Netgear FVS336G Reference Manual

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Model FVS336Gv2

CLI Reference Manual

March 2014 202-11378-01

350 East Plumeria Drive San Jose, CA 95134 USA

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Support

Thank you for selecting NETGEAR products.

After installing your device, locate the serial number on the label of your product and use it to register your product at

https://my.netgear.com. You must register your product before you can use NETGEAR telephone support. NETGEAR

recommends registering your product through the NETGEAR website. For product updates and web support, visit

http://support.netgear.com.

Phone (US & Canada only): 1-888-NETGEAR.

Phone (Other Countries): Check the list of phone numbers at http://support.netgear.com/general/contact/default.aspx.

Compliance

For regulatory compliance information, visit http://www.netgear.com/about/regulatory.

See the regulatory compliance document before connecting the power supply.

Trademarks

NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice. © NETGEAR, Inc. All rights reserved.

Revision History

Publication Part Number Publish Date Comments

202-11378-01 March 2014 First publication

Chapter 1 Introduction

Chapter 2 Overview of the Configuration Commands

Command Syntax and Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Command Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Description of a Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Common Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Four Categories of Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Configuration Commands: Four Main Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Configuration Commands: Save Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Commands That Require Saving. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Commands That Do Not Require Saving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Global Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Examples of Three Basic Types of Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Command Autocompletion and Command Abbreviation . . . . . . . . . . . . . . . . . . 15

Access the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Network Settings Configuration Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Security Settings Configuration Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

System Administrative and Monitoring Settings Configuration Commands . . 25

VPN Settings Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Chapter 3 Net Mode Configuration Commands

General WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

IPv4 WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

IPv6 WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

IPv6 Tunnel Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Dynamic DNS Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

IPv4 LAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

IPv6 LAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

IPv4 DMZ Setup Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

IPv6 DMZ Setup Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

WAN QoS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

IPv4 Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

IPv6 Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Chapter 4 Security Mode Configuration Commands

Security Services Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Security Schedules Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

IPv4 Add Firewall Rule and Edit Firewall Rule Commands . . . . . . . . . . . . . . . . . 122

IPv4 General Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

IPv6 Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

Attack Check and IGMP Passthrough Commands . . . . . . . . . . . . . . . . . . . . . . . 172

Session Limit, Time-Out, and Advanced Commands . . . . . . . . . . . . . . . . . . . . . 177

Address Filter and IP/MAC Binding Commands . . . . . . . . . . . . . . . . . . . . . . . . . 181

Port Triggering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

UPnP Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

Bandwidth Profile Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Content Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

Chapter 5 System Mode Configuration Commands

Remote Management Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Time Zone Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

WAN Traffic Meter Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Firewall Logs and Email Alerts Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

System Reboot Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Chapter 6 VPN Mode Configuration Commands

IPSec VPN Wizard Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

IPSec IKE Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

IPSec VPN Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

IPSec VPN Mode Config Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

SSL VPN Wizard Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

SSL VPN Portal Layout Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

SSL VPN Authentication Domain Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

SSL VPN Authentication Group Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

SSL VPN User Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

SSL VPN Port Forwarding Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

SSL VPN Client and Client Route Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

SSL VPN Resource Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

SSL VPN Policy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

RADIUS Server Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

PPTP Server Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

L2TP Server Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Chapter 7 Overview of the Show Commands

Network Settings Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Security Settings Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Administrative and Monitoring Settings Show Commands. . . . . . . . . . . . . . . . 294

VPN Settings Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Chapter 8 Show Commands

Network Settings Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

WAN IPv4 and WAN IPv6 Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 298

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

IPv6 Mode, IPv6 Tunnel, and SIIT Show Commands . . . . . . . . . . . . . . . . . . . 302

LAN DHCP Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Dynamic DNS Show Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

IPv4 LAN Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

IPv6 LAN Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

DMZ Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

Routing Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Network Statistics Show Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Security Settings Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Services Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

Schedules Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

Firewall Rules Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

Attack Checks and IGMP Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 317

Session Limits Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

Advanced Firewall Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

Address Filter Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

Port Triggering Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

UPnP Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

Bandwidth Profiles Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

Content Filtering Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

Administrative and Monitoring Settings Show Commands. . . . . . . . . . . . . . . . 324

Remote Management Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

SNMP Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

Time Show Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Firmware Version Show Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Status Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

WAN Traffic Meter Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

Logging Configuration Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

Logs Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

Reboot Show Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

VPN Settings Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

IPSec VPN Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

SSL VPN Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

SSL VPN User Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

RADIUS Server Show Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

PPTP Server Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

L2TP Server Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343

Chapter 9 Utility Commands

Overview Util Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345

Firmware Backup, Restore, and Upgrade Commands . . . . . . . . . . . . . . . . . . . . 345

Diagnostic Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347

Command List

1. Introduction

This document describes the command-line interface (CLI) for the NETGEAR® ProSAFE® Dual

WAN Gigabit Firewall with SSL & IPsec VPN, model FVS336Gv2.

This chapter introduces the CLI interface. It includes the following sections:

• Command Syntax and Conventions

• Four Categories of Commands

• Configuration Commands: Four Main Modes

• Configuration Commands: Save Commands

• Global Commands

• Examples of Three Basic Types of Commands

• Command Autocompletion and Command Abbreviation

• Access the CLI

Note: For more information about the topics covered in this manual, visit the

support website at support.netgear.com.

Note: For more information about the features that you can configure using

the CLI, see the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual, which you can download

from downloadcenter.netgear.com.

Note: You cannot generate and upload a certificate through the CLI. You

must access the web management interface to manage these tasks.

