Zyxel ZYWALL REFERENCE GUIDE

ZyWALL (ZLD)

CLI Reference Guide

Version 2.20, 2.21 2/2011 Edition 3

DEFAULT LOGIN

User Name admin Password 1234

www.zyxel.com

About This CLI Reference Guide

Intended Audience

This manual is intended for people who want to configure ZLD-based ZyWALLs via Command Line Interface (CLI). You should have at least a basic knowledge of TCP/IP networking concepts and topology. Generally, it is organized by feature as outlined in the web configurator.

" This guide is intended as a command reference for a series of products.

Therefore many commands or command options in this guide may not be available in your product. See your User’s Guide for a list of supported features and details about feature implementation.

Please refer to www.zyxel.com or your product’s CD for product specific User Guides and product certifications.

How To Use This Guide

1 Read Chapter 1 on page 11 for how to access and use the CLI (Command Line

Interface).

2 Read Chapter 2 on page 27 to learn about the CLI user and privilege modes. 3 Subsequent chapters are arranged by menu item as defined in the web configurator . Read

each chapter carefully for detailed information on that menu item.

" Some features cannot be configured in both the web configurator and CLI.

CLI Reference Guide Feedback

Help us help you. Send all Reference Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. . Thank you!

The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan.

E-mail: techwriters@zyxel.com.tw

ZyWALL (ZLD) CLI Reference Guide

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this User’s Guide.

1 Warnings tell you about things that could harm you or your device.

" Notes tell you other important information (for example, other things you may

need to configure or helpful tips) or recommendations.

Syntax Conventions

• The ZLD-based ZyWALL may be referred to as the “ZyWALL”, the “device”, the “system” or the “product” in this User’s Guide.

• Product labels, screen names, field labels and field choices are all in bold font.

• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “return” key on your keyboard.

• “Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.

• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.

• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.

• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.

ZyWALL (ZLD) CLI Reference Guide

Document Conventions

Icons Used in Figures

Figures in this User’s Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device.

ZyWALL Computer Notebook computer

Server Firewall Telephone

Switch Router

ZyWALL (ZLD) CLI Reference Guide

Document Conventions

ZyWALL (ZLD) CLI Reference Guide

Contents Overview

Introduction ..............................................................................................................................9

Command Line Interface ............................................................................................................11

User and Privilege Modes ......................................................................................................... 27

Object Reference ................ ... ... ... .... ... ... ... ... .......................................... .... ... ... ... ....................... 31

Status ............................................................... ...................... ....................... ............................. 33

Registration ............................................................................................................................... 37

Network ...................................................................................................................................45

Interfaces ..................................... ....................................................... ....................................... 47

Trunks .................................................... .......................................... .......................................... 85

Route ......................................................................................................................................... 91

Routing Protocol ........................................................................................................................ 99

Zones .................................. ................... ................... .................... ................... ........................ 103

DDNS ...................................................................................................................................... 107

Virtual Servers ..........................................................................................................................111

HTTP Redirect ..........................................................................................................................117

ALG ......................................................................................................................................... 121

Firewall ..................................................................................................................................125

Firewall .................................................................................................................................... 127

VPN ........................................................................................................................................135

IPSec VPN ................... ... ....................................... ... .... ... ... ... .... ... ... ........................................ 137

SSL VPN ................................................................................................................................. 147

L2TP VPN ................................................................................................................................ 153

Application Patrol ................................................................................................................161

Application Patrol ..................................................................................................................... 163

Anti-X ....................................................................................................................................175

Anti-Virus .................................................................................................................................177

IDP Commands ....................................................................................................................... 185

Content Filtering ............. .... ... .......................................... ... .......................................... ........... 203

Anti-Spam ................................................................................................................................ 215

Device HA .............................................................................................................................225

Device HA ................................................................................................................................ 227

ZyWALL (ZLD) CLI Reference Guide

Contents Overview

Objects ..................................................................................................................................235

