1. Manuals
  2. Brands
  3. DPtech Manuals
  4. Firewall
  5. FW1000 SERIES
  6. Maintenance manual

DPtech FW1000 SERIES Maintenance Manual

Hide thumbs Also See for FW1000 SERIES:
Table of Contents

Advertisement

Quick Links

DPtech FW1000 Series Firewall
Maintenance Manual
Manual version: v2.0
Software version: DPX8000-S211C008D014P01
FW1000BLADE-S211C008D014P01
Released date: 2016-09-19

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FW1000 SERIES and is the answer not in the manual?

Questions and answers

Related Manuals for DPtech FW1000 SERIES

Summary of Contents for DPtech FW1000 SERIES

  • Page 1 DPtech FW1000 Series Firewall Maintenance Manual Manual version: v2.0 Software version: DPX8000-S211C008D014P01 FW1000BLADE-S211C008D014P01 Released date: 2016-09-19...
  • Page 2 When you read this document, you are suggested to read the related documents written by DPtech, such as Installation Manual, User Guide, and Command Manual. In addition, this document will be updated regularly because device type constantly changed and the experience of operation and maintenance constantly accumulated, in order to meet the requirement of changing network environment.

  • Page 3: Command Conventions

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Conventions GUI conventions Convention Description > Multi-level menus are separated by“ > ”. Such as System Management > Administrator. < > Button name. Such as click <OK>button. Command conventions Convention Description Boldface Bold text represents keywords that you enter literally as shown..

  • Page 4: Table Of Contents

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Contents 1 Hardware Introduction ........................1-1 1.1 FW1000-TE-N ............................ 1-1 1.1.1 Front view ..........................1-1 1.1.2 Rear view ..........................1-2 1.1.3 Product component ......................... 1-3 1.2 FW1000-TS-E ............................ 1-3 1.2.1 Front view ..........................1-3 1.2.2 Rear view ..........................
  • Page 5 DPtech FW1000 Series Firewall Maintenance Manual v2.0 2.7.3 Connecting Service Port......................2-7 2.8 Connecting Power Cable ........................2-8 2.9 Verify Installation..........................2-8 3 Booting the Device and Upgrading Software ..................3-1 3.1 Power module operation ........................3-1 3.1.1 Replacement method of FW1000-TE-N power module ............3-2 3.1.2 Replacement method of FW1000-TS-E power module ............
  • Page 6 DPtech FW1000 Series Firewall Maintenance Manual v2.0 4.6.2 VSM virtual switching matrix ....................4-36 4.7 Strategy and session management ....................4-43 4.7.1 Adding packet filtering policy ....................4-43 4.7.2 Editing the entry of packet filtering policy ................4-46 4.7.3 Configuring session long connection ..................4-46 4.7.4 Viewing session information ....................
  • Page 7 DPtech FW1000 Series Firewall Maintenance Manual v2.0 6.4.9 Abnormal sesession ........................ 6-8 7 Firewall Fault Information Collection ....................7-1 7.1 Information collection of high CPU usage ..................7-1 7.2 Information collection of high memory utilization ................7-2 7.3 Information collection of abnormal session ..................7-2 7.4 Information collection of VSM problem ....................
  • Page 8 DPtech FW1000 Series Firewall Maintenance Manual v2.0 11 Firewall Operational Command Example ..................11-1 11.1 Device management command ..................... 11-1 11.1.1 reboot ........................... 11-1 11.1.2 sysname ..........................11-1 11.1.3 show cpu-usage........................11-2 11.1.4 show device ......................... 11-3 11.1.5 show environment ....................... 11-5 11.1.6 show environment fan ......................
  • Page 9 DPtech FW1000 Series Firewall Maintenance Manual v2.0 11.6.2 show interface vlan-if ......................11-26 11.7 ARP command ..........................11-27 11.7.1 arp ............................11-27 11.7.2 show arp ..........................11-28 11.8 Show route command ........................11-29 11.8.1 show ip route ........................11-29 11.9 Show hot-standby status ......................11-30 11.9.1 show hotbackup configuration ...................

  • Page 10: Hardware Introduction

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Hardware Introduction FW1000-TE-N 1.1.1 Front view (18) (17) (16) (15) (14) (13) (12) (11) (10) (1) Fan frame 0 (2) Fan frame 1 (3) Power module PWR2 (4) Power module PWR3 (5) Power module PWR0 (6) Power module PWR1 Copyright ©...

  • Page 11: Rear View

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 (7) Service slot (Slot 12) (8) Service slot (Slot 11) (9) Service slot (Slot 10) (10) Service slot (Slot 9) (11) Service slot (Slot 8) (12) Control slot (Slot 7) (13) Control slot (Slot 6)

  • Page 12: Product Component

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 (1) Warning sign (2) Chassis rear cover handle (3) Upper guide rail of dust net (4) Dust net (5) Lower guide rail of dust net (6) Chassis handle (7) Chassis bearing warning identification...

  • Page 13: Rear View

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 1.2.2 Rear view 1.2.3 Product component Processor Processor is the engine for data transmitting and business processing. Flash Flash is used to store the bootstrap program files Conboot. Memory Memory is used to store the communication data with the CPU and running system.

  • Page 14: Rear View

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 1.3.2 Rear view 1.3.3 Product component Processor Processor is the engine for data transmitting and business processing. Flash Flash is used to store the bootstrap program files Conboot. Memory Memory is used to store the communication data with the CPU and running system.

  • Page 15: Rear View

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 1.4.2 Rear view 1.4.3 Product component Processor Processor is the engine for data transmitting and business processing. Flash Flash is used to store the bootstrap program files Conboot. Memory Memory is used to store the communication data with the CPU and running system.。...

  • Page 16: Hardware Installation

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Hardware Installation Preparation for Installation To avoid possible personal injury and equipment damage, please read this chapter carefully before installation. Note that the recommendations do not cover every possible hazardous condition. General Safety Recommendations ...

