- DL manuals
- D-Link
- Network Hardware
- DFL-1600 - Security Appliance
- Cli Reference Manual
D-Link DFL-1600 - Security Appliance Cli Reference Manual
Summary of DFL-1600 - Security Appliance
Page 1
Network security solution http://www.Dlink.Com curity curity cu u u u u u u u u u u u u u u u u u r r r r r r r r r r r r r r r r ity s s s s s s s s s s s s ity ity dfl-210/ 800/1600/ 2500 dfl-260/ 860 ver. 1.03 network security firewall cli reference guide.
Page 2: Cli Reference Guide
Cli reference guide dfl-210/260/800/860/1600/2500 netdefendos version 2.25.01 d-link corporation no. 289, sinhu 3rd rd, neihu district, taipei city 114, taiwan r.O.C. Http://www.Dlink.Com published 2009-04-08 copyright © 2009.
Page 3
Cli reference guide dfl-210/260/800/860/1600/2500 netdefendos version 2.25.01 published 2009-04-08 copyright © 2009 copyright notice this publication, including all photographs, illustrations and software, is protected under interna- tional copyright laws, with all rights reserved. Neither this manu...
Page 4: Table Of Contents
Table of contents preface ................................................................................................................ 9 1. Introduction .....................................................................................................11 1.1. Running a command ...................
Page 5
2.2.30. Ikesnoop ...................................................................................46 2.2.31. Ippool ......................................................................................46 2.2.32. Ipsecglobalstats .......................................................................
Page 6
3.4.8. Alg_tls ..................................................................................88 3.5. Arp ....................................................................................................89 3.6. Blacklistwhitehost ...................................................................
Page 7
3.36.3. Logreceiversmtp ................................................................... 139 3.36.4. Logreceiversyslog .................................................................. 140 3.37. Natpool .......................................................................................... 14...
Page 8: List Of Examples
List of examples 1. Command option notation ................................................................................... 9 1.1. Help for commands ........................................................................................12 1.2. Help for object types ................................
Page 9: Preface
Preface audience the target audience for this reference guide is: • administrators that are responsible for configuring and managing the d-link firewall. • administrators that are responsible for troubleshooting the d-link firewall. This guide assumes that the reader is familiar with the d-link fire...
Page 10
Because the table name option is followed by ellipses it is possible to specify more than one routing table. Since table name is optional as well, the user can specify zero or more policy-based routing tables. Gw-world:/> routes virroute virroute2 notation preface 10
Page 11: Chapter 1. Introduction
Chapter 1. Introduction • running a command, page 11 • help, page 12 • function keys, page 13 • command line history, page 14 • tab completion, page 15 • user roles, page 17 this guide is a reference for all commands and configuration object types that are available in the command line interface for...
Page 12: 1.2. Help
1.2. Help 1.2.1. Help for commands there are two ways of getting help about a command. A brief help is displayed if the command name is typed followed by -? Or -h . This applies to all commands and is therefore not listed in the option list for each command in this guide. Using the help command give...
Page 13: 1.3. Function Keys
1.3. Function keys in addition to the return key there are a number of function keys that are used in the cli. Backspace delete the character to the left of the cursor. Tab complete current word. Ctrl-a or home move the cursor to the beginning of the line. Ctrl-b or left arrow move the cursor one ch...
Page 14: 1.4. Command Line History
1.4. Command line history every time a command is run, the command line is added to a history list. The up and down arrow keys are used to access previous command lines (up arrow for older command lines and down arrow to move back to a newer command line). See also section 2.4.3, “history”. Example ...
Page 15: 1.5. Tab Completion
1.5. Tab completion by using the tab function key in the cli the names of commands, options, objects and object prop- erties can be automatically completed. If the text entered before pressing tab only matches one pos- sible item, e.G. "activate" is the only match for "acti", and a command is expect...
Page 16
Value of that property. This is useful when editing an existing list of items or a long text value. The "" character before a tab can be used to automatically fill in the default value for a parameter if no value has yet been set. If the "." character is used, all possible values will be shown and t...
Page 17: 1.6. User Roles
1.6. User roles some commands and options cannot be used unless the logged in user has administrator priviege. This is indicated in this guide by a note following the command or "admin only" written next to an option. 1.6. User roles chapter 1. Introduction 17.
Page 18
1.6. User roles chapter 1. Introduction 18.
Page 19: 2.1. Configuration
Chapter 2. Command reference • configuration, page 19 • runtime, page 30 • utility, page 69 • misc, page 70 2.1. Configuration 2.1.1. Activate activate changes. Description activate the latest changes. This will issue a reconfiguration, using the new configuration. If the reconfiguration is successf...
Page 20: 2.1.3. Cancel
Example 2.1. Create a new object add objects with an identifier property (not index): gw-world:/> add address ip4address example_ip address=1.2.3.4 comments="this is an example" gw-world:/> add ip4address example_ip2 address=2.3.4.5 add an object with an index: gw-world:/main> add route interface=la...
Page 21: 2.1.4. Cc
Note requires administrator privilege. 2.1.4. Cc change the current context. Description change the current configuration context. A context is a group of objects that are dependent on and grouped by a parent object. Many objects lie in the "root" context and do not have a specific parent. Other obj...
Page 22: 2.1.5. Commit
The property that identifies the configuration object. May not be applicable depending on the specified . Type of configuration object to perform operation on. 2.1.5. Commit save new configuration to media. Description save the new configuration to media. This command can only be issued after a succ...
Page 23: 2.1.7. Pskgen
Options -force force object to be deleted even if it's used by other objects or has children. Category that groups object types. The property that identifies the configuration object. May not be applicable depending on the specified . Type of configuration object to perform operation on. Note requir...
Page 24
All changes made to the object will be lost. If the object is added after the last commit, it will be re- moved. To reject the changes in more than one object, use either the -recursive flag to delete a context and all its children recursively or the -all flag to reject the changes in all objects in...
Page 25: 2.1.9. Reset
Note requires administrator privilege. 2.1.9. Reset reset unit configuration and/or binaries. Description reset configuration or binaries to factory defaults. Usage reset [-configuration] [-unit] options -configuration reset configuration to factory default. -unit reset unit to factory defaults. Not...
Page 26: 2.1.11. Show
Comments=comment_without_whitespace gw-world:/main> set route 1 comment="a route" gw-world:/> set iprule 12 index=1 set properties for an object without identifier: gw-world:/> set dyndnsclientdyndnsorg username=example usage set [] [] [-disable] [-enable] []... Options -disable disable object. This...