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Command Syntax and Conventions

A command is one or more words that can be followed by one or more keywords and parameters. Keywords and parameters can be required or optional:

• A keyword is a predefined string (word) that narrows the scope of a command. A keyword

can be followed by an associated parameter or by associated keywords. In many cases, these associated keywords are mutually exclusive, so you must select one of them. In some cases, this manual refers to a group of words as a keyword.

ou must replace the

• A parameter is a variable for which you must type a value.

parameter name with the appropriate value, which might be a name or number. A parameter can be associated with a command or with a keyword.

This manual lists each command by its full command name and provides a brief description of the command. In addition, for each command, the manual provides the following information:

• Format. Shows the command keywords and the required and optional parameters.

• Mode. Identifies the command mode that you must be in to access the command. (With

some minor exceptions, the mode is always described using lowercase letters.)

• Related show command or commands. Identifies and links to the show command or

commands that can display the configured information.

For more complicated commands, in addition to the format, mode, and related show command or commands, the following information is provided:

• Table. Explains the keywords and parameters that you can use for the command.

• Example. Shows a CLI example for the command.

Command Conventions

In this manual, the following type conventions are used:

• A command name is stated in bold type.

• A keyword name is stated in bold type.

• A parameter name is stated in italic type.

The keywords and parameters for a command might include mandatory values, optional values, or choices. distinguish between value types:

Table 1. Command conventions

Symbol Example Description

< > angle brackets <value> Indicate that you must enter a value in place of the brackets

The following table describes the conventions that this manual uses to

and text inside them. (value is the parameter.)

[ ] square brackets [

value] Indicate an optional parameter that you can enter in place of

the brackets and text inside them. (value is the parameter.)

Introduction

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Table 1. Command conventions (continued)

Symbol Example Description

{ } curly braces {choice1 | choice2} Indicate that you must select a keyword from the list of

choices. (choice1 and choice1 are keywords.)

| vertical bars choice1 | choice2 Separate the mutually exclusive choices. (choice1 and

choice1 are keywords.)

[ { } ] braces within square brackets

[{choice1 | choice2}] Indicate a choice within an optional element. (choice1 and

choice1 are keywords.)

Description of a Command

The following example describes the net radvd pool lan edit <row id> command:

net radvd pool lan edit is the command name.

<row id> is the required parameter for which you must enter a value after you type the command words.

The command lets you enter the net-config [radvd-pool-lan] mode, from which you can issue the following keywords and parameters:

prefix_type {6To4 {6to4_interface {WAN1 | WAN2} {sla_id <ID number>} | Global-Local-ISATAP {prefix_address <ipv6-address>} {prefix_length <prefix length>}}

prefix_life_time <seconds>

Explanation of the keywords and parameters:

• prefix_type is a keyword.

is either

6to4_interface or Global-Local-ISATAP.

- If you select 6to4_interface, you must specify the WAN interface by typing

WAN1

or WAN2, and you must issue the sla_id keyword and enter a value for

the <ID number> parameter.

- If you select Global-Local-ISATAP, you must issue the prefix_address

keyword and enter a value for the <ipv6-address> parameter, and you must issue the

prefix_length keyword and enter a value for the

<prefix length> parameter

• prefix_life_time

is a keyword and <seconds> is the required parameter for

which you must enter a value.

The required associated keyword that you must select

Command example:

FVS336Gv2> net radvd pool lan edit 12 net-config[radvd-pool-lan]> prefix_type Global-Local-ISATAP net-config[radvd-pool-lan]> prefix_address 10FA:2203:6145:4201:: net-config[radvd-pool-lan]> prefix_length 10 net-config[radvd-pool-lan]> prefix_life_time 3600 net-config[radvd-pool-lan]> save

Introduction

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Common Parameters

Parameter values might be names (strings) or numbers. To use spaces as part of a name parameter, enclose the name value in double quotes. For example, the expression “System Name with Spaces” forces the system to accept the spaces. Empty strings (“”) are not valid user-defined strings. The following table describes common parameter values and value formatting:

Table 2. Common parameters

Parameter Description

ipaddr

ipv6-address

Character strings Use double quotation marks to identify character strings, for example, “System Name with

This parameter is a valid IPv4 address. You must enter the IP address in the a.b.c.d format, in which each octet is a number in the range from 0 to 255 (both inclusive), for example, 10.12.140.218.

The CLI accepts decimal, hexadecimal, and octal formats through the following input formats (where n is any valid decimal, hexadecimal, or octal number):

• 0xn (CLI assumes hexadecimal format)

• 0n (CLI assumes octal format with leading zeros)

• n (CLI assumes decimal format)

This parameter is a valid IPv6 address. You can enter the IPv6 address in one of the following formats:

• FE80:0000:0000:0000:020F:24FF:FEBF:DBCB

• FE80:0:0:0:20F:24FF:FEBF:DBCB

• FE80::20F:24FF:FEBF:DBCB

• FE80:0:0:0:20F:24FF:128:141:49:32

For additional information, see RFC 3513.

Spaces”.

An empty string (“”) is not valid.

Four Categories of Commands

CLI commands are grouped into four categories:

• Configuration. Configuration commands with four main configuration modes. For more

information, see Configuration Commands: Four Main Modes on page 10. Save commands also fall into this category. For more information, see Configuration

Commands: Save Commands on page 13.

• Show. Show commands that are available for the four main configuration modes. For

more information, see Chapter 7, Overview of the Show Commands and Chapter 8,

Show Commands.

• Utility. See Chapter 9, Utility Commands.

• Global. See Global Commands on page 14.

