ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N C L I Reference M a nua l 350 East Plumeria Drive San Jose, CA 95134 USA April 2012 202-10827-01 v1.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N © 2012 NETGEAR, Inc. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of NETGEAR, Inc. NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries.
Contents Chapter 1 Introduction Command Syntax and Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Command Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Description of a Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Common Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 The Four Categories of Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 Add Firewall Rule and Edit Firewall Rule Commands . . . . . . . . . . . . 77 IPv4 General Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 IPv6 Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Attack Check Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Session Limit, Time-Out, and Advanced Commands. . . . . . . . . . . . . . . .
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Chapter 9 Show Commands Network Settings (Net Mode) Show Commands . . . . . . . . . . . . . . . . . . . 245 WAN (IPv4 and IPv6) Show Commands . . . . . . . . . . . . . . . . . . . . . . . 245 IPv6 Mode and IPv6 Tunnel Show Commands . . . . . . . . . . . . . . . . . . 248 LAN DHCP Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 Dynamic DNS Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Diagnostic Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1. Introduction 1 This document describes the command-line interface (CLI) for the NETGEAR ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N. This chapter introduces the CLI interface.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command Syntax and Conventions A command is one or more words that can be followed by one or more keywords and parameters. Keywords and parameters can be required or optional: • A keyword is a predefined string (word) that narrows down the scope of a command. A keyword can be followed by an associated parameter or by associated keywords. In many cases, these associated keywords are mutually exclusive, so you need to select one of them.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 1. Command conventions (continued) Symbol Example Description { } curly braces {choice1 | choice2} Indicate that you need to select a keyword from the list of choices. (choice1 and choice1 are keywords.) | vertical bars choice1 | choice2 Separate the mutually exclusive choices. (choice1 and choice1 are keywords.) [ { } ] braces within square brackets [{choice1 | choice2}] Indicate a choice within an optional element.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Common Parameters Parameter values might be names (strings) or numbers. To use spaces as part of a name parameter, enclose the name value in double quotes. For example, the expression “System Name with Spaces” forces the system to accept the spaces. Empty strings (“”) are not valid user-defined strings. The following table describes common parameter values and value formatting: Table 2.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Five Main Modes for Configuration Commands For the configuration commands, there are five main modes in the CLI: net, security, system, dot11, and vpn. Chapter 2, Overview of the Configuration Commands lists all commands in these modes, and each of these modes is described in detail in a separate chapter (see Chapter 3 through Chapter 7).
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 3.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 3.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N These are examples of commands for which you need to save your changes: • net lan ipv4 configure lets you enter the net-config [lan-ipv4] configuration mode. After you made your changes, issue save or exit to save your changes. • security content_filter trusted_domain add lets you enter the security-config [approved-urls] configuration mode. After you made your changes, issue save or exit to save your changes.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N The Three Basic Types of Commands You can encounter the following three basic types of commands in the CLI: • Entry commands to enter a configuration mode. Commands that let you enter a configuration mode from which you can configure various keywords and associated parameters and keywords. For example, the net wan wan1 ipv4 configure command lets you enter the net-config [wan1-ipv4] mode, from which you can configure the IPv4 WAN settings.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command Autocompletion and Command Abbreviation Command autocompletion finishes spelling the command when you type enough letters of a command to uniquely identify the command keyword. You need to type all of the required keywords and parameters before you can use autocompletion. The following keys both perform autocompletion for the current command. If the command prefix is not unique, a subsequent repeat of the key displays possible completions.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 6. CLI editing conventions (continued) Key or Key Sequence Description Right arrow Go forward one character. Deleting Ctrl-C Delete the entire line. Ctrl-D Delete the next character. Ctrl-K Delete all characters to the end of the line from where the cursor is located. Backspace Delete the previous character. Invoking escape sequences !! Substitute the previous line.
2. Overview of the Configuration Commands 2 This chapter provides an overview of all configuration commands in the five configuration command modes. The keywords and associated parameters that are available for these commands are explained in the following chapters.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 7. Net mode configuration commands (continued) Submode ipv6_tunnel lan Command Name Purpose net ipv6_tunnel isatap add Configure a new IPv6 ISATAP tunnel. net ipv6_tunnel isatap delete Delete an IPv6 ISATAP tunnel. net ipv6_tunnel isatap edit Configure an existing IPv6 ISATAP tunnel. net ipv6_tunnel six_to_four configure Enable or disable automatic (6to4) tunneling.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 7. Net mode configuration commands (continued) Submode radvd routing wan Command Name Purpose net radvd configure dmz Configure the IPv6 RADVD for the DMZ. net radvd configure lan Configure the IPv6 RADVD for the LAN. net radvd pool dmz add Configure a new IPv6 RADVD pool for the DMZ. net radvd pool dmz delete Delete an IPv6 RADVD pool from the DMZ.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Security Settings (Security Mode) Configuration Commands Enter the security ? command at the CLI prompt to display the description of all the configuration commands in the security mode. The following table lists the commands in alphabetical order: Table 8. Security mode configuration commands Submode address_filter bandwidth content_filter Command Name Purpose security address_filter ip_or_mac_binding add Configure a new IP/MAC binding rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 8. Security mode configuration commands (continued) Submode content_filter (continued) Command Name Purpose security content_filter content_filtering configure Configure web content filtering. security content_filter trusted_domain add Configure a new trusted domain. security content_filter trusted_domain delete Delete a trusted domain. security content_filter trusted_domain edit Configure an existing trusted domain.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 8. Security mode configuration commands (continued) Submode Command Name Purpose security firewall ipv4 edit_rule dmz_wan inbound Configure an existing IPv4 DMZ WAN inbound firewall rule. security firewall ipv4 edit_rule dmz_wan outbound Configure an existing IPv4 DMZ WAN outbound firewall rule. security firewall ipv4 edit_rule lan_dmz inbound Configure an existing IPv4 LAN DMZ inbound firewall rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 8. Security mode configuration commands (continued) Submode Command Name Purpose schedules security schedules edit <1 | 2 | 3> Configure one of the three security schedules. security services add Configure a new custom service. security services delete Delete a custom service. security services edit Configure an existing custom service. security upnp configure Configure UPnP.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Wireless Settings (Dot11 Mode) Configuration Commands Enter the dot11 ? command at the CLI prompt to display the description of all the configuration commands in the dot11 mode. The following table lists the commands in alphabetical order: Table 10. Dot11 mode configuration commands Submode profile radio Command Name Purpose dot11 profile acl configure Configure an ACL for a specific profile.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 11. Configuration commands: vpn mode (continued) Submode Command Name Purpose vpn ipsec vpnpolicy drop Terminate an IPSec VPN connection. ipsec (continued) vpn ipsec vpnpolicy enable Enable an IPSec VPN policy. vpn ipsec wizard configure Configure the IPSec VPN wizard for a gateway-to-gateway or gateway-to-VPN client connection.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 11. Configuration commands: vpn mode (continued) Submode sslvpn (continued) Command Name Purpose vpn sslvpn users domains edit Configure an existing authentication domain. vpn sslvpn users groups add Configure a new authentication group. vpn sslvpn users groups delete Delete an authentication group. vpn sslvpn users groups edit Configure an existing authentication group.
3. Net Mode Configuration Commands 3 This chapter explains the configuration commands, keywords, and associated parameters in the net mode.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format def_mtu {Default | Custom {mtu_size }} port_speed {Auto_Sense | 10_BaseT_Half_Duplex | 10_BaseT_Full_Duplex | 100_BaseT_Half_Duplex | 100_BaseT_Full_Duplex | 1000_BaseT_Half_Duplex | 1000_BaseT_Full_Duplex} mac_type {Use-Default-Mac | Use-This-Computers-Mac | Use-This-Mac {mac_address }} Mode net-config [port_setup] Keyword Associated Keyword to Select or Parameter to Type Description def_mtu Default or Custo
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net wan port_setup IPv4 WAN Commands net wan_settings wanmode configure This command configures the mode of IPv4 routing between the WAN interface and LAN interfaces. After you have issued the net wan_settings wanmode configure command, you enter the net-config [routing-mode] mode, and then you can configure NAT or classical routing.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format isp_connection_type {STATIC | DHCPC | PPPoE | PPTP} Yes isp_login_required {Y | N} static static static static static ip_address subnet_mask gateway_address primary_dns secondary_dns dhcpc account_name dhcpc domain_name dhcpc client_identifier {Y | N} dhcpc vendor_identifier {Y | N} dhcpc get_dns_from_isp {Y | N {dhcpc primary_dns }
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type isp_connection_type STATIC, DHCPC, PPPoE, or Specifies the type of ISP connection. You PPTP can specify only one type of connection: • STATIC. Configure the keywords and parameters in the STATIC section of this table. • DHCPC. Configure the keywords and Yes parameters in the DHCPC section of this table. • PPPoE.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type dhcpc get_dns_from_isp Y or N Specifies whether or not the IP address is dynamically received from the ISP. If you select N, you need to issue the dhcpc primary_dns keyword and enter the IP address of the primary DNS server. For a secondary DNS server, issue the dhcpc secondary_dns keyword, and enter the IP address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type pppoe delay_in_reset seconds After the connection has been reset, the number of seconds of delay before an PPPoE connection attempt is made. pppoe get_ip_dynamically Y or N Specifies whether or not the IP address is dynamically received from the ISP.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type pptp idle_time minutes The idle time-out period in minutes (5 to 999), if the PPTP connection is configured for idle time-out, pptp my_address ipaddress The IP address that was assigned by the ISP to make a connection with the ISP’s PPTP server. pptp server_address ipaddress The IP address of the PPTP server.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N selected ISP connection type, configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (consists of two separate words) Associated Keyword to Select or Parameter to Type Description DHCPC dhcpc stateless_mode_enable StatelessAddrAutoConfig The type of DHCPv6 mode (stateless or or stateful). If you set the dhcpc StatefulAddrAutoConfig stateless_mode_enable keywords to StatelessAddrAutoConfig, you have the option to set the dhcpc prefix_delegation_enable keywords and associated parameter.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net ipv6 ipmode setup IPv6 Tunnel Commands net ipv6_tunnel isatap add This command configures a new ISATAP tunnel. After you have issued the net ipv6_tunnel isatap add command, you enter the net-config [isatap-tunnel] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show commands: show net ipv6_tunnel setup and show net ipv6_tunnel status net ipv6_tunnel isatap edit This command configures an existing ISATAP tunnel. After you have issued the net ipv6_tunnel isatap edit command to specify the row to be edited, you enter the net-config [isatap-tunnel] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show commands: show net ipv6_tunnel setup and show net ipv6_tunnel status net ipv6_tunnel six_to_four configure This command enables or disables automatic tunneling, which allows traffic from an IPv6 LAN to be tunneled through an IPv4 WAN to reach an IPv6 network. After you have issued the net ipv6_tunnel six_to_four configure command, you enter the net-config [six-to-four-tunnel] mode, and then you can configure automatic tunneling.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type enable Disable, DynDNS, TZO, DNS_Oray, or 3322_DDNS Enables or disables DDNS. Use the Disable keyword to disable DDNS after you had first enabled the service. The other keywords represent DDNS service providers and are self-explanatory. hostname host name Configures a host name (string) for a DDNS server. username user name Configures a user name (string) for a DDNS server.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format profile_name port_membership {[port 1 {Y | N}] | [port 2 {Y | N}] | [port 3 {Y | N}] | [port 4 {Y | N}] | [port 5 {Y | N}] | [port 6 {Y | N}] | [port 7 {Y | N}] | [port 8 {Y | N}]} static address static subnet_mask dhcp mode {None | DHCP-Server | DHCP-Relay} proxy dns_enable {Y | N} dhcp domain_name dhcp start_address dhcp end_address dhcp primary_dns dh