Page 27
O the object is disabled. ! The object has errors. + the object is newly created. * the object is modified. Unchanged objects are not indicated by a flag. When listing categories and object types, categories are indicated by [] and types where objects may be contexts by /. Example 2.6. Show objects ...
Page 28: 2.1.12. Undelete
-errors show all errors in the current configuration. -references show all references to this object from other objects. -verbose show error details. Category that groups object types. The property that identifies the configuration object. May not be applicable depending on the specified . Type of c...
Page 29
Note requires administrator privilege. 2.1.12. Undelete chapter 2. Command reference 29.
Page 30: 2.2. Runtime
2.2. Runtime 2.2.1. About show copyright/build information. Description show copyright and build information. Usage about 2.2.2. Alarm show alarm information. Description show list of currently active alarms. Usage alarm [-history] [-active] options -active show the currently active alarms. -history...
Page 31: 2.2.4. Arpsnoop
Arp show all arp entries. Arp -show [] [-ip=] [-hw=] [-num=] show arp entries. Arp -hashinfo [] show information on hash table health. Arp -flush [] flush arp cache of all specified interfaces. Arp -notify= [] [-hwsender=] send gratuitous arp for ip. Options -flush flush arp cache of all specified i...
Page 33: 2.2.7. Blacklist
Options interface to show bigpond information. 2.2.7. Blacklist blacklist. Description block and unblock hosts on the black and white list. Note: static blacklist hosts cannot be unblocked. If -force is not specified, only the exact host with the service, protocol/port and destiny specified is unblo...
Page 34: 2.2.8. Buffers
-dest= destination address to block/unblock (exceptextablished flag is set on). -dynamic show dynamic hosts only. -force unblock all services for the host that matches to options. -info show detailed information. -listtime show time in list (for dynamic hosts). -port= number of the port to block/unb...
Page 35: 2.2.9. Cam
2.2.9. Cam cam table information. Description show information about the cam table(s) and their entries. Usage cam [-num=] [] [-flush] options -flush flush cam table. If interface is specified, only entries using this interface are flushed. (admin only) -num= limit list to entries per cam table. (de...
Page 36: 2.2.12. Connections
2.2.12. Connections list current state-tracked connections. Description list current state-tracked connections. Usage connections -show [-num=] [-verbose] [-srciface=] [-destiface=] [-protocol=] [-srcport=] [-destport=] [-srcip=] [-destip=] list connections. Connections same as "connections -show". ...
Page 37: 2.2.14. Crashdump
Display info about the cpu. Description display the make and model of the machine's cpu. Usage cpuid 2.2.14. Crashdump show the contents of the crash.Dmp file. Description show the contents of the crash.Dmp file, if it exists. Usage crashdump 2.2.15. Dconsole displays the content of the diagnose con...
Page 38: 2.2.16. Dhcp
2.2.16. Dhcp display information about dhcp-enabled interfaces or modify/update their leases. Description display information about a dhcp-enabled interface. Usage dhcp list dhcp enabled interfaces. Dhcp -list list dhcp enabled interfaces. Dhcp -show [] show information about dhcp enabled interface....
Page 39: 2.2.18. Dhcpserver
Dhcprelay -show [-rules] [-routes] []... Show dhcp/bootp relayer ruleset. Dhcprelay -release [-interface=] terminate relayed session. Options -interface= interface. -release terminate relayed session . (admin only) -routes show the currently relayed dhcp sessions. -rules show the dhcp/bootp relayer ...
Page 40: 2.2.19. Dns
-leases show dhcp server leases. -mappings show dhcp server ip mappings. -release={blacklist} release specific type of ips. (admin only) -releaseip release an active ip. (admin only) -rules show dhcp server rules. -show show ruleset. Display filters for leases based on interface/mac/ip (eg. If1 192....
Page 41: 2.2.21. Dynroute
Dnsbl [-show] [] [-clean] options -clean clear dnsbl statistics for alg. -show show dnsbl statistics for alg. Name of smtp alg. 2.2.21. Dynroute show dynamic routing policy. Description show the dynamic routing policy filter ruleset and current exports. In the "flags" field of the dynrouting exports...
Page 43: 2.2.25. Httpposter
Show host monitor statistics. Description show active host monitor sessions. Usage hostmon [-verbose] [-num=] options -num= limit list to entries. (default: 20) -verbose verbose output. 2.2.25. Httpposter display httpposter_urlx status. Description display configuration and status of configured http...
Page 44: 2.2.27. Idppipes
Hwaccel 2.2.27. Idppipes show and remove hosts that are piped by idp. Description show list of currently piped hosts. Usage idppipes -show [-host=] lists hosts for which new connections are piped by idp. Idppipes -unpipe [-all] [-host=] remove piping for the specified host. Idppipes -context show al...
Page 45: 2.2.29. Igmp
Options -allindepth show in-depth information about all interfaces. -filter= filter list of interfaces. -num= limit list to lines. (default: 20) -pbr= only list members of given pbr table(s). -restart stop and restart the interface. (admin only) name of interface. 2.2.29. Igmp igmp interfaces. Descr...
Page 46: 2.2.30. Ikesnoop
-query simulate an incoming igmp query message. -state show the current igmp state. Host ip address. Interface. Multicast address. Router ip address. 2.2.30. Ikesnoop enable or disable ike-snooping. Description turn ike on-screen snooping on/off. Useful for troubleshooting ipsec connections. Usage i...
Page 47: 2.2.32. Ipsecglobalstats
Usage ippool -release [] [-all] forcibly free ip assigned to subsystem. Ippool -show [-verbose] show ip pool information. Options -all free all ip addresses. -release forcibly free ip assigned to subsystem. (admin only) -show show ip pool information. -verbose verbose output. Ip address to free. 2.2...
Page 48: 2.2.34. Ipsecstats
Usage ipseckeepalive [-num=] options -num= maximum number of entries to display (default: 48). 2.2.34. Ipsecstats show the sas in use. Description list the currently active ike and ipsec sas, optionally only showing sas matching the pattern giv- en for the argument "tunnel". Usage ipsecstats [-ike] ...
Page 50: 2.2.38. Linkmon
Description show contents of the license file. Usage license 2.2.38. Linkmon display link montitoring statistics. Description . If link monitor hosts have been configured, linkmon will monitor host reachability to detect link/ nic problems. Usage linkmon 2.2.39. Lockdown enable / disable lockdown. D...
