Zyxel ZYWALL USG 300, ZYWALL USG 1000 REFERENCE GUIDE

ZyWALL (ZLD)

CLI Reference Guide

Version 2.00 7/2007 Edition 1

DEFAULT LOGIN

LAN Port 1 IP Address http://192.168.1.1 User Name admin Password 1234

www.zyxel.com

About This User's Guide

This manual is designed to guide you through the configuration of your ZLD-based ZyWALL for its various applications using the CLI (Command Line Interface). Generally, it is organized by feature as outlined in the web configurator.

" See the web configurator User’s Guide for related information on all features.

Intended Audience

This manual is intended for network administrators, or people who have a good knowledge of TCP/IP networking concepts and topology , who want to want to configure the ZyWALL using the CLI.

1 Read Chapter 1 on page 13 for how to access and use the CLI (Command Line

Interface).

2 Read Chapter 2 on page 29 to learn about the CLI user and privilege modes. 3 Subsequent chapters are arranged by menu item as defined in the web configurator . Read

each chapter carefully for detailed information on that menu item.

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this User’s Guide.

1 Warnings tell you about things that could harm you or your device.

" Notes tell you other important information (for example, other things you may

need to configure or helpful tips) or recommendations.

Syntax Conventions

• The ZLD-based ZyWALL may be referred to as the “ZyWALL”, the “device”, the “system” or the “product” in this User’s Guide.

• Product labels, screen names, field labels and field choices are all in bold font.

• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “enter” or “return” key on your keyboard.

• “Enter” means for you to type one or more characters and then press the [ENTER] key. “Select” or “choose” means for you to use one of the predefined choices.

• A right angle bracket ( > ) within a screen name denotes a mouse click. For example, Maintenance > Log > Log Setting means you first click Maintenance in the navigation panel, then the Log sub menu and finally the Log Setting tab to get to that screen.

• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.

• “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”.

ZyWALL (ZLD) CLI Reference Guide

Document Conventions

Icons Used in Figures

Figures in this User’s Guide may use the following generic icons. The ZyWALL icon is not an exact representation of your device.

ZyWALL Computer Notebook computer

Server Firewall Telephone

Switch Router

ZyWALL (ZLD) CLI Reference Guide

Safety Warnings

1 For your safety, be sure to read and follow all warning notices and instructions.

• Do NOT use this product near water, for example, in a wet basement or near a swimming pool.

• Do NOT expose your device to dampness, dust or corrosive liquids.

• Do NOT store things on the device.

• Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.

• Connect ONLY suitable acce ssories to the device.

• Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel should service or disassemble this device. Please contact your vendor for further information.

• Make sure to connect the cables to the correct ports.

• Place connecting cables carefully so that no one will step on them or stumble over them.

• Always disconnect all cables from this device before servicing or disassembling.

• Use ONLY an appropriate power adaptor or cord for your device. Connect it to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe).

• Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord.

• Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution.

• If the power adaptor or cord is damaged, remove it from the device and the power source.

• Do NOT attempt to repair the power adaptor or cord. Contact your local vendor to order a new one.

• Do not use the device outside, and make sure all the connections are indoors. There is a remote risk of electric shock from lightning.

• CAUTION: RISK OF EXPLOSION IF BATTERY (on the motherboard) IS REPLACED BY AN INCORRECT TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. Dispose them at the applicable collection point for the recycling of electrical and electronic equipment. For detailed information about recycling of this product, please contact your local city offi ce, your household waste disposal service or the store where you purchased the product.

• Do NOT obstruct the device ventilation slots, as insufficient airflow may harm your device.

This product is recyclable. Dispose of it properly.