Introduction

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Configuration Commands: Four Main Modes

For the configuration commands, the CLI provides four main modes: net, security, system, and vpn. Chapter 2, Overview of the Configuration Commands lists all commands in these modes, and each of these modes is described in detail in a separate chapter (see Chapter 3 through Chapter 6).

The following table lists the main configuration modes, the configuration modes, the features

that you can configure in each configuration mode, and, for orientation, the basic web management interface (GUI) path to the feature.

Table 3. Main configuration modes

__________________________CLI________________________ ___Web Management Interface (GUI)___ Main Mode Submode Feature That You Can Configure Basic Path Network configuration commands

net ddns Dynamic DNS Network Configuration > Dynamic DNS

dmz DMZ for IPv4

DMZ for IPv6 ethernet VLAN assignment to LAN interface Network Configuration > LAN Setup ipv6 IPv4 or IPv4/IPv6 mode Network Configuration > WAN Settings ipv6_tunnel IPv6 tunnels Network Configuration > WAN Settings lan IPv4 LAN settings and VLANs

LAN groups for IPv4

Secondary IPv4 LAN addresses

Advanced IPv4 LAN settings

Fixed and reserved DHCP IPv4

addresses

LAN IPv4 traffic meter profiles

IPv6 LAN settings

Secondary IPv6 LAN addresses

IPv6 LAN DHCP address pools

IPv6 prefix delegation for the LAN radvd IPv6 RADVD and pools for the

LAN

IPv6 RADVD and pools for the

DMZ

Network Configuration > DMZ Setup

Network Configuration > LAN Setup

Network Configuration > LAN Setup Network Configuration > DMZ Setup

routing Dynamic IPv4 routes

Static IPv4 routes

Static IPv6 routes

Introduction

Network Configuration > Routing

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Table 3. Main configuration modes (continued)

__________________________CLI________________________ ___Web Management Interface (GUI)___ Main Mode Submode Feature That You Can Configure Basic Path

net (continued)

Security configuration commands

security address_filter Source MAC filters

siit Stateless IP/ICMP Translation Network Configuration > SIIT wan IPv4 WAN (Internet) settings

Secondary IPv4 WAN addresses

IPv6 WAN (Internet) settings

MTU, port speed, and MAC

address, failure detection method,

and upload/download settings wan_settings NAT or Classical Routing

Load balancing settings for IPv4

IP/MAC bindings for IPv4

IP MAC bindings for IPv6 bandwidth Bandwidth profiles Security > Bandwidth Profile content_filter Group filtering

Blocked keywords

Web components

Trusted domains firewall All IPv4 firewall rules

All IPv6 firewall rules Attack checks Session limits and time-outs SIP ALG

Network Configuration > WAN Settings

Security > Address Filter

Security > Content Filtering

Security > Firewall

porttriggering_rules Security > Port Triggering schedules Security > Schedule services Custom services

Service groups LAN and WAN IP groups LAN QoS profiles

upnp Security > UPnP

Security > Services

Introduction

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Table 3. Main configuration modes (continued)

__________________________CLI________________________ ___Web Management Interface (GUI)___ Main Mode Submode Feature That You Can Configure Basic Path Administration and monitoring configuration commands

system logging Monitoring > Firewall Logs & E-mail

remote_management Administration > Remote Management snmp Administration > SNMP schedule_reboot Monitoring > Diagnostics time Administration > Time Zone traffic_meter WAN traffic meters Monitoring > Traffic Meter

VPN configuration commands

vpn ipsec IPSec Wizard

IKE policies

VPN policies

Mode Config records

RADIUS servers l2tp L2TP server VPN > L2TP Server pptp PPTP server VPN > PPTP Server sslvpn SSL Wizard

SSL policies

Resources and resource objects

Portal layouts

SSL VPN clients

Client routes

Port forwarding

Domains

Groups

User accounts

User login and IP policies

VPN > IPSec VPN

VPN > SSL VPN

Users

Introduction

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Configuration Commands: Save Commands

The following table describes the configuration commands that let you save or cancel configuration changes in the CLI. You can use these commands in any of the four main configuration modes. These commands are not preceded by a period.

Table 4. Save commands

Command Description

save

exit

cancel

Save the configuration changes. Save the configuration changes and exit the current configuration mode. Roll back the configuration changes.

Commands That Require Saving

After you issue a command that includes the word configure, add, or edit, you enter a configuration mode from which you can issue keywords and associated parameters.

These are examples of commands for which you must save your changes:

• net lan ipv4 configure <vlan id> lets you enter the net-config [lan-ipv4]

configuration mode. After you make your changes, issue save or changes.

• security content_filter trusted_domain add lets you enter the

security-config [approved-urls] configuration mode. After you make your changes, issue save or exit to save your changes.

• vpn sslvpn users groups add lets you enter the vpn-config [user-groups]

configuration mode. After you make your changes, issue save or changes.

exit to save your

Commands That Do Not Require Saving

You do not need to save your changes after you issue a command that deletes, disables, or enables a row ID, name, IP address, or MAC address, or that lets you make a configuration change without entering another configuration mode.

These are examples of commands that you do not need to save:

• net lan dhcp reserved_ip delete <mac address>

• vpn ipsec vpnpolicy disable <vpn policy name>

• security firewall ipv4 enable <row id>

• security firewall ipv4 default_outbound_policy {Allow | Block}

Introduction

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Global Commands

The following table describes the global commands that you can use anywhere in the CLI. These commands must be preceded by a period.

