Page 1 D-Link NetDefend Internet Security Firewall CLI Reference Guide Version 1.0 Revised: 01/17/06...
Page 2 COPYRIGHT & TRADEMARKS Copyright © 2005 SofaWare, All Rights Reserved. No part of this document may be reproduced in any form or by any means without written permission from SofaWare. Information in this document is subject to change without notice and does not represent a commitment on part of SofaWare Technologies Ltd.
Page 3 running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License.
Page 4 countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
Page 5: Table Of Contents
Chapter 1: Introduction ...1 About Your D-Link NetDefend Firewall ...1 Using This Reference...2 Document Conventions and Syntax ...3 Related Publications...4 Chapter 2: Using the Serial Console...5 Chapter 3: Using the NetDefend Command Line Interface ...7 General Guidelines...8 Command Line Editing...9 Running Commands...9...
Page 6 ...72 info nat ...74 info net ...78 info ospf ...80 info ospf database ...81 info ospf interface ...84 info ospf neighbor ...86 info ospf routes ...88 info ports ...90 info printers...92 info probe ...94 D-Link NetDefend CLI Reference Guide...
Page 7 info statistics ...96 info statistics interface ...99 info statistics qos...102 info tunnels...104 info vstream ...107 info wan ...109 info wireless ap ...112 Chapter 5: CLI Variables...115 certificate...118 clock...121 device ...123 dhcp scopes ...125 dialup...131 fw ...134 fw rules...137 fw servers ...145 ha...148 ha effect...152 ha track...154...
Page 8 ...234 ospf network...236 ospf redistribute...238 ospf redistribute connected ...239 ospf redistribute kernel...241 port dmz ...243 port lan1 / port lan2 / port lan3 / port lan4 ...245 port serial ...247 port wan ...249 D-Link NetDefend CLI Reference Guide...
Page 9 Contents printers ...251 qos classes...253 radius permissions...259 radius servers...262 routes...265 smartdefense ai cifs file-sharing...268 smartdefense ai cifs file-sharing patterns ...271 smartdefense ai ftp ...274 smartdefense ai ftp bounce...277 smartdefense ai ftp commands ...279 smartdefense ai im icq...282 smartdefense ai im skype ...284 smartdefense ai im yahoo...285 smartdefense ai p2p bittorrent ...286 smartdefense ai p2p emule ...288...
Page 10 ...361 vpn internalserver...364 vpn sites ...366 vpn sites ospf...378 vpn sites ospf md5...380 vstream...382 vstream archive-options ...385 vstream options ...388 vstream policy rule...392 webfilter ...400 webfilter categories ...402 wireless ...404 D-Link NetDefend CLI Reference Guide...
Page 11 wireless wep...416 wireless wpa...419 wireless wpapsk ...421 Chapter 6: Country Codes ...423 Glossary of Terms ...429 Index...437 Contents Contents...
Page 13: Chapter 1: Introduction
Document Conventions and Syntax...3 Related Publications ...4 About Your D-Link NetDefend Firewall The D-Link NetDefend firewall is a unified threat management (UTM) appliance that enables secure high-speed Internet access from the office. Incorporating software by SofaWare Technologies, an affiliate of Check Point Software Technologies, the worldwide leader in securing the Internet, the NetDefend Secured by Check Point Product Family includes both wired and wireless models.
Page 14: Using This Reference
Appliance Operation commands only. Syntax The format of the command Parameters Describes the command's parameters, if there are any. Relevant for commands only. Fields Describes the variable's fields, if there are any. Relevant for variables only. D-Link NetDefend CLI Reference Guide...
Page 15: Document Conventions And Syntax
Return Values The values returned in the command line interface. This information is provided only when running the command results in return values other than the typical values, for example when you run Informational commands. For information on the typical return values, see Typical Return Values on page 14.
Page 16: Related Publications
Courier This is an example of a CLI command. Related Publications Use this guide in conjunction with the User Guide provided with your appliance: • NetDefend Secured by Check Point User Guide style in boxes: D-Link NetDefend CLI Reference Guide...
Page 17: Chapter 2: Using The Serial Console
Chapter 2 You can connect a console to the NetDefend firewall, and use the console to control the appliance via the command line. Note: Your terminal emulation software must be set to 57600 bps, N-8-1. To run commands using a console 1.
Page 19: Chapter 3: Using The Netdefend Command Line Interface
Chapter 3 Using the NetDefend Command Line This chapter explains how to use the command line interface to run a CLI command and provides a list of typical return values. This chapter includes the following topics: General Guidelines ...8 Running Commands ...9 Typical Return Values...14 Chapter 3: Using the NetDefend Command Line Interface Related Publications...
Page 20: General Guidelines
1 You can type: sh qos cl 1 You cannot abbreviate • Do not enclose commands, variables, or field names in quotation marks. , because these letters are not unique to netobj qos classes D-Link NetDefend CLI Reference Guide...
Page 21: Command Line Editing
• Occasionally, a field's value will be a string containing one or more spaces. In this case, enclose the string in quotation marks. For example: Hayes Accura 56K" set dialup type " Tip: If you are unsure how to configure a particular setting via the command line, you can configure it in the NetDefend Portal tab, export the NetDefend firewall settings, and then examine the exported settings to find out how the CLI command for the desired setting looks.
Page 22: Using The Netdefend Portal
2. Click Setup in the main menu, and click the Tools tab. The Tools page appears. 3. Click Command. The Command Line page appears. 4. In the upper field, type a command. 5. Click Go. The command is implemented. Return values appear in the lower field. D-Link NetDefend CLI Reference Guide...
Page 23: Using Ssh
Using SSH NetDefend users can control the firewall via the command line, using the SSH (Secure Shell) management protocol. By default, SSH access is allowed only from the internal networks. You can allow SSH access via the Internet, by configuring remote SSH access. Note: The NetDefend firewall supports SSHv2 clients only.
Page 24 This disables remote access capability. This is the default. Internal Network and The internal network and your VPN. IP Address Range A particular range of IP addresses. Additional fields appear, in which you can enter the desired IP address range. Any IP address. D-Link NetDefend CLI Reference Guide...
Page 25: Importing Cli Scripts
Importing CLI Scripts All NetDefend models enable you to import CLI scripts to the appliance. To import CLI scripts 1. Do one of the following: • Write a CLI script in a text file with the extension *.cfg. • Edit an exported NetDefend configuration file. For information on exporting configuration files, refer to the User Guide.
Page 26: Typical Return Values
The add / delete / clear command failed. The command you entered is not complete, because a variable or a field is missing. Use the list provided to complete the command, and then run the command again. , then the info fw D-Link NetDefend CLI Reference Guide...
Page 27 Value Missing value for property name Syntax error <error> Invalid index Chapter 3: Using the NetDefend Command Line Interface Explanation The command you entered is not complete, because a field's value is missing. Complete the command, and then run the command again.
Page 29: Chapter 4: Cli Commands
Chapter 4 This chapter provides a list of CLI commands for controlling your NetDefend firewall. The CLI commands are divided into the following groups: • Variable Operation Commands. CLI commands for working with variables • Appliance Operation Commands. CLI commands for managing the NetDefend firewall •...
Page 30: Variable Operation Commands
• Delete a variable from a table • Modify a variable • Display a variable's settings • Display a table of variables • Clear a table of variables For information on CLI variables, see CLI Variables on page 115. D-Link NetDefend CLI Reference Guide...
Page 31: Add
URPOSE command is used for adding new variables to a table. Use this command to add any of the following: • A self-signed certificate • DHCP scopes • Firewall rules • Network objects • OSPF areas • OSPF networks • QoS classes •...
Page 32 - A VPN site • vstream policy rules Antivirus policy rule For information on these variables and how to use them with command, see CLI Variables on page 115. D-Link NetDefend CLI Reference Guide - An - A VStream...
Page 33 Variable Operation Commands XAMPLE The following command adds the user JohnSmith and assigns him the password JohnS1. add users name JohnSmith password JohnS1 Chapter 4: CLI Commands...
Page 34: Clear
• VPN sites • VStream Antivirus policy rules Note: You cannot delete the admin user (user 1), the Default QoS class (QoS class 1), or the Default static route (static route 1). YNTAX clear variable D-Link NetDefend CLI Reference Guide...
Page 35 ARAMETERS variable ETURN ALUES See Typical Return Values on page 14. Chapter 4: CLI Commands String. The type of variables in the table you want to clear. This can be any of the following: • certificate - A certificate • dhcp scopes - DHCP scopes •...
Page 36 Variable Operation Commands XAMPLE The following command deletes all users except the "admin" user. clear users D-Link NetDefend CLI Reference Guide...
Page 37: Delete
delete URPOSE command is used for deleting variables from a table. Use this delete command to delete any of the following: • DHCP scopes • Firewall rules • Firewall servers • Network objects • OSPF areas • OSPF networks • QoS classes •...
Page 38 - A VPN site • vstream policy rules Antivirus policy rule For information on these variables and how to use them with delete command, see CLI Variables on page 115. D-Link NetDefend CLI Reference Guide - An - A VStream...
Page 39 XAMPLE The following command deletes the second user in the Users table: delete users 2 XAMPLE The following command deletes the FTP server rule in the Servers table: delete fw servers ftp Chapter 4: CLI Commands Variable Operation Commands...
Page 40: Set
, etc), but it has no fields of its own and therefore cannot be used with For information on variables and how to use them with the command, see CLI Variables on page 115. D-Link NetDefend CLI Reference Guide...
Page 41 XAMPLE The following command sets the password for user 2 to "mysecretpassword": set users 2 password mysecretpassword XAMPLE The following command enables the internal VPN Server: set vpn internalserver mode enabled XAMPLE The following command sets the FTP server rule so that only FTP connections made through a VPN are allowed.
Page 42: Show
String. The type of variable you want to display. This can be any variable except certificate For information on variables and how to use them with the show command, see CLI Variables on page 115. D-Link NetDefend CLI Reference Guide...
Page 43 Variable Operation Commands The following command displays the relative weight of QoS class 3: show qos classes 3 weight XAMPLE The following command displays all server rules: show fw servers The following command displays all of the FTP server rule's settings: show fw servers ftp Use the following command to find out whether the FTP server rule specifies that only FTP connections made through a VPN are allowed.
Page 44: Appliance Operation Commands
• Reboot the my.firewall Web service • Reset the SmartDefense list of worm patterns to its defaults • Clear Traffic Monitor reports • Uninstall the VStream Antivirus signature databases • Check for new security and software updates D-Link NetDefend CLI Reference Guide...
Page 45: Quit
quit URPOSE command is used to log out of the current session, when connected to the quit NetDefend Portal via SSH or a serial console. FFECT After you run this command, the SSH client or serial console logs off the NetDefend Portal.
Page 46: Reset Certificate
This may take a few seconds. YNTAX reset certificate ARAMETERS None. ETURN ALUES A message indicating that the certificate was replaced successfully. command is used to replace the installed certificate D-Link NetDefend CLI Reference Guide...
Page 47: Reset Defaults
reset defaults URPOSE reset defaults default settings. When you reset your NetDefend firewall, it reverts to the state it was originally in when you purchased it. The current firmware version is retained. For information on resetting the firmware version, see reset firmware on page 36. Warning: This operation erases all your settings and password information.
Page 48: Reset Firmware
The NetDefend firewall is restarted, and the PWR/SEC LED flashes quickly. This may take a few minutes. YNTAX reset firmware ARAMETERS None. ETURN ALUES See Typical Return Values on page 14. command is used to reset the NetDefend firewall to the D-Link NetDefend CLI Reference Guide...
Page 49: Reset Gateway
reset gateway URPOSE command is used to reboot the NetDefend firewall. If your reset gateway NetDefend firewall is not functioning properly, rebooting it may solve the problem. FFECT The PWR/SEC LED flashes quickly. This may take a few minutes. YNTAX reset gateway ARAMETERS None.
Page 50: Reset Logs
FFECT The logs in the Event Log are cleared. YNTAX reset logs ARAMETERS None. ETURN ALUES A message indicating that the Event Log was reset successfully. D-Link NetDefend CLI Reference Guide...
Page 51: Reset Services
reset services URPOSE reset services connection. FFECT The NetDefend Service Center connection is restarted. YNTAX reset services ARAMETERS None. ETURN ALUES See Typical Return Values on page 14. Chapter 4: CLI Commands command is used to restart the NetDefend Service Center Appliance Operation Commands...
Page 52: Reset Smartdefense Ai Cifs File-Sharing Patterns
FFECT The list of worm patterns is reset to its defaults. YNTAX reset smartdefense ai cifs file-sharing patterns ARAMETERS None. ETURN ALUES A message indicating that the list of worm patterns was reset successfully. command D-Link NetDefend CLI Reference Guide...
Page 53: Reset Statistics
reset statistics URPOSE reset statistics Traffic Monitor displays reports for incoming and outgoing traffic, for selected network interfaces and QoS classes. FFECT The statistics displayed in all Traffic Monitor reports are cleared. YNTAX reset statistics ARAMETERS None. ETURN ALUES A message indicating that the Traffic Monitor was reset successfully. Chapter 4: CLI Commands command is used to clear the Traffic Monitor.
Page 54: Reset Vstream-Database
Note: You must be subscribed to VStream Antivirus signature updates, in order to re- install the databases. YNTAX reset vstream-database ARAMETERS None. ETURN ALUES A message indicating that the VStream Antivirus databases were reset successfully. command is used to uninstall the VStream updatenow D-Link NetDefend CLI Reference Guide command. See...
Page 55: Updatenow
updatenow URPOSE command is used to check for new security and software updates, updatenow as well as VStream Antivirus signature database updates. Note: Software Updates and VStream Antivirus Signature Updates are only available if you are connected to a Service Center and subscribed to this service. The NetDefend firewall automatically checks for software updates and installs them without user intervention, in the following cases: •...
Page 56: Informational Commands
• Network printers details • Connection probing results for the WAN and WAN2 interfaces • General traffic reports • Traffic reports for specific traffic types and network interfaces • Traffic reports for specific QoS classes D-Link NetDefend CLI Reference Guide...
Page 57 Informational Commands • Currently established VPN tunnels • Information about VStream Antivirus signature databases • VStream Antivirus virus signatures • Information about the defined Internet connections • Information about your wireless access point • Information about wireless stations in the WLAN You can also do the following: •...
Page 58: Authenticate
Indicates whether the user has write permissions. This can have the following values: • true - The user has write permissions. • false - The user does not have write permissions. D-Link NetDefend CLI Reference Guide...
Page 59 read vpnaccess filteroverride Chapter 4: CLI Commands Indicates whether the user has read permissions. This can have the following values: • true - The user has read permissions. • false - The user does not have read permissions. Note: If this value is false , then the user cannot access the NetDefend Portal.
Page 60 The following command authenticates the username "JohnS" and the password "mysecretpassword": authenticate JohnS mysecretpassword Running this command results in information such as the following: [700000] ok [permissions: write true read true vpnaccess true filteroverride true ] D-Link NetDefend CLI Reference Guide...
Page 61: Export
export URPOSE command is used to display NetDefend firewall settings. export This is useful in the following cases: • You are troubleshooting a problem and need to examine the firewall settings. • You want to change the firewall configuration. After exporting the configuration, you can copy it and paste it in a *.cfg file. You can then change the settings as desired and import the modified file to one or more NetDefend firewalls.
Page 62 For information on variables and how to use them with the export command, see CLI Variables on page 115. If you do not include this parameter, all settings are exported. D-Link NetDefend CLI Reference Guide can be used in the net lan...
Page 63 Informational Commands export # Configuration script # License: D-Link NetDefend (10 nodes) # Gateway MAC: 00:08:da:77:70:70 # firmware version: 6.0.45x # Device settings set device productkey 7a747a-a77a4a-79a8bf hostname "" behindnat undefined # Clock settings set clock timezone GMT-08:00 ntp1 "" ntp2 ""...