User/Group .............................................................................................................................. 237

Addresses .............................. ................... .................... ................... ................... ..................... 245

Services ................................. ....................................................... ........................................... 249

Schedules ................................. ................................................. .............................................. 253

AAA Server .............................................................................................................................. 255

Authentication Objects ................. .... ... ... ... ... .......................................... .... ... ... ... ..................... 263

Certificates ................................... ....................... ....................... ...................... ........................ 267

ISP Accounts ............................................... .... ... ... ... .... ... .......................................... ..............273

SSL Application ....................................................................................................................... 277

Endpoint Security .................................................................................................................... 281

System ..................................................................................................................................289

System ................................... ...................... ....................... ....................... .............................. 291

System Remote Management ................................................................................................. 299

Maintenance .........................................................................................................................313

File Manager ............................................................................................................................ 315

Logs ....................................... .................................................... .............................................. 333

Reports and Reboot ................................................................................................................ 339

Session Timeout .......................... .......................................... .... ..............................................345

Diagnostics .............................................................................................................................347

Packet Flow Explore ................................................................................................................ 349

Maintenance Tools ................................................................................................................... 353

Watchdog Timer .......................................................................................................................359

Command List ......................................................................................................................363

List of Commands (Alphabetical) ........................ ....................... ...................... ....................... . 365

ZyWALL (ZLD) CLI Reference Guide

PART I

Introduction

Command Line Interface (11) User and Privilege Modes (27) Object Reference (31) Status (33) Registration (37)

CHAPTER 1

Command Line Interface

This chapter describes how to access and use the CLI (Command Line Interface).

1.1 Overview

If you have problems with your ZyWALL, customer support may request that you issue some of these commands to assist them in troubleshooting.

1 Use of undocumented commands or misconfiguration can damage the

ZyWALL and possibly render it unusable.

1.1.1 The Configuration File

When you configure the ZyWALL using either the CLI (Command Line Interface) or t he web configurator, the settings are saved as a series of commands in a configuration file on the ZyWALL. Y ou can sto re more than one configuration file on the ZyWALL. However , only one configuration file is used at a time.

You can perform the following with a configuration file:

• Back up ZyWALL configuration once the ZyWALL is set up to work in your network.

• Restore ZyWALL configuration.

• Save and edit a configuration file and upload it to multiple ZyWALLs (of the same model) in your network to have the same settings.

" You may also edit a configuration file using a text editor.

1.2 Accessing the CLI

You can access the CLI using a terminal emulation program on a computer connected to the console port, from the web configurator or access the ZyWALL using Telnet or SSH (Secure SHell).

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

" The ZyWALL might force you to log out of your session if reauthentication

time, lease time, or idle timeout is reached. See Chapter 25 on page 237 for more information about these settings.

1.2.1 Console Port

The default settings for the console port are as follows.

Table 1 Managing the ZyWALL: Console Port

SETTING VALUE

Speed 115200 bps Data Bits 8 Parity None Stop Bit 1 Flow Control Off

When you turn on your ZyWALL, it performs several internal tests as well as line initialization. You can view the initialization information using the console port.

• Garbled text displays if your terminal emulation program’s speed is set lower than the ZyWALL’s.

• No text displays if the speed is set higher than the ZyWALL’s.

• If changing your terminal emulation program’s speed does not get anything to display, restart the ZyWALL.

• If restarting the ZyWALL does not get anything to display, contact your local customer support.

Figure 1 Console Port Power-on Display

FLASH: AMD 16M

BootModule Version: V1.08 | 12/04/2007 15:36:17 DRAM: Size = 256 Mbytes

DRAM POST: Testing: 262144K

After the initialization, the login screen displays.

Figure 2 Login Screen

Welcome to ZyWALL 1050

Username:

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

Enter the user name and password at the prompts.

" The default login username is admin and password is 1234. The username

and password are case-sensitive.

