -0700)

RADIUS Server Show Command

show vpn radius [ipaddress]

This command displays the configuration of all RADIUS servers or of a specified RADIUS server:

All RADIUS Servers:

FVS318N> show vpn radius

Configured RADIUS Client

________________________

Server IP Server Port Timeout Retries NAS Identifier

___________ ___________ _______ _______ ______________

192.168.1.2 1812 30 4 FVS318N

192.168.1.3 1812 30 4 FVS318N

A specified RADIUS server:

FVS318N> show vpn radius 192.168.1.2

RADIUS Configuration

____________________

Auth Server IP Address: 192.168.1.2

Auth Port: 1812

Timeout (in seconds): 30

Retries: 4

Secret: sharedsecret

NAS Identifier: FVS318N

Show Commands

288

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

L2TP Server Show Commands

show vpn l2tp server setup

This command displays the configuration of the L2TP server:

L2TP Server Configuration

_________________________

L2TP Server Status: Enabled

L2TP Starting IP Address: 192.168.112.1

L2TP server Ending IP Address: 192.168.112.25

L2TP server Idle Timeout: 10

show vpn l2tp server connections

This command displays the users that are connected through the L2TP server:

List of L2TP Active Users

_________________________

Show Commands

289

10.

Utility Commands

10

This chapter explains the configuration commands, keywords, and associated parameters in the

Util mode. The chapter includes the following sections:

Overview Util Commands

Firmware Backup, Restore, and Upgrade Commands

Diagnostic Commands

Overview Util Commands

Enter the util ? command at the CLI prompt to display the description of the utility commands in the util mode. The following table lists the commands in alphabetical order:

Table 19. Utility commands in the util mode

Command Name

util backup_configuration

util dns_lookup

util firmware_upgrade

util ping

util ping_through_vpn_tunnel

util reboot

util restore_factory_defaults

util routing_table_ipv4 util routing_table_ipv6 util traceroute

util upload_configuration

Purpose

Back up the configuration file of the wireless VPN firewall to a

TFTP server.

Look up the IP address of a domain name.

Upgrade the firmware of the wireless VPN firewall from a TFTP server.

Ping an IP address.

Ping a VPN endpoint IP address.

Reboot the wireless VPN firewall.

Restore the wireless VPN firewall to factory default settings.

Display the IPv4 routing table.

Display the IPv6 routing table.

Trace a route to an IP address.

Upload a previously backed-up configuration file of the wireless

VPN firewall from a TFTP server

290

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Firmware Backup, Restore, and Upgrade Commands

util backup_configuration

This command backs up the configuration file of the wireless VPN firewall to a TFTP server.

Format

Mode util backup_configuration

<destination file name> <tftp server address> util

util upload_configuration

This command uploads a previously backed-up configuration file of the wireless VPN firewall from a TFTP server.

Format

Mode

util upload_configuration <source file name> <tftp server address> util

util firmware_upgrade

This command upgrades the firmware of the wireless VPN firewall from a TFTP server.

Format

Mode util firmware_upgrade

<source file name> <tftp server address> util

util reboot

This command reboots the wireless VPN firewall. It takes about 3 minutes for the wireless

VPN firewall to come back up.

Format

Mode util reboot

util

Utility Commands

291

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N util restore_factory_defaults

This command restores the wireless VPN firewall to factory default settings. It takes about

3 minutes for the wireless VPN firewall to come back up.

Format

Mode

util restore_factory_defaults util

Diagnostic Commands

util dns_lookup

This command looks up the IP address of a domain name.

Format

Mode

util dns_lookup <domain name> util

FVS318N> util dns_lookup netgear.com

Server: 66.80.130.23

Address 1: 66.80.130.23 ns1.megapath.net

Name: netgear.com

Address 1: 206.16.44.90

util ping

This command pings an IP address with 56 data bytes and displays the ping information.