Page 64 Informational Commands # lower priority when not connected set ha track wan1 0 wan2 0 # Effect other modules according to current status set ha effect vpn enabled # END Configuration script D-Link NetDefend CLI Reference Guide...
Page 65: Help
help URPOSE command is used to display information about a command. help YNTAX help command [variable] ARAMETERS command variable ETURN ALUES When you run this command, the following information appears: • A brief description of the command • A list of variables that can follow the command XAMPLE To display information about the help add...
Page 66 Add an item to a table Firewall settings VPN settings User database Static routes database RADIUS settings Quality of Service Network Objects Certificate Creation VLAN Networks OSPF router setting DHCP settings Vstream settings D-Link NetDefend CLI Reference Guide...
Page 67 XAMPLE You can add variables to the command, and display information about the final variable in the command: help add users variable's fields are listed: users users User database subcommands: --------------------- name Username password Password for user authentication adminaccess Administrator access level vpnaccess Allow user to login using VPN client filteroverride...
Page 68: Info Certificate
This information is presented in the format: Day MM DD hh:mm:ss YYYY where: Day = the day of the week MM = the month DD = the date hh = hours mm = minutes ss = seconds YYYY = the year D-Link NetDefend CLI Reference Guide...
Page 69 Validity End Time Certificate DN Fingerprint XAMPLE Running this command results in information such as the following: [700000] Certificate Information: Device Certificate ================== GMT: Validity Start Time: Sat Dec Validity End Time: Certificate DN: Fingerprint: DOME PAT Chapter 4: CLI Commands The day of the week, date, and time when this certificate expires.
Page 70 GMT: Validity Start Time: Sat Dec Validity End Time: Certificate DN: 00:07:d7:77:70:70 Fingerprint: WOK VASE GMT+02:00 3 08:47:39 2005 Sat Nov 29 08:47:39 2025 /O=EmbeddedNG/OU=LocalCA/CN=CA- NO THAT JUST SUM MENU SLAM DING GURU MICE HUGO D-Link NetDefend CLI Reference Guide...
Page 71: Info Computers
info computers URPOSE info computers currently-active computers on your network. YNTAX info computers ARAMETERS None. ETURN ALUES The following information is displayed for each network device in the LAN, DMZ, WLAN, and OfficeMode network: The device's IP address type name license Chapter 4: CLI Commands command is used to display information about the...
Page 72 WPA was not negotiated. Indicates whether WPA2 was negotiated with the wireless client. Possible values are: • yes. WPA2 was negotiated. • WPA2 was not negotiated. The security protocol used for the connection with the wireless client D-Link NetDefend CLI Reference Guide...
Page 73 The following statistics are divided into receive and transmit for each wireless station (in wireless models): frames ok errors discard frames dropped frames unicast frames broadcast frames multicast frames Chapter 4: CLI Commands The total number of frames that were successfully transmitted and received The total number of transmitted and received frames for which an error occurred...
Page 74 Running this command results in information such as the following: lan: 192.168.10.1: mac: type: name: license: 192.168.10.12: mac: type: name: license: wlan: 192.168.252.1: mac: type: name: license: 00:08:da:77:70:6e firewall Gateway 00:0c:6e:41:5d:6a computer HOME licensed 00:20:ed:08:7a:e0 firewall Gateway D-Link NetDefend CLI Reference Guide...
Page 75 192.168.252.106: mac: type: name: license: rx rate: tx rate: WLAN mode: signal: wpa was negotiated: no wpa2 was negotiated: no cipher: receive: frames ok: errors: discarded frames: 0 unicast frames: 93 broadcast frames: 57 multicast frames: 9 transmit: frames ok: errors: dropped frames: 0 unicast frames: 76...
Page 76: Info Connections
The source IP address. The source port. The destination IP address. The destination port. The IP protocol. The connection timeout (in seconds). If no packets pass for this interval of time, the firewall terminates the connection. D-Link NetDefend CLI Reference Guide...
Page 77 options QoS class Internal attributes Chapter 4: CLI Commands Displays further details about the connection: • Plain - The connection is not encrypted. • AES/3DES - The connection is encrypted. • Through VPN - The connection is a VPN connection. •...
Page 78 192.168.10.12 | 3163 | 192.168.10.1 | 80 | 6 | 13 | Plain | Default | BOTH_FIN ESTABLISHED 192.168.10.12 | 3162 | 192.168.10.1 | 80 | 6 | 3 | Plain | Default | BOTH_FIN ESTABLISHED D-Link NetDefend CLI Reference Guide...
Page 79: Info Device
info device URPOSE command is used to display information about your appliance, info device such as your current firmware version and additional details. YNTAX info device ARAMETERS None. ETURN ALUES MAC Address Bootcode version Hardware version Appliance Type Product Key Product Name Used Nodes Uptime...
Page 80 Information about the VStream Antivirus daily database: • The date and time at which the database was last updated • Version - The version number • Size - The database's size • - The database's CRC value for file verification D-Link NetDefend CLI Reference Guide...
Page 81 VStream database (Daily): 1.1.46 Size: 175754 bytes Chapter 4: CLI Commands 00:08:da:77:70:70 SBox-200 747478-22234-e5d66f D-Link NetDefend, 10 nodes 45 days, 02:05:53 User 914K Kernel 1829K 6.0.45x 6.0.45x Sep 13, 2005 12:20 GMT. Version: 1.1.0 Dec 04, 2005 06:29 GMT. Version:...
Page 82: Info Fw
The number of incoming data packets that were blocked by the firewall The total number of outgoing data packets The number of data packets sent The number of outgoing data packets that were blocked by the firewall D-Link NetDefend CLI Reference Guide...
Page 83 XAMPLE Running this command results in information such as the following: [700000] Firewall statistics: Inbound packets: Total: Accepted: Dropped: Outbound packets: Total: Accepted: Dropped: Chapter 4: CLI Commands 35867 14919 20948 13641 13477 Informational Commands...
Page 84: Info Logs
The Event Log. The following information is displayed for each event: Number Date Time The log's number in the Event Log day/month The date in the format: The time in the format: HH:MM:SS where: = hours = minutes = seconds The log identification number D-Link NetDefend CLI Reference Guide...
Page 85 The following additional information is displayed for logged connections: SPort DPort Rule XAMPLE Running this command results in information such as the following: Event Logs: 00299 4/12 09:33:22 Log 60031: User admin logged in (Source IP: 192.168.10.12) 00298 4/12 09:32:44 Log 50000: Dropped Inbound packet (Policy rule) Src:217.132.249.147 SPort:1339 Dst:217.132.214.83 DPort:139 IPP:6 Rule: 15 00297...
Page 86: Info Nat
• Static NAT - Allows the mapping of Internet IP addresses or address ranges to hosts inside the internal network. For information on configuring Static NAT for a network object, see netobj on page 226. YNTAX info nat ARAMETERS None. D-Link NetDefend CLI Reference Guide...
Page 87 ETURN ALUES NAT table The following information is displayed for each NAT rule: Number original source original destination original ports translated source translated destination Chapter 4: CLI Commands The number of NAT rules. The NAT rule's number. The original source. This can be the following: •...
Page 88 - The rule was created locally, by configuring an Allow & Forward rule, Hide NAT for an internal network, or Static NAT for a network object. • management - The rule was downloaded from the remote management. D-Link NetDefend CLI Reference Guide...
Page 89 Informational Commands original source: dmz original destination: any original ports: any translated source: 217.132.233.250 translated destination: original translated ports: original type: hide source: local Chapter 4: CLI Commands...
Page 90: Info Net
The network interface's name. Note: The OfficeMode network's name is The appliance's current IP address on the specified interface. The appliance's MAC address on the specified interface. Note: The OfficeMode network's MAC address is undefined D-Link NetDefend CLI Reference Guide office...
Page 91 XAMPLE Running this command for all network interfaces results in information such as the following: net: name wan ip 217.132.214.83 mac 00:08:da:77:70:70 name lan ip 192.168.10.1 mac 00:08:da:77:70:6e name dmz ip 192.168.253.1 mac 00:08:da:77:70:6f name wlan ip 192.168.252.1 mac 00:20:ed:08:7a:e0 name office ip 192.168.254.1 mac undefined...
Page 92: Info Ospf
This implementation conforms to RFC2328 RFC1583Compatibility flag is disabled SPF schedule delay 1 secs, Hold time between two SPFs 1 secs Refresh timer 10 secs Number of external LSA 0 Number of areas attached to this router: 5 D-Link NetDefend CLI Reference Guide...
Page 93: Info Ospf Database
info ospf database URPOSE info ospf database OSPF link-state database. YNTAX info ospf database ARAMETERS None. ETURN ALUES Information about reported link states. XAMPLE Running this command results in information such as the following: Chapter 4: CLI Commands command is used to display information about the Informational Commands...
Page 94 631 0x80000006 0xfa62 1 634 0x80000005 0x0629 1 570 0x80000008 0xe85d 1 Seq# CkSum 570 0x80000004 0x24e8 Seq# CkSum 1053 0x80000001 0x36a1 1.1.2.0/24 3 0x80000002 0xb613 10.0.0.0/24 Seq# CkSum 997 0x80000001 0x6d31 D-Link NetDefend CLI Reference Guide Link count Route...
Page 95 Router Link States (Area 2.2.2.2) Link ID ADV Router 62.90.32.158 62.90.32.158 AS External Link States Link ID ADV Router 0.0.0.0 62.90.32.131 [0x0] 0.0.0.0 192.168.10.3 [0x0] 0.0.0.0 192.168.10.4 [0x0] 62.90.32.0 192.168.10.3 62.90.32.0/24 [0x0] Chapter 4: CLI Commands Informational Commands Seq# CkSum 590 0x80000001 0xeac9 0 Seq# CkSum...
Page 96: Info Ospf Interface
VTI (Virtual Tunnel Interface). YNTAX info ospf interface ARAMETERS None. ETURN ALUES OSPF information for each network interface and VIT. command is used to display the status and OSPF D-Link NetDefend CLI Reference Guide...
Page 97 XAMPLE Running this command results in information such as the following: lan is up ifindex 9, MTU 1500 bytes, BW 0 Kbit <UP,BROADCAST,RUNNING,MULTICAST> Internet Address 192.168.10.101/24, Broadcast 192.168.10.255, Area 0.0.0.0 MTU mismatch detection:enabled Router ID 192.168.10.101, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 192.168.10.101, Interface Address 192.168.10.101...
Page 98: Info Ospf Neighbor
The OSPF neighbor's router ID. The interval of time in seconds after which the OSPF neighbor will be considered "dead", if it does not communicate in any way. The NetDefend firewall's IP address used for communicating with this neighbor. D-Link NetDefend CLI Reference Guide...
Page 99 XAMPLE Running this command results in information such as the following: Neighbor ID Pri State RXmtL RqstL DBsmL 192.168.10.3 1 Full/DROther lan:192.168.10.101 192.168.10.4 1 Full/DROther lan:192.168.10.101 192.168.10.10 1 Full/DROther lan:192.168.10.101 192.168.10.11 1 Full/Backup lan:192.168.10.101 Chapter 4: CLI Commands Dead Time Address 34.231s 192.168.10.3 34.234s 192.168.10.4 33.112s 192.168.10.10...
Page 100: Info Ospf Routes
Connected routes are routes that are created for each new network defined on the NetDefend firewall. For example, LAN An RIP route. An OSPF route. OSPF routes are routes learned via OSPF. An ISIS route. A selected route. D-Link NetDefend CLI Reference Guide...
Page 101 Informational Commands XAMPLE Running this command results in information such as the following: Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route K>* 0.0.0.0/0 via 212.143.205.164, ppp0 C>* 127.0.0.0/8 is directly connected, lo C>* 172.27.144.0/20 is directly connected, wan...
Page 102: Info Ports
, each on a different line. The current link speed (10 Mbps or 100 Mbps) and duplex (Full Duplex or Half Duplex) Indicates that the appliance does not detect anything connected to the port D-Link NetDefend CLI Reference Guide...
Page 103 XAMPLE Running this command results in information such as the following: info ports wan: speed: 100 mbps mode: full duplex lan: no link no link no link speed: 100 mbps mode: full duplex dmz: speed: 100 mbps mode: full duplex Chapter 4: CLI Commands Informational Commands...
Page 104: Info Printers
• Printing - The printer is processing a print job. • Restarting - The print server is restarting. • Fail - An error occurred. See the Event Log for details. D-Link NetDefend CLI Reference Guide...
Page 105 XAMPLE Running this command results in information such as the following: Vendor name : Hewlett-Packard Product name : PSC 2100 Series Serial number: MY31TF62YJ0F TCP Port : 9100 Pending Jobs : 0 Status : Ready Chapter 4: CLI Commands Informational Commands...
Page 106: Info Probe
The connection probing method used. This can be the following: PING This method probes the primary and secondary DNS servers. This method pings anywhere from one to three servers. This method sends RDP echo requests to up to three Check Point VPN gateways. D-Link NetDefend CLI Reference Guide...
Page 107 • The Internet connection's status, as determined by the probing a specific server. This can be the following: DOWN If probing failed for all listed servers (all statuses are connection is considered to be down. • The IP address or DNS name of the probed server. XAMPLE Running this command results in information such as the following: wan1:...
Page 108: Info Statistics
Each traffic report row displays traffic rates in kilobits/second for a specific interval of time. If desired, you can change this interval. For information, see statistics on page 341. command enables you to view Traffic Monitor reports D-Link NetDefend CLI Reference Guide...
Page 109 The following information is displayed in each row: Time Incoming Outgoing XAMPLE Running this command results in information such as the following: Interfaces Traffic Report: wan Interface (Total Traffic): Time Incoming (kbits/seconds) (kbits/seconds) 13:29:32-13:59:32 13:59:32-14:29:32 14:29:32-14:59:32 14:59:32-15:29:32 15:29:32-15:59:32 Chapter 4: CLI Commands The interval's start and end time, in the format: HH:MM:SS-HH:MM:SS where...
Page 110 Informational Commands lan Interface (Total Traffic): Time (kbits/seconds) 07:59:32-08:29:32 08:29:32-08:59:32 08:59:32-09:29:32 09:29:32-09:59:32 09:59:32-10:29:32 QoS Traffic Report: Class Default (Total Traffic): Time (kbits/seconds) 03:29:32-03:59:32 03:59:32-04:29:32 04:29:32-04:59:32 04:59:32-05:29:32 05:29:32-05:59:32 Incoming (kbits/seconds) Incoming (kbits/seconds) Outgoing Outgoing D-Link NetDefend CLI Reference Guide...
Page 111: Info Statistics Interface
info statistics interface URPOSE info statistics interface Monitor reports for specific types of traffic on specific network interfaces. This enables you to identify network traffic trends and anomalies. Note: The firewall blocks broadcast packets used during the normal operation of your network.
Page 112 The following information is displayed in each row: Time Incoming Outgoing The interval's start and end time, in the format: HH:MM:SS-HH:MM:SS where = hours = minutes = seconds The rate of incoming traffic in kilobits/second. The rate of outgoing traffic in kilobits/second. D-Link NetDefend CLI Reference Guide...
Page 113 XAMPLE Running the following command: info statistics interface lan blocked Results in information such as the following: Interfaces Traffic Report: lan Interface (Dropped Traffic): Time Incoming (kbits/seconds) (kbits/seconds) 04:01:34-04:31:34 04:31:34-05:01:34 05:01:34-05:31:34 05:31:34-06:01:34 06:01:34-06:31:34 Chapter 4: CLI Commands Informational Commands Outgoing...