1.2.2 Web Configurator Console

" Before you can access the CLI through the web configurator, make sure your

computer supports the Java Runtime Environment. You will be prompted to download and install the Java plug-in if it is not already installed.

When you access the CLI using the web console, your computer establishes a SSH (Secure SHell) connection to the ZyWALL. Follow the steps below to access the web console.

1 Log into the web configurator. 2 Click the Console icon in the top-right corner of the web configurator screen. 3 If the Java plug-in is already installed, skip to step 4.

Otherwise, you will be prompted to install the Java plug-in. If the prompt does not display and the screen remains gray, you have to download the setup program.

4 The web console starts. This might take a few seconds. One or more security screens

may display. Click Yes or Always.

Figure 3 Web Console: Security Warnings

Finally , the User Name screen appears.

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

Figure 4 Web Console: User Name

5 Enter the user name you want to use to log in to the console. The console begins to

connect to the ZyWALL.

" The default login username is admin. It is case-sensitive.

Figure 5 Web Console: Connecting

Then, the Password screen appears.

Figure 6 Web Console: Password

6 Enter the password for the user name you specified earlier, and click OK. If you enter

the password incorrectly, you get an error message, and you may have to close the console window and open it again. If you enter the password correctly, the console screen appears.

ZyWALL (ZLD) CLI Reference Guide

Figure 7 Web Console

7 T o use most commands in this User’s Guide, enter configure terminal. The prompt

1.2.3 Telnet

should change to

Chapter 1 Command Line Interface

Router(config)#.

Use the following steps to Telnet into your ZyWALL.

1 If your computer is connected to the ZyWALL over the Internet, skip to the next step.

Make sure your computer IP address and the ZyWALL IP address are on the same subnet.

2 In Windows, click Start (usually in the bottom left corner) and Run. Then type

and the ZyWALL’s IP address. For example, enter telnet 192.168.1.1 (the default management IP address).

3 Click OK. A login screen displays. Enter the user name and password at the prompts.

telnet

" The default login username is admin and password is 1234. The username

and password are case-sensitive.

1.2.4 SSH (Secure SHell)

You can use an SSH client program to access the CLI. The following figure shows an example using a text-based SSH client program. Refer to the documentation that comes with your SSH program for information on using it.

" The default login username is admin and password is 1234. The username

and password are case-sensitive.

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

Figure 8 SSH Login Example

C:\>ssh2 admin@192.168.1.1 Host key not found from database. Key fingerprint: xolor-takel-fipef-zevit-visom-gydog-vetan-bisol-lysob-cuvun-muxex You can get a public key's fingerprint by running % ssh-keygen -F publickey.pub on the keyfile. Are you sure you want to continue connecting (yes/no)? yes

Host key saved to C:/Documents and Settings/user/Application Data/SSH/ hostkeys/ ey_22_192.168.1.1.pub host key for 192.168.1.1, accepted by user Tue Aug 09 2005 07:38:28 admin's password: Authentication successful.

1.3 How to Find Commands in this Guide

You can simply look for the feature chapter to find commands. In addition, you can use the

List of Commands (Alphabetical) at the end of the guide. This section lists the commands in

alphabetical order that they appear in this guide. If you are looking at the CLI Reference Guide electronically, you might have additional

options (for example, bookmarks or Find...) as well.

1.4 How Commands Are Explained

Each chapter explains the commands for one keyword. The chapters ar e divided into the following sections.

1.4.1 Background Information (Optional)

" See the User’s Guide for background information about most features.

This section provides background information about features that you cannot configure in the web configurator. In addition, this section identifies related commands in other chapters.

1.4.2 Command Input Values (Optional)

This section lists common input values for the commands for the feature in one or more tables

ZyWALL (ZLD) CLI Reference Guide

1.4.3 Command Summary

This section lists the commands for the feature in one or more tables.

1.4.4 Command Examples (Optional)

This section contains any examples for the commands in this feature.