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of Associated Keyword to Description two separate words) Select or Parameter to Type dhcp mode None, DHCP-Server, or DHCP-Relay Specifies the DHCP mode for the devices that are connected to the VLAN: • None. The DHCP server is disabled. No further DHCP configuration is required. • DHCP-Server. Configure the keywords and parameters in the DHCP server section of this table. • DHCP-Relay.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net-config[lan-ipv4]> net-config[lan-ipv4]> net-config[lan-ipv4]> net-config[lan-ipv4]> net-config[lan-ipv4]> net-config[lan-ipv4]> net-config[lan-ipv4]> static address 192.168.1.1 static subnet_mask 255.255.255.0 dhcp mode DHCP-Relay dhcp relay_gateway 10.172.214.198 proxy dns_enable N inter_vlan_routing Y save Related show command: show net lan ipv4 setup net lan ipv4 delete This command deletes a VLAN by deleting its ID.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net lan ipv4 setup net ethernet configure This command configures a VLAN for a LAN interface. After you have issued the net ethernet configure command to specify a LAN interface, you enter net-config [ethernet] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan ipv4 default_vlan This command configures the default VLAN for each port. After you have issued the net lan ipv4 default_vlan command, you enter the net-config [lan-ipv4-defvlan] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net lan ipv4 setup net lan ipv4 advanced configure This command configures advanced LAN settings such as the MAC address for VLANs and ARP broadcast. After you have issued the net lan ipv4 advanced configure command, you enter the net-config [lan-ipv4-adv] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net-config [dhcp-reserved-ip] mode, and then you can configure the IP address for the binding configuration.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan dhcp reserved_ip delete This command deletes the binding of a MAC address to an IP address. Format net lan dhcp reserved_ip delete Mode net Related show commands: show net lan dhcp reserved_ip setup and show net lan dhcp leased_clients list net lan lan_groups edit This command specified an IPv4 LAN group name, that is, it changes a default group name such as Group1, Group2, or Group3.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net lan ipv4 multiHoming net lan ipv4 multi_homing edit This command configures an existing IPv4 alias, that is, a secondary IPv4 address. After you have issued the net lan ipv4 multi_homing edit command, you enter the net-config [lan-ipv4-multihoming] mode, and then you can configure the secondary address and subnet mask in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format static address static prefix_length dhcp server_enable {N | Y {dhcp mode {Stateless | Stateful}}} dhcp domain name dhcp server_preference dhcp dns_type {useDnsProxy | useDnsFromISP | useEnteredDns {dhcp primary_dns } [dhcp secondary_dns ]} dhcp rebind_time Mode net-config [lan-ipv6] Keyword (consists of two separate words) Associated Keyword
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net-config[lan-ipv6]> net-config[lan-ipv6]> net-config[lan-ipv6]> net-config[lan-ipv6]> net-config[lan-ipv6]> dhcp dhcp dhcp dhcp save domain name netgear.com server_preference 236 dns_type useDnsProxy rebind_time 43200 Related show command: show net lan ipv6 setup net lan ipv6 pool configure This command configures a new or existing IPv6 DHCP address pool.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan ipv6 multi_homing add This command configures a new IPv6 alias, that is, a secondary IPv6 address. After you have issued the net lan ipv6 multi_homing add command, you enter the net-config [lan-ipv6-multihoming] mode, and then you can configure the secondary address and IPv6 prefix length in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net lan ipv6 multi_homing delete This command deletes a secondary IPv6 address by specifying its row ID. Format net lan ipv6 multi_homing delete Mode net Related show command: show net lan ipv6 multiHoming net radvd configure lan This command configures the Router Advertisement Daemon (RADVD) for the link-local advertisements of IPv6 router addresses and prefixes in the LAN.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Description Select or Parameter to Type interval seconds The interval in seconds (integer) between unsolicited multicast RAs. Enter a period from 10 to 1800 seconds. The default is 30 seconds. flags Managed or Other Sets the flag: • Managed. Specifies that the DHCPv6 stateful protocol is used for autoconfiguration of the address. • Other.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format prefix_type {6To4 {sla_id } | Global-Local-ISATAP {prefix_address } {prefix_length }} prefix_life_time Mode net-config [radvd-pool-lan] Keyword Associated Keyword to Description Select or Parameter to Type prefix_type 6To4 or Global-Local-ISATAP The prefix type that specifies the type of communication between the interfaces: • 6To4. The prefix is for a 6to4 address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N enter the net-config [radvd-pool-lan] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net radvd lan setup IPv4 DMZ Setup Commands net dmz ipv4 configure This command enables, configures, or disables the IPv4 DMZ. After you have issued the net dmz ipv4 configure command, you enter the net ipv4-config [dmz] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type dhcp_mode None, DHCP-Serves or DHCP-Relay Specifies the DHCP mode: • None. DHCP is disabled for the DMZ. • DHCP-Server. DHCP is enabled for the DMZ. You can configure all keywords and parameters except the relay_gateway keyword and associated parameter. • DHCP-Relay. Addresses are assigned in the DMZ by a DHCP Relay. Configure the relay_gateway keyword and associated parameter.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show net dmz ipv4 setup IPv6 DMZ Setup Commands net dmz ipv6 configure This command enables, configures, or disables the IPv6 DMZ. After you have issued the net dmz ipv6 configure command, you enter the net ipv6-config [dmz] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type dns_server_option useDnsProxy, useDnsFromISP, or useEnteredDns The DNS server type. If you select useEnteredDns, you also need to issue the primary_dns_server keyword and associated parameter. The secondary_dns_server keyword and associated parameter are optional. primary_dns_server ipv6-address The IPv6 address for the primary DNS server in the DMZ configuration.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: FVS318N> net dmz ipv6 pool configure net-ipv6-config-pool[dmz]> starting_ip_address 2001::1100 net-ipv6-config-pool[dmz]> ending_ip_address 2001::1120 net-ipv6-config-pool[dmz]> prefix_value 56 net-ipv6-config-pool[dmz]> save Related show command: show net dmz ipv6 setup net radvd configure dmz This command configures the Router Advertisement Daemon (RADVD) process for the link-local advertisements of IPv6 router addresses and prefixe
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Description Select or Parameter to Type flags Managed or Other Sets the flag: • Managed. Specifies that the DHCPv6 stateful protocol is used for autoconfiguration of the address. • Other. Specifies that the DHCPv6 stateful protocol is used for autoconfiguration of other (that is, nonaddress) information.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type prefix_type 6To4 or Global-Local-ISATAP The prefix type that specifies the type of communication between the interfaces: • 6To4. The prefix is for a 6to4 address. You need to issue the sla_id keyword and specify the interface ID. • Global-Local-ISATAP. The prefix is for a global, local, or ISATAP address. This needs to be a global prefix, not the site-local or link-local prefix.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format prefix_type {6To4 {sla_id } | Global-Local-ISATAP {prefix_address } {prefix_length }} prefix_life_time Mode net-config [radvd-pool-dmz] Keyword Associated Keyword to Description Select or Parameter to Type prefix_type 6To4 or Global-Local-ISATAP The prefix type that specifies the type of communication between the interfaces: • 6To4. The prefix is for a 6to4 address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv4 Routing Commands net routing static ipv4 configure This command configures an IPv4 static route. After you have issued the net routing static ipv4 configure command to specify the name of the new route, you enter the net-config [static-routing-ipv4] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net-config[static-routing-ipv4]> net-config[static-routing-ipv4]> net-config[static-routing-ipv4]> net-config[static-routing-ipv4]> net-config[static-routing-ipv4]> subnet_mask 255.255.255.0 interface wan gateway_address 10.192.44.13 metric 7 save Related show command: show net routing static ipv4 setup net routing static ipv4 delete This command deletes a static IPv4 route by deleting its name.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format authentication_enable {Y | N} direction {None | In-only | Out-only | Both} version {Disabled | Rip1 | Rip2B | Rip2M} first_key first_key first_key first_key first_key first_key first_key first_key first_key first_key first_key first_key first_key first_key authentication_id id_number valid_from {day } valid_from {month } valid_from {year }} valid_from {hour | valid_from {minute
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Description Select or Parameter to Type version Disabled, Rip1, Rip2B, or Rip2M The RIP version. First key first_key authentication_id authentication key The first MD5 authentication key (alphanumeric string). first_key id_number number The first MD5 key ID (integer). first_key valid_from day day The day in the format DD (01 to 31).
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net-config[dynamic-routing]> net-config[dynamic-routing]> net-config[dynamic-routing]> net-config[dynamic-routing]> net-config[dynamic-routing]> net-config[dynamic-routing]> net-config[dynamic-routing]> net-config[dynamic-routing]> net-config[dynamic-routing]> net-config[dynamic-routing]> net-config[dynamic-routing]> net-config[dynamic-routing]> net-config[dynamic-routing]> net-config[dynamic-routing]> net-config[dynamic-routing]> net-config[dynamic-ro
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format active_flag {Y | N} destination_address prefix gateway_address interface {Dedicated-WAN | LAN | Sit0-WAN1} metric Mode net-config [static-routing-ipv6] Keyword Associated Keyword to Description Select or Parameter to Type active_flag Y or N Specifies whether or not the route is an active route. destination_address ipv6-address The destination IP address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N net routing static ipv6 delete This command deletes a static IPv6 route by deleting its name. Format net routing static ipv6 delete Mode net Related show command: show net routing static ipv6 setup net routing static ipv6 delete_all This command deletes all static IPv6 routes.
4. Security Mode Configuration Commands 4 This chapter explains the configuration commands, keywords, and associated parameters in the security mode.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Step 2 Format security services add Mode security Format name protocol {TCP {start_port } {finish_port } | UDP {start_port } {finish_port } | ICMP {icmp_type | ICMPv6 {icmp_type }} qos_priority {Normal-Service | Minimize-Cost | Maximize-Reliability | Maximize-Throughput | Minimize-Delay} Mode security-config [custom-service] Keyword Associated Keyword to Description Selec
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security services edit This command configures an existing firewall custom service. After you have issued the security services edit command to specify the row to be edited, you enter the security-config [custom-service] mode, and then you can edit the service.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show security services setup Security Schedules Commands security schedules edit <1 | 2 | 3> This command configures one of the three security schedules.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (consists of two separate words) Associated Keyword to Description Select or Parameter to Type time_of_day all_enable Y or N Specifies whether or not the schedule is active all day. time_of_day start hours hour The schedule starts at the specified hour in the 12-hour format HH (00 to 12). time_of_day start mins minute The schedule starts at the specified minute in the format MM (00 to 59).