Page 114: Info Statistics Qos
QoS classes. The interval's start and end time, in the format: HH:MM:SS-HH:MM:SS where = hours = minutes = seconds The rate of incoming traffic in kilobits/second. The rate of outgoing traffic in kilobits/second. D-Link NetDefend CLI Reference Guide...
Page 115 XAMPLE Running the following command: info statistics qos class Urgent Results in information such as the following: QoS Traffic Report: Class Urgent (Total Traffic): Time Incoming (kbits/seconds) (kbits/seconds) 04:09:50-04:39:50 04:39:50-05:09:50 05:09:50-05:39:50 05:39:50-06:09:50 06:09:50-06:39:50 Chapter 4: CLI Commands Informational Commands Outgoing...
Page 116: Info Tunnels
The following information is displayed for each VPN tunnel: site The name of the VPN gateway to which the tunnel is connected. The source IP address of the tunnel. The destination IP address of the tunnel. D-Link NetDefend CLI Reference Guide...
Page 117 encryption duration username Chapter 4: CLI Commands The security protocol (IPSec), the type of encryption used to secure the connection, and the type of Message Authentication Code (MAC) used to verify the integrity of the message. This information is presented in the following format: Security protocol: Encryption type/Authentication type Note: All VPN settings are automatically negotiated between the two sites.
Page 118 Indicates whether the VPN tunnel is functional. This can have the following values: • - The tunnel is functional. • Fail - The VPN peer is not responding. encryption 192.114.68.8 3DES/SHA1 212.150.8.81 AES-256/SHA1 0:00:00:22 N/A D-Link NetDefend CLI Reference Guide duration 0:00:02:01 JohnS...
Page 119: Info Vstream
info vstream URPOSE command is used to display information about the VStream info vstream Antivirus signature databases. VStream Antivirus maintains two databases: a daily database and a main database. The daily database is updated frequently with the newest virus signatures. Periodically, the contents of the daily database are moved to the main database, leaving the daily database empty.
Page 120 Running this command results in information such as the following: Main database: Sep 13, 2005 02:20:30 PM GMT Version: 1.1.0 Daily database: Dec 4, 2005 08:29:22 AM GMT Version: 1.1.46 Next update: Not Subscribed for Updates Service Status: OK D-Link NetDefend CLI Reference Guide...
Page 121: Info Wan
info wan URPOSE command is used to display information about the defined Internet connections. YNTAX info wan [connection] ARAMETERS connection Chapter 4: CLI Commands Integer. The Internet connection for which to display information. This can have the following values: • - Display information for the primary connection.
Page 122 The connection is down. The amount of time (in minutes) that the connection can remain idle. Once this period of time has elapsed, the dialup modem will disconnect. This field is only relevant for the Dialup connection type. D-Link NetDefend CLI Reference Guide...
Page 123 XAMPLE In the following example, a dialup Internet connection is configured as the secondary connection, and information is displayed for all connections: wan: name primary connected true idle_timeout 0 name secondary connected false idle_timeout 15 Chapter 4: CLI Commands Informational Commands...
Page 124: Info Wireless Ap
• 11b • 11g • 11bg • 108g-static • 108g-dynamic For information about the operation modes, see wireless on page 404. The MAC address of the appliance's wireless interface. D-Link NetDefend CLI Reference Guide...
Page 125 Region Country Channel XAMPLE Running this command results in information such as the following: Operation Mode: 11b MAC: 00:20:ed:08:7a:e0 Region: WORLD Country: United States Channel: 6 (2437 Mhz) Chapter 4: CLI Commands The region within which the NetDefend firewall is certified for use.
Page 127: Chapter 5: Cli Variables
Chapter 5 This chapter provides a list of CLI variables that can be used with the CLI commands in CLI Commands on page 17. Note: The syntax for using a CLI variable as part of an to the syntax for using the variable as part of a and examples provided for This chapter includes the following topics: certificate ...
Page 128 ... 286 smartdefense ai p2p emule... 288 smartdefense ai p2p gnutella ... 290 smartdefense ai p2p kazaa ... 292 smartdefense ai routing igmp... 294 smartdefense network-security dos flooding ... 296 smartdefense network-security dos land... 299 D-Link NetDefend CLI Reference Guide...
Page 129 Informational Commands smartdefense network-security dos ping-of-death ... 301 smartdefense network-security dos teardrop ... 303 smartdefense network-security ip-icmp cisco-ios... 305 smartdefense network-security ip-icmp fragments ... 308 smartdefense network-security ip-icmp max-ping-size ... 311 smartdefense network-security ip-icmp net-quota... 313 smartdefense network-security ip-icmp null-payload... 316 smartdefense network-security ip-icmp packet-sanity...
Page 130: Certificate
Do not use the same certificate for more than one gateway. Note: If your NetDefend firewall is centrally managed, a certificate is automatically generated and downloaded to your appliance. In this case, there is no need to generate a self-signed certificate. D-Link NetDefend CLI Reference Guide...
Page 131 YNTAX When used with add certificate country country organization organization unit unit gatewayname gatewayname expyear expyear expmonth expmonth expday expday When used with clear clear certificate IELDS country organization unit gatewayname expyear expmonth expday Chapter 5: CLI Variables String. The country code of the country in which you are located.
Page 132 Marketing, the country is Great Britain, and the certificate's expiration date is December 31, 2014. add cert country GB organization MyCompany unit Marketing gatewayname 00:08:DA:77:70:70 expyear 2014 expmonth 12 expday 31 XAMPLE The following command clears the installed certificate: clear certificate D-Link NetDefend CLI Reference Guide...
Page 133: Clock
clock URPOSE variable is used for working with clock settings in the following ways: clock • Setting the appliance time • Displaying and exporting the appliance clock settings YNTAX When used with set clock [time time] [day day] [month month] [year year] [timezone timezone] [ntp1 ntp1] [ntp2 ntp2] When used with show...
Page 134 String. The local time zone, in the format: GMT<sign>HH:MM where: <sign> = + or - = hours = minutes For example, GMT+05:00 or GMT-04:00. String. The IP address of the Primary NTP server. String. The IP address of the Secondary NTP server. D-Link NetDefend CLI Reference Guide...
Page 135: Device
device URPOSE variable is used for working with device settings in the following device ways: • Setting device details • Displaying and exporting device details YNTAX When used with set device [behindnat behindnat] [hostname hostname] [productkey productkey] When used with show show device [behindnat | hostname | productkey] IELDS...
Page 136 XAMPLE The following command sets the hostname to "mycomputer1" and the Product Key to "aaaaaa-bbbbbb-cccccc": set device hostname mycomputer1 productkey aaaaaa-bbbbbb-cccccc XAMPLE The following command displays the appliance's public IP address: show device behindnat D-Link NetDefend CLI Reference Guide...
Page 137: Dhcp Scopes
dhcp scopes URPOSE variable is used for working with DHCP (Dynamic Host dhcp scopes Configuration Protocol) scopes in the following ways: • Adding a DHCP scope for a settings for an internal network • Modifying an internal network's DHCP scope •...
Page 138 • manual - The gateway should not act as a DNS relay server. If this field is set to dns1 dns2 fields must be specified. automatic The default value is D-Link NetDefend CLI Reference Guide manual , the...
Page 139 dns1 dns2 wins Chapter 5: CLI Variables IP Address or String. The IP address of the Primary DNS server to pass to DHCP clients instead of the gateway. This can have the following values: • An IP address • undefined - The Primary DNS server is not defined.
Page 140 DHCP clients. This can have the following values: • An IP address • undefined - The Primary NTP server is not defined. undefined The default value is D-Link NetDefend CLI Reference Guide manual field is set to manual field is set to...
Page 141 ntp2 callmgr1 callmgr2 tftpserver Chapter 5: CLI Variables IP Address or String. The IP address of the Secondary NTP server to use for synchronizing the time on the DHCP clients. This can have the following values: • An IP address •...
Page 142 The following command clears all scopes in the DHCP Scope table: clear dhcp scopes String. The full path of the boot file to use for booting DHCP clients via TFTP. This field is only relevant if a TFTP server is defined in the tftpserver field. D-Link NetDefend CLI Reference Guide...
Page 143: Dialup
dialup URPOSE variable is used for working with dialup modem settings in the dialup following ways: • Setting up a dialup modem • Displaying and exporting dialup modem settings You can use a dialup modem as a primary or secondary Internet connection method.
Page 144 Integer. The modem's port speed (in bits per second). This can have the following values: • 9600 • 19200 • 38400 • 57600 • 115200 The default value is 57600. D-Link NetDefend CLI Reference Guide , you must include field.
Page 145 dialmode custominit XAMPLE The following command sets up a custom modem with a port speed of 57600 bps, and the installation string AT&F. The dial mode is tone. Hayes Accura 56K" set dialup type " XAMPLE The following command displays all dialup modem settings: show dialup Chapter 5: CLI Variables String.
Page 146 Note: If you are remotely managed, contact your Service Center to change the firewall level. YNTAX When used with set fw [exposedhost exposedhost] [level level] When used with show show fw [exposedhost | level] D-Link NetDefend CLI Reference Guide...
Page 147 IELDS exposedhost level Chapter 5: CLI Variables IP Address. The IP address of the computer you wish to define as an exposed host. String. The firewall security level. This can have the following values: • - Enforces basic control on incoming connections, while permitting all outgoing connections.
Page 148 XAMPLE The following command sets the firewall level to High: set fw level high XAMPLE The following command displays all firewall settings, including firewall rules and server rules: show fw D-Link NetDefend CLI Reference Guide...
Page 149: Fw Rules
fw rules fw rules URPOSE variable is used for working with firewall rules in the following fw rules ways: • Adding new firewall rules • Modifying firewall rules • Deleting firewall rules • Displaying and exporting firewall rules • Clearing the Firewall Rules table The NetDefend firewall checks the protocol used, the ports range, and the destination IP address, when deciding whether to allow or block traffic.
Page 150 String. The type of rule you want to create. This can have the following values: • allowandforward rule • allow - An Allow rule • block - A Block rule For detailed information on the rule types, refer to the User Guide. - An Allow and Forward D-Link NetDefend CLI Reference Guide...
Page 151 service Chapter 5: CLI Variables Integer or String. The service to which the rule should apply. This can have the following values: • custom - The rule should apply to a specific non-standard service. You must include the protocol ports •...
Page 152 - The rule should apply to any source. • wan • lan • dmz • officemode • • notvpn - Not VPN • The name of a VPN site • The name of a network object The default value is D-Link NetDefend CLI Reference Guide...
Page 153 dest ports Chapter 5: CLI Variables IP Address or String. Select the destination of the connections you want to allow or block. This can have the following values: • An IP address • An IP address range - To specify a range, use the following format: <Start IP Address>-<End IP Address>...
Page 154 Default QoS class. Integer. The port to which you want to redirect the specified connections. This option is called Port Address Translation (PAT). This field is only relevant when defining an Allow and Forward rule. D-Link NetDefend CLI Reference Guide...
Page 155 index disabled Chapter 5: CLI Variables Integer. The firewall rule's row in the Firewall Rules table. Use this field to move the rule up or down in the Firewall Rules table. The appliance processes rules higher up in the table (lower indexes) before rules lower down in the table (higher indexes).
Page 156 The following command displays the destination IP address for rule 1 in the Firewall Rule table: show fw rules 1 dest XAMPLE The following command deletes all rules in the Firewall Rule table: clear fw rules D-Link NetDefend CLI Reference Guide...
Page 157: Fw Servers
fw servers URPOSE variable is used for working with servers in the following ways: fw servers • Configuring servers • Deleting servers • Displaying and exporting servers You configure servers in order to selectively allow incoming network connections into your network. For example, you can set up your own Web server, Mail server or FTP server.
Page 158 - Allow only connections through a VPN. • false - Allow all connections. false The default value is Note: If you did not specify a host IP address for the service, changes to this field will not take effect. D-Link NetDefend CLI Reference Guide...
Page 159 XAMPLE The following command allows FTP connections made through a VPN only: set fw servers ftp hostip 192.168.10.21 enconly true XAMPLE The following command deletes the defined FTP server: delete fw servers ftp XAMPLE The following command displays the FTP server's IP address: show fw servers ftp hostip Chapter 5: CLI Variables fw servers...
Page 160 Availability. For instructions, see net dmz ha on page 175, net lan ha on page 187, net wlan ha on page 225, and vlan on page 350. YNTAX When used with variable, you must configure a D-Link NetDefend CLI Reference Guide...
Page 161 set ha [mode mode] [syncinterface syncinterface] [priority priority] [groupid groupid] When used with show show ha [mode | syncinterface | priority | groupid] IELDS mode Chapter 5: CLI Variables String. The appliance's High Availability mode. This can have the following values: •...
Page 162 Active Gateway and uses the virtual IP address, and the rest of the gateways are Passive Gateways. This must be an integer between 1 and 255. D-Link NetDefend CLI Reference Guide...
Page 163 groupid XAMPLE The following command enables High Availability on the appliance. The synchronization interface is the LAN network, the gateway's priority is 100, and the gateway is assigned to cluster 56. set ha mode enabled syncinterface lan priority 100 groupid 56 XAMPLE The following command displays the appliance's priority: show ha priority...
Page 164: Ha Effect
• enabled - When the gateway's status is Passive, all existing VPN tunnels are automatically terminated. • disabled - The gateway's status has no effect on VPN tunnels. enabled The default value is D-Link NetDefend CLI Reference Guide...
Page 165 XAMPLE The following command disables the High Availability effect on VPN tunnels: set ha effect vpn disabled XAMPLE The following command displays the gateway's High Availability effect setting: show ha effect Chapter 5: CLI Variables ha effect...
Page 166: Ha Track
For information on configuring High Availability, see ha on page 148. YNTAX When used with set ha track [wan1 wan1] [wan2 wan2] When used with show show ha track [wan1 | wan2] set port dmz hatrack D-Link NetDefend CLI Reference Guide . For...
Page 167 IELDS wan1 wan2 XAMPLE The following command enables Internet connection tracking for the primary Internet connection. The gateway's priority will be reduced by 10 if the primary connection goes down. set ha track wan1 10 XAMPLE The following command displays the gateway's Internet connection tracking settings: show ha track Chapter 5: CLI Variables...
Page 168: Https
Note: The URL https://my.firewall is always accessible from the Internal Network, even when the HTTPS Remote Access is disabled. YNTAX When used with set https [mode mode ] [iprange iprange] When used with show show https [mode | iprange] D-Link NetDefend CLI Reference Guide...
Page 169 IELDS mode iprange Chapter 5: CLI Variables String. Indicates from where HTTPS access to the NetDefend Portal should be granted. This can have the following values: • internal - The internal network only. This disables remote HTTPS capability. Note: You can use HTTPS to access the NetDefend Portal from your internal network, by surfing to https://my.firewall.
Page 170 The following command enables NetDefend users to access the NetDefend Portal using HTTPS from any IP address: set https mode any XAMPLE The following command displays the IP address or IP address range from which HTTPS access is granted: show https iprange D-Link NetDefend CLI Reference Guide...
Page 171: Hotspot
hotspot URPOSE variable is used for working with Secure HotSpot settings in the hotspot following ways: • Configuring Secure HotSpot settings • Displaying and exporting Secure HotSpot settings You can enable your NetDefend firewall as a public Internet access hotspot for specific networks.
Page 172 HotSpot from multiple computers at the same time. This can have the following values: • enabled - Login from multiple computers is allowed. • disabled - Login from multiple computers is not allowed. disabled The default value is D-Link NetDefend CLI Reference Guide...
Page 173 usehttps XAMPLE The following command defines terms of use for the My HotSpot page and requires users to log on to the page: set hotspot terms "<b>Internet access is limited to 1 hour.</b>" auth password XAMPLE The following command displays all Secure HotSpot settings: show hotspot Chapter 5: CLI Variables String.