1.4.5 Command Syntax

The following conventions are used in this User’s Guide.

• A command or keyword in courier new must be entered literally as shown. Do not abbreviate.

• Values that you need to provide are in italics.

• Required fields that have multiple choices are enclosed in curly brackets

• A range of numbers is enclosed in angle brackets

• Optional fields are enclosed in square brackets

•The

| symbol means OR.

Chapter 1 Command Line Interface

{}.

<>.

[].

For example, look at the following command to create a TCP/UDP service object.

service-object object-name {tcp | udp} {eq <1..65535> | range <1..65535> <1..65535>}

1 Enter service-object exactly as it appears. 2 Enter the name of the object where you see object-name. 3 Enter

tcp or udp, depending on the service object you want to create.

4 Finally , do one of the following.

•Enter

eq exactly as it appears, followed by a number between 1 and 65535. range exactly as it appears, followed by two numbers between 1 and 65535.

1.4.6 Changing the Password

It is highly recommended that you change the password for accessing the ZyWALL. See

Section 25.2 on page 238 for the appropriate commands.

1.5 CLI Modes

You run CLI commands in one of several modes.

Table 2 CLI Modes

USER PRIVILEGE CONFIGURATION SUB-COMMAND

What Guest users can do

What User users can do

Unable to access Unable to access Unable to access Unable to access

• Look at (but not run) available commands

Unable to access Unable to access Unable to access

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

Table 2 CLI Modes (continued)

USER PRIVILEGE CONFIGURATION SUB-COMMAND

What LimitedAdmin users can

What Admin users can do

How you enter it Log in to the ZyWALL Type enable in User

What the prompt looks like

How you exit it Type exit Type disable Type exit Type exit

• Look at system information (like Status screen)

• Run basic diagnostics

• Look at system information (like Status screen)

• Run basic diagnostics

Router> Router# Router(config)# (varies by part)

• Look at system information (like Status screen)

• Run basic diagnostics

• Look at system information (like Status screen)

• Run basic diagnostics

mode

Unable to access Unable to access

• Configure simple features (such as an address object)

• Create or remove complex parts (such as an interface)

Type configure

terminal in User or Privilege mode

• Configure complex parts (such as an interface) in the ZyWALL

Type the command used to create the specific part in Configuration mode

Router(zone)# Router(configif-ge)# ...

See Chapter 25 on page 237 for more information about the user types. User users can only log in, look at (but not run) the available commands in User mode, and log out. Limited- Admin users can look at the configuration in the web configurator and CLI, and they can run basic diagnostics in the CLI. Admin users can configure the ZyWALL in the web configurator or CLI.

At the time of writing, there is not much difference between User and Privilege mode for admin users. This is reserved for future use.

1.6 Shortcuts and Help

1.6.1 List of Available Commands

A list of valid commands can be found by typing ? or [TAB] at the command prompt. To view a list of available commands within a command group, enter

[TAB].

ZyWALL (ZLD) CLI Reference Guide

Figure 9 Help: Available Commands Example 1

Router> ? <cr> apply atse clear configure

------------------[Snip]-------------------shutdown telnet test traceroute write Router>

Figure 10 Help: Available Command Example 2

Router> show ? <wlan ap interface> aaa access-page account ad-server address-object

------------------[Snip]-------------------wlan workspace zone Router> show

Chapter 1 Command Line Interface

1.6.2 List of Sub-commands or Required User Input

To view detailed help information for a command, enter <command> <sub command> ?.

Figure 11 Help: Sub-command Information Example

Router(config)# ip telnet server ? ; <cr> port rule | Router(config)# ip telnet server

Figure 12 Help: Required User Input Example

Router(config)# ip telnet server port ? <1..65535> Router(config)# ip telnet server port

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

1.6.3 Entering Partial Commands

The CLI does not accept partial or incomplete commands. You may enter a unique part of a command and press

[TAB] to have the ZyWALL automatically display the full command.