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description Service name, action, and schedule service_name default_services The default service and protocol to ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description lan_users group_wise group name The name of the LAN group. The group name is either a default name (Group1, Group2, Group3, and so on) or a custom name that you specified with the net lan lan_groups edit command. wan_users ANY, SINGLE_ADDRESS, or ADDRESS_RANGE The type of WAN address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security-config[firewall-ipv4-lan-wan-outbound]> security-config[firewall-ipv4-lan-wan-outbound]> security-config[firewall-ipv4-lan-wan-outbound]> security-config[firewall-ipv4-lan-wan-outbound]> security-config[firewall-ipv4-lan-wan-outbound]> security-config[firewall-ipv4-lan-wan-outbound]> security-config[firewall-ipv4-lan-wan-outbound]> security-config[firewall-ipv4-lan-wan-outbound]> action ALWAYS_ALLOW lan_users address_wise ANY wan_users ADDRES
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description Service name, action, and schedule service_name default_services ANY, AIM, BGP, BOOTP_CLIENT, The default service and protocol to BOOTP_SERVER, CU-SEEME:UDP, which the firewall rule applies.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description lan_users group_wise group name The name of the LAN group. The group name is either a default name (Group1, Group2, Group3, and so on) or a custom name that you specified with the net lan lan_groups edit command. wan_users ANY, SINGLE_ADDRESS, or ADDRESS_RANGE The type of WAN address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: See the command example for the security firewall ipv4 add_rule lan_wan outbound command. Related show command: show security firewall ipv4 setup lan_wan security firewall ipv4 add_rule lan_wan inbound This command configures a new IPv4 LAN WAN outbound firewall rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description Service name, action, and schedule service_name default_services The default service and protocol to ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description translate_to_port_number enable Y or N Enables or disables port forwarding. translate_to_port_number port number The port number (integer) if port forwarding is enabled. Valid numbers are 0 through 65535. wan_destination_ip_address WAN, OTHERS, or RANGE The type of destination WAN address for an inbound rule: • WAN.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description lan_user_end_ip ipaddress The end IP address if the lan_user address_wise keywords are set to ADDRESS_RANGE. lan_user group_wise group name The name of the LAN group.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv4 edit_rule lan_wan inbound This command configures an existing IPv4 LAN WAN inbound firewall rule. After you have issued the security firewall ipv4 edit_rule lan_wan inbound command to specify the row to be edited (for row information, see the output of the show security firewall ipv4 setup lan_wan command), you enter the security-config [firewall-ipv4-lan-wan-outbound] mode.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description Service name, action, and schedule service_name default_services The default service and protocol to ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description translate_to_port_number enable Y or N Enables or disables port forwarding. translate_to_port_number port number The port number (integer) if port forwarding is enabled. Valid numbers are 0 through 65535. wan_destination_ip_address WAN, OTHERS, or RANGE The type of destination WAN address for an inbound rule: • WAN.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description lan_user_end_ip ipaddress The end IP address if the lan_users address_wise keywords are set to ADDRESS_RANGE. lan_users group_wise group name The name of the LAN group.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description Service name, action, and schedule service_name default_services The default service and protocol to ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description wan_user_start_ip ipaddress There are two options: • The IP address if the wan_users keyword is set to SINGLE_ADDRESS. • The start IP address if the wan_users keyword is set to ADDRESS_RANGE. wan_user_end_ip ipaddress The end IP address if the wan_users keyword is set to ADDRESS_RANGE.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv4 edit_rule dmz_wan outbound This command configures an existing IPv4 DMZ WAN outbound firewall rule. After you have issued the security firewall ipv4 edit_rule dmz_wan outbound command to specify the row to be edited (for row information, see the output of the show security firewall ipv4 setup dmz_wan command), you enter the security-config [firewall-ipv4-dmz-wan-outbound] mode.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description Service name, action, and schedule service_name default_services ANY, AIM, BGP, BOOTP_CLIENT, The default service and protocol to BOOTP_SERVER, CU-SEEME:UDP, which the firewall rule applies.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description wan_user_start_ip ipaddress There are two options: • The IP address if the wan_users keyword is set to SINGLE_ADDRESS. • The start IP address if the wan_users keyword is set to ADDRESS_RANGE. wan_user_end_ip ipaddress The end IP address if the wan_users keyword is set to ADDRESS_RANGE.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N prefer. However, note that the setting of the action keyword determines which other keywords and parameters can you can apply to a rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description Service name, action, and schedule service_name default_services The default service and protocol to ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description wan_destination_ip_address WAN or OTHERS The type of destination WAN address for an inbound rule: • WAN. The default IP address of the WAN (broadband) interface. • OTHERS. Another public IP address, which you need to configure by issuing the wan_destination_ip_address_start keyword and specifying an IPv4 address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: FVS318N> security firewall ipv4 add_rule dmz_wan inbound security-config[firewall-ipv4-dmz-wan-inbound]> service_name custom_services Traceroute security-config[firewall-ipv4-lan-wan-inbound]> action ALWAYS_ALLOW security-config[firewall-ipv4-lan-wan-inbound]> send_to_dmz_server_ip 176.21.214.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N log {NEVER | ALWAYS} Mode security-config [firewall-ipv4-dmz-wan-inbound] Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description Service name, action, and schedule service_name default_services The default service and protocol to ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description wan_destination_ip_address WAN or OTHERS The type of destination WAN address for an inbound rule: • WAN. The default IP address of the WAN (broadband) interface. • OTHERS. Another public IP address, which you need to configure by issuing the wan_destination_ip_address_start keyword and specifying an IPv4 address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: See the command example for the security firewall ipv4 add_rule dmz_wan inbound command. Related show command: show security firewall ipv4 setup dmz_wan security firewall ipv4 add_rule lan_dmz outbound This command configures a new IPv4 LAN DMZ outbound firewall rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description Service name, action, and schedule service_name default_services The default service and protocol to ANY, AIM, BGP, BOOTP_CLIENT, which the firewall rule applies.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description lan_users group_wise group name The name of the LAN group. The group name is either a default name (Group1, Group2, Group3, and so on) or a custom name that you specified with the net lan lan_groups edit command. dmz_users ANY, SINGLE_ADDRESS, or ADDRESS_RANGE The type of DMZ address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description action ALWAYS_BLOCK, ALWAYS_ALLOW, The type of action to be enforced BLOCK_BY_SCHEDULE_ELSE_ALLOW, by the rule. or ALLOW_BY_SCHEDULE_ELSE_BLOCK schedule Schedule1, Schedule2, or Schedule3 The schedule, if any, that is applicable to the rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: See the command example for the security firewall ipv4 add_rule lan_dmz outbound command. Related show command: show security firewall ipv4 setup lan_dmz security firewall ipv4 add_rule lan_dmz inbound This command configures a new IPv4 LAN DMZ inbound firewall rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description Service name, action, and schedule service_name default_services ANY, AIM, BGP, BOOTP_CLIENT, The default service and protocol to BOOTP_SERVER, CU-SEEME:UDP, which the firewall rule applies.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description lan_users group_wise group name The name of the LAN group. The group name is either a default name (Group1, Group2, Group3, and so on) or a custom name that you specified with the net lan lan_groups edit command. dmz_users ANY, SINGLE_ADDRESS, or ADDRESS_RANGE The type of DMZ address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N mode. You can then edit one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description service_name custom_services custom service name The custom service that you have configured with the security services add command. action ALWAYS_BLOCK, ALWAYS_ALLOW, The type of action to be enforced BLOCK_BY_SCHEDULE_ELSE_ALLOW, by the rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description NEVER or ALWAYS Enables or disables logging. Logging log Command example: See the command example for the security firewall ipv4 add_rule lan_dmz inbound command.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv4 disable This command disables an IPv4 firewall rule by specifying its row ID. Format security firewall ipv4 disable Mode security Related show command: show security firewall ipv4 setup lan_wan, show security firewall ipv4 setup dmz_wan, and show security firewall ipv4 setup lan_dmz security firewall ipv4 enable This command enables an IPv4 firewall rule by specifying its row ID.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Step 2 Format security firewall ipv6 configure Mode security Format from_zone {LAN | WAN | DMZ} to_zone {LAN | WAN | DMZ} service_name {default_services | custom_services } action {ALWAYS_BLOCK | ALWAYS_ALLOW | BLOCK_BY_SCHEDULE_ELSE_ALLOW {schedule {Schedule1 | Schedule2 | Schedule3}} | ALLOW_BY_SCHEDULE_ELSE_BLOCK {schedule {Schedule1 | Schedule2 | Schedule3}}} source_address_type {ANY | SING
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description service_name default_services ANY, AIM, BGP, BOOTP_CLIENT, The default service and protocol BOOTP_SERVER, CU-SEEME:UDP, to which the firewall rule applies.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description destination_address_type ANY, SINGLE_ADDRESS, or ADDRESS_RANGE The type of destination address. destination_start_address ipv6-address There are two options: • The IPv6 address if the destination_address_type keyword is set to SINGLE_ADDRESS. • The start IPv6 address if the destination_address_type keyword is set to ADDRESS_RANGE.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N the output of the show security firewall ipv6 setup command), you enter the security-config [firewall-ipv6] mode.You can then edit one keyword and associated parameter or associated keyword at a time in the order that you prefer. However, note that the setting of the action keyword determines which other keywords and parameters you can apply to a rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description service_name default_services ANY, AIM, BGP, BOOTP_CLIENT, The default service and protocol to which the firewall rule applies.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Select or Parameter to Type Description destination_address_type ANY, SINGLE_ADDRESS, or ADDRESS_RANGE The type of destination address. destination_start_address ipv6-address There are two options: • The IPv6 address if the destination_address_type keyword is set to SINGLE_ADDRESS. • The start IPv6 address if the destination_address_type keyword is set to ADDRESS_RANGE.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall ipv6 disable This command disables an IPv6 firewall rule by specifying its row ID. Format security firewall ipv6 disable Mode security Related show command: show security firewall ipv6 setup security firewall ipv6 enable This command enables an IPv6 firewall rule by specifying its row ID.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword Description to Select WAN security checks respond_to_ping_on_internet_ports Y or N Enables or disables the response to a ping from the WAN port. enable_stealth_mode Y or N Enables or disables stealth mode. block_tcp_flood Y or N Blocks or allows TCP floods on the WAN port. block_udp_flood Y or N Blocks or allows UDP floods on LAN ports.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security firewall attack_checks jumboframe setup This command enables or disables jumbo frames for IPv4 traffic. After you have issued the security firewall attack_checks jumboframe setup command, you enter the security-advanced-config [jumbo-frame] mode, and then you can enable or disable jumbo frames.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show security firewall attack_checks vpn_passthrough setup security firewall attack_checks configure ipv6 This command configures ipv6 WAN security attack checks. After you have issued the security firewall attack_checks configure ipv6 command, you enter the security-config [attack-checks-ipv6] mode, and then you can edit one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Step 2 Format security firewall session_limit configure Mode security Format enable {Y | N} conn_limit_type {Percentage_Of_MaxSessions | Number_Of_Sessions} user_limit Mode security-config [session-limit] Keyword Associated Keyword to Select or Parameter to Type Description enable Y or N Enables or disables session limits.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format tcp_session_timeout udp_session_timeout icmp_session_timeout Mode security-config [session-settings] Keyword Associated Parameter Description to Type tcp_session_timeout seconds Configures the TCP session timeout period (integer) in seconds. udp_session_timeout seconds Configures the UDP session timeout period (integer) in seconds. Configures the ICMP session timeout period (integer) in seconds.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Address Filter and IP/MAC Binding Commands security address_filter mac_filter configure This command configures the source MAC address filter. After you have issued the security address_filter mac_filter configure command, you enter the security-config [mac-filter] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show security address_filter mac_filter setup security address_filter mac_filter source delete This command deletes a MAC address from the MAC address table by deleting its row ID.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Select or Parameter to Type Description ip_address6 ipv6-address The IPv6 address to which the IP/MAC binding rule is applied. log_dropped_packets Y or N Enables or disables logging for the IP/MAC binding rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Select or Parameter to Type Description ip_version IPv4 or IPv6 Specifies the type of IP address to which the IP/MAC binding rule is applied: • IPv4. You need to issue the ip_address keyword and specify an IPv4 address. • IPv6. You need to issue the ip_address6 keyword and specify an IPv6 address. ip_address ipaddress The IPv4 address to which the IP/MAC binding rule is applied.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword Description to Select enable_email_logs Y or N Enables or disables the email log or IP/MAC Binding violations. Related show command: show security address_filter enable_email_log Port Triggering Commands security porttriggering_rules add This command configures a new port triggering rule.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type incoming_start_port number The start port number (integer) of the incoming traffic range. Valid numbers are from 0 to 65535. incoming_end_port The end port number (integer) of the incoming traffic range. Valid numbers are from 0 to 65535.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type name rule name The name (alphanumeric string) of the port triggering rule. enable_rule Y or N Enables or disables the port triggering rule. protocol TCP or UDP Specifies whether the port uses the TCP or UDP protocol. outgoing_start_port number The start port number (integer) of the outgoing traffic range. Valid numbers are from 0 to 65535.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Step 2 Format security upnp configure Mode security Format enable {Y | N} advertisement period advertisement time_to_live Mode security-config [upnp] Keyword (might consist of two separate words) Associated Keyword to Description Select or Parameter to Type enable Y or N Enables or disables UPnP. advertisement period seconds The advertisement period in seconds, from 1 to 86400 seconds.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format name direction {Inbound | Outbound | Both _Directions} inbound_minimum_rate inbound_maximum_rate outbound_minimum_rate outbound_maximum_rate is_group {Individual | Group} Mode security-config [bandwidth-profile] Keyword Associated Keyword to Description Select or Parameter to Type name profile name The profile name (alphanumeric string).