  • Page 17: Cleanliness Requirement

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Table 2-1 Temperature/humidity requirement in the equipment room Temperature Relative humidity 5℃~40℃ 20%~80%(non-condensation) 2.3.2 Cleanliness Requirement Dust is a hazard to the operating safety of your device. The dust accumulated on the chassis can cause electrostatic adsorption, one of the sources that cause the poor contact of connectors or metal contact points.

  • Page 18: Esd Requirement

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 2.3.3 ESD Requirement Although the device is designed to be electrostatic discharge (ESD) preventive, the device circuits and even the device can be badly damaged when excessive static electricity is present. To get much better ESD effect, you should: ...

  • Page 19: Grounding Requirement

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 2.3.6 .Grounding Requirement Reliable grounding system is the basis for stable and reliable operation of the equipment, and is important for lightning protection, anti-interference, ESD protection. You must provide a good grounding system for the device.

  • Page 20: Installation Procedure

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Installation Procedure Mounting the Device to a Specific Site (1) Mounting Ears Copyright © Hangzhou DPtech Technologies Co. Ltd.

  • Page 21: Connecting Grounding Wires

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 (2) Mounting the Device on a cabinet Connecting Grounding Wires Generally, you can connect the grounding wire to the cabinet grounding trip or connect to the equipment room grounding row. To connect the grounding wire, you can take the following steps: (1) Remove the grounding screw on the rear panel of the device.

  • Page 22: Connecting Interface Cable

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 (1)Hexagon nut (2)Grounding cable (3)Mental wire of the grounding wire (4)Grounding pole stripped insulation rubber (5)Grounding row Connecting Interface Cable 2.7.1 Connecting Configuration Port Cable You can configure the device through RS232 asynchronous serial configuration port (Console port).

  • Page 23: Connecting Power Cable

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 cable. Connecting Power Cable Connect one end of the power cable to the device rear panel power interface, the other end to the power socket. Verify Installation (1) Verify whether the ground wire is connected.

  • Page 24: Booting The Device And Upgrading Software

    Booting the Device and Upgrading Software The following content can guide user to operate DPtech Firewall in stand-alone or HA mode. When one firewall among HA cluster occurs failure, the firewall will be switched to standby firewall and then be operated.

  • Page 25: Replacement Method Of Fw1000-Te-N Power Module

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 3.1.1 Replacement method of FW1000-TE-N power module As the above figure shown, power module locates at the bottom of FW1000-TE-N. When you loosen the nuts of power module (marked in red), you can pull the power module out and replace a new power module.

  • Page 26: Replacement Specification Of Power Module

    Also, you can change the power module at service low-peak period. Operation steps (1) Make sure that the type of power module is right. DPtech firewall consists of AC and DC power module, which cannot be mixed used. (2) Unplug the fault power cord and power module.

  • Page 27: Module Maintenance Condition

    Fan maintenance  The fan of DPtech firewall is built-in. You can observe whether the fan is working properly through LED indicator. If you detect the fan works abnormally, you need to contact DPtech to repair it.
  • Page 28 DPtech FW1000 Series Firewall Maintenance Manual v2.0  When the LED indicator is green, it means the fan works normally; when the LED indicator is red, it means the fan works abnormally. Copyright © Hangzhou DPtech Technologies Co. Ltd.

  • Page 29: Firewall Configuration And Management

    Management Configuration file management 4.1.1 Backup configuration For DPtech firewall, you can backup the configuration file through Webpage or CLI. The system will also backup configuration file regularly, in order to restore the configuration file easily. 4.1.1.1 Webpage backup configuration...
  • Page 30 DPtech FW1000 Series Firewall Maintenance Manual v2.0 4.1.1.2 Backup configuration of command line Command write file View Configuration view Description write file command can beused to save the current device configuration. Example Save the current device configuration. <DPTECH>conf-mode [DPTECH]write file Configuration saved to /config/sys/zebra0.conf...
  • Page 31 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Figure 4-2 Configuration file (2) Click the "enable" check box and configure time unit and time settings.  Unit settings: select the time unit from the drop-down box, including hour, day, and week.

  • Page 32: System Management

    (4) Execute the following command to reconfigure the login user "admin" password: <DPTECH>conf-mode [DPTECH]local-user admin [DPTECH-admin]password “select password type: plaintext or ciphertext, and configure new passowrd” (5) Use new password to login to the system from the Web interface. 4.2.3 Administrator management The administrator module is responsible for the system management and access control.
  • Page 33 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Administrator module has the following features:  Add, delete or set the authentication and login method  Set different privileges for different administrators.  Set the Web access protocol.  Set the service limitation for the device interfaces.
  • Page 34 DPtech FW1000 Series Firewall Maintenance Manual v2.0  Last operation time: the last time that the administrator login to the web.  Login IP address: the IP address that is used by an administrator to login to the web. ...
  • Page 35 DPtech FW1000 Series Firewall Maintenance Manual v2.0  Allowed login IP address: the IP address that is allowed by Web management system  Status: display the status of an administrator account, including normal and locked. After an administrator is locked, the administrator cannot login to the Web.
  • Page 36 LDAP server. LDAP is similar to a simple database, which stores the usernames and passwords during the firewall authentication process. LDAP is commonly used authentication method, DPtech firewall supports the standard third party LDAP server to authenticate administrator at present.
  • Page 37 DPtech FW1000 Series Firewall Maintenance Manual v2.0  Single User Max Login times: the allowed maximum number of Web login user that used the same account.  WEB User Max Login times: the allowed maximum number of Web login user.This parameter is in the range of 1 to 32.
  • Page 38 DPtech FW1000 Series Firewall Maintenance Manual v2.0 can effectively manage all system modules. Select MAIN > System management > Administrator > Web Authority Management to enter the web authority management page, as shown in following figure. Figure 4-8 Privilege Each description of privilege management interface is shown in the following: ...
  • Page 39 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Figure 4-9 Web access protocol Each description of Web access control is shown in the following:  HTTP settings: select whether to enable HTTP settings, then you can login to the Web management system through HTTP protocol. Default port is 80.
  • Page 40 DPtech FW1000 Series Firewall Maintenance Manual v2.0  WEB Allows Login Time: the administrator is allowed to login to the Web management interface if it is in the configured time range.  WEB Attack Protection Settings: read timeout time, which is the maximum buffer time of Web management system access.
  • Page 41 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Figure 4-11 Telnet/SSH login management Each parameter of remote user management page is shown in the following:  You need to configure the following parameters for Telnet login method : Port: the port number of Telnet protocol. Default is 23.