Table 5. Global CLI commands

Command Description

.exit

.help

.top

.reboot

.history

Exit the current session. Display an overview of the CLI syntax. Return to the default command mode or root. Reboot the system. Display the command-line history of the current session.

Examples of Three Basic Types of Commands

You can encounter the following three basic types of commands in the CLI:

• Entry commands to enter a configuration mode. Commands that let you enter a

configuration mode from which you can configure various keywords and associated parameters and keywords. For example, the net wan wan1 ipv4 configure command lets you enter the net-config [wan1-ipv4] mode, from which you can configure the IPv4 WAN settings.

This type of command is the most common in the CLI and is always indicated by two steps in this manual, each one showing the format and mode:

Step 1 Format

net wan wan ipv4 configure <wan interface>

Mode net

Step 2 Format This section shows the keywords and associated parameters, for example:

isp_connection_type {STATIC | DHCPC | PPPoE | PPTP}

Mode net-config [wan1-ipv4]

Sometimes, you must enter a parameter to enter a configuration mode. For example, security schedules edit <row id> requires you to enter the row ID (that is, the row number in the table that contains all the schedules) for the schedule that you want to modify . Then, you enter the security-config [schedules] mode, from which you can modify various keywords and associated parameters and keywords.

• Commands with a single parameter. Commands that require you to supply one or more

parameters and that do not let you enter another configuration mode. usually a row number or a name. For example, security firewall ipv4 delete

The parameter is

<row id> requires you to enter the row ID (that is, the row number in the table that contains all the firewall rules) for the firewall rule that you want to delete.

Introduction

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

For this type of command, the manual shows the format and mode:

Format Mode security

security firewall ipv4 delete <row id>

• Commands without parameters. Commands that do not require you to supply a

parameter after the command and that do not let you enter another configuration mode. For example, util restore_factory_defaults does not require parameters.

For this type of command, the manual shows the format and mode:

Format Mode util

util restore_factory_defaults

Command Autocompletion and Command Abbreviation

Command autocompletion finishes spelling a command when you type enough letters of the command to uniquely identify the command keyword. You must type all of the required keywords and parameters before you can use autocompletion.

Press either of the following keys to let the current command autocomplete. If the command prefix is not unique, press the key again to display possible completions.

• Enter or Return key . Autocompletes, syntax-checks, and

a syntax error occurs, the offending part of the command is highlighted and explained.

• Spacebar. Autocompletes, or if the command is already resolved, inserts a space.

then executes the command. If

The following table describes the key combinations that you can use to edit commands or increase the speed of command entry. Access this list from the CLI by issuing .help

Table 6. CLI editing conventions

Key or Key Sequence Description Invoking context-sensitive help

? Displays context-sensitive help. The information that displays consists either of a list of

possible command completions with summaries or of the full syntax of the current command. When a command is resolved, a subsequent repeat of the help key displays a detailed reference.

Autocompleting

Note: Command autocompletion finishes spelling the command when you type enough letters of a command to

uniquely identify the command keyword. However, you must type all of the required keywords and parameters before you use autocompletion.

Enter (or Return) Autocompletes, syntax-checks, and then executes a command. If a syntax error

occurs, the of command prefix is not unique, press the key again to display possible completions.

fending part of the command line is highlighted and explained. If the

Introduction

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Table 6. CLI editing conventions (continued)

Key or Key Sequence Description

Spacebar Autocompletes, or if the command is already resolved, inserts a space. If the command

prefix is not unique, press the key again to display possible completions.

Moving around

Ctrl-A Go to the beginning of the line. Ctrl-E Go to the end of the line. Up arrow Go to the previous line in the history buffer. Down arrow Go to the next line in the history buffer. Left arrow Go backward one character. Right arrow Go forward one character.

Deleting

Ctrl-C Delete the entire line. Ctrl-D Delete the next character. Ctrl-K Delete all characters to the end of the line from where the cursor is located. Backspace Delete the previous character.

Invoking escape sequences

!! Substitute the previous line. !N Substitute the Nth line, in which N is the absolute line number as displayed in the

output of the history command.

!-N Substitute the line that is located N lines before the current line, in which N is a relative

number in relation to the current lint.

Access the CLI

You can access the CLI by logging in with the same user credentials (user name and password) that you use to access the web management interface. FVS336Gv2> is the CLI prompt.

FVS336Gv2 login: admin Password: ************************************************ Welcome to FVS336Gv2 Command Line Interface ************************************************ FVS336Gv2>

Introduction

2. Overview of the Configuration

Commands

This chapter provides an overview of all configuration commands in the four configuration

command modes. The keywords and associated parameters that are available for these commands are explained in Chapter 3 through Chapter 6. The chapter includes the following sections:

• Network Settings Configuration Commands

• Security Settings Configuration Commands

• System Administrative and Monitoring Settings Configuration Commands

• VPN Settings Configuration Commands

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Network Settings Configuration Commands

Enter the net ? command at the CLI prompt to display the submodes in the net mode. The following table lists the submodes and their commands in alphabetical order:

Table 7. Net mode configuration commands

Submode Command Name Purpose

ddns

dmz

ethernet

ipv6

ipv6_tunnel

net ddns configure Enable, configure, or disable DDNS service. net dmz ipv4 configure Enable, configure, or disable the IPv4 DMZ. net dmz ipv6 configure Enable, configure, or disable the IPv6 DMZ. net dmz ipv6 pool configure <ipv6 address> Configure a new or existing IPv6 DMZ DHCP

address pool.

net dmz ipv6 pool delete < ipv6 address> Delete an IPv6 DMZ DHCP address pool. net ethernet configure <interface name or

number> net ipv6 ipmode configure Configure the IP mode (IPv4 only or

net ipv6_tunnel isatap add Configure a new IPv6 ISATAP tunnel. net ipv6_tunnel isatap delete <row id> Delete an IPv6 ISATAP tunnel. net ipv6_tunnel isatap edit <row id> Configure an existing IPv6 ISATAP tunnel. net ipv6_tunnel six_to_four configure Enable or disable automatic (6to4) tunneling. net lan dhcp reserved_ip configure

Configure a VLAN for a LAN interface.