ZyWALL (ZLD) CLI Reference Guide

Safety Warnings

ZyWALL (ZLD) CLI Reference Guide

Contents Overview

Introduction ............................................................................................................................11

Command Line Interface ........................................................................................................... 13

User and Privilege Modes ......................................................................................................... 29

Status ........................................................................................................................................ 33

Registration ............................................................................................................................... 37

Network ...................................................................................................................................45

Interfaces ..................................... ....................................................... ....................................... 47

Trunks .................................................... .......................................... .......................................... 65

Route ......................................................................................................................................... 69

Routing Protocol ........................................................................................................................ 75

Zones .................................. ................... ................... .................... ................... .......................... 79

DDNS ........................................................................................................................................ 83

Virtual Servers ........................................................................................................................... 85

HTTP Redirect ........................................................................................................................... 87

ALG ........................................................................................................................................... 89

Firewall and VPN ....................................................................................................................91

Firewall ...................................................................................................................................... 93

IPSec VPN ................... ... ....................................... ... .... ... ... ... .... ... ... .......................................... 99

SSL VPN .................................................................................................................................107

L2TP VPN .................................................................................................................................111

Application Patrol & Anti-X .................................................................................................119

Application Patrol ..................................................................................................................... 121

Anti-Virus .................................................................................................................................129

IDP Commands ....................................................................................................................... 137

Content Filtering ....................... ... .... ... ... ... ... .... ... .......................................... ... ........................ 155

Device HA & Objects ...........................................................................................................165

Device HA ................................................................................................................................ 167

User/Group .............................................................................................................................. 171

Addresses .............................. ................... .................... ................... ................... ..................... 177

Services ................................. ....................................................... ........................................... 181

Schedules ................................. ................................................. .............................................. 185

AAA Server .............................................................................................................................. 187

Authentication Objects ................. .... ... ... ... ... .......................................... .... ... ... ... ..................... 193

ZyWALL (ZLD) CLI Reference Guide

Contents Overview

Certificates ................................... ....................... ....................... ...................... ........................ 195

ISP Accounts ............................................................ .......................................... .... ................. 201

SSL Application ....................................................................................................................... 203

System ..................................................................................................................................205

System ................................... ...................... ....................... ....................... .............................. 207

System Remote Management ..................................................................................................211

Maintenance and Index .......................................................................................................225

File Manager ............................................................................................................................ 227

Logs ....................................... .................................................... .............................................. 245

Reports and Reboot ................................................................................................................ 251

Session Timeout .......................... .......................................... .... ..............................................253

Diagnostics ............................................................................................................................. 255

Maintenance Tools ................................................................................................................... 257

Watchdog Timer .......................................................................................................................261

ZyWALL (ZLD) CLI Reference Guide

PART I

Introduction

Command Line Interface (13) User and Privilege Modes (29) Registration (37)

CHAPTER 1

Command Line Interface

This chapter describes how to access and use the CLI (Command Line Interface).

1.1 Overview

If you have problems with your ZyWALL, customer support may request that you issue some of these commands to assist them in troubleshooting.

1 Use of undocumented commands or misconfiguration can damage the

ZyWALL and possibly render it unusable.

1.1.1 The Configuration File

When you configure the ZyWALL using either the CLI (Command Line Interface) or the web configurator, the settings are saved as a series of commands in a configuration file on the ZyWALL. You can store more than one configuration file on the ZyWALL. However, only one configuration file is used at a time.

You can perform the following with a configuration file:

• Back up ZyWALL configur ation once the ZyWALL is set up to work in y ou r network.

• Restore ZyWALL configuration.

• Save and edit a configuration file and upload it to multiple ZyWALLs (of the same model) in your network to have the same settings.

" You may also edit a configuration file using a text editor.

1.2 Accessing the CLI

You can access the CLI using a terminal emulation program on a computer connected to the console port, from the web configurator or access the ZyWALL using Telnet or SSH (Secure SHell).

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

" The ZyWALL might force you to log out of your session if reauthentication

time, lease time, or idle timeout is reached. See Chapter 23 on page 171 for more information about these settings.

1.2.1 Console Port

The default settings for the console port are as follows.

Table 1 Managing the ZyWALL: Console Port

SETTING VALUE

Speed 115200 bps Data Bits 8 Parity None Stop Bit 1 Flow Control Off

When you turn on your ZyWALL, it performs several internal tests as well as line initialization. You can view the initialization information using the console port.

• Garbled text displays if your terminal emulation program’s speed is set lower than the ZyWALL’s.

• No text displays if the speed is set higher than the ZyWALL’s.

