Chapter 29 Secure Policy
ZyWALL Series CLI Reference Guide
224
show secure-policy filter from
zone_object to zone_object srcip
<ip-address> dstip <ip> service
{any | tcp | udp | icmp | gre |
esp | user-defined} port-number
user user_name sch
schedule_object
Applies IPv4 search filters to find specific IPv4 security policies
based on direction, application, user, source, destination and/or
schedule.
[no] secure-policy asymmetrical-
route activate
Allows or disallows asymmetrical route topology.
secure-policy rule_number
Enters the secure policy sub-command mode to set a firewall rule.
See Table 114 on page 226 for the sub-commands.
secure-policy zone_object
{zone_object|ZyWALL} rule_number
Enters the secure policy sub-command mode to set a direction
specific through-ZyWALL rule or to-ZyWALL rule. See Table 114 on
page 226 for the sub-commands.
secure-policy zone_object
{zone_object|ZyWALL} append
Enters the secure policy sub-command mode to add a direction
specific through-ZyWALL rule or to-ZyWALL rule to the end of the
global rule list. See Table 114 on page 226 for the sub-commands.
secure-policy zone_object
{zone_object|ZyWALL} delete
<1..5000>
Removes a direction specific through-ZyWALL rule or to-ZyWALL
rule.
<1..5000>: the index number in a direction specific secure policy
rule list.
secure-policy zone_object
{zone_object|ZyWALL} flush
Removes all direction specific through-ZyWALL rule or to-ZyWALL
rules.
secure-policy zone_object
{zone_object|ZyWALL} insert
rule_number
Enters the secure policy sub-command mode to add a direction
specific through-ZyWALL rule or to-ZyWALL rule before the
specified rule number. See Table 114 on page 226 for the sub-
commands.
secure-policy zone_object
{zone_object|ZyWALL} move
rule_number to rule_number
Moves a direction specific through-ZyWALL rule or to-ZyWALL rule
to the number that you specified.
[no] secure-policy activate
Enables the secure policy on the Zyxel Device. The no command
disables the secure policy.
secure-policy append
Enters the secure policy sub-command mode to add a global
secure policy rule to the end of the global rule list. See Table 114
on page 226 for the sub-commands.
secure-policy default-rule action
{allow | deny | reject} { no log
| log [alert] }
Sets how the secure policy handles packets that do not match
any other secure policy rule.
secure-policy delete rule_number
Removes a secure policy rule.
secure-policy flush
Removes all secure policy rules.
secure-policy insert rule_number
Enters the secure policy sub-command mode to add a secure
policy rule before the specified rule number. See Table 114 on
page 226 for the sub-commands.
secure-policy move rule_number to
rule_number
Moves a secure policy rule to the number that you specified.
firewall icsa {icmp-destroy-
session} {enable | disable}
During ICSA certification a connection automatically terminates
immediately once ICMP unreachable or ICMP TTL expired is
received. Use this command to turn off this behavior.
Table 113 Command Summary: Secure Policy (continued)
COMMAND DESCRIPTION
To Next Page
Loading...