  • Page 42: Viewing System Information

    The terminal output function is disabled by default. You don’t need to use the <disable CLI output> button: in order to view debugging information, DPtech engineer will use the terminal monitor command to enable terminal output function. At this time, the debugging information will display incessantly.

  • Page 43: Memory Information Of The Firewall

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 29% in last 1 minute 29% in last 5 minute 4.3.4 Memory information of the firewall <DPTECH>show memory all Slot 1(MAIN) Total Memory : 8217520 KB Reserved Memory : 383504 KB Available Memory : 7834016 KB...

  • Page 44: Command Line Upgrade Software Version

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 (1) Upload software version Select MAIN > System management > Software version> Main version to enter the main version page, Click <Browse> button to select the software version to be uploaded and click the <Download Version>...

  • Page 45: Conboot Upgrade Software Version

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 [DPTECH]boot-file get DPX8000-S211C008D014P01.bin tftp 192.168.0.10 (2) Set t the software version next time to start, and enter the command of the next boot software version. [DPTECH]boot-file main DPX8000-S211C008D014P01.bin (3) Set the backup version, when the main version is deleted, the backup software version will be used when you reboot the device.
  • Page 46 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Bridge Device Mask: fff0f91f Capacity of DDRII Memory:1024MB CPU Frequency = 1000.000000MHz Detected 8 online CPU(s), map = 0xff CPLD Version :2.00 2009-2-19 PCB Version :A Scanning cfa: Bus 0 ...Found cfa: disk...
  • Page 47 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Load File Name: FW1000-S111C006D007.bin ------------> the version name need to be upgraded Server IP Address:192.168.0.10 ---------------------->Host address for the above version Local IP Address:192.168.0.1 -------------->In the same network segment with the above host’s address.
  • Page 48 DPtech FW1000 Series Firewall Maintenance Manual v2.0 ====================<EXTEND-ConBoot-MENU>==================== <1> Boot System <2> Enter Serial SubMenu <3> Enter Gigeernet SubMenu <4> File Control <5> Modify ConBoot Password <6> Skip Current System Configuration <7> ConBoot Operation Menu <0> reboot ============================================================= enter your choice (0 - 7):0---->Press 0, to restart the device, and the software version that the used software version is the upgraded software version.
  • Page 49 DPtech FW1000 Series Firewall Maintenance Manual v2.0 DPX8000-S211C008D014P01.bin 64333444 ============================================================= enter your chioce:1------------------------------------->Enter version number ============================================================= Modify the file attribute: <1> +Main <2> -Main <3> +Backup <4> -Backup <0> Exit ============================================================= Enter your choice(0-4):1--------------->Set the selected software version as main, which will be used for the device reboot next time.

  • Page 50: Device Hardware Operation

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 <0> Exit To Main Menu ============================================================= enter your choice (0 - 4):3---------------------->Press 3 to enter the delete file interface Display any file(s) in nand0: 'M'= main 'B'=backup ============================================================= filename size type ------------------------------------------------------------- DPX8000-S211C008D013P01.bin 64333234 DPX8000-S211C008D014P01.bin...

  • Page 51: High Reliability

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 High reliability 4.6.1 Silent hot-standby 4.6.1.1 Requirements of the silent hot-standby To configure hot-standby, hardware and OS version are required to meet the following requirements:  The firewall hardware model is the same.
  • Page 52 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Description hotbackup enable command can be used to enable the hot-standby function. no hotbackup enable command can be used to disable the hot-standby function. By default, hot-standby function is disabled. Example # Enable the hot-standby function.
  • Page 53 DPtech FW1000 Series Firewall Maintenance Manual v2.0 [DPTECH]hotbackup mode shrp hotbackup config-sync Command hotbackup config-sync interface if-name peer-ip ip-address no hotbackup config-sync interface View Configuration view Parameter if-name: the Layer 3 port of the hot-standby configuration synchronization. This Layer 3 port cannot be management port.
  • Page 54 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Description hotbackup config-sync disable all command can be used to disable the synchronization function of all modules. The configuration synchronization module includes VPN module, route module, VLAN module, session module. no hotbackup config-sync disable all command can be used to restore to default.
  • Page 55 DPtech FW1000 Series Firewall Maintenance Manual v2.0 synchronization. User can also use this command to disable the specified synchronization module. Example # Disable the function of route module configuration synchronization <DPTECH>conf-mode [DPTECH]hotbackup config-sync disable module route hotbackup shrp priority Command...
  • Page 56 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Parameter if-name: the heartbeat interface of silent hot-standby. This port cannot be the management port. Description hotbackup shrp heartbeat interface command can be used to configure the heartbeat interface of silent hot-standby. This interface can be used to monitor the running state of master and slave device.
  • Page 57 DPtech FW1000 Series Firewall Maintenance Manual v2.0 When you use this command, you should pay attention to: Neighbor timeout time is no less than three multiple of heartbeat interval Example # Configure the heartbeat interval time of hot-standby as 6 second, neighbor timeout time as 24 seconds.
  • Page 58 DPtech FW1000 Series Firewall Maintenance Manual v2.0 View Configuration view Parameter interval-value: the initial step size of the silent hot-standby firewall. This argument can be set in the range of 1 to 10 seconds. times-value: the gratuitous ARP sending times of silent hot-standby. This argument can be set in the range of 1 to 10.
  • Page 59 DPtech FW1000 Series Firewall Maintenance Manual v2.0 By default, there is no silent port in silent hot-standby configuration. Example # Add the silent port gige2_1 in the silent hot-standby configuration <DPTECH> conf-mode hotbackup shrp silence-interface gige2_1 hotbackup shrp monitor-interface Command...
  • Page 60 DPtech FW1000 Series Firewall Maintenance Manual v2.0 View Configuration view Parameter None Description hotbackup shrp standby-always command can be used to enable the firewall’s force silent hot-standby function. This command can be applied to silent hot-standby mode. no hotbackup shrp standby-always command can be used restore to default.
  • Page 61 DPtech FW1000 Series Firewall Maintenance Manual v2.0 [DPTECH]hotbackup shrp trackip dptech 4.6.1.4 Hot-standby management command show hotbackup configuration Command show hotbackup configuration View Global view Parameter None Description show hotbackup configuration command can be used to display hot-standby configuration. Example # Display hot-standby configuration.
  • Page 62 DPtech FW1000 Series Firewall Maintenance Manual v2.0 show hotbackup state Command show hotbackup state View Global view Parameter None Description show hotbackup state command can be used to display hot-standby status. Example # Display hot-standby status. [DPTECH]show hotbackup state hotbackup : enable...
  • Page 63 DPtech FW1000 Series Firewall Maintenance Manual v2.0 (3) Start the prepared backup firewall, you need to check the relevant configuration. (4) Power off the original machine and plug out network cable. (5) Place the new backup firewall, but only connects the heartbeat line. Due to a few effective operated interfaces, the new placed firewall will not be selected as the main firewall.