Page 52: 2.2.43. Ospf
-num= maximum number of items to list (default: 20). -verbose verbose (more information). Translated ip. Nat pool name. 2.2.43. Ospf show runtime ospf information. Description show runtime information about the ospf router process(es). Note: -process is only required if there are >1 ospf router proc...
Page 54
Pcapdump show capture status. Pcapdump -start [] [-size=] [-snaplen=] [-count=] [-out] [-out-nocap] [-eth= address>] [-ethsrc=] [-ethdest= address>] [-ip=] [-ipsrc=] [-ipdest=] [-port=] [-srcport=] [-destport=] [-proto=] [-icmp] [-tcp] [-udp] [-promisc] start capture. Pcapdump -stop [] stop capture....
Page 55: 2.2.45. Pipes
-ipdest= destination ip address filter. -ipsrc= source ip address filter. -out realtime packet brief dumped to console. -out-nocap unbuffered (not stored in memory) realtime packet brief dumped to console. -port= tcp/udp port filter. -promisc set iface in promiscuous mode. -proto= ip protocol filter...
Page 56: 2.2.46. Reconfigure
List all pipes. Pipes -users [] [-expr=] list users of a given pipe. Pipes -show [] [-expr=] show pipe details. Options -expr= pipe wildcard(*) expression. -show show pipe details. -users list users of a given pipe. Show pipe details. 2.2.46. Reconfigure initiates a configuration re-read. Descriptio...
Page 57: 2.2.48. Routes
2.2.48. Routes display routing lists. Description display information about the routing table(s): - contents of a (named) routing table. - the list of routing tables, along with a total count of route entries in each table, as well as how many of the entries are single-host routes. Note that "core" ...
Page 59: 2.2.51. Settings
Usage sessionmanager show session manager status. Sessionmanager -status show session manager status. Sessionmanager -list [-num=] list active sessions. Sessionmanager -info show in-depth information about session(s). Sessionmanager -message send message to session with console. Sessionmanager -disc...
Page 60: 2.2.52. Shutdown
Description show the contents of the settings section, category by category. Usage settings show list of categories. Settings show settings in category. Options show settings in category. 2.2.52. Shutdown initiate core or system shutdown. Description initiate restart of the core/system. Usage shutdo...
Page 63: 2.2.56. Sysmsgs
And other performance data. Usage stats 2.2.56. Sysmsgs system messages. Description show contents of the fwloader sysmsg buffer. Usage sysmsgs 2.2.57. Techsupport technical support information. Description generate information useful for technical support. Due to the large amount of output, this co...
Page 64: 2.2.59. Uarules
Display current system time. Time -set set system local time: . Time -sync [-force] synchronize time with timeserver(s) (specified in settings). Options -force force synchronization regardless of the maxadjust setting. -set set system local time: . -sync synchronize time with timeserver(s) (specifie...
Page 67: 2.2.63. Vlan
Ip address for user(s). 2.2.63. Vlan show information about vlan. Description show list of attached virtual lan interfaces, or in-depth information about a specified vlan. Usage vlan [] options display vlan information about this interface. 2.2.64. Vpnstats alias for ipsecstats. 2.2.65. Zonedefense ...
Page 68
-save save the current zonedefense state on all switches. -show show the current block database. -status show the current status of the zonedefense state machine. 2.2.65. Zonedefense chapter 2. Command reference 68.
Page 69: 2.3. Utility
2.3. Utility 2.3.1. Ping ping host. Description sends one or more icmp echo, tcp syn or udp datagrams to the specified ip address of a host. All datagrams are sent preloaded-style (all at once). The data size -length given is the icmp or udp data size. 1472 bytes of icmp data results in a 1500-byte ...
Page 70: 2.4. Misc
2.4. Misc 2.4.1. Echo print text. Description print text to the console. Example 2.12. Hello world echo hello world usage echo []... Options text to print. 2.4.2. Help show help for selected topic. Description the help system contains information about commands and configuration object types. The fa...
Page 72: 2.4.5. Script
Example 2.15. Upload certificate data scp certificate.Cer user@sgw-ip:certificate/certificate_name scp certificate.Key user@sgw-ip:certificate/certificate_name example 2.16. Upload ssh public key data scp sshkey.Pub user@sgw-ip:sshclientkey/sshclientkey_name usage ls [-la] [] [-al] [-long] options -...
Page 73
Create configuration script from specified object, class or category. Script -execute [-verbose] [-force] [-quiet] -name= []... Execute script. Script -show [-all] [-name=] show script in console window. Script -store [-all] [-name=] store a script to persistent storage. Script -remove [-all] [-name...
Page 74
2.4.5. Script chapter 2. Command reference 74.
Page 75
Chapter 3. Configuration reference • access, page 76 • address, page 78 • advancedscheduleprofile, page 81 • alg, page 82 • arp, page 89 • blacklistwhitehost, page 90 • certificate, page 91 • client, page 92 • comportdevice, page 95 • configmodepool, page 96 • datetime, page 97 • device, page 98 • d...
Page 76: 3.1. Access
• ipsecalgorithms, page 134 • ldapdatabase, page 135 • ldapserver, page 136 • localuserdatabase, page 137 • logreceiver, page 138 • natpool, page 141 • ospfprocess, page 142 • pipe, page 147 • piperule, page 150 • psk, page 151 • radiusaccounting, page 152 • radiusserver, page 153 • remotemanagement...
Page 77
Index the index of the object, starting at 1. (identifier) name specifies a symbolic name for the object. Action accept, expect or drop. (default: drop) interface the interface the packet must arrive on for this rule to be carried out. Excep- tion: the expect rule. Network the ip span that the sende...
Page 78: 3.2. Address
3.2. Address this is a category that groups the following object types. 3.2.1. Addressfolder description an address folder can be used to group related address objects for better overview. Properties name specifies a symbolic name for the network object. (identifier) comments text describing the cur...
Page 79
Name specifies a symbolic name for the network object. (identifier) members group members. Exclude addresses that will be excluded from the group. (optional) userauthgroups groups and user names that belong to this object. Objects that fil- ter on credentials can only be used as source networks and ...
Page 80: 3.2.2. Ethernetaddress
Ations networks in rules. (optional) nodefinedcredentials if this property is enabled the object requires user authentication, but has no credentials (user names or groups) defined. This means that the object only requires that a user is authenticated, but ig- nores any kind of group membership. (de...
