User manual ZYXEL ZYWALL USG CLI REFERENCE GUIDE

[. . . ] ZyWALL (ZLD) CLI Reference Guide Version 2. 11 6/2009 Edition 2 DEFAULT LOGIN User Name admin Password 1234 www. zyxel. com About This CLI Reference Guide About This CLI Reference Guide Intended Audience This manual is intended for people who want to configure ZLD-based ZyWALLs via Command Line Interface (CLI). You should have at least a basic knowledge of TCP/IP networking concepts and topology. Generally, it is organized by feature as outlined in the web configurator. This guide is intended as a command reference for a series of products. Therefore many commands or command options in this guide may not be available in your product. [. . . ] no snmp-server rule rule_number show snmp status Deletes a service control rule for SNMP service. Displays SNMP Settings. 34. 8. 4 SNMP Commands Examples The following command sets a service control rule that allowed the computers with the IP addresses matching the specified address object to access the specified zone using SNMP service. Router# configure terminal Router(config)# snmp-server rule 11 access-group Example zone WAN action accept The following command sets the password (secret) for read-write (rw) access. Router# configure terminal Router(config)# snmp-server community secret rw The following command sets the IP address of the host that receives the SNMP notifications to 172. 23. 15. 84 and the password (sent with each trap) to qwerty. Router# configure terminal Router(config)# snmp-server host 172. 23. 15. 84 qwerty 266 ZyWALL (ZLD) CLI Reference Guide Chapter 34 System Remote Management 34. 9 ICMP Filter The ip icmp-filter commands are obsolete. See Chapter 14 on page 111 to configure firewall rules for ICMP traffic going to the ZyWALL to discard or reject ICMP packets destined for the ZyWALL. 34. 10 Dial-in Management Connect an external serial modem to the DIAL BACKUP port (or AUX port depending on your model) to provide a remote management connection in case the ZyWALL's other WAN connections are down. This is like an auxiliary interface, except it is used for management connections coming into the ZyWALL instead of as a backup WAN connection. 34. 10. 1 AT Command Strings For regular telephone lines, the default Dial string tells the modem that the line uses tone dialing. If your switch requires pulse dialing, change the string to ATDP. 34. 10. 2 DTR Signal The majority of WAN devices default to hanging up the current call when the DTR (Data Terminal Ready) signal is dropped by the DTE. When the Drop DTR When Hang Up check box is selected, the ZyWALL uses this hardware signal to force the WAN device to hang up, in addition to issuing the drop command ATH. 34. 10. 3 Response Strings The response strings tell the ZyWALL the tags, or labels, immediately preceding the various call parameters sent from the serial modem. The response strings have not been standardized; please consult the documentation of your serial modem to find the correct tags. 34. 10. 4 Dial-in Management Commands The following table describes the commands available for dial-in management. You must use the configure terminal command to enter the configuration mode before you can use these commands. Table 159 Command Summary: Dial-in Management COMMAND dial-in [no] activate [no] answer-rings DESCRIPTION Enters sub-command mode. Sets how many times the ZyWALL lets the incoming dialin management session ring before processing it. The no command sets it to one. ZyWALL (ZLD) CLI Reference Guide 267 Chapter 34 System Remote Management Table 159 Command Summary: Dial-in Management COMMAND [no] description description DESCRIPTION Specifies the description for the dial-in management connection. description: You can use alphanumeric and ()+/ :=?!*#@$_%- characters, and it can be up to 60 characters long. The [no] initial-string initial_string no command removes the initial string. initial_string: You can use up to 64 characters. [no] mute Stops the external serial modem from making audible sounds during a dial-in management session. Displays dial-in management settings. [no] port-speed {9600 | 19200 | 38400 | 57600 | 115200} show dial-in 34. 10. 4. 