  • Page 64: Vsm Virtual Switching Matrix

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 (6) Connect the heartbeat line of original master device and then connect all services interfaces, observe the operation status of master and backup firewall. Make sure that the master and backup firewall run well and their service run well, finish the firewall’s upgrade operation.
  • Page 65 DPtech FW1000 Series Firewall Maintenance Manual v2.0 4.6.2.2 Forming of VSM VSM configuration Figure 4-14 VSM configuration Enable the VSM function, the two DPXs are virtualized and formed into one DPX logically. You can management the two devices at the same time. Generally, select 0 for master frame and 1 for backup frame, you can select master and slave according to priority.
  • Page 66 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Figure 4-15 VSM loop network  The second is a chain link. It is simplication of loop connection. When failure happened on one link, VSM system will split to two groups.. Figure 4-16 VSM chain network ...
  • Page 67 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Figure 4-18 VSM combination network Topology connection In VSM network, each member device needs to know the topology of this network and each member has the topology. The VSM ID of each device, the ID number of upstream and downstream node, and other information of each device are contained in the topology.
  • Page 68 DPtech FW1000 Series Firewall Maintenance Manual v2.0 VSM configuration synchronization VSM configuration synchronization involves two steps: batch synchronization during initialization and real-time synchronizes when they run stably. Table 4-1 VSM configuration synchronization Item Description When two devices form VSM, the two devices will select Master device first. Master device uses its own boot configuration file to start, and then synchronize its configuration to Slave device during the starting process.
  • Page 69 DPtech FW1000 Series Firewall Maintenance Manual v2.0  Administrator personnel add new member device to VSM system.  Recovery from failure, when device or link fault are resolved, the recovery device will rejoin VSM system. (2) Member device leaves VSM...
  • Page 70 DPtech FW1000 Series Firewall Maintenance Manual v2.0 by Slave device, and then the isolated Master device will join in VSM system after rebooting. All services are normal during software version updating process. Specific implementation methods are: (1) First, the Slave device to be updated enables isolate status. At this time, all service interfaces are shut down.

  • Page 71: Strategy And Session Management

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Strategy and session management 4.7.1 Adding packet filtering policy Webpage operation  Order: the sequence number of packet filtering policy.  ID: the ID number of packet filtering policy.  Group: the group to which the packet filtering policy belongs ...
  • Page 72 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Management” page. For the specific configuration method, you can refer to the Object Management > IP address section.  Service: the service object or service object group that the IPv4 packet filtering policy is applied.
  • Page 73 DPtech FW1000 Series Firewall Maintenance Manual v2.0 with"large range" strategy, but"small range" policy is not matched. At this time, you need to adjust the order of packet filtering policy by this icon. If you enable the long session conenction function, you need to confiure the parameter of ...

  • Page 74: Editing The Entry Of Packet Filtering Policy

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 4.7.2 Editing the entry of packet filtering policy You can click this entry of policy and edit it directly. The configuration steps are the same with add an entry of policy. (1) Select the policy that you need to edit, and then edit the policy configuration items, including "source zone", "destination zone", "source address", "destination address", "service",...

  • Page 75: Viewing Session Information

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Select Main > System management > Session configuration > Session parameter to enter the long session parameter, as shown in following figure. 4.7.4 Viewing session information Viewing the system session information Select Main > Device Monitor > Session Monitoring > Session List to enter the session list page, and then click <Search>...

  • Page 76: Nat Configuration

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 View the total number of an IP session In the option of initiator destination IP address, you need to fill in the IP address to be queried. Clear session In the operation column, click the button then you can delete this session record.

  • Page 77: Network Interface Maintenance

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Destination NAT: translate user’s destination address and port. Static NAT configuration Select Firewall Module > NAT Configuration > Static NAT to enter the static NAT page. One to one NAT: translate user's source address or destination address. Generally, one inner network IP address only maps to one public network address.

  • Page 78: Port Aggregation

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 4.8.3 Port aggregation Select Main > Interface management > Port aggregation to enter the port aggregation page, and then you can configure the related configuration of port aggregation. On the port aggregation configuration page, there are two parts: Global configuration and port configuration.