Page 81
3.3. Advancedscheduleprofile description an advanced schedule profile contains definitions of occurrences used by various policies in the system. Properties name specifies a symbolic name for the service. (identifier) comments text describing the current object. (optional) 3.3.1. Advancedscheduleocc...
Page 82: 3.4. Alg
3.4. Alg this is a category that groups the following object types. 3.4.1. Alg_ftp description use an ftp application layer gateway to manage ftp traffic through the system. Properties name specifies a symbolic name for the alg. (identifier) allowserverpassive allow server to use passive mode (unsaf...
Page 83: 3.4.2. Alg_H323
Verifycontentmimetype verify that file extentions correspond to the mime type. (default: no) comments text describing the current object. (optional) 3.4.2. Alg_h323 description use an h.323 application layer gateway to manage h.323 multimedia traffic. Properties name specifies a symbolic name for th...
Page 84
Filelisttype specifies if the file list contains files to allow or deny. (default: block) failmodebehavior standard behaviour on error: allow or deny. (default: deny) file list of file types to allow or deny. (optional) verifycontentmimetype verify that file extentions correspond to the mime type. (...
Page 85: 3.4.4. Alg_Pop3
3.4.4. Alg_pop3 description use an pop3 application layer gateway to manage pop3 traffic through the system. Properties name specifies a symbolic name for the alg. (identifier) blockuserpass block clients from sending user and pass command. (default: no) hideuser prevent server from revealing that a...
Page 86: 3.4.6. Alg_Smtp
Maxregistrationtime the maximum allowed time between registration requests. (default: 3600) sipsignaltmout timeout value for last seen sip message. (default: 43200) datachanneltmout timeout value for data channel. (default: 120) allowmediabypass allow clients to exchange media directly when possible...
Page 87: 3.4.7. Alg_Tftp
Dnsbl disable or enable dnsbl. (default: no) spamthreshold spam threshold defines when an email should be considered as spam. (default: 10) dropthreshold drop threshold defines when an email should be considered malicious and be dropped. (default: 20) spamtag spam tag that is inserted into the subje...
Page 88: 3.4.8. Alg_Tls
Use an tftp application layer gateway to manage tftp traffic through the system. Properties name specifies a symbolic name for the alg. (identifier) allowedcommands specifies allowed commands. (default: readwrite) removeoptions remove option part from request packet. (default: no) allowunknownoption...
Page 89: 3.5. Arp
3.5. Arp description use an arp entry to publish additional ip addresses and/or mac addresses on a specified interface. Properties mode static, publish or xpublish. (default: publish) interface indicates the interface to which the arp entry applies; e.G. The interface the ad- dress shall be publishe...
Page 90: 3.6. Blacklistwhitehost
3.6. Blacklistwhitehost description hosts and networks added to this whitelist can never be blacklisted by idp or threshold rules. Properties addresses specifies the addresses that will be whitelisted. Service specifies the service that will be whitelisted. Schedule the schedule when the whitelist s...
Page 91: 3.7. Certificate
3.7. Certificate description an x. 509 certificate is used to authenticate a vpn client or gateway when establishing an ipsec tunnel. Properties name specifies a symbolic name for the certificate. (identifier) type local, remote or request. Certificatedata certificate data. Privatekey private key. N...
Page 92: 3.8. Client
3.8. Client this is a category that groups the following object types. 3.8.1. Dyndnsclientcjbnet description configure the parameters used to connect to the cjb.Net dyndns service. Properties username username. Password the password for the specified username. (optional) comments text describing the...
Page 93: 3.8.5. Dyndnsclientdynscx
Properties dnsname the dns name excluding the .Dlinkddns.Com suffix. Username username. Password the password for the specified username. (optional) comments text describing the current object. (optional) note this object type does not have an identifier and is identified by the name of the type onl...
Page 94: 3.8.7. Loginclientbigpond
Note this object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type. 3.8.6. Dyndnsclientpeanuthull description configure the parameters used to connect to the peanut hull dyndns service. Properties dnsnames specifies the dns n...
Page 95: 3.9. Comportdevice
3.9. Comportdevice description a serial communication port, that is used for accessing the cli. Properties port port. (identifier) bitspersecond bits per second. (default: 9600) databits data bits. (default: 8) parity parity. (default: none) stopbits stop bits. (default: 1) flowcontrol flow control....
Page 96: 3.10. Configmodepool
3.10. Configmodepool description an ike config mode pool will dynamically assign the ip address, dns server, wins server etc. To the vpn client connecting to this gateway. Properties ippooltype specifies whether a predefined ip pool or a static set of ip addresses should be used as ip address source...
Page 97: 3.11. Datetime
3.11. Datetime description set the date, time and time zone information for this system. Properties timezone specifies the time zone. (default: gmt) dstenabled enable daylight saving time. (default: yes) dstoffset daylight saving time offset in minutes. (default: 60) dststartmonth what month dayligh...
Page 98: 3.12. Device
3.12. Device description global parameters for this device. Properties name name of the device. (default: device) configversion version number of the configuration. (default: 1) configuser name of the user who committed the current configuration. (default: baseconfiguration) configsession session ty...
Page 99: 3.13. Dhcprelay
3.13. Dhcprelay description use a dhcp relay to dynamically alter the routing table according to relayed dhcp leases. Properties name specifies a symbolic name for the relay rule. (identifier) action ignore, relay or bootpfwd. (default: ignore) sourceinterface the source interface of the dhcp packet...
Page 100: 3.14. Dhcpserver
3.14. Dhcpserver description a dhcp server determines a set of ip addresses and host configuration parameters to hand out to dhcp clients attached to a given interface. Properties index the index of the object, starting at 1. (identifier) name specifies a symbolic name for the dhcp server rule. (ide...
Page 101
Static dhcp server host entry properties host ip address of the host. Statichosttype identifier for host. (default: macaddress) macaddress the hardware address of the host. Clientidenttype type of client identifier specified. (default: ascii) clientident the client identifier for the host. Comments ...
Page 102: 3.15. Dns
3.15. Dns description configure the dns (domain name system) client settings. Properties dnsserver1 ip of the primary dns server. (optional) dnsserver2 ip of the secondary dns server. (optional) dnsserver3 ip of the tertiary dns server. (optional) comments text describing the current object. (option...
Page 103: 3.16. Driver
3.16. Driver this is a category that groups the following object types. 3.16.1. Ixp4npeethernetdriver description intel (ixp4xxnpe) fast ethernet adaptor. Properties comments text describing the current object. (optional) note this object type does not have an identifier and is identified by the nam...