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security bandwidth profile edit This command configures an existing bandwidth profile. After you have issued the security bandwidth profile edit command to specify the row to be edited, you enter the security-config [bandwidth-profile] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security bandwidth profile delete This command deletes a bandwidth profile by deleting its row ID.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security-config[content-filtering]> security-config[content-filtering]> security-config[content-filtering]> security-config[content-filtering]> cookies_enable Y java_enable Y proxy_enable N save Related show command: show security content_filter content_filtering security content_filter block_group enable This command applies content filtering to selected groups or to all groups.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: FVS318N> security content_filter blocked_group enable security-config[block-group-enable]> group group1 Y security-config[block-group-enable]> group group2 Y security-config[block-group-enable]> group group3 Y security-config[block-group-enable]> group group8 Y security-config[block-group-enable]> save Related show command: show security content_filter block_group security content_filter block_group disable This command removes conten
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword Description to Select group group1 Y group group2 Y group group3 Y group group4 Y group group5 Y group group6 Y group group7 Y group group8 Y Disables content filtering for the selected group.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N security content_filter blocked_keywords edit This command configures an existing blocked keyword for content filtering. After you have issued the security content_filter blocked_keywords edit command to specify the row to be edited, you enter the security-config [blocked-keywords] mode, and then you can edit the keyword.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show security content_filter trusted_domains security content_filter trusted_domain edit This command configures an existing trusted domain for content filtering. After you have issued the security content_filter trusted_domain edit command to specify the row to be edited, you enter the security-config [approved-urls] mode, and then you can edit the URL.
5. System Mode Configuration Commands 5 This chapter explains the configuration commands, keywords, and associated parameters in the system mode. The chapter includes the following sections: • Remote Management Commands • SNMP Commands • Time Zone Command • Traffic Meter Command • Firewall Logs and Email Alerts Commands IMPORTANT: After you have issued a command that includes the word configure, add, or edit, you need to save (or cancel) your changes.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format ip_version {IPv4 | IPv6} enable_ipv4 {Y | N} access_type {Everyone | IP_Range {from_address } {end_address } | To_this_PC_only {only_this_pc_ip }} port enable_ipv6 {Y | N} access_type6 {Everyone | IP_Range {from_address6 } {end_address6 } | To_this_PC_only {only_this_pc_ipv6 }} port Mode system-config [https] Keyword Associated Keyword to D
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type access_type6 Everyone, IP_Range, or To_this_PC_only Specifies the type of access: • Everyone. Enables access to all IP addresses. You do not need to configure any IP address. • IP_Range. Enables access to a range of IP addresses. You also need to configure the from_address6 and end_address6 keywords and associated parameters. • To_this_PC_only.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Note: You can configure remote management over Telnet for both IPv4 and IPv6 connections because these connections are not mutually exclusive.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type only_this_pc_ip ipaddress The single IP address if you have set the access_type keyword to To_this_PC_only. Telnet over an IPv6 connection enable_ipv6 Y or N Enables or disables remote management over Telnet for an IPv6 connection. access_type6 Everyone, IP_Range, or To_this_PC_only Specifies the type of access: • Everyone. Enables access to all IP addresses.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N SNMP Commands system snmp trap configure This command configures a new or existing SNMP agent to which trap information is forwarded. After you have issued the system snmp trap configure command to specify the IP address of the agent, you enter the system-config [snmp-trap] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N system snmp trap delete This command deletes an SNMP agent by deleting its IP address. Format system snmp trap delete Mode system Related show command: show system snmp trap [agent ipaddress] system snmp sys configure This command configures the SNMP system information.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Time Zone Command system time configure This command configures the system time, date, and NTP servers. After you have issued the system time configure command, you enter the system-config [time] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 12. Timezone keywords GMT time and location Note: Enter the keywords exactly as stated (you can use autocompletion keys). If there are two locations for the same time zone, enter the location exactly as stated. For example, either enter GMT-11:00::Samoa or enter GMT-10:00::Hawaii.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 12. Timezone keywords (continued) GMT time and location Note: Enter the keywords exactly as stated (you can use autocompletion keys). If there are two locations for the same time zone, enter the location exactly as stated. For example, either enter GMT-11:00::Samoa or enter GMT-10:00::Hawaii.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 12. Timezone keywords (continued) GMT time and location Note: Enter the keywords exactly as stated (you can use autocompletion keys). If there are two locations for the same time zone, enter the location exactly as stated. For example, either enter GMT-11:00::Samoa or enter GMT-10:00::Hawaii.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N block_type {Block-all-traffic | Block-all-traffic-except-email} send_email_alert {Y | N} Mode system-config [traffic-meter] Keyword Associated Keyword to Select or Parameter to Type Description enable Y or N Enables or disables the traffic meter. limit_type Nolimit, Downloadonly, or BothDirections The type of traffic limit, if any: • Nolimit. There is no traffic limit. • Downloadonly. The traffic limit applies to downloaded traffic only.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Select or Parameter to Type Description time_hour hour The hour in the format HH (00 to 12) that the traffic counter restarts. This keyword applies only when you have set the counter keyword to SpecificTime. time_meridian AM or PM The meridiem for the hour that the traffic counter restarts. This keyword applies only when you have set the counter keyword to SpecificTime.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Firewall Logs and Email Alerts Commands system logging configure This command configures routing logs for accepted and dropped IPv4 and IPv6 packets, selected system logs, and logs for other events. After you have issued the system logging configure command, you enter the system-config [logging-ipv4-ipv6] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Description Keyword to Select Routing logs lan_wan_accept_packet_logs Y or N lan_wan_drop_packet_logs Y or N lan_dmz_accept_packet_logs Y or N lan_dmz_drop_packet_logs Y or N dmz_wan_accept_packet_logs Y or N dmz_wan_drop_packet_logs Y or N wan_lan_accept_packet_logs Y or N wan_lan_drop_packet_logs Y or N dmz_lan_accept_packet_logs Y or N dmz_lan_drop_packet_logs Y or N wan_dmz_accept_packet_logs Y or N wan_dm
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Description Keyword to Select Other event logs source_mac_filter_logs Y or N Enables or disables logging of packets from MAC addresses that match the source MAC address filter settings. session_limit_logs Y or N Enables or disables logging of packets that are dropped because the session limit has been exceeded.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N email_logs_enable {Y | N} email_server {ipaddress | domain name} return_email send_to_email smtp_custom_port smtp_auth type {None | Plain {smtp_auth username } {smtp_auth password } | CRAM-MD5 {smtp_auth username } {smtp_auth password }} identd_from_smtp_server_enable {Y | N} schedule unit {Never | Hourly | Daily {schedule time {0:00 | 1:00 | 2:00 | 3:00 | 4:00 | 5:00 |
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Description Select or Parameter to Type smtp_auth type None, Plain, or CRAM-MD5 The type of authentication for the SMTP server. If you select Plain or CRAM-MD5, you also need to configure the smtp_auth username and smtp_auth password keywords and associated parameters.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate words) Associated Keyword to Description Select or Parameter to Type Syslog server syslog_server ipaddress or domain name The IP address or domain name of the syslog server. syslog_severity LOG_EMERG, LOG_ALERT, LOG_CRITICAL, LOG_ERROR, LOG_WARNING, LOG_NOTICE, LOG_INFO, or LOG_DEBUG The syslog severity level. The keywords are self-explanatory.