  • Page 79: Route Maintenance

    DPtech FW1000 Series Firewall Maintenance Manual v2.0  Aggregation group ID: set the ID of the aggregation group.  Aggregation group name: display the name of the aggregation group.  Aggregation group description: set the description information of aggregation group.

  • Page 80: Routing Protocol Maintenance

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 <DPTECH > View the specific type of routing entry: <DPTECH>show ip route 8.8.8.8 Routing entry for 0.0.0.0/0 Known via "ospf", distance 110, metric 11, best, instance 1 Last update 06w2d09h ago * 60.217.230.81 4.9.2...

  • Page 81: Log Management And Maintenance

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 4.11 Log management and maintenance 4.11.1 Log query Select Main > Log management > System log > System log query to enter the system log query page and search the related information of system log.
  • Page 82 DPtech FW1000 Series Firewall Maintenance Manual v2.0 The parameters of system log configuration are shown in following:  No.: display the serial number of the system log configuration.  IP type: select the IP address type, including IPv4 address or IPv6 address.

  • Page 83: Firewall Daily Maintenance

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Firewall Daily Maintenance Firewall daily monitoring information The firewall can be operated reliably and problem can be solved quickly because of firewall’s daily maintenance. Through active daily maintenance, user can eliminate hidden dangers at the beginning of problem occurred.

  • Page 84: Routine Maintenance Recommendations

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Routine maintenance recommendations Interface check Check type Must be checked. Check condition. The system works normally, and has good ventilation and power supply Check show interface procedure Inspection result The physical status of the interface is UP, the protocol is UP, the interface status is normal, and whether there has packet loss phenomenon.
  • Page 85 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Check condition The system works normally, and has good ventilation and power supply Check show session statistic  procedure The number of new connections has no difference with normal condition Inspection result Alarm threshold: session is 2 times as normal circumstances. Check the reason. When the session is lower than 50% of daily period session, you need to check the reason.
  • Page 86 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Inspection result View VRF status System log view Check type Must be checked Check condition The system works normally, and has good ventilation and power supply Check show logging procedure Inspection result Check log’s storage space and utilization.

  • Page 87: Firewall Emergency Handling

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Firewall Emergency Handling Basic principles of emergency handling The principle of emergency handling is: ensure network traffic first and then repair network; ensure core network first and then edge network; ensure inner network first and then outer network.

  • Page 88: Snmp Monitors Firewall Oid

    5Gbps * According to the number of inserted boards. One board’s throughput rate is 35Gbps.. 6.3.2 SNMP monitors firewall OID The SNMP enterprise OID of DPtech product is 31648, here is the DPtech system and device MIB Library. dptech-system.mib dptech-device.mib Common OID and interface bandwidth trend chart are shown in the following: ...

  • Page 89: Snmp Trap

    6.3.3 SNMP Trap When an important event occurs, DPtech firewall sends SNMP Trap to the SNMP management system actively, so that system manager can handle the problem as soon as possible. Events that can be sent through SNMP Trap, including: ...

  • Page 90: Configuration Backup

    If user makes sure that the hardware fault happens on online running firewall, user can feedback to DPtech after-sales engineers. DPtech engineer will response to user as much as they can. 6.4.2 High CPU usage 6.4.2.1...
  • Page 91 DPtech FW1000 Series Firewall Maintenance Manual v2.0 CpuId 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Usage 7% 1% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 2% 34% 39% 37%...

  • Page 92: Memory Usage Is High

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 6.4.2.3 High CPU utilization is caused by a blocked data stream If the firewall encounters a large data stream tried to pass through the firewall, the firewall security policy does not allow the data stream go through and block it, which may cause high CPU utilization.

  • Page 93: Packet Loss Problems

    According to specific circumstances, contact DPtech engineer to customize solutions. Copyright © Hangzhou DPtech Technologies Co. Ltd.

  • Page 94: Abnormal Sesession

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 6.4.9 Abnormal sesession There are many kinds of abnormal session situation. You can refer to "New sessions lead high CPU utilization" section to find out which host’s session is suddenly high, and then isolate the problem host.

  • Page 95: Firewall Fault Information Collection

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Firewall Fault Information Collection Information collection of high CPU usage Fault description Here fill in the fault time, symptoms, and the debugging process. Version/hardware platform <DPTECH>show version CPU information <DPTECH>show cpu-usage // Observe the average CPU usage, refresh screen 5 times.

  • Page 96: Information Collection Of High Memory Utilization

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 A comprehensive collection of information ip-address <DPTECH>show tech-support send device-info // Quickly upload to a TFTP server Information collection of high memory utilization Fault description Here fill in the fault time, symptoms, and the debugging process.

  • Page 97: Information Collection Of Vsm Problem

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Version/hardware platform <DPTECH> show version session detailed information <DPTECH>show session static Session statistics SNMP Trend chart From SNMP management system, you can snap each in-use interface image in the failure period.. Topology Use physical diagram to show the deployment method of the firewall and connection information..

  • Page 98: Information Collection Of Static Hot-Standby

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Here fill in the fault time, symptoms, and the debugging process. Version/hardware platform <DPTECH>show version HA master and standby status information <DPTECH>show vsm Observe HA monitor interface and heartbeat interface status: if-name <DPTECH>show interface...

  • Page 99: Information Collection Of Routing Problem

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 SNMP Trend chart From SNMP management system, you can snap each in-use interface image in the failure period. Topology Use physical diagram to show the deployment method of the firewall and connection information.

  • Page 100: Information Collection Of Nat Problem

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 The logs are recorded when failure happens, you can obtain them from local memory, hard disk, or remote server. A comprehensive collection of information ip-address <DPTECH>show tech-support send device-info // Quickly upload to a TFTP server...