Page 174: Mailfilter Antispam
User Guide. For information about Email Antispam protocols, see mailfilter protocols on page 166. YNTAX When used with set mailfilter antispam mode mode When used with show show mailfilter antispam [mode] variable is used for working with the Email D-Link NetDefend CLI Reference Guide...
Page 175 IELDS mode XAMPLE The following command enables the Email Antispam service: set mailfilter antispam mode enabled XAMPLE The following command displays the Email Antispam mode: show mailfilter antispam Chapter 5: CLI Variables String. The Email Antispam service mode. This can have the following values: •...
Page 176: Mailfilter Antivirus
For information on temporarily disabling the Email Antivirus service, refer to the User Guide. For information about Email Antivirus protocols, see mailfilter protocols on page 166. YNTAX When used with variable is used for working with the Email D-Link NetDefend CLI Reference Guide...
Page 177 set mailfilter antivirus mode mode When used with show show mailfilter antivirus [mode] IELDS mode XAMPLE The following command enables the Email Antivirus service: set mailfilter antivirus mode enabled XAMPLE The following command displays the Email Antivirus mode: show mailfilter antivirus Chapter 5: CLI Variables String.
Page 178: Mailfilter Protocols
This can have the following values: • enabled - Scan all incoming email in the POP3 protocol. • disabled - Do not scan incoming email in the POP3 protocol. enabled The default value is D-Link NetDefend CLI Reference Guide...
Page 179 smtp XAMPLE If Email Filtering is enabled, you can use the following command to enable the service for outgoing email: set mailfilter protocols smtp enabled For information on enabling the Email Filtering service, see antivirus. XAMPLE The following command displays all Email Filtering protocol settings: show mailfilter protocols Chapter 5: CLI Variables String.
Page 180: Net Dmz
LAN network. You can easily customize this behavior by creating firewall user rules. For information on defining rules, see fw rules on page 137. For information on the default security policy for DMZs, refer to the User Guide. D-Link NetDefend CLI Reference Guide...
Page 181 Note: Some appliance models have a dedicated DMZ port to which you must connect all DMZ computers. In these models, you must assign the DMZ/WAN2 port to the DMZ. For information, see port. In appliance models that do not have a dedicated DMZ port, the DMZ is a logical second network behind the NetDefend firewall, and you must connect DMZ computers to LAN ports.
Page 182 Note: Static NAT and Hide NAT can be used together. IP Address. The IP address of the DMZ network's default gateway. Note: The DMZ network must not overlap the LAN network. IP Address. The DMZ’s internal network range. D-Link NetDefend CLI Reference Guide...
Page 183 dhcpserver Chapter 5: CLI Variables String. Indicates whether the NetDefend DHCP server is enabled. This can have the following values: • enabled - The NetDefend DHCP server is enabled. • disabled - The NetDefend DHCP server is disabled. • relay - DHCP relay is enabled.
Page 184 DHCP server. This can have the following values: • An IP address • undefined - No relay DHCP server is defined. The default value is undefined This field is only relevant if DHCP relay is enabled. D-Link NetDefend CLI Reference Guide...
Page 185 hotspot Chapter 5: CLI Variables String. Indicates whether to enable Secure HotSpot for the DMZ network. This can have the following values: • enabled - Secure HotSpot is enabled for the DMZ. • disabled - Secure HotSpot is disabled for the DMZ.
Page 186 XAMPLE The following command enables Hide NAT for the DMZ network: set net dmz hidenat enabled XAMPLE The following command displays the DMZ network's DHCP range: show net dmz dhcprange D-Link NetDefend CLI Reference Guide...
Page 187: Net Dmz Ha
net dmz ha URPOSE variable is used for working with DMZ High Availability net dmz ha settings in the following ways: • Configuring DMZ High Availability settings • Displaying and exporting DMZ High Availability settings You can create a High Availability cluster consisting of two or more NetDefend firewalls.
Page 188 XAMPLE The following command sets the DMZ network's virtual IP address: set net dmz ha virtualip 192.168.10.14 XAMPLE The following command displays the appliance's DMZ High Availability settings: show net dmz ha D-Link NetDefend CLI Reference Guide...
Page 189: Net Dmz Ospf
net dmz ospf URPOSE variable is used for working with OSPF settings for the DMZ net dmz ospf in the following ways: • Configuring OSPF cost for the DMZ • Displaying and exporting OSPF settings for the DMZ, including authentication settings For information on configuring, displaying, and exporting specific authentication settings, see net dmz ospf md5 on page 179.
Page 190 XAMPLE The following command sets the DMZ's OSPF cost: set net dmz ospf cost 10 XAMPLE The following command displays the DMZ's OSPF settings: show net dmz ospf D-Link NetDefend CLI Reference Guide...
Page 191: Net Dmz Ospf Md5
net dmz ospf md5 URPOSE net dmz ospf md5 authentication settings for the DMZ in the following ways: • Configuring OSPF MD5 authentication settings for the DMZ • Displaying and exporting OSPF MD5 authentication settings for the DMZ This variable is only relevant if OSPF is enabled. For information, see ospf on page 231.
Page 192 The following command enables authentication for OSPF connections: set net dmz ospf md5 enabled true key 1 password thepassword XAMPLE The following command displays the DMZ's OSPF MD5 authentication settings: show net dmz ospf md5 D-Link NetDefend CLI Reference Guide...
Page 193: Net Lan
net lan URPOSE variable is used for working with your Local Area Network (LAN) net lan settings in the following ways: • Configuring your NetDefend firewall's LAN settings, including: • Hide Network Address Translation (NAT) • Your NetDefend firewall’s internal IP address •...
Page 194 [hidenat hidenat] [address address] [netmask netmask] [dhcpserver dhcpserver] [dhcprange dhcprange] [dhcprelayip dhcprelayip] [hotspot hotspot] When used with show show net lan [hidenat | address | netmask | dhcpserver | dhcprange | dhcprelayip | hotspot] D-Link NetDefend CLI Reference Guide...
Page 195 IELDS hidenat address netmask Chapter 5: CLI Variables String. Indicates whether to use Hide NAT. Hide NAT enables you to share a single public Internet IP address among several computers, by “hiding” the private IP addresses of the internal computers behind the NetDefend firewall’s single Internet IP address.
Page 196 If you want to use a DHCP server on the Internet or via a VPN, instead of the NetDefend DHCP server, you can configure DHCP relay. When in DHCP relay mode, the NetDefend firewall relays information from the desired DHCP server to the devices on your network. D-Link NetDefend CLI Reference Guide...
Page 197 dhcprange dhcprelayip hotspot Chapter 5: CLI Variables String. Indicates how the DHCP server should obtain the DHCP address range. The DHCP address range is the range of IP addresses that the DHCP server can assign to network devices. IP addresses outside of the DHCP address range are reserved for statically addressed computers.
Page 198 XAMPLE The following command enables Hide NAT for the LAN: set net lan hidenat enabled XAMPLE The following command displays the LAN DHCP range: show net lan dhcprange D-Link NetDefend CLI Reference Guide...
Page 199: Net Lan Ha
net lan ha net lan ha See net dmz ha on page 175. Chapter 5: CLI Variables...
Page 200: Net Lan Ospf
See net dmz ospf on page 177. D-Link NetDefend CLI Reference Guide...
Page 201: Net Lan Ospf Md5
net lan ospf md5 net lan ospf md5 See net dmz ospf md5 on page 179. Chapter 5: CLI Variables...
Page 202: Net Officemode
IP address to the VPN client, when the client connects and authenticates. The IP addresses are allocated from a pool called the OfficeMode network. variable is used for working with OfficeMode network D-Link NetDefend CLI Reference Guide...
Page 203 Note: OfficeMode requires Check Point SecureClient to be installed on the VPN clients. It is not supported by Check Point SecuRemote. When OfficeMode is not supported by the VPN client, traditional mode will be selected used instead. Note: The DHCP server only serves computers that are configured to obtain an IP address automatically.
Page 204 Note: Static NAT and Hide NAT can be used together. IP Address. The IP address of the OfficeMode network's default gateway. Note: The OfficeMode network must not overlap the LAN network. IP Address. The OfficeMode’s internal network range. D-Link NetDefend CLI Reference Guide...
Page 205 dhcpserver Chapter 5: CLI Variables String. Indicates whether the NetDefend DHCP server is enabled. This can have the following values: • enabled - The NetDefend DHCP server is enabled. • disabled - The NetDefend DHCP server is disabled. • relay - DHCP relay is enabled.
Page 206 DHCP address range. • A DHCP address range - Relevant only if the NetDefend DHCP server is enabled. To specify a range, use the following format: <Start IP Address>-<End IP Address> automatic The default value is D-Link NetDefend CLI Reference Guide...
Page 207: Net Wan
net wan URPOSE variable is used for doing the following: net wan • Configuring your NetDefend firewall's primary Internet connection • Displaying and exporting the primary Internet connection's settings, including OSPF settings and connection probing settings. For information on configuring, displaying, and exporting specific WAN OSPF settings, see net wan ospf on page 208 and net wan ospf md5 on page 209.
Page 208 This can have the following values: • An IP address • undefined - The static IP address is not defined. undefined The default value is This field is only relevant for LAN connections with a static IP address. D-Link NetDefend CLI Reference Guide...
Page 209 netmask password username pptpserver pptpclientip Chapter 5: CLI Variables IP Address. The subnet mask that applies to the static IP address of your NetDefend firewall. This can have the following values: • An IP address • undefined - The subnet mask is not defined. undefined The default value is This field is only relevant for LAN connections with a static IP...
Page 210 This field is only relevant when using PPTP or PPPoE connection type. String. Your PPPoE service name. If your ISP has not provided you with a service name, leave this field empty. This field is only relevant for the PPTP or PPPoE connection type. D-Link NetDefend CLI Reference Guide...
Page 211 phonenumber externalip Chapter 5: CLI Variables Integer or String. The maximum transmission unit size. This can have the following values: • A unit size • automatic - The MTU is set automatically. automatic The default value is As a general recommendation you should leave this field set automatic .
Page 212 - The NetDefend firewall will not automatically configure the WINS server. You must provide a value for the • disabled - The NetDefend firewall will automatically configure the WINS server. D-Link NetDefend CLI Reference Guide , and wins field.
Page 213 connectonlyactive staticdns Chapter 5: CLI Variables String. Indicates whether the gateway should connect to the Internet only when it is the Active Gateway in the High Availability cluster. This can have the following values: • true - The gateway will connect to the Internet only when it is the Active Gateway.
Page 214 The default value is IP Address or String. The secondary DNS server IP address. This can have the following values: • An IP address • undefined - This server is not defined. undefined The default value is D-Link NetDefend CLI Reference Guide...
Page 215 wins uprate Chapter 5: CLI Variables IP Address or String. The WINS server IP address. This can have the following values: • An IP address • undefined - This server is not defined. undefined The default value is Integer or String. Indicates whether to enable Traffic Shaper for outgoing traffic.
Page 216 It is therefore recommended to enable traffic shaping for incoming traffic only if necessary. For information on using Traffic Shaper, see qos classes on page 253. D-Link NetDefend CLI Reference Guide...
Page 217 connectondemand idletimeout Chapter 5: CLI Variables String. Indicates whether the dialup modem should connect to the Internet on demand. • disable - The modem is constantly connected to the Internet. • immediate - The dialup modem should only dial a connection if no other connection exists, and the NetDefend firewall is not acting as a Backup appliance.
Page 218 - A default route is not created automatically, and you can create the routes manually, using static routes. For information on using static routes, see netobj on page 226. false The default value is D-Link NetDefend CLI Reference Guide...
Page 219: Internet Connection
XAMPLE The following command configures the NetDefend firewall for a PPTP primary Internet connection: set net wan mode pptp user JohnSmith.net.il@myisp password 123456 usedhcp disabled pptpserver 10.0.0.138 pptpservice RELAY_PPP1 pptpclientip 10.200.1.1 pptpclientmask 255.0.0.0 staticdns disabled disabled false XAMPLE The following command configures the NetDefend firewall for a LAN primary Internet connection with DHCP: set net wan mode lan disabled false XAMPLE...
Page 220: Net Wan Ospf
See net dmz ospf on page 177. D-Link NetDefend CLI Reference Guide...
Page 221: Net Wan Ospf Md5
net wan ospf md5 net wan ospf md5 See net dmz ospf md5 on page 179. Chapter 5: CLI Variables...
Page 222: Net Wan Probe
WAN port. YNTAX When used with set wan probe [probenexthop probenexthop] [method method] [dest1 dest1] [dest2 dest2] [dest3 dest3] When used with show show wan probe [probenexthop | method | dest1 | dest2 | dest3] D-Link NetDefend CLI Reference Guide...
Page 223 IELDS probenexthop Chapter 5: CLI Variables String. Indicates whether to automatically detect loss of connectivity to the default gateway. If you selected LAN, this is done by sending ARP requests to the default gateway. If you selected PPTP, PPPoE, or Dialup, this is done by sending PPP echo reply (LCP) messages to the PPP peer.
Page 224 Use this option if you have Check Point VPN gateways, and you want loss of connectivity to these gateways to trigger ISP failover to an Internet D-Link NetDefend CLI Reference Guide connection from which these gateways are reachable. none The default value is fields.
Page 225 dest1, dest 2, dest 3 XAMPLE The following command enables next hop probing and DNS connection probing for the Internet connection currently using the WAN port: set net wan probe probenexthop enabled method dns XAMPLE The following command displays all connection probing settings for the Internet connection currently using the WAN port: show net wan probe Chapter 5: CLI Variables...
Page 226: Net Wan2
DNS server for the active Internet connection. For information on setting up your firewall for different types of secondary Internet connections, refer to the User Guide. YNTAX See net wan on page 195. IELDS See net wan on page 195. D-Link NetDefend CLI Reference Guide...
Page 227 XAMPLE The following command configures the NetDefend firewall for a dialup secondary Internet connection: set net wan2 mode dialup username JohnS.myisp.com password 123456 phonenumber 96909111 disabled false XAMPLE The following command configures the NetDefend firewall for a LAN secondary Internet connection with a static IP address: set net wan2 mode lan usedhcp disabled address 212.150.8.74 gateway 212.150.8.65 netmask 255.255.255.224 staticdns disabled dns1 212.150.48.169 disabled false...
Page 228: Net Wan2 Ospf
See net dmz ospf on page 177. D-Link NetDefend CLI Reference Guide...
Page 229: Net Wan2 Ospf Md5
net wan2 ospf md5 net wan2 ospf md5 See net dmz ospf md5 on page 179. Chapter 5: CLI Variables...
Page 230: Net Wan2 Probe
See net wan probe on page 210. D-Link NetDefend CLI Reference Guide...
Page 231: Net Wlan
net wlan URPOSE variable is used for working with wireless network (WLAN) net wlan settings in the following ways: • Configuring your NetDefend firewall's WLAN settings, including: • Hide Network Address Translation (NAT) • The WLAN network's default gateway • The WLAN network’s internal network range •...
Page 232 | hotspot] IELDS mode String. The WLAN network mode. This can have the following values: • enabled - The WLAN network is enabled. • disabled - The WLAN network is disabled. The default value is disabled D-Link NetDefend CLI Reference Guide...
Page 233 hidenat address netmask Chapter 5: CLI Variables String. Indicates whether to use Hide NAT. Hide NAT enables you to share a single public Internet IP address among several computers, by “hiding” the private IP addresses of the internal WLAN computers behind the WLAN network's single Internet IP address.
Page 234 If you want to use a DHCP server on the Internet or via a VPN, instead of the NetDefend DHCP server, you can configure DHCP relay. When in DHCP relay mode, the NetDefend firewall relays information from the desired DHCP server to the devices on the WLAN network. D-Link NetDefend CLI Reference Guide...