1 Dial-in Management Command Examples The following commands show you how to set up dial-in management with the following parameters: active, port speed 57600, initial-string ATDT, and description "I am dial-in management". Router# configure terminal Router(config)# dial-in Router(config-dial-in)# activate Router(config-dial-in)# port-speed 57600 Router(config-dial-in)# initial-string ATDT Router(config-dial-in)# description I am dial-in management Router(config-dial-in)# exit 34. 11 Vantage CNM Vantage CNM (Centralized Network Management) is a browser-based global management solution that allows an administrator from any location to easily configure, manage, monitor and troubleshoot ZyXEL devices located worldwide. If you allow your ZyWALL to be managed by the Vantage CNM server, then you should not do any configurations directly to the ZyWALL (using either the web configurator or commands) without notifying the Vantage CNM administrator. 268 ZyWALL (ZLD) CLI Reference Guide Chapter 34 System Remote Management 34. 11. 1 Vantage CNM Commands The following table describes the commands available for dial-in management. You must use the configure terminal command to enter the configuration mode before you can use these commands. Table 160 Command Summary: Vantage CNM COMMAND [no] cnm-agent manager url DESCRIPTION Sets up the URL of the Vantage server that the ZyWALL registers with. Displays the Vantage CNM configuration. [no] cnm-agent activate cnm-agent keepalive interval <10. . 90> [no] cnm-agent periodicinform activate cnm-agent periodic-inform interval <10. . 86400> cnm-agent trigger-inform [interval] [no] cnm-agent auth activate show cnm-agent configuration 34. 11. 1. 1 Vantage CNM Command Examples The following example turns on Vantage CNM management and sets the ZyWALL to register with a server at https://1. 2. 3. 4/vantage/TR069. Router# configure terminal Router(config)# cnm-agent activate Router(config)# cnm-agent manager https://1. 2. 3. 4/vantage/TR069 Router(config)# show cnm-agent configuration Activate: YES ACS URL: https://1. 2. 3. 4/vantage/TR069 Keepalive: ENABLE Keepalive Interval: 60 Periodic Inform: DISABLE Periodic Inform Interval: 3600 Custom IP: NO HTTPS Authentication: NO Vantage Certificate: zw1050. cer456 ZyWALL (ZLD) CLI Reference Guide 269 Chapter 34 System Remote Management 34. 12 Language Commands Use the language commands to display what language the web configurator is using or change it. You must use the configure terminal command to enter the configuration mode before you can use these commands. Table 161 Command Summary: Language COMMAND language <English | Simplified_Chinese | Traditional_Chinese> show language {setting | all} DESCRIPTION Specifies the language used in the web configurator screens. setting displays the current display language in the web configurator screens. all displays the available languages. 270 ZyWALL (ZLD) CLI Reference Guide PART X Maintenance File Manager (273) Logs (291) Reports and Reboot (297) Diagnostics (305) Maintenance Tools (307) 271 272 CHAPTER 35 File Manager This chapter covers how to work with the ZyWALL's firmware, certificates, configuration files, custom IDP signatures, packet trace results, shell scripts and temporary files. 35. 1 File Directories The ZyWALL stores files in the following directories. Table 162 FTP File Transfer Notes DIRECTORY FILE TYPE A FILE NAME EXTENSION bin cer conf rules Firmware (upload only) Non-PKCS#12 certificates Configuration files IDP custom signatures Packet trace results (download only) Shell scripts Temporary system maintenance files and crash dumps for technical support use (download only) cert conf idp packet_trace script tmp . zysh A. After you log in through FTP, you do not need to change directories in order to upload the firmware. 35. 2 Configuration Files and Shell Scripts Overview You can store multiple configuration files and shell script files on the ZyWALL. When you apply a configuration file, the ZyWALL uses the factory default settings for any features that the configuration file does not include. [. . . ] 166 udp-filtered-distributed-portscan | udp-filtered-portsweep} details . . . . . . . . . . . . . 167 unlock lockout-users ip | console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 upstream <0. . 1048576> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 use-defined-mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [. . . ]