For example, if you enter

config and press [TAB] , the full command of configure

automatically displays. If you enter a partial command that is not unique and press

of commands that start with the partial command.

Figure 13 Non-Unique Partial Command Example

Router# c [TAB] clear configure copy Router# co [TAB] configure copy

1.6.4 Entering a ? in a Command

Typing a ? (question mark) usua lly displays help information. However, some commands allow you to input a ?, for example as part of a string. Press [CTRL+V] on your keyboard to enter a ? without the ZyWALL treating it as a help query.

1.6.5 Command History

The ZyWALL keeps a list of commands you have entered for the current CLI session. You can use any commands in the history again by pressing the up (y) or down (z) arrow key to scroll through the previously used commands and press

[TAB], the ZyWALL displays a list

[ENTER].

1.6.6 Navigation

Press [CTRL]+A to move the cursor to the beginning of the line. Press [CTRL]+E to move the cursor to the end of the line.

1.6.7 Erase Current Command

Press [CTRL]+U to erase whatever you have currently typed at the prompt (before pressing

[ENTER]).

1.6.8 The no Commands

When entering the no commands discribed in this document, you may not need to type the whole command. For example, with the “[no] mss <536..1452>” command, you use “mss 536” to specify the MSS value. But to disable the MSS setting, you only need to type “no mss” instead of “no mss 536”.

ZyWALL (ZLD) CLI Reference Guide

1.7 Input Values

You can use the ? or [TAB] to get more information about the next input value that is required for a command. In some cases, the next input value is a string whose length and allowable characters may not be displayed in the screen. For example, in the following example, the next input value is a string called

Router# configure terminal Router(config)# interface ge1 Router(config-if-ge)# description <description>

When you use the example above, note that ZyWALL USG 100 and 200 models use a name such as wan1, wan2, opt, lan1, ext-wlan, or dmz.

Chapter 1 Command Line Interface

<description>.

The following table provides more information about input values like

<description>.

Table 3 Input-Value Formats for Strings in CLI Commands

TAG # VALUES LEGAL VALUES

* 1* all -- ALL authentication key Used in IPSec SA

32-40 16-20

Used in MD5 authentication keys for RIP/OSPF and text authentication key for RIP

0-16 alphanumeric or _Used in text authentication keys for OSPF 0-8 alphanumeric or _-

certificate name 1-31 alphanumeric or ;`~!@#$%^&()_+[\]{}',.=- community string 0-63 alphanumeric or .-

connection_id 1+ alphanumeric or -_: contact 1-61 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-. country code 0 or 2 alphanumeric custom signature file

name description Used in keyword criteria for log entries

distinguished name 1-511 alphanumeric, spaces, or .@=,_-

0-30 alphanumeric or _-.

1-64 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-. Used in other commands 1-61 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-

“0x” or “0X” + 32-40 hexadecimal values alphanumeric or ;|`~!@#$%^&*()_+\\{}':,./<>=-

first character: alphanumeric or -

first character: letter

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

Table 3 Input-Value Formats for Strings in CLI Commands (continued)

TAG # VALUES LEGAL VALUES

domain name Used in content filtering

0+ lower-case letters, numbers, or .Used in ip dns server 0-247 alphanumeric or .-

first character: alphanumeric or Used in domainname, ip dhcp pool, and ip domain 0-254 alphanumeric or ._-

first character: alphanumeric or -

email 1-63 alphanumeric or .@_- e-mail 1-64 alphanumeric or .@_- encryption key 16-64

8-32

file name 0-31 alphanumeric or _- filter extension 1-256 alphanumeric, spaces, or '()+,/:=?;!*#@$_%.- fqdn Used in ip dns server

0-252 alphanumeric or .-

Used in ip ddns, time server, device HA, VPN, certificates, and interface ping check