Page 235 dhcprange dhcprelayip hotspot Chapter 5: CLI Variables String. Indicates how the DHCP server should obtain the DHCP address range. The DHCP address range is the range of IP addresses that the DHCP server can assign to network devices. IP addresses outside of the DHCP address range are reserved for statically addressed computers.
Page 236 XAMPLE The following command enables Hide NAT for the WLAN network: set net wlan hidenat enabled XAMPLE The following command displays the WLAN network's DHCP range: show net wlan dhcprange D-Link NetDefend CLI Reference Guide...
Page 237: Net Wlan Ha
net wlan ha net wlan ha See net dmz ha on page 175. Chapter 5: CLI Variables...
Page 238: Netobj
IP address for use by the computer's MAC address only. This is called DHCP reservation, and it is useful if you are hosting a public Internet server on your network. For more information on these settings, refer to the User Guide. D-Link NetDefend CLI Reference Guide...
Page 239 YNTAX When used with add netobj name name type type ip ip [staticnat staticnat] [mac mac] [hotspotexclude hotspotexclude] When used with set netobj number [name name] [type type] [ip ip] [staticnat staticnat] [mac mac] [hotspotexclude hotspotexclude] When used with delete delete netobj number When used with show...
Page 240 Relevant only if the network object is a network. To specify a range, use the following format: <Start IP Address>-<End IP Address> • undefined - Static NAT is not performed. The default value is undefined D-Link NetDefend CLI Reference Guide...
Page 241 hotspotexclude Chapter 5: CLI Variables MAC Address or String. Indicates whether to perform DHCP reservation. This can have the following values: • The MAC address you want to assign to the network object's IP address. This must be six groups of two hexadecimal characters, with semicolons between the groups.
Page 242 The following command displays the Static NAT settings for network object 1 in the Network Objects table: show netobj 1 staticnat XAMPLE The following command deletes all network objects in the Network Objects table: clear netobj D-Link NetDefend CLI Reference Guide...
Page 243: Ospf
ospf URPOSE variable is used for working with OSPF (Open Shortest Path First) ospf settings in the following ways: • Setting the OSPF mode • Specifying the OSPF router identifier • Displaying and exporting the above OSPF settings • Displaying and exporting all OSPF settings, including: •...
Page 244 • An IP address • undefined - No OSPF router is defined. The IP address with the highest numeric value will be used as the router ID. undefined The default value is D-Link NetDefend CLI Reference Guide...
Page 245 XAMPLE The following command enables OSPF for all internal networks: set ospf mode internal XAMPLE The following command displays all OSPF settings: show ospf Chapter 5: CLI Variables ospf...
Page 246: Ospf Area
When used with set ospf area number [id id] [auth-md5 auth-md5] When used with delete delete ospf area number When used with show show ospf area number [id | auth-md5] When used with clear clear ospf area D-Link NetDefend CLI Reference Guide...
Page 247 IELDS number auth-md5 XAMPLE The following command adds an OSPF area that uses the MD5 authentication scheme: add ospf area id 1.2.3.4 auth-md5 true XAMPLE The following command modifies area 1 in the OSPF Areas table, so that it does not use the MD5 authentication scheme: set ospf area 1 auth-md5 false XAMPLE...
Page 248: Ospf Network
[address address] [mask mask] [area area] When used with delete delete ospf network number When used with show show ospf network number [address | mask | area] When used with clear clear ospf network D-Link NetDefend CLI Reference Guide...
Page 249 IELDS number address mask area XAMPLE The following command adds an OSPF network: add ospf network address 1.2.3.4 mask 255.255.255.255 area 2.3.4.5 XAMPLE The following command assigns network 1 in the OSPF Networks table to a different area: set ospf network 1 area 3.4.5.6 XAMPLE The following command deletes network 1 in the OSPF Networks table: delete ospf network 1...
Page 250: Ospf Redistribute
241. These settings control how OSPF external routing information is redistributed. YNTAX When used with show show ospf redistribute IELDS None. XAMPLE The following command displays all OSPF redistribution settings: show ospf redistribute D-Link NetDefend CLI Reference Guide...
Page 251: Ospf Redistribute Connected
ospf redistribute connected URPOSE variable is used for working with OSPF (Open Shortest Path First) ospf settings in the following ways: • Configuring OSPF routing information distribution settings for directly connected networks • Displaying and exporting OSPF routing information distribution settings for directly connected networks YNTAX When used with...
Page 252 XAMPLE The following command enables redistributing routing information for connected networks: set ospf redistribute connected enabled true metric 10 metric-type XAMPLE The following command displays all redistribution settings for connected networks: show ospf redistribute connected D-Link NetDefend CLI Reference Guide...
Page 253: Ospf Redistribute Kernel
ospf redistribute kernel URPOSE variable is used for working with OSPF (Open Shortest Path First) ospf settings in the following ways: • Configuring OSPF routing information distribution settings for routes updated in the NetDefend Portal • Displaying and exporting OSPF routing information distribution settings for routes updated in the NetDefend Portal YNTAX When used with...
Page 254 NetDefend Portal: set ospf redistribute kernel enabled true metric 10 metric-type 1 XAMPLE The following command displays all redistribution settings for for routes updated in the NetDefend Portal: show ospf redistribute kernel D-Link NetDefend CLI Reference Guide...
Page 255: Port Dmz
port dmz URPOSE variable is used for working with the appliance's DMZ/WAN2 port port dmz in the following ways: • Modifying the DMZ/WAN2 port's settings • Displaying and exporting the DMZ/WAN2 port's settings YNTAX When used with set port dmz [network network] [hatrack hatrack] [link link] When used with show show port dmz [network | hatrack | link]...
Page 256 String. The DMZ/WAN2 port's link speed and duplex. This can have the following values: • automatic - The port automatically detects the link speed and duplex • 10/full • 10/half • 100/full • 100/half automatic The default value is D-Link NetDefend CLI Reference Guide...
Page 257: Port Lan1 / Port Lan2 / Port Lan3 / Port Lan4
port lan1 / port lan2 / port lan3 / port lan4 URPOSE port lan1 port lan2 for working with the appliance's LAN1, LAN2, LAN3, and LAN4 ports, respectively, in the following ways: • Modifying the relevant LAN port's settings • Displaying and exporting the relevant LAN port's settings YNTAX When used with set port lan1 [network network] [hatrack hatrack] [link link]...
Page 258 String. The LAN port's link speed and duplex. This can have the following values: • automatic - The port automatically detects the link speed and duplex • 10/full • 10/half • 100/full • 100/half automatic The default value is D-Link NetDefend CLI Reference Guide...
Page 259: Port Serial
port serial URPOSE variable is used for working with the appliance's RS232 port in port serial the following ways: • Modifying the RS232 port's assignment • Displaying and exporting the RS232 port's assignment YNTAX When used with set port serial mode mode When used with show show port serial [mode]...
Page 260 XAMPLE The following command assigns the RS232 port for use with a serial console: set port serial mode console XAMPLE The following command displays the RS232 port's assignment: show port serial D-Link NetDefend CLI Reference Guide...
Page 261: Port Wan
port wan URPOSE variable is used for working with the appliance's WAN port in the port dmz following ways: • Modifying the WAN port's link speed and duplex • Displaying and exporting the WAN port's speed and duplex YNTAX When used with set port wan link link When used with show...
Page 262 XAMPLE The following command sets the WAN port's speed and duplex to automatic: set port wan link automatic XAMPLE The following command displays the WAN port's assignment: show port dmz D-Link NetDefend CLI Reference Guide...
Page 263: Printers
printers URPOSE variable is used for working with network printers in the following printers ways: • Modifying printer port numbers • Displaying and exporting printer port numbers Some NetDefend models include a built-in print server, enabling you to connect up to four USB-based printers to the appliance and share them across the network.
Page 264 The following command displays all printers and their port numbers: show printers The printer's row in the Printers table. Integer. The network printer's TCP port number. Note: Printer port numbers may not overlap, and must be high ports. D-Link NetDefend CLI Reference Guide...
Page 265: Qos Classes
qos classes URPOSE variable is used for working with Traffic Shaper settings in the qos classes following ways: • Adding QoS classes • Modifying QoS classes • Deleting QoS classes • Displaying and exporting QoS class settings • Clearing the Quality of Service Classes table Traffic Shaper is a bandwidth management solution that allows you to set bandwidth policies to control the flow of communication.
Page 266 [delayclass delayclass] [dscp dscp] [upguarantee upguarantee] [downguarantee downguarantee] When used with delete delete qos classes number When used with show show qos classes [number] [name | weight | uplimit | downlimit | delayclass | dscp | upguarantee | downguarantee] D-Link NetDefend CLI Reference Guide...
Page 267 When used with clear clear qos classes IELDS number name weight uplimit downlimit Chapter 5: CLI Variables Integer. The QoS class's row in the Traffic Shaper table. String. The class's name. For example, if you are creating a class for high priority Web connections, you can name the class "High Priority Web".
Page 268 DSCP. To use this option, your ISP or private WAN must support DiffServ. You can obtain the correct DSCP value from your ISP or private WAN administrator. The default value is 0. D-Link NetDefend CLI Reference Guide normal...
Page 269 upguarantee downguarantee Chapter 5: CLI Variables Integer or String. The guaranteed minimum bandwidth (in bytes/second) for outgoing traffic belonging to this class. This can have the following values: • A rate • none - The bandwidth for outgoing traffic belonging to this class is calculated according to the class's weight.
Page 270 The following command displays the maximum rate of outgoing traffic for QoS class 1 in the Quality of Service Classes table: downlimit show qos classes 1 XAMPLE The following command deletes all QoS classes in the Quality of Service Classes table: clear qos classes D-Link NetDefend CLI Reference Guide...
Page 271: Radius Permissions
radius permissions URPOSE radius permissions permissions in the following ways: • Setting permissions for all users authenticated by the defined RADIUS servers • Displaying and exporting RADIUS permissions You can use RADIUS to authenticate both NetDefend firewall users and Remote Access VPN Clients trying to connect to the NetDefend firewall.
Page 272 • true - Authenticated users can override Web Filtering. • false - Authenticated users cannot override Web Filtering. This option is only relevant if the Web Filtering service is defined. See webfilter mode. D-Link NetDefend CLI Reference Guide...
Page 273 hotspotaccess XAMPLE The following command enables users authenticated by the RADIUS server to override Web Filtering and modify system settings: set radius permissions adminaccess readwrite filteroverride true XAMPLE The following command displays all RADIUS permissions: show radius permissions Chapter 5: CLI Variables String.
Page 274: Radius Servers
When used with show show radius servers [number] [address | secret | port | realm | timeout | tries] When used with clear clear radius servers variable is used for working with RADIUS servers in the D-Link NetDefend CLI Reference Guide...
Page 275 IELDS number address secret port realm timeout tries Chapter 5: CLI Variables Integer. The RADIUS server's number. IP Address. The IP address of the computer that runs the RADIUS service (one of your network computers). String. The shared secret to use for secure communication with the RADIUS server.
Page 276 The following command displays the IP address of RADIUS server 1 in the RADIUS table: show radius servers 1 address XAMPLE The following command deletes all network objects in the Network Objects table: clear radius servers D-Link NetDefend CLI Reference Guide...
Page 277: Routes
routes URPOSE variable is used for working with static routes in the following ways: routes • Adding static routes • Modifying static route settings • Deleting static routes • Displaying and exporting static route settings • Clearing the Static Routes table A static route is a setting that explicitly specifies the route for packets originating in a certain subnet and/or destined for a certain subnet.
Page 278 IP Address or String. The IP address of the source network. This can have the following values: • An IP address • undefined - The route applies to all source networks. D-Link NetDefend CLI Reference Guide...
Page 279 srcmask XAMPLE The following command adds the a static route with a metric of 90: add routes network 192.168.253.1 netmask 255.255.255.0 gateway 212.143.205.233 metric 90 XAMPLE The following command changes the metric of route 2 to 80: set routes 2 metric 80 XAMPLE The following command deletes route 2: delete routes 2...
Page 280: Smartdefense Ai Cifs File-Sharing
String. Indicates whether to enable CIFS worm blocking. This can have the following values: • enabled - CIFS worm blocking is enabled. • disabled - CIFS worm blocking is disabled. disabled The default value is D-Link NetDefend CLI Reference Guide...
Page 281 Chapter 5: CLI Variables String. Indicates whether to log CIFS worm attacks. This can have the following values: • disabled - Do not log attacks. • - Log attacks disabled The default value is smartdefense ai cifs file-sharing...
Page 282 The following command enables CIFS worm blocking and logging: smartdefense ai cifs file-sharing XAMPLE The following command displays all CIFS file sharing defense settings, including worm patterns: smartdefense ai cifs file-sharing show enforce enabled log log D-Link NetDefend CLI Reference Guide...
Page 283: Smartdefense Ai Cifs File-Sharing Patterns
smartdefense ai cifs file-sharing patterns URPOSE smartdefense ai cifs file-sharing patterns working with CIFS worm patterns in the following ways: • Adding worm patterns • Modifying worm patterns • Deleting worm patterns • Displaying and exporting worm patterns • Clearing the CIFS Worm Patterns table Worm patterns are matched against file names (including file paths but excluding the disk share name) that the client is trying to read or write from the server.
Page 284 This can have the following values: • - Check files for this worm pattern. true • - Do not check files for this false worm pattern. false The default value is String. The worm pattern's regular expression. D-Link NetDefend CLI Reference Guide...
Page 285 XAMPLE The following command adds a worm pattern and activates it: smartdefense ai cifs file-sharing true regexp \.worm$ XAMPLE The following command deactivates worm pattern 1 in the CFS Worm Patterns table: smartdefense ai cifs file-sharing XAMPLE The following command deletes worm pattern 1 in the CFS Worm Patterns table: smartdefense ai cifs file-sharing delete XAMPLE...
Page 286: Smartdefense Ai Ftp
When used with set smartdefense ai ftp [enforce-commands enforce-commands] [known-ports known-ports] [port-overflow port-overflow] When used with show show smartdefense ai ftp [enforce-commands | known-ports | port-overflow] variable is used for working with FTP settings in the D-Link NetDefend CLI Reference Guide...
Page 287 IELDS enforce-commands known-ports Chapter 5: CLI Variables String. Indicates whether to block illegal FTP commands in the FTP commands list. For information on configuring and viewing the FTP commands list, see smartdefense ai ftp commands on page 279. This field can have the following values: •...
Page 288 This field can have the following values: • enabled - Block PORT commands that contain a number greater than 255. • disabled - Do not block PORT commands that contain a number greater than 255. disabled The default value is D-Link NetDefend CLI Reference Guide...
Page 289: Smartdefense Ai Ftp Bounce
smartdefense ai ftp bounce URPOSE smartdefense ai ftp bounce Bounce settings in the following ways: • Configuring FTP Bounce settings • Displaying and exporting FTP Bounce settings When connecting to an FTP server, the client sends a PORT command specifying the IP address and port to which the FTP server should connect and send data.
Page 290 String. Indicates whether to log FTP Bounce attacks. This can have the following values: • enabled - Log FTP Bounce attacks. • disabled - Do not log FTP Bounce attacks. enabled The default value is D-Link NetDefend CLI Reference Guide...
Page 291: Smartdefense Ai Ftp Commands
smartdefense ai ftp commands URPOSE smartdefense ai ftp commands command settings in the following ways: • Adding FTP commands • Modifying FTP commands • Deleting FTP commands • Displaying and exporting FTP commands • Clearing the FTP Commands table Some seldom-used FTP commands may compromise FTP server security and integrity.
Page 292 SmartDefense will allow this command. • - The FTP command is illegal. false SmartDefense will handle this command in accordance with enforce-commands settings specified in smartdefense ai ftp on page 274. true The default value is D-Link NetDefend CLI Reference Guide...