  • Page 101: Information Collection Of Packet Loss Problem

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Information collection of packet loss problem Fault description Here fill in the fault time, symptoms, and the debugging process. Version/hardware platform <DPTECH>show version Detailed Information collection of packet loss problem From SNMP management system, you can snap each in-use interface image in the failure period., CPU/Memory/ Session trend chart;...

  • Page 102: Information Collection Of Throughput Exception

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Information collection of throughput exception Fault description Here fill in the fault time, symptoms, and the debugging process Version/hardware platform <DPTECH> show version Detailed information of throughput (1) Observer Web interface  Select MAIN > Home page >Session statistics to enter the session statistics page.

  • Page 103: Information Collection Of Delay Problem

    If the gathered information is not sufficient to determine what reason caused problem, you can view the Device information/ Status on the webpage and you can view whether system log is warning. After that you can contact DPtech after-sales engineers or you can call 400-6100598 to solve problems. SNMP Trend chart From SNMP management system, you can snap each in-use interface image in the failure period.,...
  • Page 104 DPtech FW1000 Series Firewall Maintenance Manual v2.0 SNMP Trend chart From SNMP management system, you can snap each in-use interface image in the failure period., CPU/Memory/ Session trend chart; Topology Use physical diagram to show the deployment method of the firewall and connection information.

  • Page 105: Firewall Fault Diagnosis

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Firewall Fault Diagnosis Packet processing procedure After data packets received by the inbound interface of firewall, data packets will be processed and will be send to the outside by outbound interface, as shown in following figure:...
  • Page 106 DPtech FW1000 Series Firewall Maintenance Manual v2.0 (3) Query forwarding entry Checks whether data packets have established session table, if established, data packets will be forwarded according to session table. (4) Layer 2 and Layer 3 forwarding start According to the received data packets, the firewall will execute Layer 2 and Layer 3 forwarding.

  • Page 107: Analysis Command Of Data Flow

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Analysis command of data flow 8.2.1 packet-tracer Command packet-tracer input if-name ( rawip src-ip protocol-id dst-ip | icmp src-ip icmp-type icmp-code [ identifier ] dst-ip | udp src-ip sport dst-ip dport | tcp src-ip sport dst-ip dport ) [ slot slot_id...
  • Page 108 DPtech FW1000 Series Firewall Maintenance Manual v2.0 <DPTECH>packet-tracer input gige0_0 tcp 10.35.5.70 40131 10.28.17.1 21 Phase: 1 Type: input Subtype: Result: ALLOW Additional Information: (interface-up) Interface is up Phase: 2 Type: blackname Subtype: Result: ALLOW Config: 0 Additional Information: Phase: 3...

  • Page 109: Capture Packet On Graphical Interface

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 input-status:up input-line-status:up output-interface:gige0_7 output-status:up output-line-status:up action:ALLOW Capture packet on graphical interface Select Main > Network protocol > Diagnostic tools > Capture to enter the capture page, as shown in following figure. Figure 1-2 Capture (1) As shown in above figure, configure the relevant parameters of captured packets, including the "Designated IP address", "Designated protocol", "...

  • Page 110: Capture Command In Details

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Capture command in details 8.4.1 sniffer filter Command sniffer filter ( on | off | reset ) View User view Parameter None Description sniffer filter on command can be used to configure the filter condition as all.

  • Page 111: Sniffer

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 vlan-tag: the packet that includes VLAN-Tag. Description sniffer print command can be used to enable the device print information switch that displays the packet ID, MAC, IPv4 fragmentation packet, and the data packet that contains part of VLAN-Tag information.

  • Page 112: Show Sniffer

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 pf6: the filtered IPv6 packets. session: the packets that is created by session vlan: the VLAN packets. Description sniffer count command can be used to start packets statistic. sniffer capture command can be used to capture packets.

  • Page 113: Clear Sniffer Filter

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 [Arp ] --- in packets num:145, out packets num:126, count num:271 All packets count : 279 # Display the configured filtering condition of sniffer. <DPTECH>show sniffer filter filter: interface : gige4_14 gige4_16 l3protocol : any...

  • Page 114: Firewall Maintenance Tools

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Firewall Maintenance Tools Ping Command ping [ { ( -D vrf-name | -c count | -i wait-time | -p pattern | -s data-bytes | -w time-out | -f | -n | -q |...

  • Page 115: Telnet

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 -M: the specified MTU discovery policy. lsp: ping the specified node of label switching path. do: prohibit fragmentation, even local one. don’t: do not set DF flag. want: do PMTU discovery, fragment locally when packet size is large...

  • Page 116: Ssh

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Parameter port-id: Telnet service port number. This argument can be set in the range of 1 to 65535. Description telnet enable command can be used to enable the Telnet service. After you enable Telnet service, the Telnet function allows user to access and control device.
  • Page 117 DPtech FW1000 Series Firewall Maintenance Manual v2.0 View Configuration view Parameter port-id: SSH service port number. This argument can be set in the range of 1 to 65535. Description ssh enable command can be used to enable the SSH service. After SSH service is enabled, SSH login user can login to the device and configure the device.

  • Page 118: Tracert

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Tracert Command tracert [ ( -s source-address | -i source-interface | -f first-ttl | -m max-ttl | -p port-id | -q packet-number | -w timeout ) ] destination-address View Any view Parameter -D vrf_name: tracert specified VPN instance -s source-address: source IP address , which must be the local IP address -i source-interface: the specified source interface, which must be layer 3 interface.
  • Page 119 DPtech FW1000 Series Firewall Maintenance Manual v2.0 # Use tracert command to test, specify “ tarcert ” destination IP address as 10.27.23.254, source IP address as 10.35.3.99 [DPTECH]tracert -s 10.35.3.99 10.27.23.254 Tracert from 10.35.3.99 to 10.27.23.254 (10.27.23.254), 30 hops max, 64 byte packets 2 10.27.23.254...

  • Page 120: Login To The Device

    1 stop bits  TFTP/FTP Through TFTP or FTP program, you can send software version to DPtech firewall or you can send other files to DPtech firewall. Figure 9-1 3CDaemon software diagram Take 3CDaemon as example, the introduction of 3CDaemon software is:...