Format

Mode

util ping <ipaddress> util

FVS318N> util ping 10.136.216.82

PING 10.136.216.82 (10.136.216.82): 56 data bytes

64 bytes from 10.136.216.82: seq=0 ttl=48 time=69.168 ms

64 bytes from 10.136.216.82: seq=1 ttl=48 time=112.606 ms

64 bytes from 10.136.216.82: seq=2 ttl=48 time=46.531 ms

64 bytes from 10.136.216.82: seq=3 ttl=48 time=49.804 ms

64 bytes from 10.136.216.82: seq=4 ttl=48 time=51.247 ms

--- 10.136.216.82 ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 46.531/65.871/112.606 ms

Utility Commands

292

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N util ping_through_vpn_tunnel

This command pings a VPN endpoint IP address with 56 data bytes through a VPN tunnel and displays the ping information.

Format

Mode

util ping_through_vpn_tunnel <ipaddress> util

FVS318N> util ping_through_vpn_tunnel 10.136.24.128

Pinging 192.168.1.1 from 5

Ping passed

64 bytes from 10.136.24.128: icmp_seq=0 ttl=64

64 bytes from 10.136.24.128: icmp_seq=1 ttl=64

64 bytes from 10.136.24.128: icmp_seq=2 ttl=64

64 bytes from 10.136.24.128: icmp_seq=3 ttl=64

64 bytes from 10.136.24.128: icmp_seq=4 ttl=64

util traceroute

This command traces a route to an IP address.

Format

Mode

util traceroute <ipaddress> util

FVS318N> util traceroute 10.136.24.128 traceroute to 10.136.24.128 (10.136.24.128), 30 hops max, 40 byte packets|

1 (10.136.24.128) 0.516 ms 0.227 ms 0.218 ms

util routing_table_ipv4

This command displays the IPv4 routing table.

Format

Mode

util routing_table_ipv4 util

util routing_table_ipv6

This command displays the IPv6 routing table.