Page 293 XAMPLE The following command adds an FTP command and marks it as illegal: add smartdefense ai ftp commands command ARBOR allowed true XAMPLE The following command marks FTP command 1 in the FTP Commands table as legal: set smartdefense ai ftp commands 1 allowed false XAMPLE The following command deletes FTP command 1 in the FTP Commands table: delete smartdefense ai ftp commands 1...
Page 294: Smartdefense Ai Im Icq
String. Indicates whether to enable ICQ connection blocking. This can have the following values: • enabled - ICQ connection blocking is enabled. • disabled - ICQ connection blocking is disabled. disabled The default value is D-Link NetDefend CLI Reference Guide...
Page 295 block-proprietary XAMPLE The following command enables blocking and logging ICQ connections: set smartdefense ai im icq enforce enabled log enabled XAMPLE The following command displays all ICQ SmartDefense settings: show smartdefense ai im icq Chapter 5: CLI Variables String. Indicates whether to log ICQ connections. This can have the following values: •...
Page 296: Smartdefense Ai Im Skype
The following command enables blocking and logging Skype connections: set smartdefense ai im skype enforce enabled log enabled XAMPLE The following command displays all Skype SmartDefense settings: show smartdefense ai im skype variable is used for working with Skype D-Link NetDefend CLI Reference Guide...
Page 297: Smartdefense Ai Im Yahoo
smartdefense ai im yahoo URPOSE smartdefense ai im yahoo instant messenger settings in the following ways: • Configuring Yahoo SmartDefense settings • Displaying and exporting Yahoo SmartDefense settings SmartDefense can block Yahoo connections, by identifying the Yahoo application's fingerprints and HTTP headers. Note: SmartDefense can detect Yahoo traffic regardless of the TCP port being used to initiate the session.
Page 298: Smartdefense Ai P2P Bittorrent
String. Indicates whether to enable BitTorrent connection blocking. This can have the following values: • enabled - BitTorrent connection blocking is enabled. • disabled - BitTorrent connection blocking is disabled. disabled The default value is D-Link NetDefend CLI Reference Guide...
Page 299 block-proprietary XAMPLE The following command enables blocking and logging BitTorrent connections: set smartdefense ai p2p bittorrent enforce enabled log enabled XAMPLE The following command displays all BitTorrent SmartDefense settings: show smartdefense ai p2p bittorrent Chapter 5: CLI Variables String. Indicates whether to log BitTorrent connections. This can have the following values: •...
Page 300: Smartdefense Ai P2P Emule
[enforce enforce] [log log] [block-proprietary block- proprietary] When used with show show smartdefense ai p2p emule [enforce | log | block-proprietary] IELDS See smartdefense ai p2p bittorrent on page 286. variable is used for working with eMule D-Link NetDefend CLI Reference Guide...
Page 301 XAMPLE The following command enables blocking and logging eMule connections: set smartdefense ai p2p emule enforce enabled log enabled XAMPLE The following command displays all eMule SmartDefense settings: show smartdefense ai p2p emule Chapter 5: CLI Variables smartdefense ai p2p emule...
Page 302: Smartdefense Ai P2P Gnutella
[enforce enforce] [log log] [block-proprietary block-proprietary] When used with show show smartdefense ai p2p gnutella [enforce | log | block-proprietary] IELDS See smartdefense ai p2p bittorrent on page 286. variable is used for working with D-Link NetDefend CLI Reference Guide...
Page 303 XAMPLE The following command enables blocking and logging Gnutella connections: set smartdefense ai p2p gnutella enforce enabled log enabled XAMPLE The following command displays all Gnutella SmartDefense settings: show smartdefense ai p2p gnutella Chapter 5: CLI Variables smartdefense ai p2p gnutella...
Page 304: Smartdefense Ai P2P Kazaa
[enforce enforce] [log log] [block-proprietary block- proprietary] When used with show show smartdefense ai p2p kazaa [enforce | log | block-proprietary] IELDS See smartdefense ai p2p bittorrent on page 286. variable is used for working with KaZaA D-Link NetDefend CLI Reference Guide...
Page 305 XAMPLE The following command enables blocking and logging KaZaA connections: set smartdefense ai p2p kazaa enforce enabled log enabled XAMPLE The following command displays all KaZaA SmartDefense settings: show smartdefense ai p2p kazaa Chapter 5: CLI Variables smartdefense ai p2p kazaa...
Page 306: Smartdefense Ai Routing Igmp
String. Indicates whether to enable IGMP attack blocking. This can have the following values: • enabled - IGMP attack blocking is enabled. • disabled - IGMP attack blocking is disabled. The default value is disabled D-Link NetDefend CLI Reference Guide...
Page 307 enforce-mcast XAMPLE The following command enables blocking and logging IGMP attacks: set smartdefense ai routing igmp enforce enabled log enabled XAMPLE The following command displays IGMP multicast settings: show smartdefense ai routing igmp enforce-mcast Chapter 5: CLI Variables String. Indicates whether to log IGMP attacks. This can have the following values: •...
Page 308: Smartdefense Network-Security Dos Flooding
YNTAX When used with set smartdefense network-security dos flooding [enforce enforce] [log log] [percent percent] When used with show show smartdefense network-security dos flooding [enforce | log | percent] variable is used for D-Link NetDefend CLI Reference Guide...
Page 309 IELDS enforce percent Chapter 5: CLI Variables smartdefense network-security dos flooding String. Indicates whether to enable blocking additional non- TCP connections, when the percentage of state table capacity used for non-TCP connections reaches the threshold. This can have the following values: •...
Page 310 The following command enables blocking and logging non-TCP connections that exceed the 50% of the state table capacity: set smartdefense network-security dos flooding enforce enabled log enabled percent 50 XAMPLE The following command displays all Non-TCP Flooding settings: show smartdefense network-security dos flooding D-Link NetDefend CLI Reference Guide...
Page 311: Smartdefense Network-Security Dos Land
smartdefense network-security dos land URPOSE smartdefense network-security dos land working with LAND settings in the following ways: • Configuring LAND settings • Displaying and exporting LAND settings In a LAND attack, the attacker sends a SYN packet, in which the source address and port are the same as the destination (the victim computer).
Page 312 XAMPLE The following command enables blocking and logging LAND attacks: set smartdefense network-security dos land enforce enabled log enabled XAMPLE The following command displays all LAND settings: show smartdefense network-security dos land D-Link NetDefend CLI Reference Guide...
Page 313: Smartdefense Network-Security Dos Ping-Of-Death
smartdefense network-security dos ping-of-death URPOSE smartdefense network-security dos ping-of-death used for working with Ping of Death settings in the following ways: • Configuring Ping of Death settings • Displaying and exporting Ping of Death settings In a Ping of Death attack, the attacker sends a fragmented PING request that exceeds the maximum IP packet size (64KB).
Page 314 String. Indicates whether to log Ping of Death attacks. This can have the following values: • enabled - Log Ping of Death attacks. • disabled - Do not log Ping of Death attacks. enabled The default value is D-Link NetDefend CLI Reference Guide...
Page 315: Smartdefense Network-Security Dos Teardrop
smartdefense network-security dos teardrop URPOSE smartdefense network-security dos teardrop working with Teardrop settings in the following ways: • Configuring Teardrop settings • Displaying and exporting Teardrop settings In a Teardrop attack, the attacker sends two IP fragments, the latter entirely contained within the former.
Page 316 String. Indicates whether to log Teardrop attacks. This can have the following values: • enabled - Log Teardrop attacks. • disabled - Do not log Teardrop attacks. enabled The default value is D-Link NetDefend CLI Reference Guide...
Page 317: Smartdefense Network-Security Ip-Icmp Cisco-Ios
smartdefense network-security ip-icmp cisco-ios URPOSE smartdefense network-security ip-icmp cisco-ios used for working with Cisco IOS DOS settings in the following ways: • Configuring Cisco IOS DOS settings • Displaying and exporting Cisco IOS DOS settings Cisco routers are configured to process and accept Internet Protocol version 4 (IPv4) packets by default.
Page 318 SWIPE - Protocol 53 type. This can have the following values: • enabled - Packet dropping is enabled for this protocol type. • disabled - Packet dropping is disabled for this protocol type. enabled The default value is D-Link NetDefend CLI Reference Guide...
Page 319 proto-55 proto-77 XAMPLE The following command enables blocking and logging Cisco IOS DOS attacks, as well as dropping PIM - Protocol 103 packets: set smartdefense network-security ip-icmp cisco-ios enforce enabled log enabled proto-103 enabled XAMPLE The following command displays all Cisco IOS DOS settings: show smartdefense network-security ip-icmp cisco-ios Chapter 5: CLI Variables smartdefense network-security ip-icmp cisco-ios...
Page 320: Smartdefense Network-Security Ip-Icmp Fragments
When used with set smartdefense network-security ip-icmp fragments [forbid forbid] [max- incomplete max-incomplete] [timeout timeout] [log log] When used with show show smartdefense network-security ip-icmp fragments [forbid | max-incomplete | timeout | log] variable is D-Link NetDefend CLI Reference Guide...
Page 321 IELDS forbid max-incomplete timeout Chapter 5: CLI Variables smartdefense network-security ip-icmp fragments String. Indicates whether to enable dropping all fragmented packets. This can have the following values: • enabled - Fragmented packet dropping is enabled. • disabled - Fragmented packet dropping is disabled.
Page 322 XAMPLE The following command enables dropping IP and logging IP fragments: set smartdefense network-security ip-icmp fragments forbid enabled log enabled XAMPLE The following command displays all IP Fragments settings: show smartdefense network-security ip-icmp fragments D-Link NetDefend CLI Reference Guide...
Page 323: Smartdefense Network-Security Ip-Icmp Max-Ping-Size
smartdefense network-security ip-icmp max-ping- size URPOSE smartdefense network-security ip-icmp max-ping-size variable is used for working with Max Ping Size settings in the following ways: • Configuring Max Ping Size settings • Displaying and exporting Max Ping Size settings PING (ICMP echo request) is a program that uses ICMP protocol to check whether a remote machine is up.
Page 324 This can have the following values: • enabled - Log the responses. • disabled - Do not log the responses. enabled The default value is Integer. The maximum data size for ICMP echo response. The default value is 1500. D-Link NetDefend CLI Reference Guide...
Page 325: Smartdefense Network-Security Ip-Icmp Net-Quota
smartdefense network-security ip-icmp net-quota URPOSE smartdefense network-security ip-icmp net-quota used for working with Network Quota settings in the following ways: • Configuring Network Quota settings • Displaying and exporting Network Quota settings An attacker may try to overload a server in your network by establishing a very large number of connections per second.
Page 326 IP address. The default value is 100. Set a lower threshold for stronger protection against DoS attacks. Note: Setting this value too low can lead to false alarms. D-Link NetDefend CLI Reference Guide...
Page 327 XAMPLE The following command enables blocking and logging connections from a specific source that exceeds 150 connections/second: set smartdefense network-security ip-icmp net-quota enforce enabled log enabled max 150 XAMPLE The following command displays all Network Quota settings: show smartdefense network-security ip-icmp net-quota Chapter 5: CLI Variables smartdefense network-security ip-icmp net-quota...
Page 328: Smartdefense Network-Security Ip-Icmp Null-Payload
String. Indicates whether to log null payload ping packets. This can have the following values: • enabled - Log the packets. • disabled - Do not log the packets. enabled The default value is D-Link NetDefend CLI Reference Guide variable...
Page 329 XAMPLE The following command enables blocking and logging null payload packets: set smartdefense network-security ip-icmp null-payload enforce enabled log enabled XAMPLE The following command displays all Null Payload settings: show smartdefense network-security ip-icmp null-payload Chapter 5: CLI Variables smartdefense network-security ip-icmp null-payload...
Page 330: Smartdefense Network-Security Ip-Icmp Packet-Sanity
String. Indicates whether to enable blocking packets that fail a sanity test. This can have the following values: • enabled - Blocking is enabled. • disabled - Blocking is disabled. enabled The default value is D-Link NetDefend CLI Reference Guide...
Page 331 disable-relaxed- udp-len- verification Chapter 5: CLI Variables smartdefense network-security ip-icmp packet-sanity String. Indicates whether to log packets that fail a sanity test. This can have the following values: • enabled - Log the packets. • disabled - Do not log the packets. enabled The default value is String.
Page 332 The following command enables blocking and logging packets that fail a sanity test: set smartdefense network-security ip-icmp packet-sanity enforce enabled log enabled XAMPLE The following command displays all Packet Sanity settings: show smartdefense network-security ip-icmp packet-sanity D-Link NetDefend CLI Reference Guide...
Page 333: Smartdefense Network-Security Ip-Icmp Welchia
smartdefense network-security ip-icmp welchia URPOSE smartdefense network-security ip-icmp welchia for working with Welchia worm settings in the following ways: • Configuring Welchia worm settings • Displaying and exporting Welchia worm settings The Welchia worm uses the MS DCOM vulnerability or a WebDAV vulnerability. After infecting a computer, the worm begins searching for other live computers to infect.
Page 334 String. Indicates whether to log Welchia worm attacks. This can have the following values: • enabled - Log the attack. • disabled - Do not log the attack. enabled The default value is D-Link NetDefend CLI Reference Guide...
Page 335: Smartdefense Network-Security Port-Scan Host-Port-Scan
smartdefense network-security port-scan host-port- scan URPOSE smartdefense network-security port-scan host-port-scan variable is used for working with Host Port Scan settings in the following ways: • Configuring Host Port Scan settings • Displaying and exporting Host Port Scan settings An attacker can perform a port scan to determine whether ports are open and vulnerable to an attack.
Page 336 If the threshold is exceeded for 30 seconds, SmartDefense will not detect the activity as a port scan. The default value is 20 seconds. D-Link NetDefend CLI Reference Guide value, within the number of value, in order for value, within the number of...
Page 337 external-only XAMPLE The following command configures SmartDefense to detect the accessing of 30 or more ports within a period of up to 20 seconds as a Host Port Scan: set smartdefense network-security port-scan host-port-scan num 30 period 20 XAMPLE The following command displays all Host Port Scan settings: show smartdefense network-security port-scan host-port-scan Chapter 5: CLI Variables smartdefense network-security port-scan host-port-scan...
Page 338: Smartdefense Network-Security Port-Scan Ip-Sweep-Scan
YNTAX When used with set smartdefense network-security port-scan ip-sweep-scan [num num] [period period] [external-only external-only] [log log] When used with show show smartdefense network-security port-scan ip-sweep-scan [num | period | external-only | log] D-Link NetDefend CLI Reference Guide...
Page 339 IELDS period Chapter 5: CLI Variables smartdefense network-security port-scan ip-sweep-scan Integer. The minimum number of ports that must be accessed period within the period, in order for SmartDefense to detect the activity as a port scan. SmartDefense detects ports scans by measuring the number of ports accessed over a period of time.
Page 340 The default value is String. Indicates whether to issue logs for scans. This can have the following values: • enabled - Log the scan. • disabled - Do not log the scan. disabled The default value is D-Link NetDefend CLI Reference Guide...
Page 341: Smartdefense Network-Security Tcp Small-Pmtu
smartdefense network-security tcp small-pmtu URPOSE smartdefense network-security tcp small-pmtu for working with Small PMTU settings in the following ways: • Configuring Small PMTU settings • Displaying and exporting Small PMTU settings Small PMTU (Packet MTU) is a bandwidth attack in which the client fools the server into sending large amounts of data using small packets.
Page 342 Integer. The minimum value allowed for the MTU field in IP packets sent by a client. An overly small value will not prevent an attack, while an overly large value might degrade performance and cause legitimate requests to be dropped. The default value is 300. D-Link NetDefend CLI Reference Guide...