• If changing your terminal emulation program’s speed does not get anything to display, restart the ZyWALL.

• If restarting the ZyWALL does not get anything to display, contact your local customer support.

Figure 1 Console Port Power-on Display

Main Processor : Intel Pentium(R) 4 2.80GHz(133x21.0) Memory Testing : 346432K OK

Press DEL to enter SETUP60, ESC to skip memory test

After the initialization, the login screen displays.

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

Figure 2 Login Screen

Welcome to ZyWALL 1050

Username:

Enter the user name and password at the prompts.

" The default login username is admin and password is 1234. The username

and password are case-sensitive.

1.2.2 Web Configurator Console

" Before you can access the CLI through the web configurator, make sure your

computer supports the Java Runtime Environment. You will be prompted to download and install the Java plug-in if it is not already installed.

When you access the CLI using the web console, your computer establishes a SSH (Secure SHell) connection to the ZyWALL. Follow the steps below to access the web console.

1 Log into the web configurator. 2 Click the Console icon in the top-right corner of the web configurator screen. 3 If the Java plug-in is already installed, skip to step 4.

Otherwise, you will be prompted to install the Java plug-in. If the prompt does not display and the screen remains gray, you have to download the setup program.

4 The web console starts. This might take a few seconds. One or more security screens

may display. Click Yes or Always.

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

Figure 3 Web Console: Security Warnings

Finally , the User Name screen appears.

Figure 4 Web Console: User Name

5 Enter the user name you want to use to log in to the console. The console begins to

connect to the ZyWALL.

" The default login username is admin. It is case-sensitive.

ZyWALL (ZLD) CLI Reference Guide

Figure 5 Web Console: Connecting

Then, the Password screen appears.

Figure 6 Web Console: Password

Chapter 1 Command Line Interface

6 Enter the password for the user name you specified earlier, and click OK. If you enter

the password incorrectly, you get an error message, and you may have to close the console window and open it again. If you enter the password correctly, the console screen appears.

Figure 7 Web Console

7 T o use most commands in this User’s Guide, enter configure terminal. The prompt

should change to

Router(config)#.

1.2.3 Telnet

Use the following steps to Telnet into your ZyWALL.

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

1 If your computer is connected to the ZyWALL over the Internet, skip to the next step.

Make sure your computer IP address and the ZyWALL IP address are on the same subnet.

2 In Windows, click Start (usually in the bottom left corner) and Run. Then type

and the ZyWALL’s IP address. For example, enter telnet 192.168.1.1 (the default management IP address).

3 Click OK. A login screen displays. Enter the user name and password at the prompts.

telnet

" The default login username is admin and password is 1234. The username

and password are case-sensitive.

1.2.4 SSH (Secure SHell)

You can use an SSH client program to access the CLI. The following figure shows an example using a text-based SSH client program. Refer to the documentation that comes with your SSH program for information on using it.

" The default login username is admin and password is 1234. The username

and password are case-sensitive.

Figure 8 SSH Login Example

C:\>ssh2 admin@192.168.1.1 Host key not found from database. Key fingerprint: xolor-takel-fipef-zevit-visom-gydog-vetan-bisol-lysob-cuvun-muxex You can get a public key's fingerprint by running % ssh-keygen -F publickey.pub on the keyfile. Are you sure you want to continue connecting (yes/no)? yes

Host key saved to C:/Documents and Settings/user/Application Data/SSH/ hostkeys/ ey_22_192.168.1.1.pub host key for 192.168.1.1, accepted by user Tue Aug 09 2005 07:38:28 admin's password: Authentication successful.

1.3 How to Find Commands in this Guide

You can simply look for the feature chapter to find commands. In addition, you can use one of the following to look up specific commands.

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

• Commands in Order of Appearance right after this chapter. This section lists the commands in the order that they appear in this guide.

• List of Commands (Alphabetical) at the end of the guide. This section lists the commands in alphabetical order that they appear in this guide.

If you are looking at the CLI Reference Guide electronically, you might have additional options (for example, bookmarks or Find...) as well.