0-254 alphanumeric or .-

full file name 0-256 alphanumeric or _/.- hostname Used in hostname command

0-63 alphanumeric or .-_

Used in other commands 0-252 alphanumeric or .-

import configuration file

import shell script 1-

initial string 1-64 alphanumeric, spaces, or '()+,/:=!*#@$_%-.& isp account password 0-63 alphanumeric or `~!@#$%^&*()_\-+={}|\;:'<,>./ isp account username 0-30 alphanumeric or -_@$./ key length -- 512, 768, 1024, 1536, 2048 license key 25 “S-” + 6 upper-case letters or numbers + “-” + 16

mac address -- aa:bb:cc:dd:ee:ff (hexadecimal) mail server fqdn lower-case letters, numbers, or -. name 1-31 alphanumeric or _- notification message 1-81 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-

126+”.conf”

26+”.zysh”

“0x” or “0X” + 16-64 hexadecimal values

alphanumeric or ;\|`~!@#$%^&*()_+\\{}':,./<>=-

first character: alphanumeric or -

alphanumeric or ;`~!@#$%^&()_+[]{}',.=-

add “.conf” at the end

alphanumeric or ;`~!@#$%^&()_+[]{}',.=-

add “.zysh” at the end

upper-case letters or numbers

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

Table 3 Input-Value Formats for Strings in CLI Commands (continued)

TAG # VALUES LEGAL VALUES

password: less than 15 chars

password: less than 8 chars

password Used in user and ip ddns

phone number 1-20 numbers or ,+ preshared key 16-64 “0x” or “0X” + 16-64 hexadecimal values

profile name 0-30 alphanumeric or _-

proto name 1-16 lower-case letters, numbers, or - protocol name 0-30 alphanumeric or _-

quoted string less than 127 chars

quoted string less than 63 chars

quoted string 0+ alphanumeric, spaces, or punctuation marks

service name 0-63 alphanumeric or -_@$./ spi 2-8 hexadecimal string less than 15

chars string: less than 63

chars string 1+ alphanumeric or -_@ subject 1-61 alphanumeric, spaces, or '()+,./:=?;!*#@$_%- system type 0-2 hexadecimal timezone [-+]hh -- -12 through +12 (with or without “+”) url 1-511 alphanumeric or '()+,/:.=?;!*#@$_%-

1-15 alphanumeric or `~!@#$%^&*()_\-+={}|\;:'<,>./

1-8 alphanumeric or ;/?:@&=+$\.-_!~*'()%,#$

1-63 alphanumeric or `~!@#$%^&*()_-+={}|\;:'<,>./ Used in e-mail log profile SMTP authentication 1-63 alphanumeric or `~!@#$%^&*()_-+={}|\;:'<>./ Used in device HA synchronization 1-63 alphanumeric or ~#%^*_-={}:,. Used in registration 6-20 alphanumeric or .@_-

alphanumeric or ;|`~!@#$%^&*()_+\{}':,./<>=-

first character: letters or _-

first character: letters or _1-255 alphanumeric, spaces, or ;/?:@&=+$\.-_!~*'()%,

1-63 alphanumeric, spaces, or ;/?:@&=+$\.-_!~*'()%

enclosed in double quotation marks (“)

must put a backslash (\) before double quotation

marks that are part of input value itself

1-15 alphanumeric or -_

1-63 alphanumeric or `~!@#$%^&*()_-+={}|\;:'<,>./

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

Table 3 Input-Value Formats for Strings in CLI Commands (continued)

TAG # VALUES LEGAL VALUES

url Used in content filtering redirect

“http://”+ “https://”+

Used in other content filtering commands “http://”+ alphanumeric or ;/?:@&=+$\.-_!~*'()%,

user name Used in VPN extended authentication

1-31 alphanumeric or _Used in other commands 0-30 alphanumeric or _-

username 6-20 alphanumeric or .@_-

user name 1+ alphanumeric or -_.