Format

Mode

util routing_table_ipv6 util

Utility Commands

293

CLI Command Index

D

dot11 profile acl configure

175

dot11 profile configure

171

dot11 profile delete

174

dot11 profile disable

174

dot11 profile enable

174

dot11 profile wps configure

176

dot11 radio advanced configure

169

dot11 radio configure

163

N

net ddns configure

40

net dmz ipv4 configure

58

net dmz ipv6 configure

60

net dmz ipv6 pool configure

61

net ethernet configure

45

net ipv6 ipmode configure

37

net ipv6_tunnel isatap add

38

net ipv6_tunnel isatap delete

39

net ipv6_tunnel isatap edit

39

net ipv6_tunnel six_to_four configure

40

net lan dhcp reserved_ip configure

47

net lan dhcp reserved_ip delete

49

net lan ipv4 advanced configure

47

net lan ipv4 configure

41

net lan ipv4 default_vlan

46

net lan ipv4 delete

44

net lan ipv4 disable

44

net lan ipv4 enable

44

net lan ipv4 multi_homing add

49

net lan ipv4 multi_homing delete

50

net lan ipv4 multi_homing edit

50

net lan ipv6 configure

50

net lan ipv6 multi_homing add

53

net lan ipv6 multi_homing delete

54

net lan ipv6 multi_homing edit

53

net lan ipv6 pool configure

52

net lan ipv6 pool delete

52

net lan lan_groups edit

49

net radvd configure dmz

62

294

net radvd configure lan

54

net radvd pool dmz delete

65

net radvd pool dmz edit

64

net radvd pool lan add

55

,

63

net radvd pool lan delete

57

net radvd pool lan edit

56

net routing dynamic configure

67

net routing static ipv4 configure

66

net routing static ipv4 delete

67

net routing static ipv4 delete_all

67

net routing static ipv6 configure

70

net routing static ipv6 delete

72

net routing static ipv6 delete_all

72

net wan port_setup configure

28

net wan wan1 ipv4 configure

30

net wan wan1 ipv6 configure

35

net wan_settings wanmode configure

30

S

security address_filter ip_or_mac_binding add

129

security address_filter ip_or_mac_binding delete

131

security address_filter ip_or_mac_binding edit

130

security address_filter ip_or_mac_binding enable_email_log

131

security address_filter mac_filter configure

128

security address_filter mac_filter source add

128

security address_filter mac_filter source delete

129

security bandwidth profile add

135

security bandwidth profile delete

138

security bandwidth profile edit

137

security content_filter blocked_keywords add

141

security content_filter blocked_keywords delete

142

security content_filter blocked_keywords edit

142

security content_filter block_group disable

140

security content_filter block_group enable

139

security content_filter content_filtering configure

138

security content_filter trusted_domain add

142

security content_filter trusted_domain delete

143

security content_filter trusted_domain edit

143

security firewall advanced algs

127

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

security firewall attack_checks configure ipv4

122

security firewall attack_checks configure ipv6

125

security firewall attack_checks igmp setup

123

security firewall attack_checks jumboframe setup

124

security firewall attack_checks vpn_passthrough configure

124

security firewall ipv4 add_rule dmz_wan inbound

97

security firewall ipv4 add_rule dmz_wan outbound

91

security firewall ipv4 add_rule lan_dmz inbound

109

security firewall ipv4 add_rule lan_dmz outbound

104

security firewall ipv4 add_rule lan_wan inbound

84

security firewall ipv4 add_rule lan_wan outbound

77

security firewall ipv4 default_outbound_policy

114

security firewall ipv4 delete

114

security firewall ipv4 disable

115

security firewall ipv4 edit_rule dmz_wan inbound

101

security firewall ipv4 edit_rule dmz_wan outbound

95

security firewall ipv4 edit_rule lan_dmz inbound

111

security firewall ipv4 edit_rule lan_dmz outbound

106

security firewall ipv4 edit_rule lan_wan inbound

88

security firewall ipv4 edit_rule lan_wan outbound

81

security firewall ipv4 enable

115

security firewall ipv6 configure

115

security firewall ipv6 default_outbound_policy

115

security firewall ipv6 delete

121

security firewall ipv6 disable

122

security firewall ipv6 edit

118

security firewall ipv6 enable

122

security firewall session_limit configure

125

security firewall session_settings configure

126

security porttriggering_rules add

132

security porttriggering_rules delete

134

security porttriggering_rules edit

133

security schedules edit

76

security services add

73

security services delete

75

security services edit

75

security upnp configure

134

show dot11 acl

279

show dot11 profile

278

show dot11 profile status

278

show dot11 radio

277

show dot11 statistics

280

show dot11 wps

279

show net ddns setup

249

show net dmz ipv4 setup

254

show net dmz ipv6 setup

254

show net ethernet

251

show net ipv6 ipmode setup

248

show net ipv6_tunnel setup

248

show net ipv6_tunnel status

248

show net lan available_lan_hosts list

251

show net lan dhcp leased_clients list

248

show net lan dhcp logs

249

show net lan dhcp reserved_ip setup

249

show net lan ipv4 advanced setup

251

show net lan ipv4 detailed setup

250

show net lan ipv4 multiHoming

252

show net lan ipv4 setup

249