1.4 How Commands Are Explained

Each chapter explains the commands for one keyword. The chapters ar e divided into the following sections.

1.4.1 Background Information (Optional)

" See the User’s Guide for background information about most features.

This section provides background information about features that you cannot configure in the web configurator. In addition, this section identifies related commands in other chapters.

1.4.2 Command Input Values (Optional)

This section lists common input values for the commands for the feature in one or more tables

1.4.3 Command Summary

This section lists the commands for the feature in one or more tables.

1.4.4 Command Examples (Optional)

This section contains any examples for the commands in this feature.

1.4.5 Command Syntax

The following conventions are used in this User’s Guide.

• A command or keyword in courier new must be entered literally as shown. Do not abbreviate.

• Values that you need to provide are in italics.

• Required fields that have multiple choices are enclosed in curly brackets

• A range of numbers is enclosed in angle brackets

• Optional fields are enclosed in square brackets

•The

| symbol means OR.

{}.

<>.

[].

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

For example, look at the following command to create a TCP/UDP service object.

service-object object-name {tcp | udp} {eq <1..65535> | range <1..65535> <1..65535>}

1 Enter service-object exactly as it appears. 2 Enter the name of the object where you see object-name. 3 Enter

tcp or udp, depending on the service object you want to create.

4 Finally , do one of the following.

•Enter

eq exactly as it appears, followed by a number between 1 and 65535. range exactly as it appears, followed by two numbers between 1 and 65535.

1.4.6 Changing the Password

It is highly recommended that you change the password for accessing the ZyWALL. See

Section 23.2 on page 172 for the appropriate commands.

1.5 CLI Modes

You run C LI commands in one of several modes.

Table 2 CLI Modes

USER PRIVILEGE CONFIGURATION SUB-COMMAND

What Guest users can do

What User users can do

What Limited- Admin users can do

What Admin users can do

How you enter it Log in to the ZyWALL Type enable in User

What the prompt looks like

How you exit it Type exit Type disable Type exit Type exit

Unable to access Unable to access Unable to access Unable to access

• Look at (but not run) available commands

• Look at system information (like Status screen)

• Run basic diagnostics

• Look at system information (like Status screen)

• Run basic diagnostics

Router> Router# Router(config)# (varies by part)

Unable to access Unable to access Unable to access

• Look at system information (like Status screen)

• Run basic diagnostics

• Look at system information (like Status screen)

• Run basic diagnostics

mode

Unable to access Unable to access

• Configure simple features (such as an address object)

• Create or remove complex parts (such as an interface)

Type configure

terminal in User or Privilege mode

• Configure complex parts (such as an interface) in the ZyWALL

Type the command used to create the specific part in Configuration mode

Router(zone)# Router(configif-ge)# ...

ZyWALL (ZLD) CLI Reference Guide

See Chapter 23 on page 171 for more information about the user types. User users can only log in, look at (but not run) the available commands in User mode, and log out. Limited- Admin users can look at the configuration in the web configurator and CLI, and they can run basic diagnostics in the CLI. Admin users can configure the ZyWALL in the web configurator or CLI.

At the time of writing, there is not much difference between User and Privilege mode for admin users. This is reserved for future use.

1.6 Shortcuts and Help

1.6.1 List of Available Commands

A list of valid commands can be found by typing ? or [TAB] at the command prompt. To view a list of available commands within a command group, enter

[TAB].

Figure 9 Help: Available Commands Example 1

Chapter 1 Command Line Interface

Router> ? apply clear configure copy delete

------------------[Snip]-------------------run setenv show traceroute write Router>

Figure 10 Help: Available Command Example 2

Router> show ? aaa account address-object alg

------------------[Snip]-------------------username users version vrrp zone Router> show

1.6.2 List of Sub-commands or Required User Input

To view detailed help information for a command, enter <command> <sub command> ?.

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

Figure 11 Help: Sub-command Information Example

Router(config)# ip telnet server ? ; <cr> access-group port | Router(config)# ip telnet server

Figure 12 Help: Required User Input Example

Router(config)# ip telnet server port ? <1..65535> Router(config)# ip telnet server port

1.6.3 Entering Partial Commands

The CLI does not accept partial or incomplete commands. You may enter a unique part of a command and press

[TAB] to have the ZyWALL automatically display the full command.