6. Dot11 Mode Configuration Commands 6 This chapter explains the configuration commands, keywords, and associated parameters in the dot11 mode. The chapter includes the following sections: • Wireless Radio Commands • Wireless Profile Commands IMPORTANT: After you have issued a command that includes the word configure, add, or edit, you need to save (or cancel) your changes. For more information, see Save Commands on page 13.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Select or Description Parameter to Type country africa, asia, europe, middle_east, oceania, or united_states country keyword After you have selected a geographical region, select a predefined country name within the selected region. For a list of countries that you can enter, see Table 13. mode g_and_b, g_only, ng, or n_only The wireless mode in the 2.4-GHz band: • g_and_b. In addition to 802.11b- and 802.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Select or Description Parameter to Type The default transmit power in dBm, which can range from 0 to 31. default_transmit_power number Note: If the country regulation does not allow the transmit power that you configure, the power will be automatically adjusted to the legally allowed power.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 13.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 13. Region and country keywords (continued) Region Country Europe (continued) France Georgia Note: This keyword might be located under another region. The command syntax might change in a future release.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 13.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 13. Region and country keywords (continued) Region Country UnitedStates (continued) ElSalvador Guatemala Honduras Jamaica Mexico Panama Peru PuertoRico TrinidadAndTobago UnitedStates_US Uruguay Venezuela Command example: FVS318N> dot11 radio configure dot11-config[radio]> country united_states UnitedStates_US dot11-config[radio]> 2.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format beacon_interval dtim_interval rts_threshold fragmentation_threshold preamble_mode protection_mode {CTS-to-Self_Protection | None} power_save_enable {Y | N} Mode dot11-config [radio-advance] Keyword Associated Keyword to Description Select or Parameter to Type beacon_interval milliseconds The time in milliseconds between the beacon transmissions.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N dot11-config[radio-advance]> power_save_enable Y dot11-config[radio-advance]> save Related show command: show dot11 radio Wireless Profile Commands dot11 profile configure This command configures a new or existing profile.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist Associated Keyword to Select Description of two separate words) or Parameter to Type security_type Open, WEP, WPA, WPA2, or WPA+WPA2 The type of security and associated encryption. Your selection determines which other keywords and associated parameters and keywords you need to set. vlan_profile vlan name The VLAN to which the wireless profile is allocated.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist Associated Keyword to Select Description of two separate words) or Parameter to Type wpa authentication PSK, RADIUS, or PSK+RADIUS The WPA authentication type. Note the following: • PSK. Requires you to set the wpa wpa_password keyword and associated parameter. • RADIUS. Requires you to configure the RADIUS settings. • PSK_RADIUS.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N dot11-config[profile]> dot11-config[profile]> dot11-config[profile]> dot11-config[profile]> dot11-config[profile]> dot11-config[profile]> dot11-config[profile]> dot11-config[profile]> dot11-config[profile]> dot11-config[profile]> dot11-config[profile]> wpa authentication PSK wpa wpa_password Se36cu37re38! enable_active_time Y start hour 8 start meridiem AM start minute 00 stop hour 5 stop meridiem PM stop minute 00 wlan_partition N save Related show
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Related show command: show dot11 profile [profile name] dot11 profile acl configure This command adds a MAC address to or deletes a MAC address from an access control list (ACL) and configures the ACL setting for a selected profile.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N dot11 profile wps configure This command configures Wi-Fi Protected Setup™ (WPS) for as SSID. After you have issued the dot11 profile wps configure command, you enter the dot11-config [ap-wps] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
7. VPN Mode Configuration Commands 7 This chapter explains the configuration commands, keywords, and associated parameters in the vpn mode.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPSec VPN Wizard Command vpn ipsec wizard configure This command configures the IPSec VPN wizard for a gateway-to-gateway or gateway-to-VPN client connection.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type preshared_key key The key (alphanumeric string) that needs to be entered on both peers. remote_wan_ipaddress ipaddress, ipv6-address, or domain name Depending on the setting of the ip_version keyword, specifies an IPv4 or IPv6 local WAN address. You can also specify a domain name.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N To display the IKE policy configuration that the wizard created through the vpn ipsec wizard configure command, issue the show vpn ipsec ikepolicy setup command: FVS318N> show vpn ipsec ikepolicy setup List of IKE Policies ____________________ Name Mode Local ID Remote ID Encryption Authentication DH Group _________________ __________ ______________________ _____________ __________ ______________ ____________ FVS318N-to-Peer44 main fe80::a8ab:bbf
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N extended_authentication {None | IPSecHost {xauth_username } {xauth_password } | EdgeDevice {extended_authentication_type {User-Database | RadiusPap | RadiusChap}}} Mode vpn-config [ike-policy] Keyword Associated Keyword to Description Select or Parameter to Type Mode Config record selection and general policy settings enable_mode_config Y or N Specifies whether or not the IKE policy uses a Mode Config record.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Local and remote identifiers ip_version IPv4 or IPv6 If the local_identtype and remote_identtype keywords are set to Local_Wan_IP, specifies the IP address version for both the local and remote endpoints: • IPv4. Both endpoints use IPv4 addresses. You need to specify IPv4 addresses for the local_identifier and remote_identifier keywords. • IPv6. Both endpoints use IPv6 addresses.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type remote_identtype Remote_Wan_IP, FQDN, User-FQDN, or DER_ASN1_DN Specifies the ISAKMP identifier to be used by the wireless VPN firewall: • Remote_Wan_IP. The WAN IP address of the remote endpoint. The setting of the ip_version keyword determines if you need to specify an IPv4 or IPv6 address for the local_identifier keyword. • FQDN. The domain name for the wireless VPN firewall.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type auth_method Pre_shared_key or RSA_Signature Specifies the authentication method: • Pre_shared_key. A secret that is shared between the wireless VPN firewall and the remote endpoint. You also need to issue the pre_shared_key keyword and specify the key. • RSA_Signature.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Extended authentication settings extended_authentication None, IPSecHost, or EdgeDevice Specifies whether or not Extended Authentication (XAUTH) is enabled, and, if enabled, which device is used to verify user account information: • None. XAUTH is disabled. This the default setting. • IPSecHost. The wireless VPN firewall functions as a VPN client of the remote gateway.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: FVS318N> vpn ipsec ikepolicy configure FVS-to-Paris vpn-config[ike-policy]> enable_mode_config N vpn-config[ike-policy]> direction_type Both vpn-config[ike-policy]> exchange_mode Main vpn-config[ike-policy]> ip_version ipv4 vpn-config[ike-policy]> local_identtype Local_Wan_IP vpn-config[ike-policy]> local_identifier 10.139.54.228 vpn-config[ike-policy]> remote_identtype Remote_Wan_IP vpn-config[ike-policy]> remote_identifier 10.112.71.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Step 2 Format vpn ipsec vpnpolicy configure Mode vpn Format general_policy_type {Auto-Policy | Manual-Policy} general_ip_version {IPv4 | IPv6} general_remote_end_point_type {FQDN {general_remote_end_point fqdn | IP-Address {general_remote_end_point ip_address | {general_remote_end_point ipv6_address }} general_enable_netbios {N | Y} auto_initiate_policy {N | Y} general_enable_keep_
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N manual_spi_out manual_authentication_algorithm {MD5 | SHA-1} manual_authentication_key_in manual_authentication_key_out auto_sa_lifetime {bytes | {seconds } auto_encryption_algorithm {None | DES | 3DES | AES-128 | AES-192 | AES-256} auto_authentication_algorithm {MD5 | SHA-1} auto_enable_pfskeygroup {N | Y {auto_dh_group {Group1_768_bit | Group2_1024_bit | Group5_1536_bit}}} auto_select_ike_policy
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated words) Keyword to Select or Parameter to Type IPv4 or IPv6 general_ip_version Description If the general_remote_end_point_type keyword is set to IP-Address, specifies the IP address version for the remote endpoint, local address information, and remote address information: • IPv4.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated words) Keyword to Select or Parameter to Type Description general_remote_end_point ipv6_adress ipv6-address If the general_remote_end_point_type keyword is set to IP-Address, and if the general_ip_version keyword is set to IPv6, the IPv6 address of the remote endpoint. general_enable_netbios Y or N Enables or disables NetBIOS broadcasts to travel over the VPN tunnel.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated words) Keyword to Select or Parameter to Type Description general_keep_alive_failue_count The maximum number of keep-alive request failures before the wireless VPN firewall tears down the connection and then attempts to reconnect to the peer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated words) Keyword to Select or Parameter to Type Description general_local_end_address ipaddress If the general_local_network_type keyword is set to RANGE, and if the general_ip_version keyword is set to IPv4, specifies the local IPv4 end address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated words) Keyword to Select or Parameter to Type Description Traffic selector settings—Remote address information general_remote_network_type ANY, SINGLE, RANGE, or SUBNET Specifies the address or addresses that are part of the VPN tunnel on the remote end: • ANY. All computers and devices on the network. • SINGLE. A single IP address on the network.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated words) Keyword to Select or Parameter to Type Description general_remote_subnet_mask subnet mask If the general_remote_network_type keyword is set to SUBNET, and if the general_ip_version keyword is set to IPv4, specifies the subnet mask.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated words) Keyword to Select or Parameter to Type Description Manual policy settings—Outbound policy manual_spi_out number The Security Parameters Index (SPI) for the outbound policy as an hexadecimal value between 3 and 8 characters. manual_authentication_algorithm MD5 or SHA-1 Specifies the authentication algorithm to negotiate the security association (SA): • SHA-1.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword (might consist of two separate Associated words) Keyword to Select or Parameter to Type Description auto_authentication_algorithm MD5 or SHA-1 Specifies the authentication algorithm to negotiate the security association (SA): • SHA-1. Hash algorithm that produces a 160-bit digest. • MD5. Hash algorithm that produces a 128-bit digest. auto_enable_pfskeygroup Y or N Enables or disables Perfect Forward Secrecy (PFS).