IPv4/IPv6).

Bind a MAC address to an IP address for DHCP reservation or change an existing binding, and assign a LAN group.

lan

net lan dhcp reserved_ip delete <mac address>

net lan ipv4 advanced configure Configure advanced LAN settings such as the

net lan ipv4 configure <vlan id> Configure a new or existing VLAN. net lan ipv4 default_vlan Configure the default VLAN for each port. net lan ipv4 delete <vlan id> Delete a VLAN. net lan ipv4 disable <vlan id> Disable a VLAN. net lan ipv4 enable <vlan id> Enable a VLAN. net lan ipv4 multi_homing add Configure a new secondary IPv4 address. net lan ipv4 multi_homing delete <row id> Delete a secondary IPv4 address.

Delete the binding of a MAC address to an IP address.

MAC address for VLANs and

ARP broadcast.

Overview of the Configuration Commands

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Table 7. Net mode configuration commands (continued)

Submode Command Name Purpose

net lan ipv4 multi_homing edit <row id> Configure an existing secondary IPv4

address.

lan (continued)

net lan ipv4 traffic_meter configure <ip address>

net lan ipv4 traffic_meter delete <row id> Delete a traffic meter profile. net lan ipv6 configure Configure the IPv6 LAN address settings and

net lan ipv6 multi_homing add Configure a new secondary IPv6 address. net lan ipv6 multi_homing delete <row id> Delete a secondary IPv6 address. net lan ipv6 multi_homing edit <row id> Configure an existing secondary IPv6

net lan ipv6 pool add Configure a new IPv6 LAN DHCP address

net lan ipv6 pool delete <row id> Delete an IPv6 LAN DHCP address pool. net lan ipv6 pool edit <row id> Configure an existing IPv6 LAN DHCP

net lan ipv6 prefix_delegation add Configure a new prefix for IPv6 LAN prefix

net lan ipv6 prefix_delegation delete <row id> Delete a prefix for IPv6 LAN prefix delegation. net lan ipv6 prefix_delegation edit <row id> Configure an existing prefix for IPv6 LAN

Configure a traffic meter profile for an IPv4 address.

DHCPv6.

address.

pool.

address pool.

delegation.

prefix delegation.

protocol binding

net lan lan_groups edit <row id> <new group name>

net protocol_binding add Configure a new protocol binding. net protocol_binding delete Delete a protocol binding. net protocol_binding disable Disable a protocol binding. net protocol_binding edit <row id> Configure an existing protocol binding. net protocol_binding enable Enable a protocol binding.

Change an existing LAN default group name.

Overview of the Configuration Commands

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Table 7. Net mode configuration commands (continued)

Submode Command Name Purpose

net qos configure Configure the QoS mode for the WAN

interfaces.

net qos profile add Configure a new WAN QoS profile.

qos

radvd

net qos profile delete <row id> Delete a WAN QoS profile. net qos profile disable <row id> Disable a WAN QoS profile. net qos profile edit <row id> Configure an existing WAN QoS profile. net qos profile enable <row id> Enable a WAN QoS profile. net radvd configure dmz Configure the IPv6 RADVD for the DMZ. net radvd configure lan Configure the IPv6 RADVD for the LAN. net radvd pool dmz add Configure a new IPv6 RADVD pool for the

DMZ.

net radvd pool dmz delete <row id> Delete an IPv6 RADVD pool from the DMZ. net radvd pool dmz edit <row id> Configure an existing IPv6 RADVD pool for

the DMZ.

net radvd pool lan add Configure a new IPv6 RADVD pool for the

LAN.

net radvd pool lan delete <row id> Delete an IPv6 RADVD pool from the LAN. net radvd pool lan edit <row id> Configure an existing IPv6 RADVD pool for

the LAN.

net routing dynamic configure Configure RIP and the associated MD5 key

information.

routing

siit

wan

net routing static ipv4 configure <route name> Configure a new or existing IPv4 static route. net routing static ipv4 delete <route name> Delete an IPv4 static route. net routing static ipv4 delete_all Delete all IPv4 routes. net routing static ipv6 configure <route name> Configure a new or existing IPv6 static route. net routing static ipv6 delete <route name> Delete an IPv6 static route. net routing static ipv6 delete_all Delete all IPv6 routes. net siit configure Configure Stateless IP/ICMP Translation. net wan port_setup ipv4 configure <wan

interface>

net wan port_setup ipv6 configure <wan interface>

Configure the failover method, MTU, port speed, and MAC address of an IPv4 W interface.

Configure the failure detection ping settings of an IPv6 W

AN interface.