For example, if you enter

config and press [TAB] , the full command of configure

automatically displays. If you enter a partial command that is not unique and press

of commands that start with the partial command.

Figure 13 Non-Unique Partial Command Example

Router# c [TAB] clear configure copy Router# co configure copy

[TAB]

1.6.4 Entering a ? in a Command

Typing a ? (question mark) usua lly displays help information. However, some commands allow you to input a ?, for example as part of a string. Press [CTRL+V] on your keyboard to enter a ? without the ZyWALL treating it as a help query.

1.6.5 Command History

The ZyWALL keeps a list of commands you have entered for the current CLI session. Y ou can use any commands in the history again by pressing the up (y) or down (z) arrow key to scroll through the previously used commands and press

[TAB], the ZyWALL displays a list

[ENTER].

1.6.6 Navigation

Press [CTRL]+A to move the cursor to the beginning of the line. Press [CTRL]+E to move the cursor to the end of the line.

ZyWALL (ZLD) CLI Reference Guide

1.6.7 Erase Current Command

Press [CTRL]+U to erase whatever you have currently typed at the prompt (before pressing

[ENTER]).

1.7 Input Values

You can use the ? or [TAB] to get more information about the next input value that is required for a command. In some cases, the next input value is a string whose length and allowable characters may not be displayed in the screen. For example, in the following example, the next input value is a string called

Router# configure terminal Router(config)# interface ge1 Router(config-if-ge)# description <description>

<description>.

Chapter 1 Command Line Interface

The following table provides more information about input values like

<description>.

Table 3 Input-Value Formats for Strings in CLI Commands

TAG # VALUES LEGAL VALUES

* 1* all -- ALL authentication key Used in IPSec SA

32-40 16-20

Used in MD5 authentication keys for RIP/OSPF and text authentication key for RIP

0-16 alphanumeric or _Used in text authentication keys for OSPF 0-8 alphanumeric or _-

certificate name 1-31 alphanumeric or ;`~!@#$%^&()_+[\]{}',.=- community string 0-63 alphanumeric or .-

connection_id 1+ alphanumeric or -_: contact 1-61 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-. country code 0 or 2 alphanumeric custom signature file

name description Used in keyword criteria for log entries

distinguished name 1-511 alphanumeric, spaces, or .@=,_-

0-30 alphanumeric or _-.

1-64 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-. Used in other commands 1-61 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-

“0x” or “0X” + 32-40 hexadecimal values alphanumeric or ;|`~!@#$%^&*()_+\\{}':,./<>=-

first character: alphanumeric or -

first character: letter

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

Table 3 Input-Value Formats for Strings in CLI Commands (continued)

TAG # VALUES LEGAL VALUES

domain name Used in content filtering

0+ lower-case letters, numbers, or .Used in ip dns server 0-247 alphanumeric or .-

first character: alphanumeric or Used in domainname, ip dhcp pool, and ip domain 0-254 alphanumeric or ._-

first character: alphanumeric or -

email 1-63 alphanumeric or .@_- e-mail 1-64 alphanumeric or .@_- encryption key 16-64

8-32

file name 0-31 alphanumeric or _- filter extension 1-256 alphanumeric, spaces, or '()+,/:=?;!*#@$_%.- fqdn Used in ip dns server

0-252 alphanumeric or .-

Used in ip ddns, time server, device HA, VPN, certificates, and interface ping check

0-254 alphanumeric or .-

full file name 0-256 alphanumeric or _/.- hostname Used in hostname command

0-63 alphanumeric or .-_

Used in other commands 0-252 alphanumeric or .-

import configuration file

import shell script 1-

initial string 1-64 alphanumeric, spaces, or '()+,/:=!*#@$_%-.& isp account password 0-63 alphanumeric or `~!@#$%^&*()_\-+={}|\;:'<,>./ isp account username 0-30 alphanumeric or -_@$./ key length -- 512, 768, 1024, 1536, 2048 license key 25 “S-” + 6 upper-case letters or numbers + “-” + 16

mac address -- aa:bb:cc:dd:ee:ff (hexadecimal) mail server fqdn lower-case letters, numbers, or -. name 1-31 alphanumeric or _- notification message 1-81 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-