Page 343: Smartdefense Network-Security Tcp Strict-Tcp
smartdefense network-security tcp strict-tcp URPOSE smartdefense network-security tcp strict-tcp for working with Strict TCP settings in the following ways: • Configuring Strict TCP settings • Displaying and exporting Strict TCP settings Out-of-state TCP packets are SYN-ACK or data packets that arrive out of order, before the TCP SYN packet.
Page 344 String. Indicates whether to log out-of-state TCP packets. This can have the following values: • enabled - Log the packet. • disabled - Do not log the packet. enabled The default value is D-Link NetDefend CLI Reference Guide...
Page 345: Smp
URPOSE variable is used for doing the following: • Connecting to a Service Center • Disconnecting from a Service Center • Displaying and exporting Service Center connection settings • Configuring the Software Updates service when the appliance is locally managed Note: Check with your reseller regarding availability of subscription services, or surf to www.sofaware.com/servicecenters to locate your nearest Service Center.
Page 346 String. The Software Updates service mode. This can have the following values: • automatic - The appliance automatically checks for software updates and installs them without user intervention. • manual - Software updates must be checked for manually. D-Link NetDefend CLI Reference Guide...
Page 347: Snmp
snmp URPOSE variable is used for working with SNMP in the following ways: snmp • Enabling and configuring SNMP access to the NetDefend Portal • Displaying and exporting SNMP settings NetDefend firewall users can monitor the NetDefend firewall, using tools that support SNMP (Simple Network Management Protocol).
Page 348 The SNMP agents use the SNMP community string as a password, when connecting to the NetDefend firewall. public The default value is String. A description of the appliance's location. This information will be visible to SNMP agents, and is useful for administrative purposes. D-Link NetDefend CLI Reference Guide...
Page 349 contact port XAMPLE The following command enables NetDefend users to access the NetDefend Portal using SNMP from any IP address: set snmp mode any XAMPLE The following command displays the IP address or IP address range from which SNMP access is granted: show snmp iprange Chapter 5: CLI Variables String.
Page 350: Ssh
Internet, by configuring remote SSH access. You can also integrate the NetDefend firewall with SSH-based management systems. Note: The NetDefend firewall supports SSHv2 clients only. YNTAX When used with set ssh [mode mode] [iprange iprange] When used with show show ssh [mode | iprange] D-Link NetDefend CLI Reference Guide...
Page 351 IELDS mode iprange Chapter 5: CLI Variables String. Indicates from where SSH access to the NetDefend Portal should be granted. This can have the following values: • internal - The internal network only. This disables remote SSH capability. • range - A particular range of IP addresses.
Page 352 The following command enables NetDefend users to access the NetDefend Portal using SSH from any IP address: set ssh mode any XAMPLE The following command displays the IP address or IP address range from which SSH access is granted: show ssh iprange D-Link NetDefend CLI Reference Guide...
Page 353: Statistics
statistics URPOSE variable is used for working with Traffic Monitor settings in the statistics following ways: • Configuring Traffic Monitor settings • Displaying and exporting Traffic Monitor settings The Traffic Monitor displays traffic rates in kilobits/second. If desired, you can change the interval at which the NetDefend firewall should collect traffic data.
Page 354 XAMPLE The following command displays the Traffic Monitor settings: show statistics D-Link NetDefend CLI Reference Guide...
Page 355: Syslog
syslog URPOSE variable is used for working with NetDefend firewall Syslog settings syslog in the following ways: • Configuring Syslog settings • Displaying and exporting Syslog settings You can configure the NetDefend firewall to send event logs to a Syslog server residing in your internal network or on the Internet.
Page 356 This can have the following values: • An IP address • undefined - No Syslog server is defined. undefined The default value is Integer. The port number of the Syslog server. The default value is 514. D-Link NetDefend CLI Reference Guide...
Page 357: Users
users URPOSE variable is used for working with local users in the following ways: users • Adding NetDefend firewall users • Modifying NetDefend firewall users details • Deleting NetDefend firewall users • Displaying and exporting NetDefend firewall users details • Clearing the Users table Note: You cannot change the following details for the admin user (user 1): •...
Page 358 - The user can log on to the NetDefend Portal, but cannot modify system settings. • readwrite - The user can log on to the NetDefend Portal and modify system settings. none The default level is D-Link NetDefend CLI Reference Guide...
Page 359 vpnaccess filteroverride hotspotaccess Chapter 5: CLI Variables String. Indicates whether to allow the user to connect to this NetDefend firewall using their VPN client. This can have the following values: • true - The user can remotely access your network via VPN. •...
Page 360 MMM DD YYYY hh:mm:ss<meridian> where: MMM = month DD = day YYYY = year hh = hours mm = minutes = seconds <meridian> = AM or PM For example, "Dec 01 2005 06:16:00PM" The default value is never D-Link NetDefend CLI Reference Guide...
Page 361 XAMPLE The following command deletes user 2: delete users 2 XAMPLE The following command displays the details for all users: show users XAMPLE The following command clears the Users table: clear users Chapter 5: CLI Variables users...
Page 362: Vlan
By default, traffic from a VLAN to any other internal network (including other VLANs) is blocked. In this way, defining VLANs can increase security and reduce network congestion. D-Link NetDefend CLI Reference Guide...
Page 363 You can easily customize this behavior by creating firewall user rules. For information on defining rules, see fw rules on page 137. For information on the default security policy for VLANs, refer to the User Guide. The NetDefend firewall supports the following VLAN types: •...
Page 364 9 to the last tag-based VLAN you defined, then by default the new VLAN network's tag will be This field is only relevant for tag-based VLANs. The default value for port-based VLANs is 0. D-Link NetDefend CLI Reference Guide...
Page 365 address netmask dhcpserver Chapter 5: CLI Variables IP Address. The IP address of the VLAN network's default gateway. The default value is 192.168.200.1. Note: The VLAN network must not overlap the LAN network. IP Address. The VLAN network’s internal network range. String.
Page 366 IP Address. The IP address of the desired relay DHCP server. This can have the following values: • An IP address • undefined - No relay DHCP server is defined. The default value is undefined This field is only relevant if DHCP relay is enabled. D-Link NetDefend CLI Reference Guide...
Page 367 virtualip hidenat Chapter 5: CLI Variables IP Address. The default gateway IP address. This can have the following values: • An IP address - This can be any unused IP address in the VLAN network, and must be the same for both gateways. •...
Page 368 String. Indicates whether to enable Secure HotSpot for the VLAN network. This can have the following values: • enabled - Secure HotSpot is enabled for the VLAN. • disabled - Secure HotSpot is disabled for the VLAN. disabled The default value is D-Link NetDefend CLI Reference Guide...
Page 369: Vlan Ospf
vlan ospf URPOSE variable is used for working with OSPF (Open Shortest Path vlan ospf First) settings for VLAN networks in the following ways: • Configuring OSPF cost for the VLAN • Displaying and exporting OSPF settings for the VLAN, including authentication settings For information on configuring, displaying, and exporting specific authentication settings, see vlan ospf md5 on page 359.
Page 370 XAMPLE The following command sets the OSPF cost for VLAN network 1: set vlan 1 ospf cost 10 XAMPLE The following command displays the OSPF settings for VLAN network 1: show vlan 1 ospf D-Link NetDefend CLI Reference Guide...
Page 371: Vlan Ospf Md5
vlan ospf md5 URPOSE variable is used for working with OSPF MD5 authentication vlan ospf md5 settings for VLAN networks in the following ways: • Configuring OSPF MD5 authentication settings for the VLAN • Displaying and exporting OSPF MD5 authentication settings for the VLAN This variable is only relevant if OSPF is enabled.
Page 372 The following command displays the OSPF MD5 authentication settings for VLAN network 1: show vlan 1 ospf md5 String. The password to use for authentication. Passwords need not be the identical throughout an OSPF area, but they must be the same for OSPF neighbors. D-Link NetDefend CLI Reference Guide...
Page 373: Vpn Externalserver
vpn externalserver URPOSE vpn externalserver • Configuring the NetDefend Remote Access VPN Server • Displaying and exporting NetDefend Remote Access VPN Server settings You can set up your NetDefend firewall as a Remote Access VPN Server. This is useful when you want to make your network remotely available to authorized users connecting from the Internet.
Page 374 This can have the following values: • enabled - Authenticated users connecting from the Internet can bypass the firewall. • disabled - Authenticated users connecting from the Internet cannot bypass the firewall. disabled The default value is D-Link NetDefend CLI Reference Guide...
Page 375 XAMPLE The following command enables the Remote Access VPN Server and specifies that authenticated users should be allowed to bypass NAT, but not the firewall: set vpn externalserver mode enabled bypassnat enabled bypassfw disabled XAMPLE The following command displays the Remote Access VPN Server Bypass NAT settings: show vpn externalserver bypassnat Chapter 5: CLI Variables...
Page 376: Vpn Internalserver
VPN. For information, see users on page 3 YNTAX When used with set vpn internalserver [mode mode] [bypassfw bypassfw] When used with show show vpn internalserver [mode | bypassfw] variable is used for doing the following: D-Link NetDefend CLI Reference Guide...
Page 377 IELDS mode bypassfw XAMPLE The following command enables the internal VPN Server and specifies that authenticated users should be allowed to bypass NAT, but not the firewall: set vpn internalserver mode enabled bypassfw disabled XAMPLE The following command displays the internal VPN Server Bypass Firewall settings: show vpn internalserver bypassfw Chapter 5: CLI Variables...
Page 378: Vpn Sites
[user user] [password password] [topopass topopass] [servicename servicename] [net1 net1] [netmask1 netmask1] [net2 net2] [netmask2 netmask2] [net3 net3] [netmask3 netmask3] [usepfs usepfs] [phase1ikealgs phase1ikealgs] [phase1exptime phase1exptime] [phase1dhgroup phase1dhgroup] [phase2ikealgs phase2ikealgs] [phase2exptime phase2exptime] [phase2dhgroup phase2dhgroup] [dnsname dnsname] [vtilocalip vtilocalip] [vtiremoteip vtiremoteip] D-Link NetDefend CLI Reference Guide...
Page 379 When used with set vpn sites [number] [name name] [type type] [gateway gateway] [disabled disabled] [gateway2 gateway2] [loginmode loginmode] [configmode configmode] [authmethod authmethod] [keepalive keepalive] [bypassnat bypassnat] [bypassfw bypassfw] [user user] [password password] [topopass topopass] [servicename servicename] [net1 net1] [netmask1 netmask1] [net2 net2] [netmask2 netmask2] [net3 net3] [netmask3 netmask3] [usepfs usepfs] [phase1ikealgs phase1ikealgs] [phase1exptime phase1exptime] [phase1dhgroup phase1dhgroup] [phase2ikealgs phase2ikealgs] [phase2exptime phase2exptime] [phase2dhgroup phase2dhgroup]...
Page 380 IP Address or String. The IP address of the VPN site to use if the primary VPN site fails. This field can have the following values: • An IP address • undefined - No backup VPN site is defined. undefined The default value is D-Link NetDefend CLI Reference Guide...
Page 381 loginmode Chapter 5: CLI Variables String. The mode for logging on to the Remote Access VPN site. This can have the following values: • manual - Configures the VPN site for Manual Login. Manual Login connects only the computer you are currently logged onto to the VPN site, and only when the appropriate user name and password have been entered.
Page 382 . For information on configuring the VPN site's OSPF settings, see vpn sites ospf on page 3 and vpn sites ospf md5 on page This option is only available for Site-to-Site VPN gateways. D-Link NetDefend CLI Reference Guide manual The default value is...
Page 383 authmethod keepalive Chapter 5: CLI Variables String. The VPN authentication mode. This can have the following values: • sharedsecret - Use a shared secret to use for secure communications with the VPN site. This shared secret is a string used to identify the VPN sites to each other.
Page 384 For Site-to-Site VPNs configured to automatically download the network configuration, this is the topology user. String. The password to be used for logging on to the VPN site. This field is only relevant for Remote Access VPNs. D-Link NetDefend CLI Reference Guide...
Page 385 topopass net1 net3 through netmask1 through netmask3 usepfs Chapter 5: CLI Variables String. The topology user’s password. This field is only relevant for Site-to-Site VPNs configured to automatically download the network configuration. IP Address. A destination network addresses at the VPN site to which you want to connect.
Page 386 This is the IKE Phase-1 SA lifetime. A shorter interval ensures higher security, but impacts heavily on performance. Therefore, it is recommended to keep the SA lifetime around its default value. The default value is 1440 minutes (one day). D-Link NetDefend CLI Reference Guide...
Page 387 phase1dhgroup phase2ikealgs phase2exptime Chapter 5: CLI Variables String. The Diffie-Hellman group to use for IKE Phase-1: • automatic - The NetDefend firewall automatically selects a group. • group1 • group2 • group5 A group with more bits ensures a stronger key but lowers performance.
Page 388 IP Address or String. The VPN peer's VTI IP address. This can have the following values: • An IP address • undefined - The VTI IP address is not defined. undefined. The default value is D-Link NetDefend CLI Reference Guide...
Page 389 XAMPLE The following command adds a Remote Access VPN site called "office". The site is enabled. add vpn sites name office type remoteaccess gateway 1.2.3.4 disabled false XAMPLE The following command sets the login mode of VPN site 1 in the VPN Sites table to Automatic.
Page 390: Vpn Sites Ospf
Integer. The OSPF cost of sending a packet through the VPN site's VTI. OSPF routers send a packet to the route that matches the packet's destination and has the lowest cost. The default value is 0. D-Link NetDefend CLI Reference Guide...
Page 391 XAMPLE The following command sets the OSPF cost for VPN site 1: set vpn sites 1 ospf cost 10 XAMPLE The following command displays the OSPF settings for VPN site 1: show vpn sites 1 ospf Chapter 5: CLI Variables vpn sites ospf...
Page 392: Vpn Sites Ospf Md5
OSPF connections. This can have the following values: • true - Use the MD5 authentication scheme. • false - Do not use the MD5 authentication scheme. disabled The default value is Integer. The MD5 key ID to use for authentication. D-Link NetDefend CLI Reference Guide...
Page 393 password XAMPLE The following command enables authentication for OSPF connections for VPN site set vpn sites 1 ospf md5 enabled true key 1 password thepassword XAMPLE The following command displays the OSPF MD5 authentication settings for VPN site 1: show vpn sites 1 ospf md5 Chapter 5: CLI Variables String.
Page 394: Vstream
If you are subscribed to the VStream Antivirus subscription service, VStream Antivirus virus signatures are automatically updated, so that security is always up- to-date, and your network is always protected. For more information on VStream Antivirus, refer to the User Guide. D-Link NetDefend CLI Reference Guide...
Page 395 Note: VStream Antivirus differs from the Email Antivirus subscription service (part of the Email Filtering service) in the following ways: • Email Antivirus is centralized, redirecting traffic through the Service Center for scanning, while VStream Antivirus scans for viruses in the NetDefend gateway itself.
Page 396 XAMPLE The following command enables VStream Antivirus: set vstream mode enabled XAMPLE The following command displays all VStream Antivirus settings, including archive-handling options, advanced options, and policy rules: show vstream D-Link NetDefend CLI Reference Guide...
Page 397: Vstream Archive-Options
vstream archive-options URPOSE vstream archive-options Antivirus archive-handling settings in the following ways: • Configuring VStream Antivirus archive-handling settings • Displaying and exporting the Email Antispam archive-handling settings YNTAX When used with set vstream archive-options [nesting-level nesting-level] [compression-ratio compression-ratio] [archive-failure-action archive-failure-action] [password- protected-action password-protected-action] When used with show...