Page 104
Note this object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type. 3.16.4. R8169ethernetpcidriver description realtek (8169,8110) gigabit ethernet adaptor. Properties comments text describing the current object. (optional) n...
Page 105: 3.17. Dynamicroutingrule
3.17. Dynamicroutingrule description a dynamic routing policy rule creates a filter to catch statically configured or ospf learned routes. The matched routes can be controlled by the action rules to be either exported to ospf processes or to be added to one or more routing tables. Properties index t...
Page 106
3.17.1. Dynamicroutingruleexportospf description an ospf action is used to manipulate and export new or changed routes to an ospf router pro- cess. Properties exporttoprocess specifies to which ospf process the route change should be exported. Settag specifies a tag for this route. This tag can be u...
Page 107
Proxyarpallinterfaces always select all interfaces, including new ones, for publishing routes via proxy arp. (default: no) proxyarpinterfaces specifies the interfaces on which the security gateway should publish routes via proxy arp. (optional) comments text describing the current object. (optional)...
Page 108: 3.18. Ethernetdevice
3.18. Ethernetdevice description hardware settings for an ethernet interface. Properties name specifies a symbolic name for the device. (identifier) ethernetdriver the ethernet pci driver that should be used by the interface. Pcibus pci bus number where the ethernet adapter is installed. Pcislot pci...
Page 109: 3.19. Highavailability
3.19. Highavailability description configure the high availability cluster parameters for this system. Properties enabled enable high availability. (default: no) clusterid a (locally) unique cluster id to use in identifying this group of ha security gateways. (default: 0) synciface specifies the int...
Page 110: 3.20. Httpalgbanners
3.20. Httpalgbanners description http banner files specifies the look and feel of http alg restriction web pages. Properties name specifies a symbolic name for the http banner files. (identifier) compressionforbidden html for the compressionforbidden.Html web page. Contentforbidden html for the cont...
Page 111: 3.21. Httpauthbanners
3.21. Httpauthbanners description http banner files specifies the look and feel of html authentication web pages. Properties name specifies a symbolic name for the http banner files. (identifier) formlogin html for the formlogin.Html web page. Loginsuccess html for the loginsuccess.Html web page. Lo...
Page 112: 3.22. Httpposter
3.22. Httpposter description use the http poster for dynamic dns or automatic logon to services using web-based authentica- tion. Properties url1 the first url that will be posted when the security gateway is loaded. (optional) url2 the second url that will be posted when the security gateway is loa...
Page 113: 3.23. Idlist
3.23. Idlist description an id list contains ids, which are used within the authentication process when establishing an ipsec tunnel. Properties name specifies a symbolic name for the id list. (identifier) comments text describing the current object. (optional) 3.23.1. Id description an id is used t...
Page 114: 3.24. Idprule
3.24. Idprule description an idp rule defines a filter for matching specific network traffic. When the filter criterion is met, the idp rule actions are evaluated and possible actions taken. Properties index the index of the object, starting at 1. (identifier) name specifies a symbolic name for the ...
Page 115
Blacklist activate blacklist. (default: no) blacklisttimetoblock the number of seconds that the dynamic black list should re- main. (optional) blacklistblockonlyservice only block the service that triggered the blacklisting. (default: no) blacklistignoreestablished do not drop existing connection. (...
Page 116: 3.25. Igmprule
3.25. Igmprule description an igmp rule specifies how to handle inbound igmp reports and outbound igmp queries. Properties index the index of the object, starting at 1. (identifier) name specifies a symbolic name for the rule. (optional) type the type of igmp messages the rule applies to. (default: ...
Page 117
Note if no index is specified when creating an instance of this type, the object will be placed last in the list and the index will be equal to the length of the list. 3.25. Igmprule chapter 3. Configuration reference 117.
Page 118: 3.26. Igmpsetting
3.26. Igmpsetting description igmp parameters can be tuned for one, or a group of interfaces in order to match the characteristics of a network. Properties name specifies a symbolic name for the object. (identifier) interface the interfaces that these settings should apply to. Robustnessvariable igm...
Page 119: 3.27. Ikealgorithms
3.27. Ikealgorithms description configure algorithms which are used in the ike phase of an ipsec session. Properties name specifies a symbolic name for the object. (identifier) nullenabled enable plaintext. (default: no) desenabled enable des encryption algorithm. (default: no) des3enabled enable 3d...
Page 120: 3.28. Interface
3.28. Interface this is a category that groups the following object types. 3.28.1. Defaultinterface description a special interface used to represent internal mechanisms in the system as well as an abstract "any" interface. Properties name specifies a symbolic name for the interface. (identifier) co...
Page 121: 3.28.3. Gretunnel
Autoswitchroute enable transparent mode, which means that a switch route is added automatically for this interface. (default: no) autointerfacenetworkroute automatically add a route for this interface using the given network. (default: yes) autodefaultgatewayroute automatically add a default route f...
Page 122: 3.28.4. Interfacegroup
3.28.4. Interfacegroup description use an interface group to combine several interfaces for a simplified security policy. Properties name specifies a symbolic name for the interface. (identifier) equivalent specifies if the interfaces should be considered security equivalent, that means that if enab...
Page 123
Ipseclifetimeseconds the lifetime of the ipsec connection in seconds. Whenever it's exceeded, a re-key will be initiated, providing new ipsec encryption and authentication session keys. (default: 3600) ipseclifetimekilobytes the lifetime of the ipsec connection in kilobytes. (default: 0) encapsulati...
Page 124: 3.28.6. L2Tpclient
Setupsaper setup security association per network, host or port. (default: net) deadpeerdetection enable dead peer detection. (default: yes) nattraversal enable or disable nat traversal. (default: onifneeded) keepalive disabled, auto or manual. (default: disabled) keepalivesourceip source ip address...
Page 125: 3.28.7. L2Tpserver
Pppauthnoauth allow no authentication for this tunnel. (default: no) pppauthpap use pap authentication protocol for this tunnel. User name and password are sent in plaintext. (default: yes) pppauthchap use chap authentication protocol for this tunnel. (default: yes) pppauthmschap use ms-chap authent...
Page 126: 3.28.8. Pppoetunnel
Ip the ip address of the pptp/l2tp server interface. Tunnelprotocol specifies if pptp or l2tp should be used for this tunnel. (default: pptp) interface the interface that the pptp/l2tp server should be listening on. Serverip specifies the ip that the pptp/l2tp server should listen on, this can be an...