  • Page 121: Backup Configuration File

    DPtech management IP address. For example: 192.168.80.2 (5) Connect terminal NIC with DPtech management interface or port terminal connection. (6) Ping the IP address of DPtech firewall at the Terminal, make sure that terminal and DPtech firewall can communicate properly After that, the TFTP/FTP server preparation is finished.

  • Page 122: Tac Data Collection

    TAC data collection User feedback problem to DPtech, the user need to provide device information to TAC engineer as much as possible, so that DPtech engineer can save time and can speed up problem solving progress. ...

  • Page 123: Firewall Operation Hardware Specifications

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Firewall Operation Hardware Specifications 10.1 Procedure for unplugging the module (1) Wearing an anti-static wristband (glove). (2) Identity the board to be pulled out, and then you unplug out the connection wire. (3) Use screwdriver to loosen the both end of the board.

  • Page 124: Device Management Command

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Firewall Operational Command Example 11.1 Device management command 11.1.1 reboot Command reboot [ ( all | slot slot-id ) ] View User view Parameter all: All boards that needs to restart, including control boards and service boards.

  • Page 125: Show Cpu-Usage

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 View Configuration view Parameter sysname: system name of the device. You can set the system name within 20 characters, including A-Z, a-z, 0-9,”.”, “_” and “-“. Description sysname command can be used to set a new system name.

  • Page 126: Show Device

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Slot 1(MAIN) CPU usage: 28% in last 30 seconds 28% in last 1 minute 28% in last 5 minute Slot 2(FW) CPU usage: 29% in last 30 seconds 29% in last 1 minute...
  • Page 127 DPtech FW1000 Series Firewall Maintenance Manual v2.0 and manuinfo. Example # Display the card related information. [DPTECH]show device Slot ID Board Name Online Status - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -...

  • Page 128: Show Environment

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Table 11-2 Description information of show device manuinfo command Field Description device_name The name of the device device_serial_number The serial number of the device number mac_address The MAC address of the device manufacturing_date The device’s manufacture date.

  • Page 129: Show Environment Fan

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 show environment cpu command can be used to display the CPU temperature information of all cards. Example # Display the current device environment temperature. [DPTECH] show environment System Temperature information (centigrade): ----------------------------------------------------------------------- Temperature...

  • Page 130: Show Memory

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Example # Display the work status of all fans. [DPTECH]show environment fan Fan[0] status: OK. 11.1.7 show memory Command show memory [ detail ] View Any view Parameter detail: the detailed information of memory utilization.

  • Page 131: Show Clock

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 View Any view Parameter None Description show environment power command can be used to display the power supply status of the device. Example # Display the power supply status of the device. [DPTECH]show environment power Power[0] status:...
  • Page 132 Compiled Fri, 12 Jun 2015 00:03:44 +0800 Signature base, Version IPS 2.1.62, AV 1.4.236 APP 2.1.49 Copyright(c) 2008-2015 Hangzhou DPtech Technologies Co. , Ltd. All rights reserved. Without the owner's prior written consent, neither decompiling nor reverse-engineering shall be allowed.

  • Page 133: Show Running-Config

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 11.1.11 show running-config Command show running-config [ all-ovc ] show running-config | ( section module-name | begin character | include character | exclude character ) View Any view Parameter all-ovc: current running configuration of all OVCs.

  • Page 134: Show History-Command

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 vlan 1 local-group web no submit-authority login-configure local telnet login by username session-tcp tcpfullstate on session_sip on session_gre off security-zone Trust priority 85 security-zone DMZ priority 50 --More(CTRL+C break)-- 11.1.12 show history-command Command...

  • Page 135: Show Slot Information

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 [DPTECH] show history-command show version show ssh show ssh-pubkey show telnet show timeout 11.1.13 show slot information Command show slot information View Any view Parameter None Description show slot information command can be used to display the basic information of all slots.

  • Page 136: Administrator

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 11.2 Administrator 11.2.1 local-user Command local-user username no local-user username View Configuration view Parameter username: the name of the administrator. This argument can be set in the range of 3 to 20, which must start with letter, followed by letter, digit, and “_” or”-“.

  • Page 137: Show Local-Users

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 encrypted-password: the ciphertext password type password: the encrypted password. Description password command can be used to configure the Administrator's password  When you use the parameter plain-text-password, you use the plaintext to configure password.

  • Page 138: Configuration File Command

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 |UserName |Password |Description |Configuration Range |Status| ------------------------------------------------------------------------------------ |admin |****** |Super |Normal| ------------------------------------------------------------------------------------ 11.3 Configuration file command 11.3.1 configuration tftp get Command configuration get filename tftp ip-address View Configuration view Parameter filename: the name of the configuration file to be downloaded.

  • Page 139: Configuration Save

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 View Configuration view Parameter filename: the name of the configuration file to be uploaded. ip-address: remote server IP address. You can put configuration file to the server. The server IP address can be expressed as dot-decimal format, example: 1.1.1.1.

  • Page 140: Configuration Delete

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 [DPTECH]configuration save bbb 11.3.4 configuration delete Command configuration delete filename View Configuration view Parameter filename: the name of the configuration file to be deleted. Description configuration delete command can be used to delete the specified configuration file on the device.

  • Page 141: Write File

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Example #Switch configuration file bbb, and then set it as device running configuration . <DPTECH>conf-mode [DPTECH]configuration switch bbb The switch complete configuration device will automatically reboot. Are you sure? (Y/N) [N]: y 11.3.6...

  • Page 142: Show Virtualization

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 11.4 Show virtualization 11.4.1 show vrf Command show vrf [ vrf-name ] View Any view Parameter vrf-name: the VRF name to be viewed. Description show vrf vrf-name command can be used to specify the configuration information of the specified VRF.
  • Page 143 DPtech FW1000 Series Firewall Maintenance Manual v2.0 Description show security-zone command can be used to show the configuration information for all security domains show security-zone zone-name command can be used to show view the configuration information for the specified security domain.