show net lan ipv6 multiHoming

254

show net lan ipv6 setup

252

show net lan lan_groups

252

show net radvd dmz setup

255

show net radvd lan setup

253

show net routing dynamic setup

255

show net routing static ipv4 setup

256

show net routing static ipv6 setup

256

show net statistics

256

show net wan mode

246

show net wan port_setup

246

show net wan wan1 ipv4 setup

246

show net wan wan1 ipv4 status

247

show net wan wan1 ipv6 setup

247

show net wan wan1 ipv6 status

247

show net wan_settings wanmode

245

show security address_filter enable_email_log

263

show security address_filter ip_or_mac_binding setup

263

show security address_filter mac_filter setup

263

show security bandwidth profile setup

265

show security content_filter blocked_keywords

266

show security content_filter block_group

266

show security content_filter content_filtering

265

show security content_filter trusted_domains

266

show security firewall advanced algs

262

show security firewall attack_checks igmp

260

show security firewall attack_checks jumboframe

260

show security firewall attack_checks setup ipv4

261

show security firewall attack_checks setup ipv6

261

show security firewall attack_checks vpn_passthrough setup

261

show security firewall ipv4 setup dmz_wan

259

show security firewall ipv4 setup lan_dmz

259

show security firewall ipv4 setup lan_wan

258

show security firewall ipv6 setup

260

show security firewall session_limit

262

show security firewall session_settings

262

295

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

show security porttriggering_rules setup

264

show security porttriggering_rules status

264

show security schedules setup

258

show security services setup

257

show security upnp portmap

264

show security upnp setup

265

show sysinfo

275

show system firmware_version

269

show system logging remote setup

274

show system logging setup

273

show system logs

275

show system remote_management setup

267

show system snmp sys

268

show system snmp trap

268

show system status

269

show system time setup

268

show system traffic_meter setup

272

show vpn ipsec ikepolicy setup

280

show vpn ipsec logs

281

show vpn ipsec mode_config setup

281

show vpn ipsec vpnpolicy setup

281

show vpn ipsec vpnpolicy status

281

show vpn l2tp server connections

289

show vpn l2tp server setup

289

show vpn radius

288

show vpn sslvpn client

282

show vpn sslvpn logs

282

show vpn sslvpn policy

283

show vpn sslvpn portal-layouts

283

show vpn sslvpn portforwarding appconfig

284

show vpn sslvpn portforwarding hostconfig

284

show vpn sslvpn resource

284

show vpn sslvpn resource-object

285

show vpn sslvpn route

285

show vpn sslvpn users active_users

288

show vpn sslvpn users browser_policies

287

show vpn sslvpn users domains

285

show vpn sslvpn users groups

286

show vpn sslvpn users ip_policies

287

show vpn sslvpn users login_policies

286

show vpn sslvpn users users

286

system logging configure

157

system logging remote configure

159

system remote_management https configure

144

system remote_management telnet configure

146

system snmp sys configure

150

system snmp trap configure

149

system snmp trap delete

150

system time configure

151

system traffic_meter configure

154

U

util backup_configuration

291

util dns_lookup

292

util firmware_upgrade

291

util ping

292

util ping_through_vpn_tunnel

293

util reboot

291

util restore_factory_defaults

292

util routing_table_ipv4

293

util routing_table_ipv6

293

util traceroute

293

util upload_configuration

291

V

vpn ipsec ikepolicy configure

180

vpn ipsec ikepolicy delete

186

vpn ipsec mode_config configure

198

vpn ipsec modeConfig delete

201

vpn ipsec vpnpolicy configure

186

vpn ipsec vpnpolicy connect

197

vpn ipsec vpnpolicy delete

197

vpn ipsec vpnpolicy disable

197

vpn ipsec vpnpolicy drop

198

vpn ipsec vpnpolicy enable

197

vpn ipsec wizard configure

178

vpn l2tp server configure

238

vpn radius configure

236

vpn sslvpn client ipv4

218

vpn sslvpn client ipv6

220

vpn sslvpn policy add

225

vpn sslvpn policy delete

236

vpn sslvpn policy edit

231

vpn sslvpn portal-layouts add

201

vpn sslvpn portal-layouts delete

204

vpn sslvpn portal-layouts edit

202

vpn sslvpn portforwarding appconfig add

216

vpn sslvpn portforwarding appconfig delete

217

vpn sslvpn portforwarding hostconfig add

217

vpn sslvpn portforwarding hostconfig delete

218

vpn sslvpn resource add

222

vpn sslvpn resource configure add

223

vpn sslvpn resource delete

223

vpn sslvpn route add

221

vpn sslvpn route delete

222

296

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

vpn sslvpn users domains add

204

vpn sslvpn users domains delete

207

vpn sslvpn users domains edit

206

vpn sslvpn users groups add

208

vpn sslvpn users groups delete

209

vpn sslvpn users groups edit

208

vpn sslvpn users users add

209

vpn sslvpn users users browser_policies

215

vpn sslvpn users users delete

212

vpn sslvpn users users edit

211

vpn sslvpn users users ip_policies configure

213

vpn sslvpn users users ip_policies delete

215

vpn sslvpn users users login_policies

212

297

advertisement

Related manuals