Page 127
Properties name specifies a symbolic name for the interface. (identifier) ethernetinterface the physical ethernet interface that connects to the pppoe server network. Ip the host name to store the assigned ip address in. Network the network from which traffic should be routed into the tun- nel. Dns1...
Page 128: 3.28.9. Vlan
Comments text describing the current object. (optional) 3.28.9. Vlan description use a vlan to define a virtual interface compatible with the ieee 802.1q virtual lan standard. Properties name specifies a symbolic name for the interface. (identifier) ethernet specifies on which ethernet interface the...
Page 129: 3.29. Ippool
3.29. Ippool description an ip pool is a dynamic object which consists of ip leases that are fetched from a dhcp server. The ip pool is used as an address source by subsystems that may need to distribute addresses, e.G. By ipsec in configuration mode. Properties name specifies a symbolic name for th...
Page 130: 3.30. Iprule
3.30. Iprule description an ip rule specifies what action to perform on network traffic that matches the specified filter criter- ia. Properties index the index of the object, starting at 1. (identifier) name specifies a symbolic name for the rule. (optional) action reject, drop, fwdfast, allow, nat...
Page 131
Slbmaxslots specifies maximum number of slots for ip and network stick- iness. (default: 2048) slbnetsize specifies network size for network stickiness. (default: 24) slbnewport rewrite destination port to this port. (optional) slbmonitorping enable monitoring using icmp ping packets. (default: no) ...
Page 132
Seconds back in time to summarize the number of new con- nections for connection-rate algorithm. (default: 10) requireigmp multicast traffic must have been requested using igmp be- fore it is forwarded. (default: yes) multiplexargument specifies how the traffic should be forwarded and translated. Mu...
Page 133: 3.31. Iprulefolder
3.31. Iprulefolder description an ip rule folder can be used to group ip rules into logical groups for better overview and simpli- fied management. Properties index the index of the object, starting at 1. (identifier) name specifies the name of the folder. Comments text describing the current object...
Page 134: 3.32. Ipsecalgorithms
3.32. Ipsecalgorithms description configure algorithms which are used in the ipsec phase of an ipsec session. Properties name specifies a symbolic name for the object. (identifier) nullenabled enable plaintext. (default: no) desenabled enable des encryption algorithm. (default: no) des3enabled enabl...
Page 135: 3.33. Ldapdatabase
3.33. Ldapdatabase description external ldap server used to verify user names and passwords. Properties name specifies a symbolic name for the server. (identifier) ip the ip address of the server. Port the tcp port of the server. (default: 389) timeout the error timeout, in milliseconds, used when p...
Page 136: 3.34. Ldapserver
3.34. Ldapserver description an ldap server is used as a central repository of certificates and crls that the security gateway can download when necessary. Properties host specifies the ip address or hostname of the ldap server. Username specifies the username to use when accessing the ldap server. ...
Page 137: 3.35. Localuserdatabase
3.35. Localuserdatabase description a local user database contains user accounts used for authentication purposes. Properties name specifies a symbolic name for the object. (identifier) comments text describing the current object. (optional) 3.35.1. User description user credentials may be used in u...
Page 138: 3.36. Logreceiver
3.36. Logreceiver this is a category that groups the following object types. 3.36.1. Eventreceiversnmp2c description a snmp2c event receiver is used to receive snmp events from the system. Properties name specifies a symbolic name for the log receiver. (identifier) ipaddress destination ip address. ...
Page 139: 3.36.2. Logreceivermemory
3.36.2. Logreceivermemory description a memory log receiver is used to receive and keep log events in system ram. Properties name specifies a symbolic name for the log receiver. (identifier) logseverity specifies with what severity log events will be sent to the specified log receiv- ers. (optional;...
Page 140: 3.36.4. Logreceiversyslog
Comments text describing the current object. (optional) 3.36.4. Logreceiversyslog description a syslog receiver is used to receive log events from the system in the standard syslog format. Properties name specifies a symbolic name for the log receiver. (identifier) ipaddress specifies the ip address...
Page 141: 3.37. Natpool
3.37. Natpool description a nat pool is used for nating multiple concurrent connections to using different source ip ad- dresses. Properties name specifies a symbolic name for the nat pool. (identifier) type specifies how nat'ed connections are assigned a nat ip ad- dress. (default: stateful) ipsour...
Page 142: 3.38. Ospfprocess
3.38. Ospfprocess description an ospf router process defines a group of routers exchanging routing information via the open shortest path first routing protocol. Properties name specifies a symbolic name for the ospf process. (identifier) routerid specifies the ip address that is used to identify th...
Page 143: 3.38.1. Ospfarea
Cifies the details of the log. (default: off) debugroute enables or disabled logging of routing table manipulation events and also specifies the details of the log. (default: off) authtype specifies the authentication type for the ospf protocol exchanges. (default: none) authpassphrase specifies the...
Page 144
Properties interface specifies which interface in the security gateway will be used for this os- pf interface. (identifier) type auto, broadcast, point-to-point or point-to-multipoint. (default: auto) metrictype metric value or bandwidth. (default: metricvalue) metric specifies the routing metric fo...
Page 145
For point-to-point and point-to-multipoint networks, specify the ip addresses of directly connected routers. Properties interface specifies the ospf interface of the neighbor. Ipaddress ip address of the neighbor. Metric specifies the metric of the neighbor. (optional) comments text describing the c...
Page 146
(default: yes) authtype specifies the authentication type for the ospf protocol exchanges. (default: none) authpassphrase specifies the passphrase used for authentication. (optional) authmd5id specifies the md5 key id used for md5 digest authentication. Authmd5key a 128-bit key used to produce the m...
Page 147: 3.39. Pipe
3.39. Pipe description a pipe defines basic traffic shaping parameters. The pipe rules then determines which traffic goes through which pipes. Properties name specifies a symbolic name for the pipe. (identifier) limitkbpstotal total bandwidth limit for this pipe in kilobits per second. (optional) li...
Page 148
Userlimitpps0 specifies the throughput limit per group in pps for precedence 0 (the lowest precedence). (optional) userlimitkbps1 specifies the bandwidth limit per group in kbps for precedence 1. (optional) userlimitpps1 specifies the throughput limit per group in pps for precedence 1. (optional) us...
Page 149
(default: 7) comments text describing the current object. (optional) 3.39. Pipe chapter 3. Configuration reference 149.