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn ipsec vpnpolicy delete This command deletes a VPN policy by specifying the name of the VPN policy. Format vpn ipsec vpnpolicy delete Mode vpn Related show command: show vpn ipsec vpnpolicy setup vpn ipsec vpnpolicy disable This command disables a VPN connection by specifying the name of the VPN policy.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn ipsec vpnpolicy drop This command terminates an active VPN connection by specifying the name of the VPN policy. Format vpn ipsec vpnpolicy drop Mode vpn Related show command: show vpn ipsec vpnpolicy setup and show vpn ipsec vpnpolicy status IPSec VPN Mode Config Commands vpn ipsec mode_config configure This command configures a Mode Config record.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N pfs_key_group {N | Y {dh_group {Group1_768_bit | Group2_1024_bit | Group5_1536_bit}}} sa_lifetime_type {Seconds {sa_lifetime } | KBytes {sa_lifetime }) encryption_algorithm {None | DES | 3DES | AES-128 | AES-192 | AES-256} integrity_algorithm {MD5 | SHA-1} local_ip local_subnet_mask Mode vpn-config [modeConfig] Keyword Associated Keyword to Description Select or Parameter to Type Client pool first_pool_sta
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type sa_lifetime_type Seconds or KBytes Specifies whether the sa_lifetime keyword is set in seconds or Kbytes. sa_lifetime seconds or number Depending on the setting of the sa_lifetime_type keyword, the SA lifetime in seconds or in KBytes.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn ipsec modeConfig delete This command deletes a Mode Config record by specifying its record name. Format vpn ipsec modeConfig delete Mode vpn Related show command: show vpn ipsec mode_config setup SSL VPN Portal Layout Commands vpn sslvpn portal-layouts add This command configures a new SSL VPN portal layout.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type banner_title banner name The banner title (alphanumeric string). Place text that consists of more than one word between quotes. banner_message message text The banner message (alphanumeric string). Place text that consists of more than one word between quotes. display_banner Y or N Specifies whether or not the banner message is displayed.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Step 2 Format vpn sslvpn portal-layouts edit Mode vpn Format portal_name portal_title banner_title banner_message display_banner {Y | N} enable_httpmetatags {Y | N} enable_activex_web_cache_cleaner {Y | N} enable_vpntunnel {Y | N} enable_portforwarding {Y | N} Mode [portal-settings] Keyword Associated Keyword to Description Select or Parameter to Type portal_name po
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn portal-layouts delete This command deletes an SSL VPN portal layout by specifying its row ID. Format vpn sslvpn portal-layouts delete Mode vpn Related show command: show vpn sslvpn portal-layouts SSL VPN Authentication Domain Commands vpn sslvpn users domains add This command configures a new authentication domain that is not limited to SSL VPN users.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type authentication_type LocalUserDatabase, Radius-PAP, Radius-CHAP, Radius-MSCHAP, Radius-MSCHAPv2, WIKID-PAP, WIKID-CHAP, MIAS-PAP, MIAS-CHAP, NTDomain, ActiveDirectory, or LDAP The authentication method that is applied to the domain: • For all selections with the exception of LocalUserDatabase, you need to issue the authentication_server1 keyword and specify an IP address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users domains edit This command configures an existing authentication domain that is not limited to SSL VPN users. After you have issued the vpn sslvpn users domains edit command to specify the row to be edited, you enter the users-config [domains] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type authentication_type LocalUserDatabase, Radius-PAP, Radius-CHAP, Radius-MSCHAP, Radius-MSCHAPv2, WIKID-PAP, WIKID-CHAP, MIAS-PAP, MIAS-CHAP, NTDomain, ActiveDirectory, or LDAP The authentication method that is applied to the domain: • For all selections with the exception of LocalUserDatabase, you need to issue the authentication_server1 keyword and specify an IP address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N SSL VPN Authentication Group Commands vpn sslvpn users groups add This command configures a new authentication group that is not limited to SSL VPN users. After you have issued the vpn sslvpn users groups add command, you enter the users-config [groups] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Step 2 Format vpn sslvpn users groups edit Mode vpn Format domain_name group_name idle_timeout Mode users-config [groups] Keyword Associated Description Parameter to Type domain_name domain name The domain name (alphanumeric string) to which the group belongs. Note: For information about configuring domains, see SSL VPN Authentication Domain Commands.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 1 Step 2 Format vpn sslvpn users users add Mode vpn Format user_name user_type {SSLVPNUser | Administrator | Guest | IPSECVPNUser | L2TPUser} group password confirm_password idle_timeout Mode users-config [users] Keyword Associated Keyword to Select Description or Parameter to Type user_name user name user_type SSLVPNUser, Administrator, The user type.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users edit This command configures an existing user account. The command is not limited to SSL VPN users. After you have issued the vpn sslvpn users users edit command to specify the row to be edited, you enter the users-config [users] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users delete This command deletes a user account by specifying its row ID. Format vpn sslvpn users users delete Mode vpn Related show command: show vpn sslvpn users users vpn sslvpn users users login_policies This command configures the login policy for a user. The command is not limited to SSL VPN users.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users ip_policies configure This command configures source IP addresses from which a user is either allowed or denied access. The command is not limited to SSL VPN users.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type source_address_type IPAddress or IPNetwork The source address type: • IPAddress. A single IP address. The setting of the ip_version keyword determines whether you need to issue the source_address keyword and specify an IPv4 address or issue the source_address6 keyword and specify an IPv6 address. • IPNetwork. A subnet of IP addresses.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users users ip_policies delete This command deletes a source IP address for a user by specifying the row ID of the table. Format vpn sslvpn users ip_policies delete Mode vpn Related show command: show vpn sslvpn users users and show vpn sslvpn users ip_policies vpn sslvpn users users browser_policies This command configures the client browsers from which a user is either allowed or denied access.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type delete_browser InternetExplorer, NetscapeNavigator, Opera, Firefox, Mozilla Removes a browser from the browser list (after you first have added the browser to the browser list). enable_or_disable_login_from_defined_browsers Y or N Specifies whether access through the browsers on the browser list is allowed or denied: • Yes.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Description Parameter to Type server_ip ipaddress The IP address of the local server that hosts the application. port number The TCP port number of the local server that hosts the application. Command example: FVS318N> vpn sslvpn portforwarding appconfig add [portforwarding-settings]> server_ip 192.168.51.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Description Parameter to Type server_ip ipaddress The IP address of the local server that hosts the application. Note: The IP address needs to be the same as the IP address that you assigned through the vpn sslvpn portforwarding appconfig add command for the same application. domain_name domain name The domain name for the local server that hosts the application.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format enable_full_tunnel {Y | N} dns_suffix primary_dns secondary_dns begin_client_address end_client_address Mode [sslvpn-client-ipv4-settings] Keyword Associated Keyword to Description Select or Parameter to Type enable_full_tunnel Y or N Enables or disables full-tunnel support: • Yes. Enables full-tunnel support. • No.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn client ipv6 This command configures the SSL client IP address range. After you have issued the vpn sslvpn client ipv6 command, you enter the [sslvpn-client-ipv6-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn route add This command configures a static client route to a destination network. After you have issued the vpn sslvpn route add command, you enter the [sslvpn-route-settings] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer. Note: When full-tunnel support is enabled, client routes are not operable.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N [sslvpn-route-settings]> subnet_mask 255.255.255.254 [sslvpn-route-settings]> save Related show command: show vpn sslvpn route vpn sslvpn route delete This command deletes a client route by specifying its row ID. Format vpn sslvpn route delete Mode vpn Related show command: show vpn sslvpn route SSL VPN Resource Commands vpn sslvpn resource add This command adds a new resource.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: FVS318N> vpn sslvpn resource add [sslvpn-resource-settings]> resource_name TopSecure [sslvpn-resource-settings]> service_type PortForwarding [sslvpn-resource-settings]> save Related show command: show vpn sslvpn resource vpn sslvpn resource delete This command deletes a resource by specifying its row ID.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N For an IP network: ip_version {IPv4 {object_address } {mask_length } | IPv6 {object_address6 } {mask_length }} start_port end_port Mode [sslvpn-resource-settings] Keyword Associated Keyword to Description Select or Parameter to Type object_type IPAddress or IPNetwork The source address type for the object: • IPAddress. A single IP address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type mask_length subnet mask length or prefix length The nature of this keyword and parameter depend on the setting of the ip_version and object_type keywords: • If the ip_version keyword is set to IPv4 and the object_type keyword is set to IPNetwork, the subnet mask length of the IPv4 network.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Step 2 Format policy_name policy type {Global | Group {policy_owner } | User {policy_owner }} destination_object_type {NetworkResource | IPAddress | IPNetwork | All} In addition to a policy name, policy type, and destination object type, configure the following for a network resource: ip_version {IPv4 | IPv6} resource_name policy_permission {Permit | Deny} In addition to a policy name, policy type,
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type policy_name policy name The policy name (alphanumeric string). policy_type Global, Group, or User The SSL VPN policy type: • Global. The policy is global and includes all groups and users. • Group. The policy is limited to a single group. For information about how to create groups, see SSL VPN Authentication Group Commands.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type destination_object_type NetworkResource, IPAddress, IPNetwork, or All The policy destination type, which determines how the policy is applied, and, in turn, which keywords you need to issue to specify the policy: • NetworkResource. The policy is applied to an existing IPv4 or IPv6 resource.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type destination_object_type NetworkResource, IPAddress, IPNetwork, or All (continued) • IPNetwork. The policy is applied to an IPv4 or IPv6 network address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type ip_version IPv4 or IPv6 The IP version that applies to the policy: • IPv4. The policy is for an IPv4 network resource, IPv4 address, IPv4 network, or for all IPv4 addresses. For an IP address or IP network, you need to issue the policy_address keyword and specify an IPv4 address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N [sslvpn-policy-settings]> [sslvpn-policy-settings]> [sslvpn-policy-settings]> [sslvpn-policy-settings]> [sslvpn-policy-settings]> [sslvpn-policy-settings]> [sslvpn-policy-settings]> [sslvpn-policy-settings]> [sslvpn-policy-settings]> [sslvpn-policy-settings]> [sslvpn-policy-settings]> [sslvpn-policy-settings]> [sslvpn-policy-settings]> [sslvpn-policy-settings]> [sslvpn-policy-settings]> policy_type Global destination_object_type NetworkResource resour
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N In addition to a policy name, policy type, and destination object type, configure the following for an IP address: ip_version {IPv4 {policy_address } | IPv6 {policy_address6 }} start_port end_port service_type {VPNTunnel | PortForwarding | All} policy_permission {Permit | Deny} In addition to a policy name, policy type, and destination object type, configure the following for an IP network: ip_versio
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type policy_owner group name or user name destination_object_type NetworkResource, IPAddress, IPNetwork, or All The owner of the policy depends on the setting of the policy_type keyword: • Group. Specify the group name to which the policy applies. • User. Specify the user name to which the policy applies. Note: You cannot change an existing destination object type.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type destination_object_type NetworkResource, IPAddress, IPNetwork, or All (continued) • IPNetwork. The policy is applied to an IPv4 or IPv6 network address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type ip_version IPv4 or IPv6 The IP version that applies to the policy: • IPv4. The policy is for an IPv4 network resource, IPv4 address, IPv4 network, or for all IPv4 addresses. For an IP address or IP network, you need to issue the policy_address keyword and specify an IPv4 address.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Command example: See the command example for the vpn sslvpn policy add command. Related show command: show vpn sslvpn policy vpn sslvpn policy delete This command deletes an SSL VPN policy by specifying its row ID. Format vpn sslvpn policy delete Mode vpn Related show command: show vpn sslvpn policy RADIUS Server Command vpn radius configure This command configures a RADIUS server.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Keyword Associated Keyword to Description Select or Parameter to Type Primary RADIUS server enable Y or N Specifies whether or not the primary RADIUS server is enabled. radius-server ipaddress The IPv4 address of the primary RADIUS server. secret secret The secret phrase (alphanumeric string) for the primary RADIUS server. nas_identifier identifier The NAS ID for the primary RADIUS server.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N L2TP Server Commands vpn l2tp server configure This command configures the L2TP server. After you have issued the vpn l2tp server configure command, you enter the l2tp-server-config [policy] mode, and then you can configure one keyword and associated parameter or associated keyword at a time in the order that you prefer.
8. Overview of the Show Commands 8 This chapter provides an overview of all show commands for the five configuration command modes.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 14. Show commands: show net mode (continued) Submode Command Name Purpose show net lan dhcp reserved_ip setup Display information about the DHCP clients, including the assigned (reserved) IP addresses. show net lan ipv4 advanced setup Display the advanced IPv4 LAN configuration. show net lan ipv4 detailed setup Display the detailed configuration for a VLAN.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Security Settings (Security Mode) Show Commands Enter the show security ? command at the CLI prompt to display the categories of show commands in the security mode. The following table lists the commands in alphabetical order: Table 15. Show commands: show security mode Submode address_filter Command Name Purpose show security address_filter enable_email_log Display the configuration of the IP/MAC binding log.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 15. Show commands: show security mode (continued) Submode Command Name Purpose firewall (continued) show security firewall session_limit Display the session limit settings. show security firewall session_settings Display the session time-out settings. show security porttriggering_rules setup Display the port triggering rules. show security porttriggering_rules status Display the port triggering status.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 16. Show commands: show system mode (continued) Submode Command Name Purpose time show system time setup Display the time configuration and the configuration of the NTP server. traffic_meter show system traffic_meter setup Display the configuration of the traffic meter and the Internet traffic statistics.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Table 18. Show commands: show vpn mode (continued) Submode Command Name Purpose show vpn ipsec vpnpolicy setup ipsec (continued) show vpn ipsec vpnpolicy status Display the IPSec VPN policies. Display status information about the active and nonactive IPSec VPN policies. show vpn l2tp server connections Display the users that are connected through the L2TP server. show vpn l2tp server setup Display the configuration of the L2TP server.