user@domainname 1-80 alphanumeric or .@_- vrrp group name: less

than 15 chars week-day sequence,

i.e. 1=first,2=second xauth method 1-31 alphanumeric or _- xauth password 1-31 alphanumeric or ;|`~!@#$%^&*()_+\{}':,./<>=- mac address 0-12 (even

1-15 alphanumeric or _-

11-4

number)

alphanumeric or ;/?:@&=+$\.-_!~*'()%,

starts with “http://” or “https://”

may contain one pound sign (#)

starts with “http://”

may contain one pound sign (#)

first character: letters or _-

registration

logging commands

hexadecimal

for example: aa aabbcc aabbccddeeff

1.8 Ethernet Interfaces

How you specify an Ethernet interface depends on the ZyWALL mo del.

• For the ZyWALL USG 300 and above, use gex, x = 1~N, where N equals the highest numbered Ethernet interface for your ZyWALL model.

• The ZyWALL USG 100 and 200 models use a name such as wan1, wan2, opt, lan1, extwlan, or dmz.

1.9 Saving Configuration Changes

Use the write command to save the current configuration to the ZyWALL.

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

" Always save the changes before you log out after each management session.

All unsaved changes will be lost after the system restarts.

1.10 Logging Out

Enter the exit or end command in configure mode to go to privilege mode. Enter the

exit command in user mode or privilege mode to log out of the CLI.

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

ZyWALL (ZLD) CLI Reference Guide

CHAPTER 2

User and Privilege Modes

This chapter describes how to use these two modes.

2.1 User And Privilege Modes

This is the mode you are in when you first log into the CLI. (Do not confuse ‘user mode’ with types of user accounts the ZyWALL uses. See Chapter 25 on page 237 for more information about the user types. ‘User’ type accounts can only run ‘exit’ in this mode. However, they may need to log into the device in order to be authenticated for ‘user-aware’ policies, for example a firewall rule that a particular user is exempt from or a VPN tunnel that only certain people may use.)

Type ‘enable’ to go to ‘privilege mode’. No password is required. All commands can be run from here except those marked with an asterisk. Many of these commands are for troubleshooting purposes, for example the htm (hardware test module) and debug commands. Customer support may ask you to run some of these commands and send the results if you need assistance troubleshooting your device.

For admin logins, all commands are visible in ‘user mode’ but not all can be run there. The following table displays which commands can be run in ‘user mode’. All commands can be run in ‘privilege mode’.

1 The htm and psm commands are for ZyXEL’s internal manufacturing process.

Table 4 User (U) and Privilege (P) Mode Commands

COMMAND MODE DESCRIPTION

apply P Applies a configuration file. atse U/P Displays the seed code clear U/P Clears system or debug logs or DHCP binding. configure U/P Use ‘configure terminal’ to enter configuration mode. copy P Copies configuration files. debug (*) U/P For support personnel only! The device needs to have the debug flag enabled. delete P Deletes configuration files. details P Performs diagnostic commands.

ZyWALL (ZLD) CLI Reference Guide

Chapter 2 User and Privilege Modes

Table 4 User (U) and Privilege (P) Mode Commands (continued)

COMMAND MODE DESCRIPTION

diag P Provided for support personnel to collect internal system information. It is not

recommended that you use these.

diag-info P Has the ZyWALL create a new diagnostic file. dir P Lists files in a directory. disable U/P Goes from privilege mode to user mode enable U/P Goes from user mode to privilege mode exit U/P Goes to a previous mode or logs out. htm U/P Goes to htm (hardware test module) mode for testing hardware components. You

may need to use the htm commands if your customer support Engineer asks you to during troubleshooting.

Note: These commands are for ZyXEL’s internal manufacturing

process.

interface U/P Dials or disconnects an interface. no packet-trace U/P Turns of packet tracing. nslookup U/P Resol ves an IP add ress to a host name and vice-versa. packet-trace U/P Performs a packet trace. ping U/P Pings an IP address or host name. psm U/P Goes to psm (product support module) mode for setting product parameters. You

may need to use the htm commands if your customer support Engineer asks you to during troubleshooting.