Page 150: 3.40. Piperule
3.40. Piperule description a pipe rule determines traffic shaping policy - which pipes to use - for one or more types of traffic with the same granularity as the standard ruleset. Properties index the index of the object, starting at 1. (identifier) name specifies a symbolic name for the object. (op...
Page 151: 3.41. Psk
3.41. Psk description psk (pre-shared key) authentication is based on a shared secret that is known only by the parties involved. Properties name specifies a symbolic name for the pre-shared key. (identifier) type specifies the type of the shared key. Pskascii specifies the psk as a passphrase. Pskh...
Page 152: 3.42. Radiusaccounting
3.42. Radiusaccounting description external radius server used to collect user statistics. Properties name specifies a symbolic name for the server. (identifier) ipaddress the ip address of the server. Port the udp port of the server. (default: 1813) retrytimeout the retry timeout, in seconds, used ...
Page 153: 3.43. Radiusserver
3.43. Radiusserver description external radius server used to verify user names and passwords. Properties name specifies a symbolic name for the server. (identifier) ipaddress the ip address of the server. Port the udp port of the server. (default: 1812) retrytimeout the retry timeout, in seconds, u...
Page 154: 3.44. Remotemanagement
3.44. Remotemanagement this is a category that groups the following object types. 3.44.1. Remotemgmthttp description configure http/https management to enable remote management to the system. Properties name specifies a symbolic name for the object. (identifier) interface specifies the interface for...
Page 155
Properties name specifies a symbolic name for the ssh server. (identifier) interface specifies the interface for which remote access is granted. Port the listening port for the ssh server. (default: 22) allowauthmethodpassword allow password client authentication. (default: yes) allowauthmethodpubli...
Page 156
Comments text describing the current object. (optional) 3.44.3. Remotemgmtssh chapter 3. Configuration reference 156.
Page 157
3.45. Routebalancinginstance description a route balancing instance is assoicated with a routingtable and defines how to make use of multiple routes to the same destination. Properties routingtable specify routingtable to deploy route load balancing in. (identifier) algorithm specify which algorithm...
Page 158
3.46. Routebalancingspilloversettings description settings associated with the spillover algorithm. Properties interface interface to threshold limit. (identifier) holdtime number of consecutive seconds over/under the threshold limit to trig- ger state change for the affected routes. (default: 30) o...
Page 159: 3.47. Routingrule
3.47. Routingrule description a routing rule forces the use of a routing table in the forward and/or return direction of traffic on a connection. The ordering parameter of the routing table determines if it is consulted before or after the main routing table. Properties index the index of the object...
Page 160: 3.48. Routingtable
3.48. Routingtable description the system has a predefined main routing table. Alternate routing tables can be defined by the user. Properties name specifies a symbolic name for the routing table. (identifier) ordering specifies how a route lookup is done in a named routing ta- ble. (default: only) ...
Page 161
1000) enablehostmonitoring enables the host monitoring functionality. (default: no) reachability specifies the number of hosts that are required to be reach- able to consider the route to be active. (default: all) graceperiod specifies the time to wait after a reconfiguration until the monitoring be...
Page 162: 3.48.2. Switchroute
Requesturl specifies the http url to monitor. Expectedresponse expected http response. Comments text describing the current object. (optional) note if no index is specified when creating an instance of this type, the object will be placed last in the list and the index will be equal to the length of...
Page 163: 3.49. Scheduleprofile
3.49. Scheduleprofile description a schedule profile defines days and dates and are then used by the various policies in the system. Properties name specifies a symbolic name for the service. (identifier) mon specifies during which intervals the schedule profile is active on mondays. (optional) tue ...
Page 164: 3.50. Service
3.50. Service this is a category that groups the following object types. 3.50.1. Servicegroup description a service group is a collection of service objects, which can then be used by different policies in the system. Properties name specifies a symbolic name for the service. (identifier) members gr...
Page 165: 3.50.3. Serviceipproto
Echoreplycodes specifies which echo reply message codes should be matched. (default: 0-255) sourcequenching enable matching of source quenching messages. (default: no) sourcequenchingcodes specifies which source quenching message codes should be matched. (default: 0-255) timeexceeded enable matching...
Page 166
Properties name specifies a symbolic name for the service. (identifier) destinationports specifies the destination port or the port ranges applicable to this ser- vice. Type specifies whether this service uses the tcp or udp protocol or both. (default: tcp) sourceports specifies the source port or t...
Page 167: 3.51. Settings
3.51. Settings this is a category that groups the following object types. 3.51.1. Accountingsettings description settings related to accounting. Properties logoutaccusersatshutdown logout authenticated accounting users and send accounting- stop packets prior to shutdown. (default: yes) allowauthifno...
Page 168: 3.51.3. Conntimeoutsettings
Arpmulticast arp packets claiming to be multicast addresses; may need to be enabled for some load balancers/redundancy solutions. (default: droplog) arpbroadcast arp packets claiming to be broadcast addresses; should never need to be enabled. (default: droplog) arpcachesize number of arp entries in ...
Page 169: 3.51.5. Dhcpserversettings
Advanced dhcp relay settings. Properties maxtransactions maximum number of concurrent bootp/dhcp transactions. (default: 32) transactiontimeout timeout for each transaction (in seconds). (default: 10) maxppmperiface maximum packets per minute that are relayed from clients to the server, per interfac...
Page 170: 3.51.7. Icmpsettings
Settings related to fragmented packets. Properties pseudoreass_maxconcurrent maximum number of concurrent fragment reassemblies. Set to 0 to drop all fragments. (default: 1024) illegalfrags illegaly constructed fragments; partial overlaps, bad sizes, etc. (default: droplog) duplicatefragdata on rece...
Page 171: 3.51.8. Ipsectunnelsettings
Note this object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type. 3.51.8. Ipsectunnelsettings description settings for the ipsec tunnel interfaces used for establishing ipsec vpn connections to and from this system. Propert...
Page 172
Description settings related to the ip protocol. Properties logchecksumerrors log ip packets with bad checksums. (default: yes) lognonip4 log occurrences of non-ipv4 packets. (default: yes) logreceivedttl0 log received packets with ttl=0; this should never happen! (default: yes) block0000src block 0...
Page 173: 3.51.10. L2Tpserversettings
Iprf how to handle the ip reserved flag, if set; it should never be. (default: droplog) stripdfonsmall strip the "dontfragment" flag for packets of this size or smal- ler. (default: 65535) multicastipenetonmismatch what action to take when ethernet and ip multicast addresses does not match. (default...