9. Show Commands 9 This chapter explains the show commands and associated parameters for the five configuration command modes.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net wan mode This command displays the WAN mode configuration: WAN MODE Setup ______________ Routing Mode: NAT IP Mode: IPv4/IPv6 mode show net wan port_setup This command displays the configuration of the WAN port: WAN Port Setup ______________ MTU Type: Default Port Speed: Auto Sense Router's MAC Address: Use Default Address show net wan wan1 ipv4 setup This command displays the IPv4 WAN configuration: Broadband Setup _______________ STAT
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net wan wan1 ipv4 status This command displays the IPv4 WAN connection status: WAN Status __________ MAC Address: AA:AB:BB:00:00:02 IPv4 Address: 10.139.54.228 / 255.255.255.248 Wan State: UP NAT (IPv4 only): Enabled IPv4 Connection Type: STATIC IPv4 Connection State: Connected Link State: LINK UP Gateway: 10.139.54.225 Primary DNS: 10.80.130.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IPv6 Mode and IPv6 Tunnel Show Commands show net ipv6 ipmode setup This command displays the IPv6 routing mode configuration: IP MODE _______ IPv4 only mode : Disabled IPv4/IPv6 mode : Enabled show net ipv6_tunnel setup This command displays the IPv6 tunnel configuration: IPv6 Tunnels ____________ 6 to 4 Tunneling Automatic Tunneling is Enabled List of Available ISATAP Tunnels ROW ID LocalEndpoint ISATAP Subnet Prefix ______ _____________ ____________
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net lan dhcp logs This command displays the LAN DHCP log: Jan 1 00:02:26 FVS318N local7.info dhcpd: Sending on LPF/bdg1/aa:ab:bb:00:00:01/192.168.1.0/24 Jan 1 00:02:26 FVS318N local7.info dhcpd: Sending on Socket/fallback/fallback-net Jan 1 00:02:34 FVS318N local7.info dhcpd: Wrote 0 leases to leases file. Jan 1 00:02:34 FVS318N local7.info dhcpd: Listening on LPF/bdg1/aa:ab:bb:00:00:01/192.168.1.0/24 Jan 1 00:02:34 FVS318N local7.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N VLAN Profiles _____________ Status _______ Enabled Enabled Enabled Profile Name ____________ Default Sales Marketing VLAN Id _______ 1 20 40 IPv4 Address ____________ 192.168.1.1 192.168.70.1 192.168.90.5 Subnet Mask _______________ 255.255.255.0 255.255.255.0 255.255.255.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net ethernet {interface name | all} This command displays the MAC address and VLAN status for a single or all Ethernet interfaces: FVS318N> show net ethernet eth1 MAC Address: AA:AB:BB:00:00:02 VLAN ID: 1 Interface Name: eth1 VLAN Enabled: N Native VLAN: N FVS318N> show net ethernet all Ethernet Interfaces ___________________ VLAN ID Interface Name VLAN Enabled Native VLAN _______ ______________ ____________ ___________ 1 eth0 N N 1 eth1 N
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net lan lan_groups This command displays the LAN groups: Row ID : Group Name ___________________ 1 GROUP1 2 GROUP2 3 GROUP3 4 GROUP4 5 Management 6 SalesEMEA 7 SalesAmericas 8 GROUP8 show net lan ipv4 multiHoming This command displays the LAN secondary IP addresses: IPv4 LAN Multi-homing _____________________ Available Secondary LAN IPs :______________________________ Row Id IP Address Subnet Mask ______ ______________ __________
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N DHCP Status: Enable DHCPv6 Server DHCP Mode: Stateless Domain Name: netgear.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net lan ipv6 multiHoming This command displays the LAN secondary IPv6 addresses: IPv6 LAN Multi-homing _____________________ Available Secondary LAN IPs :______________________________ Row Id: 1 IPv6 Address: 2001:db8:3000::2192 Prefix Length: 10 DMZ Show Commands show net dmz ipv4 setup This command displays the IPv4 DMZ configuration: DMZ Setup _________ DMZ Disabled.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net radvd dmz setup This command displays the DMZ RADVD configuration: Router Advertisement Daemon ( RADVD ) _____________________________________ RADVD Status: Enabled Advertise Mode: Unicast only Advertise Interval: 30 RA Flags Managed: Disabled Other: Enabled Router Preference: High MTU: 1500 Router Lifetime: 7200 Seconds List of Available Prefixes to Advertise _______________________________________ ROW ID IPv6 Prefix IPv6 Prefix Length Life T
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Not Valid After: 2011/12/31@23:59:59 Second Key Parameters MD5 Key Id: 2 MD5 Auth Key: ***** Not Valid Before: 2011/12/31@24:00:00 Not Valid After: 2012/03/31@23:59:59 show net routing static ipv4 setup This command displays the IPv4 static routes configuration: Name Destination Gateway Interface Metric Active Private ---- ----------- ------- --------- ------ ------- ------- Orly 10.118.215.178 10.192.44.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Mcast: 0 Coll: 0 FVS318N> show net statistics all Interface Statistics ____________________ IFACE PktRx PktTx ByteRx ByteTx ErrRx ErrTx DropRx DropTx Mcast Coll _____ ______ ______ ________ ________ _____ _____ ______ ______ _____ ____ eth0 20802 31569 2148358 38409384 0 0 0 0 0 0 eth1 359059 186965 61156441 28586367 0 0 0 0 0 0 Security Settings (Security Mode) Show Commands This section contains the following subsections: • Ser
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Schedules Show Command show security schedules setup This command displays the configured schedules: Schedules _________ List of Available Schedules ROW ID Name Days Start Time End Time ______ _________ _________________________ __________ ________ 1 schedule1 Monday, Wednesday, Friday 07:15 AM 06:30 PM 2 schedule2 All Days 12:00 AM 11:59 PM 3 schedule3 All Days 12:00 AM 12:00 AM Firewall Rules Show Command show security firewall ipv4 set
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Destination: Broadband Bandwidth Profile: NONE Log: Never show security firewall ipv4 setup dmz_wan This command displays the configured IPv4 DMZ WAN firewall rules: Default Outbound Policy for IPv4 : Allow Always DMZ WAN Outbound Rules. _______________________ ROWID: 105 Status: Enabled Service Name: FTP Filter: ALLOW by schedule,otherwise block DMZ User: Any WAN User: Any Priority: Maximize-Reliability Log: Never DMZ WAN Inbound Rules.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N DMZ User: 176.16.2.65 - 176.16.2.85 Log: Never LAN DMZ Inbound Rules. ______________________ ROWID: 101 Status: Enabled Service Name: SSH:UDP Filter: BLOCK by schedule,otherwise allow DMZ User: 176.16.2.211 LAN User: 192.168.4.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security firewall attack_checks setup ipv4 This command displays which WAN and LAN security checks are enabled for IPv4: Attack Checks _____________ WAN Security Checks: _____________________ Respond to ping on Wan : Yes Enable Stealth mode : Yes Block TCP Flood : Yes LAN Security Checks: _____________________ Block UDP Flood : Yes Disable Ping Reply on LAN Ports : No show security firewall attack_checks setup ipv6 This command displays
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Session Limits Show Commands show security firewall session_limit This command displays the session limit settings: Session Settings ________________ Session Limit Enable: Enabled Connection Limit Type: 1 User Connection Limit: 6 TCP Session Timeout Duration: 1800(Secs) UDP Session Timeout Duration: 120(Secs) ICMP Session Timeout Duration: 60(Secs) show security firewall session_settings This command displays the session time-out settings:
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Address Filter Show Commands show security address_filter enable_email_log This command displays the configuration of the IP/MAC binding log: Email logs for IP/MAC binding violation _______________________________________ Email logs for IP/MAC binding violation: Enabled Email logs for IP/MAC binding violation IPv6 ____________________________________________ Email logs for IP/MAC binding violation: Disabled show security address_filter ip_or_mac_bind
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Port Triggering Show Commands show security porttriggering_rules setup This command displays the port triggering rules: Port Triggering _______________ List of Available Port Triggering Rules _______________________________________ ROW ID: 1 Name: AccInq Enable: Yes Type: TCP Interface: LAN Outgoing Start Port: 20020 Outgoing End Port: 20022 Incoming Start Port: 30030 Incoming End Port: 30040 show security porttriggering_rules status This command disp
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security upnp setup This command displays the UPnP configuration: UPnP configuration __________________ Advertisement Period: 30 Advertisement Time To Live: 4 Bandwidth Profiles Show Command show security bandwidth profile setup This command displays the configured bandwidth profiles: List of Available Bandwidth Profiles ____________________________________ ROW ID ______ 1 2 Name ________ BW1 BW_Sales Direction _______________ Outbound Both Dir
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security content_filter block_group This command displays the groups for which content filtering is enabled: Blocked Groups ______________ List of Blocked Groups Blocked Groups: Unblocked Groups : GROUP1, GROUP2, GROUP3, GROUP4, Management, SalesEMEA, SalesAmericas, GROUP8 show security content_filter blocked_keywords This command displays the keywords that are blocked: Blocked Keywords ________________ List of available Blocked Keywords ROW ID B
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Administrative and Monitoring Settings (System Mode) Show Commands This section contains the following subsections: • Remote Management Show Command • SNMP Show Commands • Time Show Command • Firmware Version Show Command • Status Show Command • Traffic Meter Show Command • Logging Configuration Show Commands • Logs Show Commands Note: The VPN logs and RADIUS logs are part of the VPN Mode show commands (see VPN Settings (VPN Mode) Show
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N SNMP Show Commands show system snmp trap [agent ipaddress] This command displays the SNMP trap configuration of an SNMP agent: Trap Agent IP Address _____________________ IP Address: 10.118.33.245 Subnet Mask: 255.255.255.255 Port: 162 Community: public show system snmp sys This command displays the SNMP system configuration of the wireless VPN firewall: SNMP System Configuration _________________________ SysContact: AdminFVS@netgear.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Firmware Version Show Command show system firmware_version This command displays the firmware version: Firmware Version : 4.1.1-8 Status Show Command show system status This command displays the system status (also referred to as router status) information: System Info ___________ System Name: FVS318N Firmware Version: 4.1.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N IP Address: 192.168.90.5 Subnet Mask: 255.255.255.128 DHCP Status: Disabled Lan Port 4 Information ______________________ VLAN Profile: Default VLAN ID: 1 MAC Address: E0:46:9A:1D:1A:9C IP Address: 192.168.1.1 Subnet Mask: 255.255.255.0 DHCP Status: Enabled Lan Port 5 Information ______________________ VLAN Profile: Sales VLAN ID: 20 MAC Address: E0:46:9A:1D:1A:9C IP Address: 192.168.70.1 Subnet Mask: 255.255.255.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N VLAN Profile: Default VLAN ID: 1 MAC Address: E0:46:9A:1D:1A:9C IP Address: 192.168.1.1 Subnet Mask: 255.255.255.0 DHCP Status: Enabled Broadband Information _____________________ MAC Address: AA:AB:BB:00:00:02 IPv4 Address: 10.139.54.228 / 255.255.255.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Traffic Meter Show Command show system traffic_meter setup This command displays the configuration of the traffic meter and the Internet traffic statistics: Enable Traffic Meter ____________________ Traffic Meter is Enabled Limit Type Download only Monthly Limit in (MB): 150000 Increase this month limit: Enabled Increase limit by in (MB): 50000 This month limit: Traffic Counter ________________ Traffic Counter: Specific Time Restart Time (HH/MM-Day of