Overview of the Configuration Commands

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Table 7. Net mode configuration commands (continued)

Submode Command Name Purpose

net wan wan ipv4 configure <wan interface> Configure the ISP settings of an IPv4 WAN

interface.

wan (continued)

wan_settings

net wan wan ipv4 secondary_address add <wan interface>

net wan wan ipv4 secondary_address delete <row id>

net wan wan ipv6 configure <wan interface> Configure the ISP settings of an IPv6 WAN

net wan_settings load_balancing configure Configure the load balancing settings for two

net wan_settings wanmode configure Configure the mode of IPv4 routing (NA

Configure a secondary IPv4 WAN address.

Delete a secondary IPv4 WAN address.

interface.

AN interfaces that are configured for IPv4.

classical routing) between the WAN interface and LAN interfaces.

Security Settings Configuration Commands

Enter the security ? command at the CLI prompt to display the submodes in the security mode. The following table lists the submodes and their commands in alphabetical order:

Table 8. Security mode configuration commands

Submode Command Name Purpose

T or

address_filter

security address_filter ip_or_mac_binding add Configure a new IP/MAC binding rule. security address_filter ip_or_mac_binding

delete <row id> security address_filter ip_or_mac_binding edit

<row id> security address_filter ip_or_mac_binding

enable_email_log <ip version> security address_filter mac_filter configure Configure the source MAC address filter. security address_filter mac_filter source add Configure a new MAC source address. security address_filter mac_filter source delete

Delete an IP/MAC binding rule.

Configure an existing IP/MAC binding rule.

Configure the email log for IP/MAC Binding violations.

Delete a MAC source address.

Overview of the Configuration Commands

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Table 8. Security mode configuration commands (continued)

Submode Command Name Purpose

bandwidth

content_filter

security bandwidth enable_bandwidth_profiles {Y | N}

security bandwidth profile add Configure a new bandwidth profile. security bandwidth profile delete <row id> Delete a bandwidth profile. security bandwidth profile edit <row id> Configure an existing bandwidth profile. security content_filter block_group disable Remove content filtering from groups. security content_filter block_group enable Apply content filtering to groups. security content_filter blocked_keywords add Configure a new blocked keyword. security content_filter blocked_keywords delete

<row id> security content_filter blocked_keywords edit

<row id> security content_filter content_filtering configure Configure web content filtering. security content_filter trusted_domain add Configure a new trusted domain. security content_filter trusted_domain delete

<row id> security content_filter trusted_domain edit

Enable or disable bandwidth profile globally.

Delete a blocked keyword.

Configure an existing blocked keyword.

Delete a trusted domain.

Configure an existing trusted domain.

firewall

security firewall advanced algs Configure SIP support for the ALG. security firewall attack_checks configure ipv4 Configure WAN and LAN security attack

checks for IPv4 traf

security firewall attack_checks configure ipv6 Configure W

for IPv6 traffic.

security firewall attack_checks vpn_passthrough configure

security firewall igmp alternate_networks add Configure a new alternate network. security firewall igmp alternate_networks delete Delete an alternate network. security firewall igmp configure Enable or disable multicast pass-through

security firewall ipv4 add_rule dmz_wan inbound

security firewall ipv4 add_rule dmz_wan outbound

Configure VPN pass-through for IPv4 traffic.

for IPv4 traf Configure a new IPv4 DMZ W

inbound firewall rule. Configure a new IPv4 DMZ WAN

outbound firewall rule.

fic.

AN security attack checks

Overview of the Configuration Commands

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Table 8. Security mode configuration commands (continued)

Submode Command Name Purpose

security firewall ipv4 add_rule lan_dmz inbound Configure a new IPv4 LAN DMZ inbound

firewall rule.

firewall (continued)

security firewall ipv4 add_rule lan_dmz outbound

security firewall ipv4 add_rule lan_wan inbound Configure a new IPv4 LAN WAN

security firewall ipv4 add_rule lan_wan outbound

security firewall ipv4 default_outbound_policy {Allow | Block}

security firewall ipv4 delete <row id> Delete an IPv4 firewall rule. security firewall ipv4 disable <row id> Disable an IPv4 firewall rule. security firewall ipv4 edit_rule dmz_wan

inbound <row id> security firewall ipv4 edit_rule dmz_wan

outbound <row id> security firewall ipv4 edit_rule lan_dmz inbound

<row id> security firewall ipv4 edit_rule lan_dmz

outbound <row id> security firewall ipv4 edit_rule lan_wan inbound

Configure a new IPv4 LAN DMZ outbound firewall rule.

inbound firewall rule. Configure a new IPv4 LAN WAN

outbound firewall rule. Configure the default outbound policy for

IPv4 traf

Configure an existing IPv4 DMZ W inbound firewall rule.

Configure an existing IPv4 DMZ WAN outbound firewall rule.

Configure an existing IPv4 LAN DMZ inbound firewall rule.

Configure an existing IPv4 LAN DMZ outbound firewall rule.

Configure an existing IPv4 LAN WAN inbound firewall rule.

fic.

security firewall ipv4 edit_rule lan_wan outbound <row id>

security firewall ipv4 enable <row id> Enable an IPv4 firewall rule. security firewall ipv6 configure Configure a new IPv6 firewall rule. security firewall ipv6 default_outbound_policy

{Allow | Block} security firewall ipv6 delete <row id> Delete an IPv6 firewall rule. security firewall ipv6 disable <row id> Disable an IPv6 firewall rule. security firewall ipv6 edit <row id> Configure an existing IPv6 firewall rule. security firewall ipv6 enable <row id> Enable an IPv6 firewall rule. security firewall session_limit configure Configure global session limits. security firewall session_settings configure Configure global session time-outs.

Configure an existing IPv4 LAN WAN outbound firewall rule.