Note: These commands are for ZyXEL’s internal manufacturing

process.

reboot P Restarts the device. release P Releases DHCP information from an interface. rename P Renames a configuration file. renew P Renews DHCP information for an interface. run P Runs a script. setenv U/P Turns stop-on-error on (terminates booting if an error is found in a configuration

file) or off (ignores configuration file errors and continues booting).

show U/P Displays command statistics. See the associated command chapter in this guide. shutdown P Writes all d data to disk and stops the system processes. It does not turn off the

power.

telnet U/P Establishes a connection to the TCP port number 23 of the specified host name or

test aaa U/P Tests whether the specified user name can be successfully authenticated by an

traceroute P Traces the route to the specified host name or IP address. write P Saves the current configuration to the ZyWALL. All unsaved changes are lost after

IP address.

external authentication server.

the ZyWALL restarts.

ZyWALL (ZLD) CLI Reference Guide

Chapter 2 User and Privilege Modes

Subsequent chapters in this guide describe the configuration commands. User/privilege mode commands that are also configuration commands (for example, ‘show’) are described in more detail in the related configuration command chapter.

2.1.1 Debug Commands

Debug commands marked with an asterisk (*) are not available when the debug flag is on and are for ZyXEL service personnel use only. The debug commands follow a syntax that is Linux-based, so if there is a Linux equivalent, it is displayed in this chapter for your reference. You must know a command listed here well before you use it. Otherwise, it may cause undesired results.

Table 5 Debug Commands

COMMAND SYNTAX DESCRIPTION LINUX COMMAND EQUIVALENT

debug alg FTP/SIP ALG debug commands debug anti-spam Anti-Spam debug commands debug app Application patrol debug command debug app show l7protocol

(*) debug ca (*) Certificate debug commands debug content-filter Content Filtering debug commands debug device-ha (*) Device HA debug commands debug eps Endpoint security debug commands debug force-auth (*) Authentication policy debug commands debug gui (*) GUI cgi related debug commands debug gui (*) Web Configurator releated debug

debug hardware (*) Hardware debug commands debug idp IDP debug commands debug idp-av IDP and Anti-Virus debug commands debug interface Interface debug commands debug interface ifconfig

[interface] debug interface-group Port grouping debug commands debug ip dns DNS debug commands debug ip virtual-server Virtual Server (NAT) debug commands. debug ipsec IPSec VPN debug commands debug logging System logging debug commands debug manufacture Manufacturing related debug

debug myzyxel server (*) Myzyxel.com debug commands debug network arpignore (*) Enable/Display the ignoring of ARP

Shows app patrol protocol list > cat /etc/l7_protocols/

protocol.list

commands

Shows system interfaces detail > ifconfig [interface]

commands

cat /proc/sys/net/ipv4/

responses for interfaces which don't own the IP address

conf/*/arp_ignore

ZyWALL (ZLD) CLI Reference Guide

Chapter 2 User and Privilege Modes

Table 5 Debug Commands (continued)

COMMAND SYNTAX DESCRIPTION LINUX COMMAND EQUIVALENT

debug no myzyxel server (*) Set the myZyXEL.com registration/

update server to the official site

debug policy-route (*) Policy route debug command debug reset content-filter

profiling debug service-register Service registration debug command debug show content-filter

server debug show myzyxel server

status debug show ipset Lists the ZyWALL‘s received cards debug show myzyxel server

status debug sslvpn SSL VPN debug commands debug [cmdexec|corefile|ip

debug update server (*) Update server debug command

Content Filtering debug commands

Category-based content filtering debug command

Myzyxel.com debug commands

ZLD internal debug commands

ZyWALL (ZLD) CLI Reference Guide

+ 364 hidden pages