Page 174: 3.51.12. Localreasssettings
Maxahlen ipsec ah; authenticated communication. (default: 2000) maxskiplen skip; simple key management for ip, vpn protocol. (default: 2000) maxospflen ospf; open shortest path first, routing protocol. (default: 1480) maxipiplen ipip/fwz; encapsulated (tunneled) transport, used by vpn-1. (default: 2...
Page 175: 3.51.14. Miscsettings
Logsendperseclimit limits how many log packets the security gateway may send out per second. (default: 2000) note this object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type. 3.51.14. Miscsettings description miscellaneous ...
Page 176: 3.51.16. Remotemgmtsettings
Igmpqueryinterval the interval (ms) between general queries sent by the secur- ity gateway. (default: 125000) igmpqueryresponseinterval the maximum time (ms) until a host/client has to send an an- swer to a query. (default: 10000) igmpstartupqueryinterval the general query interval (ms) to use durin...
Page 177: 3.51.17. Routingsettings
Configured ip rules. (default: yes) snmprequestlimit maximum number of snmp packets that will be processed each second. (default: 100) snmpsyscontact the contact person for this managed node. (default: n/a) snmpsysname the name for this managed node. (default: n/a) snmpsyslocation the physical locat...
Page 178: 3.51.18. Sslsettings
Transp_camsize_dynamic allocate the cam size value dynamically. (default: yes) transp_camsize maximum number of entries in each cam table. (default: 8192) transp_l3csize_dynamic allocate the l3 cache size value dynamically. (default: yes) transp_l3csize maximum number of entries in each layer 3 cach...
Page 179: 3.51.19. Statesettings
Note this object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type. 3.51.19. Statesettings description parameters for the state engine in the system. Properties connreplace what to do when the connection table is full. (defau...
Page 180
Tcpmssonlow how to handle too low mss values. (default: droplog) tcpmssmax maximum allowed tcp mss (maximum segment size). (default: 1460) tcpmssvpnmax limits tcp mss for vpn connections; minimizes fragmentation. (default: 1400) tcpmssonhigh how to handle too high mss values. (default: adjust) tcpms...
Page 181: 3.51.21. Vlansettings
Tcprf the tcp reserved field: should be zero. Used in os fingerprinting. Also part of ecn extension. (default: striplog) tcpnull tcp "null" packets without syn, ack, fin or rst; normally in- valid, used by scanners. (default: droplog) tcpsequencenumbers validation of tcp sequence numbers. (default: ...
Page 182: 3.52. Sshclientkey
3.52. Sshclientkey description the public key of the client connecting to the ssh server. Properties name specifies a symbolic name for the key. (identifier) type dsa or rsa. (default: dsa) subject value of the subject header tag of the public key file. (optional) publickey specifies the public key....
Page 183: 3.53. Thresholdrule
3.53. Thresholdrule description a threshold rule defines a filter for matching specific network traffic. When the filter criterion is met, the threshold rule actions are evaluated and possible actions taken. Properties index the index of the object, starting at 1. (identifier) name specifies a symbo...
Page 184
Thresholdunit specifies the threshold unit. (default: connssec) zonedefense activate zonedefense. (default: no) blacklist activate blacklist. (default: no) blacklisttimetoblock the number of seconds that the dynamic black list should re- main. (optional) blacklistblockonlyservice only block the serv...
Page 185: 3.54. Updatecenter
3.54. Updatecenter description configure automatical updates. Properties avenabled automatic updates of antivirus definitions and engine. (default: no) idpenabled automatic updates of idp maintenance signatures. (default: no) advancedidpenabled automatic updates of advanced idp signatures. (default:...
Page 186: 3.55. Userauthrule
3.55. Userauthrule description the user authentication ruleset specifies from where users are allowed to authenticate to the sys- tem, and how. Properties index the index of the object, starting at 1. (identifier) name specifies a symbolic name for the rule. (optional) agent http, https, xauth, ppp ...
Page 187
Pppauthmschap use ms-chap authentication protocol. (default: yes) pppauthmschapv2 use ms-chap v2 authentication protocol. (default: yes) idletimeout if a user has successfully been authenticated, and no traffic has been seen from his ip address for this number of seconds, he/she will automatically b...
Page 188: 3.56. Zonedefenseblock
3.56. Zonedefenseblock description manually configured blocks are used to block a host/network on the switches either by default or based on schedule. Properties addresses specifies the addresses to block. Protocol all, tcp, udp or icmp. (default: all) port specifies which udp or tcp port to use. (d...
Page 189
3.57. Zonedefenseexcludelist description the exclude list is used exclude certain hosts/networks from being blocked out by idp/threshold rule violations. Properties addresses specifies the addresses that should not be blocked. (optional) comments text describing the current object. (optional) note t...
Page 190: 3.58. Zonedefenseswitch
3.58. Zonedefenseswitch description a zonedefense switch will have its acls controlled and hosts/networks violating the idp/ threshold rules will be blocked directly on the switch. Properties name specifies a symbolic name for the zonedefense switch. (identifier) switchmodel specifies the switch mod...
Page 191
3.58. Zonedefenseswitch chapter 3. Configuration reference 191.
Page 192: Index
Index commands a about, 30 activate, 19 add, 19 alarm, 30 arp, 30 arpsnoop, 31 ats, 32 b bigpond, 32 blacklist, 33 buffers, 34 c cam, 35 cancel, 20 cc, 21 certcache, 35 cfglog, 35 commit, 22 connections, 36 cpuid, 36 crashdump, 37 d dconsole, 37 delete, 22 dhcp, 38 dhcprelay, 38 dhcpserver, 39 dns, ...
Page 193: Object Types
U uarules, 64 undelete, 28 updatecenter, 64 urlcache, 65 userauth, 66 v vlan, 67 vpnstats, 67 (see also ipsecstats) z zonedefense, 67 object types a access, 76 accountingsettings, 167 addressfolder, 78 advancedscheduleoccurrence, 81 advancedscheduleprofile, 81 alg_ftp, 82 alg_h323, 83 alg_http, 83 a...
Page 194
Loginclientbigpond, 94 logreceivermemory, 139 logreceivermessageexception, 138, 139, 140 logreceiversmtp, 139 logreceiversyslog, 140 logsettings, 174 m marvellethernetpcidriver, 103 miscsettings, 175 monitoredhost, 161 multicastsettings, 175 n natpool, 141 o ospfaggregate, 145 ospfarea, 143 ospfinte...