Configure the default outbound policy for IPv6 traf

fic.

Overview of the Configuration Commands

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Table 8. Security mode configuration commands (continued)

Submode Command Name Purpose

security porttriggering_rules add Configure a new port triggering rule.

porttriggering_rules

schedules

services

security porttriggering_rules delete <row id> Delete a port triggering rule. security porttriggering_rules edit <row id> Configure an existing port triggering rule. security schedules edit {1 | 2 | 3} Configure one of the three security

schedules.

security services add Configure a new custom service. security services delete <row id> Delete a custom service. security services edit <row id> Configure an existing custom service. security services ip_group add Configure a new LAN or WAN IP group. security services ip_group add_ip_to

<group name> security services ip_group delete <row id> Delete a LAN or WAN IP group. security services ip_group delete_ip <row id> Remove an IP address from a LAN or

security services ip_group edit <row id> Configure an existing LAN or W

security services qos_profile add Add a QoS profile. security services qos_profile delete <row id> Delete a QoS profile.

Add an IP address to a LAN or WAN IP group.

AN IP group.

AN IP

group.

security services qos_profile edit <row id> Configure an existing QoS profile. security services service_group add Add a service group. security services service_group edit <row id> Delete a service group. security services service_group delete <row id> Configure an existing service group.

upnp security upnp configure Configure UPnP.

Overview of the Configuration Commands

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

System Administrative and Monitoring Settings Configuration Commands

Enter the system ? command at the CLI prompt to display the submodes in the system mode. The following table lists the submodes and their commands in alphabetical order:

Table 9. System mode configuration commands

Submode Command Name Purpose

system logging configure Configure routing logs for accepted and

dropped IPv4 and IPv6 packets.

logging

system logging remote configure Configure email logs and alerts, schedule

email logs and alerts, and configure a syslog server

system remote_management https

remote_management

schedule_reboot system schedule_reboot configure Schedule the VPN firewall to be rebooted.

snmp

time

traffic_meter

configure system remote_management telnet

configure

system snmp remote_snmp enable Enable or disable SNMP access from the

system snmp sys configure Configure the SNMP system information. system snmp trap configure <ip address> Configure an SNMP agent and community. system snmp trap delete <ipaddress> Delete an SNMP agent. system snmp trapevent edit Change the default SNMP trap events. system snmp v3_users edit Change the default SNMPv3 users. system time configure Configure the system time, date, and NTP

system traffic_meter configure <wan interface>

Configure remote management over HTTPS.

Configure remote management over T

AN.

servers. Configure the W

AN traffic meter.

elnet.

Overview of the Configuration Commands

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

VPN Settings Configuration Commands

Enter the vpn ? command at the CLI prompt to display the submodes in the vpn mode. The following table lists the submodes and their commands in alphabetical order:

Table 10. Configuration commands: vpn mode

Submode Command Name Purpose

vpn ipsec ikepolicy configure <ike policy name> Configure a new or existing manual IPSec

IKE policy.

vpn ipsec ikepolicy delete <ike policy name> Delete an IPSec policy vpn ipsec mode_config configure <record name> Configure a new or existing Mode Config

record.

vpn ipsec mode_config delete <record name> Delete a Mode Config record. vpn ipsec radius configure Configure the RADIUS servers. vpn ipsec vpnpolicy configure <vpn policy name> Configure a new or existing auto IPSec

ipsec

vpn ipsec vpnpolicy connect <vpn policy name> Establish a VPN connection. vpn ipsec vpnpolicy delete <vpn policy name> Delete an IPSec VPN policy vpn ipsec vpnpolicy disable <vpn policy name> Disable an IPSec VPN policy. vpn ipsec vpnpolicy drop <vpn policy name> Terminate an IPSec VPN connection. vpn ipsec vpnpolicy enable <vpn policy name> Enable an IPSec VPN policy. vpn ipsec wizard configure <Gateway | VPN_Client> Configure the IPSec VPN wizard for a

l2tp vpn l2tp server configure Configure the L2TP server. pptp vpn pptp server configure Configure the PPTP server.

VPN policy or manual IPSec VPN policy

gateway-to-gateway or gateway-to-VPN client connection.

sslvpn

vpn sslvpn client ipv4 Configure the SSL client IPv4 address

range.

vpn sslvpn client ipv6 Configure the SSL client IPv6 address

range.

vpn sslvpn policy add Configure a new SSL VPN policy. vpn sslvpn policy delete <row id> Delete an SSL VPN policy. vpn sslvpn policy edit <row id> Configure an existing SSL VPN policy. vpn sslvpn portal_layouts add Configure a new SSL VPN portal layout. vpn sslvpn portal_layouts delete <row id> Delete an SSL VPN portal layout.

Overview of the Configuration Commands

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Table 10. Configuration commands: vpn mode (continued)

Submode Command Name Purpose

vpn sslvpn portal_layouts edit <row id> Configure an existing SSL VPN portal

layout.

vpn sslvpn portal_layouts set_default <row id> Configure the default SSL VPN portal

layout.

vpn sslvpn portforwarding appconfig add Configure a new SSL port forwarding

application.

vpn sslvpn portforwarding appconfig delete <row id> Delete an SSL VPN port forwarding

application.

vpn sslvpn portforwarding hostconfig add Configure a new host name for an SSL port

forwarding application.

sslvpn (continued)

vpn sslvpn portforwarding hostconfig delete <row id>

vpn sslvpn resource add Add a new SSL VPN resource. vpn sslvpn resource configure add

<resource name> vpn sslvpn resource configure delete <row id> Delete an SSL VPN resource object. vpn sslvpn resource delete <row id> Delete an SSL VPN resource. vpn sslvpn route add Add an SSL VPN client route. vpn sslvpn route delete <row id> Delete an SSL VPN client route. vpn sslvpn users domains add Configure a new authentication domain. vpn sslvpn users domains delete <row id> Delete an authentication domain. vpn sslvpn users domains

disable_Local_Authentication {Y | N} vpn sslvpn users domains edit <row id> Configure an existing authentication

vpn sslvpn users groups add Configure a new authentication group. vpn sslvpn users groups delete <row id> Delete an authentication group.