Page 398 This can have the following values: • pass - Accept the file without scanning it. • block - Block the file. pass The default value is D-Link NetDefend CLI Reference Guide value or the...
Page 399 XAMPLE The following command sets the VStream Antivirus nesting level to 5: vstream archive-options XAMPLE The following command displays the VStream Antivirus archive-handling settings: vstream archive-options show Chapter 5: CLI Variables nesting-level 5 vstream archive-options...
Page 400: Vstream Options
• Displaying and exporting the Email Antispam advanced settings YNTAX When used with set vstream options [unsafe-attachments unsafe-attachments] [safe-filetypes safe- filetypes] [http-ranges http-ranges] When used with show show vstream options [unsafe-attachments | safe-filetypes | http-ranges] variable is used for working with VStream D-Link NetDefend CLI Reference Guide...
Page 401 IELDS unsafe- attachments Chapter 5: CLI Variables String. Indicates whether to block all emails containing potentially unsafe attachments. Unsafe file types are: • DOS/Windows executables, libraries and drivers • Compiled HTML Help files • VBScript files • Files with {CLSID} in their name •...
Page 402 This field can have the following values: • scan - Scan the file. • pass - Accept the file without scanning it. This option reduces the load on the gateway by skipping safe file types. pass The default value is D-Link NetDefend CLI Reference Guide...
Page 403 http-ranges XAMPLE The following command configures VStream Antivirus to skip safe file types: vstream options XAMPLE The following command displays the VStream Antivirus advanced settings: vstream options show Chapter 5: CLI Variables String. Indicates whether to block partial files. A client might attempt to download partial files in the following situations: •...
Page 404: Vstream Policy Rule
Antivirus Policy Rule table, so that rule 1 is applied before rule 2, and so on. This enables you to define exceptions to rules, by placing the exceptions higher up in the table. variable is used for working with VStream D-Link NetDefend CLI Reference Guide...
Page 405 YNTAX When used with add vstream policy rule type type [service service] [src src] [dest dest] [ports ports] [protocol protocol] [index index] [disabled disabled] [direction direction] When used with set vstream policy rule number [type type] [service service] [src src] [dest dest] [ports ports] [protocol protocol] [index index] [disabled disabled] [direction direction] When used with...
Page 406 - The rule should apply to any service. • 80 • 21 • 23 telnet • 25 smtp • 110 pop3 • 137 • 500 • 1720 h323 • 1723 pptp The default value is D-Link NetDefend CLI Reference Guide fields.
Page 407 Chapter 5: CLI Variables IP Address or String. The source of the connections you want to scan or pass. This can have the following values: • An IP address • An IP address range - To specify a range, use the following format: <Start IP Address>-<End IP Address>...
Page 408 A port range - To specify a range, use the following format: <Start Port Number>-<End Port Number> Note: If you do not enter a port or port range, the rule will apply to all ports. D-Link NetDefend CLI Reference Guide...
Page 409 protocol index disabled Chapter 5: CLI Variables String. The protocol for which the rule should apply. This can have the following values: • any - The rule should apply to any protocol. • tcp • udp The default value is Integer.
Page 410 • upload - The rule applies to uploaded data, that is, data flowing from the source of the connection to the destination of the connection. The default value is D-Link NetDefend CLI Reference Guide...
Page 411 XAMPLE The following command creates a Scan rule for FTP connections from the WAN to the LAN: add vstream policy rule type scan service ftp action allow src wan dest lan XAMPLE The following command modifies rule 1 in the VStream Antivirus Policy Rule table, so that it becomes a Pass rule: set vstream policy rule 1 action pass XAMPLE...
Page 412: Webfilter
Note: If you are remotely managed, contact your Service Center to change these settings. For information on temporarily disabling the Web Filtering service, refer to the User Guide. YNTAX When used with set webfilter mode mode When used with show show webfilter [mode] webfilter categories D-Link NetDefend CLI Reference Guide variable.
Page 413 IELDS mode XAMPLE The following command enables the Web Filtering service: set webfilter mode enabled XAMPLE The following command displays all Web Filtering service settings, including the service mode and the categories for which the service is enabled: show webfilter See webfilter categories on page 402 for information about Web Filtering categories.
Page 414: Webfilter Categories
[violence violence] [drugs drugs] [unknown unknown] When used with show show webfilter categories [gambling | adult | criminal | hate | violence | drugs | unknown] variable is used for working with Web Filtering D-Link NetDefend CLI Reference Guide...
Page 415 IELDS gambling/ adult/ criminal/ hate/ violence/ drugs unknown XAMPLE If Web Filtering is enabled, you can use the following command to block websites dealing with hate speech and violence: set webfilter categories hate block violence block For information on enabling the Web Filtering service, see webfilter. XAMPLE The following command displays all Web Filtering category settings: show webfilter categories...
Page 416: Wireless
WPA-PSK settings, see wireless wpapsk on page 421. For information on enabling and configuring the WLAN network, see net wlan on page 219. This variable is only relevant for models supporting a wireless interface. D-Link NetDefend CLI Reference Guide...
Page 417 YNTAX When used with set wireless [netname netname] [hidenetname hidenetname] [country country] [opmode opmode] [macfilter macfilter] [xr xr] [wmm wmm] [channel channel] [xmitpower xmitpower] [datarate datarate] [fragthreshold fragthreshold] [rtsthreshold rtsthreshold] [antenna antenna] [security security] [groupkeyupdateinterval groupkeyupdateinterval] When used with show show wireless [netname | hidenetname | country | opmode | macfilter | xr | wmm | channel | xmitpower | datarate | fragthreshold | rtsthreshold | security | antenna | groupkeyupdateinterval]...
Page 418 String. The country code of the country in which you are located. For a list of country codes, see Country Codes on page 4 Warning: Choosing an incorrect country may result in the violation of government regulations. D-Link NetDefend CLI Reference Guide...
Page 419 opmode Chapter 5: CLI Variables String. The operation mode. This can have the following values: • - Operates in the 2.4 GHz range and offers a maximum theoretical rate of 11 Mbps. When using this mode, only 802.11b stations will be able to connect.
Page 420 The default value is Note: MAC address filtering does not provide strong security, since MAC addresses can be spoofed by a determined attacker. Therefore, it is not recommended to rely on this setting alone for security. D-Link NetDefend CLI Reference Guide...
Page 421 Chapter 5: CLI Variables String. Indicates whether Extended Range (XR) mode is enabled. XR mode allows up to three times the range of a regular 802.11g access point. This can have the following values: • enabled - XR mode is enabled. XR will be automatically negotiated with XR-enabled wireless stations and used as needed.
Page 422 A lower power reduces interference with other access points in the vicinity. full The default value is . It is not necessary to change this value, unless there are other access points in the vicinity. D-Link NetDefend CLI Reference Guide...
Page 423 datarate fragthreshold Chapter 5: CLI Variables Integer or String. The transmission rate. This can have the following values: • auto - The NetDefend firewall automatically selects a rate. • A specific rate: 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, 54, 72, 96, or 108 auto The default value is...
Page 424 If your network is congested, and the users are distant from one another, set the RTS threshold to a low value (around 500). Setting a value equal to the fragmentation threshold effectively disables RTS. The default value is 2346. D-Link NetDefend CLI Reference Guide...
Page 425 antenna Chapter 5: CLI Variables String. The antenna to use for communicating with wireless stations. Multipath distortion is caused by the reflection of Radio Frequency (RF) signals traveling from the transmitter to the receiver along more than one path. Signals that were reflected by some surface reach the receiver after non- reflected signals and distort them.
Page 426 For information on configuring the passphrase, see wireless wpapsk on page . The wireless stations must be configured with this passphrase as well. Integer. The interval (in seconds) between periodic WPA and WPA-PSK key changes. D-Link NetDefend CLI Reference Guide...
Page 427 XAMPLE The following command configures a wireless connection where the SSID is MyOffice, the SSID is hidden, and the security protocol used is WPA-PSK. set wireless netname MyOffice XAMPLE The following command displays the wireless connection's operation mode: show wireless opmode Chapter 5: CLI Variables hidenetname yes security wpapsk wireless...
Page 428: Wireless Wep
This variable is only relevant for models supporting a wireless interface. YNTAX When used with set wireless wep [defkey defkey] [key1 key1] [key2 key2] [key3 key3] [key4 key4] When used with show show wireless wep [defkey | key1 | key2 | key3 | key4] D-Link NetDefend CLI Reference Guide...
Page 429 IELDS defkey key1 - key4 Chapter 5: CLI Variables Integer. The number of the WEP key to use for transmission. The value must be between 1 and 4. The default value is The selected key must be entered in the same key slot (1-4) on the station devices, but the key need not be selected as the transmit key on the stations.
Page 430 The following command configures two WEP keys, and specifies that the second WEP key should be used for transmission: set wireless wep defkey 2 key1 4FC0046169 key2 D8462C0BA9 XAMPLE The following command displays the WEP settings: show wireless wep D-Link NetDefend CLI Reference Guide...
Page 431: Wireless Wpa
wireless wpa URPOSE variable is used for working with WPA2 settings in the wireless wpa following ways: • Configuring the WPA2 settings • Displaying and exporting WPA2 settings The WPA2 security method uses the more secure Advanced Encryption Standard (AES) cipher, instead of the RC4 cipher used by WPA and WEP. When using WPA or WPA-PSK security methods, the NetDefend enables you to restrict access to the WLAN network to wireless stations that support the WPA2 security method.
Page 432 WPA2 only. This can have the following values: • - Only wireless stations using WPA2 can access the WLAN network. • - Wireless stations using either WPA or WPA2 can access the WLAN network. The default value is D-Link NetDefend CLI Reference Guide...
Page 433: Wireless Wpapsk
wireless wpapsk URPOSE wireless wpapsk the following ways: • Configuring the WPA-PSK passphrase • Displaying and exporting the WPA-PSK passphrase This variable is only relevant when a WLAN network is configured, and the selected security protocol is WPA-PSK. For information on enabling and configuring the WLAN network, see net wlan on page 219.
Page 434 String. The passphrase for accessing the network. This must be between 8 and 63 characters. It can contain spaces and special characters, and is case-sensitive. For the highest security, choose a long passphrase that is hard to guess. D-Link NetDefend CLI Reference Guide...
Page 435: Chapter 6: Country Codes
Chapter 6 Table 3: Country Codes Country No country set (default) Albania Algeria Argentina Australia Austria Bahrain Belarus Belgium Belize Bolivia Brazil Brunei Darussalam Bulgaria Chapter 6: Country Codes Country Codes Code wireless wpapsk...
Page 436 Country Canada Chile China Colombia Costa Rica Croatia Cyprus Czech Republic Denmark Dominican Republic Ecuador Egypt El Salvador Estonia Finland France France RES Georgia Germany Code D-Link NetDefend CLI Reference Guide...
Page 437 Country Greece Guatemala Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jordan Kenya Kuwait Latvia Chapter 6: Country Codes Code wireless wpapsk...
Page 438 Country Lebanon Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Malaysia Mexico Monaco Morocco Netherlands New Zealand Nicaragua Norway Oman Pakistan Panama Paraguay Code D-Link NetDefend CLI Reference Guide...
Page 439 Country Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia Singapore Slovak Republic Slovenia South Africa South Korea Spain Sweden Switzerland Syria Chapter 6: Country Codes Code wireless wpapsk...
Page 440 Country Taiwan Thailand Trinidad & Tobago Tunisia Turkey Ukraine United Kingdom United States Uruguay Venezuela Viet Nam Yemen Zimbabwe Code D-Link NetDefend CLI Reference Guide...
Page 441: Glossary Of Terms
ADSL Modem A device connecting a computer to the Internet via an existing phone line. ADSL (Asymmetric Digital Subscriber Line) modems offer a high-speed 'always-on' connection. The Certificate Authority (CA) issues certificates to entities such as gateways, users, or computers. The entity later uses the certificate to identify itself and provide verifiable information.
Page 442 Software embedded in a device. Gateway A network point that acts as an entrance to another network. Hacking An activity in which someone breaks into someone else's computer system, bypasses passwords or licenses in computer programs; or in D-Link NetDefend CLI Reference Guide...
Page 443 other ways intentionally breaches computer security. The end result is that whatever resides on the computer can be viewed and sensitive data can be stolen without anyone knowing about it. Sometimes, tiny programs are 'planted' on the computer that are designed to watch out for, seize and then transmit to another computer, specific types of data.
Page 444 IP address assigned by the ISP among several PCs. Check Point FireWall-1's Stateful Inspection Network Address Translation (NAT) implementation supports hundreds of pre-defined applications, services, and protocols, more than any other firewall vendor. D-Link NetDefend CLI Reference Guide...
Page 445 NetBIOS NetBIOS is the networking protocol used by DOS and Windows machines. Packet A packet is the basic unit of data that flows from one source on the Internet to another destination on the Internet. When any file (e-mail message, HTML file, GIF file etc.) is sent from one place to another on the Internet, the file is divided into "chunks"...
Page 446 Control Protocol (TCP) and, together with IP, is sometimes referred to as UDP/IP. Like the Transmission Control Protocol, UDP uses the Internet Protocol to actually get a data unit (called a datagram) from one computer to another. Unlike D-Link NetDefend CLI Reference Guide...
Page 447 TCP, however, UDP does not provide the service of dividing a message into packets (datagrams) and reassembling it at the other end. UDP is often used for applications such as streaming data. A URL (Uniform Resource Locator) is the address of a file (resource) accessible on the Internet.
Page 449: Index
802.1x • 404 active computers, viewing • 59 active connections, viewing • 64 Appliance Operation commands • 17, 32 backup connection • 131, 214 Block Known Ports • 274 Block Port Overflow • 274 Blocked FTP Commands • 279 CA, explained • 429 cable modem connection •...
Page 450 • 168, 181, 219, 350 explained • 432 high availability configuring • 154, 175, 187, 225, 350 Host Port Scan • 323 HTTPS configuring • 156 explained • 431 using • 156 hub • 431 IGMP • 294 D-Link NetDefend CLI Reference Guide...
Page 451 Informational commands • 17, 44 internal VPN Server configuring • 364 Internet connection configuring • 195, 226 configuring backup • 131, 214 enabling/disabling • 195, 214 viewing information • 78, 94, 109 Internet connection tracking • 154 IP address changing • 181 explained •...
Page 452 PPTP connection • 214 explained • 433 print server • 251 printers changing ports • 251 viewing • 92 Product Key • 67, 123 classes • 253 explained • 253 QoS classes • 253 RADIUS D-Link NetDefend CLI Reference Guide...
Page 453 using • 259, 262 rebooting • 37 Remote Access VPN Servers configuring • 361 Remote Access VPN sites • 366 reports active computers • 59 active connections • 64 event log • 72 traffic • 96, 99, 102 VStream Antivirus • 107 wireless statistics •...
Page 454 • 53 VLAN adding and editing • 350 deleting • 350 port-based • 350 tag-based • 350 explained • 435 server • 361 sites • 366 tunnnels • 104 VPN sites enabling/disabling • 366 D-Link NetDefend CLI Reference Guide...
Page 455 using • 366 VPN tunnels explained • 435 viewing • 104 VStream Antivirus configuring • 382 configuring advanced settings • 385, 388 configuring policy • 392 resetting database • 42 rules • 392 viewing database information • 107 VStream Antivirus rules • 392 WAN •...

D-Link NetDefend DFL-CP310 Cli Reference Manual

Chapter 1: Introduction

Chapter 2: Using the Serial Console

Chapter 3: Using the Netdefend Command Line Interface

Chapter 4: CLI Commands

Chapter 5: CLI Variables

Chapter 6: Country Codes

Glossary of Terms

Index

Quick Links

Related Manuals for D-Link NetDefend DFL-CP310

Summary of Contents for D-Link NetDefend DFL-CP310