  • Page 144: Show Ip-Obj

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Priority:55 Describe:test1 Action:drop Interface:vlan-if100 11.5.2 show ip-obj Command show ip-obj ( list | name name ) View Any view Parameter name: the name of the address object, in the format of character string. It can the combination of letters and numbers.

  • Page 145: Show Ip-Obj-Group

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 ip/mask : 192.168.1.1/24 exp-ip : 192.168.1.1/30 11.5.3 show ip-obj-group Command show ip-obj-group ( list | name group-name ) View Any view Parameter name: the name of the address object, in the format of character string. It can the combination of letters and numbers.

  • Page 146: Show Pre-Service

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 View Any view Parameter name: the name of the user-defined service object. Description show usr-service list command can be used to show the configuration information of all user-defined service objects. show usr-service name command can be used to show the configuration information of the specified user-defined service object.

  • Page 147: Show Group-Service

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 system predefined service object name. Example # Show the configuration information of all system pre-defined service objects [DPTECH]show pre-service list name protocol sport_start/type sport_end/code dport_start dport_end ECHO ECHO-reply 1 ECHO6 ECHO6-repl 58 DAYTIME...

  • Page 148: Show Vlan

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 View Any view Parameter group-name: the name of the service object group. Description show group-service list command can be used to display the configuration information for all service object groups show group-service name command can be used to display the configuration information of the specified service object groups.

  • Page 149: Show Interface Vlan-If

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 show vlan private-vlan command can be used to show the information of the private VLAN which has been created. Example # Show the information about all VLANs. [DPTECH]show vlan Total VLANs: 2 The VLANs include: 1(default), 100 # Show the information about the specified VLAN ID, VLAN name and VLAN interface.

  • Page 150: Arp Command

    ARP entry. no arp command can be used to delete the static ARP entry Example # Configure the static ARP entry. <DPtech> conf-mode [DPTECH] arp 10.18.100.208 mac c8:9c:dc:37:53:8c interface gige3_16 vlan 1 11-27 Copyright © Hangzhou DPtech Technologies Co. Ltd.

  • Page 151: Show Arp

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 11.7.2 show arp Command show arp ( all | count | ip ip-address ) show arp interface if-name [ count ] show arp vlan vlan-id [ count ] show arp src-mac-limit blacklist View...

  • Page 152: Show Route Command

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 10.35.0.1 0024-acf0-3002 meth0_0 10.35.4.220 0024-ac8b-01e9 meth0_0 # Display ARP entries of the interface gige3_16. [DPTECH]show arp interface gige3_16 Type: S-Static D-Dynamic Ip Address Mac Address VLAN ID Interface Type 25.255.255.255 1234-2234-3234 gige3_16 11.8 Show route command 11.8.1...

  • Page 153: Show Hot-Standby Status

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 Example # Display the routing information of specified condition. [DPTECH]show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route, G - GUARD S>* 10.29.0.0/16 [1/0] fmap : 0x1 via 10.35.0.1, internel via 10.35.0.1 , vlan-if1...

  • Page 154: Show System Log

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 arp send interval : 1 silence ifname : listen ifname : config-sync module all : enable config-sync module session : enable config-sync module route: enable config-sync module vlan : enable config-sync module vpn : enable 11.10...

  • Page 155: Show Logging Syslog Recent

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 View Any view Parameter None Description show logging syslog command can be used to display the configuration information of system log. Example # Display the configuration information of system log. [DPTECH]show logging syslog config is NULL! 11.10.3...

  • Page 156: Show Operation Log

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 | 2015-07-18 13:56:02 | Notifications | SYSM | The current usage of memory on the slot[2] is 10%. | 2015-07-18 13:56:02 | Notifications | SYSM | The current usage of memory on the slot[1] is 41%.

  • Page 157: Show Logging Operlog Recent

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 type:ipv4 remoteip:1.1.1.1 port:514 localip:1.1.1.1 <operalog[2]> type:ipv4 remoteip:1.1.1.1 port:12345 localip: <operalog[3]> type:ipv4 remoteip:10.27.17.17 port:514 localip: 11.11.2 show logging operlog recent Command show logging operlog recent [ number ] View Any view Parameter number: the number of logs to be displayed. This argument can be set in the range of 1 to 65535.

  • Page 158: Show Nat Information

    DPtech FW1000 Series Firewall Maintenance Manual v2.0 | 2015-08-19 13:43:52 | web | admin | 10.18.100.203 | success | Removed operation log: [20150731]. | 2015-08-19 13:43:52 | web | admin | 10.18.100.203 | success | Removed operation log: [20150801]. | 2015-08-19 13:43:52 | web | admin | 10.18.100.203 | success | Removed operation log:...

  • Page 159: Show Src-Nat

    NAT policies. show nat src-nat source-nat-name command can be used to display the configuration information of the specified source NAT policy. Example # Display the configuration information of source NAT policy“dptech”. [DPTECH]show nat src-nat dptech name: dptech ifname: vlan-if1 state: off...

  • Page 160: Show Dst-Nat

    NAT policies show nat dst-nat destination-name command can be used to display the configuration information of specified destination NAT policy. Example # Display the configuration information of destination of NAT policy "dptech". [DPTECH]show nat dst-nat dptech name:dptech ifname: vlan-if1 state: off pubaddr: 1.1.1.1...
  • Page 161 NAT policies. show nat static nat-name command can be used to display the configuration information of the specified one-to-one NAT policy. Example # Display the configuration information of one-to-one policy “dptech” [DPTECH]show 1to1_nat dptech name: dptech ifname: vlan-if1 pubaddr: 1.1.1.1 privaddr: 1.1.1.1...

Table of Contents

Save PDF