Delete a host name for an SSL port forwarding application.

Configure an SSL VPN resource object.

Enable or disable local authentication for users.

domain.

vpn sslvpn users groups edit <row id> Configure an existing authentication group. vpn sslvpn users users add Add a new user account. vpn sslvpn users users browser_policies <row id> Configure the client browsers from which a

user is either allowed or denied access.

vpn sslvpn users users delete <row id> Delete a user account. vpn sslvpn users users edit <row id> Configure an existing user account.

Overview of the Configuration Commands

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Table 10. Configuration commands: vpn mode (continued)

Submode Command Name Purpose

sslvpn (continued)

vpn sslvpn users users ip_policies configure <row id>

vpn sslvpn users users ip_policies delete <row id> Delete a source IP address for a user. vpn sslvpn users users login_policies <row id> Configure the login policy for a user. vpn sslvpn wizard configure Configure the SSL VPN wizard for an SSL

Configure source IP addresses from which a user is either allowed or denied access.

portal.

Overview of the Configuration Commands

3. Net Mode Configuration

Commands

This chapter explains the configuration commands, keywords, and associated parameters in the

net mode. The chapter includes the following sections:

• General WAN Commands

• IPv4 WAN Commands

• IPv6 WAN Commands

• IPv6 Tunnel Commands

• Dynamic DNS Command

• IPv4 LAN Commands

• IPv6 LAN Commands

• IPv4 DMZ Setup Command

• IPv6 DMZ Setup Commands

• WAN QoS Commands

• IPv4 Routing Commands

• IPv6 Routing Commands

IMPORTANT:

After you issue a command that includes the word configure, add, or edit, you must save (or cancel) your changes. For more information, see Configuration Commands: Save Commands on page 13.

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

General WAN Commands

This section describes the following commands:

• net wan port_setup ipv4 configure <wan interface>

• net wan port_setup ipv6 configure <wan interface>

net wan port_setup ipv4 configure <wan interface>

This command configures the advanced WAN settings for an IPv4 W AN interface, that is, the MTU, port speed, MAC address, failure detection method, and upload and download settings of the VPN firewall. After you issue the net wan port_setup ipv4 configure command to specify one of the two WAN interfaces (that is, WAN1 or WAN2), you enter the net-config [port_setup_ipv4] mode and then you can configure the advanced settings for the specified interface in the order that you prefer.

Step 1 Format

Mode net

Step 2 Format

net wan port_setup ipv4 configure <wan interface>

def_mtu {Default | Custom {mtu_size <number>}}

port_speed {Auto_Sense | 10_BaseT_Half_Duplex |

10_BaseT_Full_Duplex | 100_BaseT_Half_Duplex | 100_BaseT_Full_Duplex | 1000_BaseT_Full_Duplex}

mac_type {Use-Default-Mac | Use-This-Computers-Mac | Use-This-Mac {mac_address <mac address>}}

failover_method type {None | WAN-DNS {failover_method retry_interval <seconds>} {failover_method retry_attempts <number>}| CUSTOM-DNS {failover_method dns_ipaddress_wan <ipaddress>} {failover_method retry_interval <seconds>} {failover_method retry_attempts <number>}| Ping {failover_method ping_ipaddress_wan <ipaddress>} {failover_method retry_interval <seconds>} {failover_method

retry_attempts <number>}}

upload_download wan_conn_type {DSL | ADSL | T1 | T3 | Other} upload_download upload_speed_type {56-Kbps | 128-Kbps |

256-Kbps | 384-Kbps | 512-Kbps | 768-Kbps | 1500-Kbps | 1544-Kbps | 10-Mbps | 44.736-Mbps | 100-Mbps | 1-Gbps | Custom {upload_download upload_speed <speed>}}

upload_download download_speed_type {56-Kbps | 128-Kbps | 256-Kbps | 384-Kbps | 512-Kbps | 768-Kbps | 1500-Kbps | 1544-Kbps | 10-Mbps | 44.736-Mbps | 100-Mbps | 1-Gbps | Custom {upload_download download_speed <speed>}}

Mode net-config [port_setup_ipv4]

Net Mode Configuration Commands

+ 326 hidden pages

Netgear FVS336G Reference Manual

ProSAFE Dual WAN Gigabit Firewall with SSL & IPsec VPN

Contents

1. Introduction

Command Syntax and Conventions

Command Conventions

Description of a Command

Common Parameters

Four Categories of Commands

Configuration Commands: Four Main Modes

Configuration Commands: Save Commands

Commands That Require Saving

Commands That Do Not Require Saving

Global Commands

Examples of Three Basic Types of Commands

Command Autocompletion and Command Abbreviation

Access the CLI

Network Settings Configuration Commands

Security Settings Configuration Commands

System Administrative and Monitoring Settings Configuration Commands

VPN Settings Configuration Commands

General WAN Commands