126+”.conf”

26+”.zysh”

“0x” or “0X” + 16-64 hexadecimal values

alphanumeric or ;\|`~!@#$%^&*()_+\\{}':,./<>=-

first character: alphanumeric or -

alphanumeric or ;`~!@#$%^&()_+[]{}',.=-

add “.conf” at the end

alphanumeric or ;`~!@#$%^&()_+[]{}',.=-

add “.zysh” at the end

upper-case letters or numbers

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

Table 3 Input-Value Formats for Strings in CLI Commands (continued)

TAG # VALUES LEGAL VALUES

password: less than 15 chars

password: less than 8 chars

password Used in user and ip ddns

phone number 1-20 numbers or ,+ preshared key 16-64 “0x” or “0X” + 16-64 hexadecimal values

profile name 0-30 alphanumeric or _-

proto name 1-16 lower-case letters, numbers, or - protocol name 0-30 alphanumeric or _-

quoted string less than 127 chars

quoted string less than 63 chars

quoted string 0+ alphanumeric, spaces, or punctuation marks

service name 0-63 alphanumeric or -_@$./ spi 2-8 hexadecimal string less than 15

chars string: less than 63

chars string 1+ alphanumeric or -_@ subject 1-61 alphanumeric, spaces, or '()+,./:=?;!*#@$_%- system type 0-2 hexadecimal timezone [-+]hh -- -12 through +12 (with or without “+”) url 1-511 alphanumeric or '()+,/:.=?;!*#@$_%-

1-15 alphanumeric or `~!@#$%^&*()_\-+={}|\;:'<,>./

1-8 alphanumeric or ;/?:@&=+$\.-_!~*'()%,#$

1-63 alphanumeric or `~!@#$%^&*()_-+={}|\;:'<,>./ Used in e-mail log profile SMTP authentication 1-63 alphanumeric or `~!@#$%^&*()_-+={}|\;:'<>./ Used in device HA synchronization 1-63 alphanumeric or ~#%^*_-={}:,. Used in registration 6-20 alphanumeric or .@_-

alphanumeric or ;|`~!@#$%^&*()_+\{}':,./<>=-

first character: letters or _-

first character: letters or _1-255 alphanumeric, spaces, or ;/?:@&=+$\.-_!~*'()%,

1-63 alphanumeric, spaces, or ;/?:@&=+$\.-_!~*'()%

enclosed in double quotation marks (“)

must put a backslash (\) before double quotation

marks that are part of input value itself

1-15 alphanumeric or -_

1-63 alphanumeric or `~!@#$%^&*()_-+={}|\;:'<,>./

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

Table 3 Input-Value Formats for Strings in CLI Commands (continued)

TAG # VALUES LEGAL VALUES

url Used in content filtering redirect

“http://”+ “https://”+

Used in other content filtering commands “http://”+ alphanumeric or ;/?:@&=+$\.-_!~*'()%,

user name Used in VPN extended authentication

1-31 alphanumeric or _Used in other commands 0-30 alphanumeric or _-

username 6-20 alphanumeric or .@_-

user name 1+ alphanumeric or -_.

user@domainname 1-80 alphanumeric or .@_- vrrp group name: less

than 15 chars week-day sequence,

i.e. 1=first,2=second xauth method 1-31 alphanumeric or _- xauth password 1-31 alphanumeric or ;|`~!@#$%^&*()_+\{}':,./<>=- mac address 0-12 (even

1-15 alphanumeric or _-

11-4

number)

alphanumeric or ;/?:@&=+$\.-_!~*'()%,

starts with “http://” or “https://”

may contain one pound sign (#)

starts with “http://”

may contain one pound sign (#)

first character: letters or _-

registration

logging commands

hexadecimal

for example: aa aabbcc aabbccddeeff

1.8 Ethernet Interfaces

When you need to specify an Ethernet interface, remember that the number of interfaces available depends on the ZyWALL model. For example, the ZyWALL 1050 has 5 Ethernet interfaces and the ZyWALL USG 300 has 7.