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Logging Configuration Show Commands show system logging setup This command displays the configuration of the IPv4 and IPv6 logs: Logging Config ______________ Routing Logs ____________ LAN to WAN __________ Accepted Packets: Disabled Dropped Packets: Disabled WAN to LAN __________ Accepted Packets: Disabled Dropped Packets: Disabled DMZ to WAN __________ Accepted Packets: Disabled Dropped Packets: Disabled WAN to DMZ __________ Accepted Pac
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N ___________ Change of time by NTP: Disabled Login attempts: Enabled Secure Login attempts: Enabled Reboots: Enabled All Unicast Traffic: Disabled All Broadcast/Multicast Traffic: Disabled WAN Status: Disabled Resolved DNS Names: Disabled VPN Logs: Disabled DHCP Server: Disabled Other Event Logs ________________ Source MAC Filter: Disabled Session Limit: Disabled Bandwidth Limit: Disabled show system logging remote setup This c
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Syslog Server: Disabled Logs Show Commands show system logs This command displays the system logs (the following example shows only part of the command output): Wed Dec 7 14:06:23 2011(GMT) [FVS318N][System][NTP] Looking Up time-g.netgear.com Wed Dec 7 14:06:25 2011(GMT) [FVS318N][System][NTP] Requesting time from time-g .netgear.com Wed Dec 7 14:06:26 2011(GMT) [FVS318N][System][NTP] Synchronized time with time -g.netgear.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N wireless MAC[0] : e0469a1d1aae wireless MAC[1] : e0469a1d1aaf wireless MAC[2] : e0469a1d1ab0 wireless MAC[3] : e0469a1d1ab1 vlan[0] MAC : e0469a1d1a9f vlan[1] MAC : e0469a1d1aa0 vlan[2] MAC : e0469a1d1aa1 vlan[3] MAC : e0469a1d1aa2 vlan[4] MAC : e0469a1d1aa3 vlan[5] MAC : e0469a1d1aa4 vlan[6] MAC : e0469a1d1aa5 vlan[7] MAC : e0469a1d1aa6 vlan[8] MAC : e0469a1d1aa7 vlan[9] MAC : e0469a1d1aa8 vlan[10] MAC : e0469a1d1aa9 vlan[11] MAC : e0469a1d1aaa vlan[1
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Wireless Settings (Dot11 Mode) Show Commands This section contains the following subsections: • Radio Show Command • Profile Show Commands • Wireless Statistics Commands Radio Show Command show dot11 radio This command displays the configuration information for the radio: Radio Configuration ___________________ Region: North America Country: US Operating Frequency: 2.4 GHz Mode: n only Channel Spacing: 20/40 MHz Current Channel: 9-2.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Profile Show Commands show dot11 profile [profile name] This command displays basic information for all profiles or basic and advanced information for a specified profile: • All profiles: FVS318N> show dot11 profile Status ________ Enabled Disabled • Profile Name ____________ default1 1st_Floor SSID _________ FVS318N_1 WorkToDo Broadcast _________ Y Y Security ________ WPA+WPA2 WPA+WPA2 Encryption __________ TKIP+CCMP TKIP+CCMP Authentication _
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N PktTx: 0 ByteRx: 0 ByteTx: 0 ErrRx: 0 ErrTx: 0 DropRx: 0 DropTx: 11301 MCast: 0 #Coll: 0 Connected Clients _________________ show dot11 acl This command displays the ACL policy and MAC addresses for the specified profile: Default ACL Policy __________________ ACL Policy Status: Allow List of MAC Address ___________________ _________________ a1:23:04:e6:de:bb c2:ee:d2:10:34:fe show dot11 wps This command displays the WPS configuration:
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Wireless Statistics Commands show dot11 statistics This command displays the cumulative wireless traffic statistics for all wireless profiles (note that the profiles are indicated by ap1, ap2, ap3, and so on): Wireless Statistics ___________________ AP Name Radio PktRx PktTx ByteRx ByteTx ErrRx ErrTx DropRx DropTx MCast #coll _______ _____ _____ _____ ______ ______ _____ _____ ______ ______ _____ _____ ap1 1 0 0 0 0 0 0 0 83 0 0 ap2 1 0
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn ipsec vpnpolicy setup This command displays the IPSec VPN policies: Status _______ Enabled Enabled Name _________________ FVS318N-to-Peer44 FVS-to-Paris Type ___________ Auto Policy Auto Policy IPSec Mode ___________ Tunnel Mode Tunnel Mode Local ______________________________________ 2002:408b:36e4:a:a8ab:bbff:fe00:1 / 64 192.168.1.0 / 255.255.255.0 Remote ______________________________ fe80::a4bb:ffdd:fe01:2 / 64 192.168.50.0 / 255.255.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Tue Apr 10 12:27:25 2012 (GMT -0700): [FVS318N] [IKE] INFO: Informational Exchange: notify payload[10637] Sending SSL VPN Show Commands show vpn sslvpn client This command displays the SSL VPN client ranges and configurations: SSL VPN Client(IPv4) ____________________ Enable Full Tunnel Support: No DNS Suffix: Primary DNS Server: 192.168.10.5 Secondary DNS Server: 192.168.10.6 Client Address Range Begin: 192.168.200.50 Client Address Range End: 192.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Sat Dec 10 14:20:10 2011(GMT) [FVS318N][System][SSLVPN] SSL_INFO :user admin2 is Logged-Out successfully from host 10.116.205.103 Sat Dec 10 18:04:50 2011(GMT) [FVS318N][System][SSLVPN] SSL_INFO : Login Successful for Local Admin user admin2 from host 10.116.205.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn portforwarding appconfig This command displays the SSL VPN port forwarding application configuration: Port Forwarding Application Configuration _________________________________________ Row Id Server IP Port ______ ______________ ____ 1 192.168.51.227 3389 2 192.168.51.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn resource-object This command displays the detailed configuration for the specified resource object: RESOURCE OBJECTS ________________ Row Id: 1 Object Type: IP Network Object Address: 192.168.30.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn users groups This command displays the group configurations: List of Groups ______________ Row_Id Name Domain ______ _______________ ______________ 1 geardomain* geardomain 2 Headquarter Headquarter 3 Sales Headquarter 4 LevelI_Support LevelI_Support 5 TEST TEST show vpn sslvpn users users This command displays the user account configurations: List of Users _____________ Row_Id User Name Group Type Authentication Dom
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn users ip_policies Note: The row ID refers to the List of Users table in the output of the show vpn sslvpn users users command. This command displays the login restrictions based on IP addresses for the specified user: User Ip Policies ________________ User Name: PeterBrown Allow Login from Defined Address: Yes Ip Addresses ____________ Row_Id: 1 Source Address Type: IP Address Network/IP Address: 10.156.127.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show vpn sslvpn users active_users This command displays the active SSL VPN users: UserName: : admin GroupName: : geardomain LoginAddress: : 74.116.205.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N L2TP Server Show Commands show vpn l2tp server setup This command displays the configuration of the L2TP server: L2TP Server Configuration _________________________ L2TP Server Status: Enabled L2TP Starting IP Address: 192.168.112.1 L2TP server Ending IP Address: 192.168.112.
10. Utility Commands 10 This chapter explains the configuration commands, keywords, and associated parameters in the Util mode. The chapter includes the following sections: • Overview Util Commands • Firmware Backup, Restore, and Upgrade Commands • Diagnostic Commands Overview Util Commands Enter the util ? command at the CLI prompt to display the description of the utility commands in the util mode. The following table lists the commands in alphabetical order: Table 19.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N Firmware Backup, Restore, and Upgrade Commands util backup_configuration This command backs up the configuration file of the wireless VPN firewall to a TFTP server. Format util backup_configuration Mode util util upload_configuration This command uploads a previously backed-up configuration file of the wireless VPN firewall from a TFTP server.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N util restore_factory_defaults This command restores the wireless VPN firewall to factory default settings. It takes about 3 minutes for the wireless VPN firewall to come back up. Format util restore_factory_defaults Mode util Diagnostic Commands util dns_lookup This command looks up the IP address of a domain name. Format util dns_lookup Mode util FVS318N> util dns_lookup netgear.com Server: 66.80.130.23 Address 1: 66.80.130.
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N util ping_through_vpn_tunnel This command pings a VPN endpoint IP address with 56 data bytes through a VPN tunnel and displays the ping information. Format util ping_through_vpn_tunnel Mode util FVS318N> util ping_through_vpn_tunnel Pinging 192.168.1.1 from 5 Ping passed 64 bytes from 10.136.24.128: icmp_seq=0 64 bytes from 10.136.24.128: icmp_seq=1 64 bytes from 10.136.24.128: icmp_seq=2 64 bytes from 10.136.24.
CLI Command Index D net radvd configure lan 54 net radvd pool dmz delete 65 net radvd pool dmz edit 64 net radvd pool lan add 55, 63 net radvd pool lan delete 57 net radvd pool lan edit 56 net routing dynamic configure 67 net routing static ipv4 configure 66 net routing static ipv4 delete 67 net routing static ipv4 delete_all 67 net routing static ipv6 configure 70 net routing static ipv6 delete 72 net routing static ipv6 delete_all 72 net wan port_setup configure 28 net wan wan1 ipv4 configure 30 net wan
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show net ipv6 ipmode setup 248 show net ipv6_tunnel setup 248 show net ipv6_tunnel status 248 show net lan available_lan_hosts list 251 show net lan dhcp leased_clients list 248 show net lan dhcp logs 249 show net lan dhcp reserved_ip setup 249 show net lan ipv4 advanced setup 251 show net lan ipv4 detailed setup 250 show net lan ipv4 multiHoming 252 show net lan ipv4 setup 249 show net lan ipv6 multiHoming 254 show net lan ipv6 setup 252 show net lan
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N show security porttriggering_rules setup 264 show security porttriggering_rules status 264 show security schedules setup 258 show security services setup 257 show security upnp portmap 264 show security upnp setup 265 show sysinfo 275 show system firmware_version 269 show system logging remote setup 274 show system logging setup 273 show system logs 275 show system remote_management setup 267 show system snmp sys 268 show system snmp trap 268 show syst
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N vpn sslvpn users domains add 204 vpn sslvpn users domains delete 207 vpn sslvpn users domains edit 206 vpn sslvpn users groups add 208 vpn sslvpn users groups delete 209 vpn sslvpn users groups edit 208 vpn sslvpn users users add 209 vpn sslvpn users users browser_policies 215 vpn sslvpn users users delete 212 vpn sslvpn users users edit 211 vpn sslvpn users users ip_policies configure 213 vpn sslvpn users users ip_policies delete 215 vpn sslvpn users