1.9 Saving Configuration Changes

Use the write command to save the current configuration to the ZyWALL.

" Always save the changes before you log out after each management session.

All unsaved changes will be lost after the system restarts.

ZyWALL (ZLD) CLI Reference Guide

1.10 Logging Out

Enter the exit or end command in configure mode to go to privilege mode..

Chapter 1 Command Line Interface

Enter the

exit command in user mode or privilege mode to log out of the CLI.

ZyWALL (ZLD) CLI Reference Guide

Chapter 1 Command Line Interface

ZyWALL (ZLD) CLI Reference Guide

CHAPTER 2

User and Privilege Modes

This chapter describes how to use these two modes.

2.1 User And Privilege Modes

This is the mode you are in when you first log into the CLI. (Do not confuse ‘user mode’ with types of user accounts the ZyWALL uses. See Chapter 23 on page 171 for more information about the user types. ‘User’ type accounts can only run ‘exit’ in this mode. However, they may need to log into the device in order to be authenticated for ‘user-aware’ policies, for example a firewall rule that a particular user is exempt from or a VPN tunnel that only certain people may use.)

Type ‘enable’ to go to ‘privilege mode’. No password is required. All commands can be run from here except those marked with an asterisk. Many of these commands are for troubleshooting purposes, for example the htm (hardware test module) and debug commands. Customer support may ask you to run some of these commands and send the results if you need assistance troubleshooting your device.

For admin logins, all commands are visible in ‘user mode’ but not all can be run there. The following table displays which commands can be run in ‘user mode’. All commands can be run in ‘privilege mode’.

1 The htm and psm commands are for ZyXEL’s internal manufacturing process.

Table 4 User (U) and Privilege (P) Mode Commands

COMMAND MODE DESCRIPTION

apply P Applies a configuration file. atse U/P Displays the seed code clear U/P Clears system or debug logs or DHCP binding. configure U/P Use ‘configure terminal’ to enter configuration mode. copy P Copies configuration files. debug (*) U/P For support personnel only! The device needs to have the debug flag enabled. delete P Deletes configuration files. details P Performs diagnostic commands.

ZyWALL (ZLD) CLI Reference Guide

Chapter 2 User and Privilege Modes

Table 4 User (U) and Privilege (P) Mode Commands (continued)

COMMAND MODE DESCRIPTION

diag P Provided for support personnel to collect internal system information. It is not

recommended that you use these.

diag-info P Has the ZyWALL create a new diagnostic file. dir P Lists files in a directory. disable U/P Goes from privilege mode to user mode enable U/P Goes from user mode to privilege mode exit U/P Goes to a previous mode or logs out. htm U/P Goes to htm (hardware test module) mode.

Note: These commands are for ZyXEL’s internal manufacturing

process.

interface U/P Dials or disconnects an interface. no packet-trace U/P Turns of packet tracing. nslookup U/P Resol ves an IP add ress to a host name and vice-versa. packet-trace U/P Performs a packet trace. ping U/P Pings an IP address or host name. psm U/P Goes to psm (product support module) mode.

Note: These commands are for ZyXEL’s internal manufacturing

process.

reboot P Restarts the device. release P Releases DHCP information from an interface. rename P Renames a configuration file. renew P Renews DHCP information for an interface. run P Runs a script. setenv U/P Turns stop-on-error on (terminates booting if an error is found in a configuration

show U/P Displays command statistics. See the associated command chapter in this guide. shutdown P Writes all cached data to disk and stops the system processes. It does not turn off

traceroute P Traces the route to the specified host name or IP address. write P Saves the current configuration to the ZyWALL. All unsaved changes are lost after

file) or off (ignores configuration file errors and continues booting).

the power.

the ZyWALL restarts.

Subsequent chapters in this guide describe the configuration commands. User/privilege mode commands that are also configuration commands (for example, ‘show’) are described in more detail in the related configuration command chapter.

ZyWALL (ZLD) CLI Reference Guide

+ 254 hidden pages