Chapter 45 Collaborative Detection & Response
ZyWALL Series CLI Reference Guide
415
45.3 CDR Commands
The following describes the commands for CDR.
45.3.1 CDR General Commands
This table shows the commands for activating and configuring CDR..
Table 224 CDR General Commands
COMMAND DESCRIPTION
[no] cdr activate
Enables CDR on the Zyxel Device.
The no command disables CDR.
[no] cdr counter-reset
activate
Enables CDR counter reset to automatically reset the number of security
occurrences within the defined duration when it reaches the threshold
value so as to reduce alert emails.
For example, if you set the CDR settings for a security event as below:
• Occurrence: 10
• Duration: 60
•Containment: Alert
• Counter Reset: Enable
You will only receive one alert email every hour if the security event hit
count reaches ten times within 60 minutes.
The no command disables CDR counter reset.
[no] cdr block block-
wireless-client
Has traffic from the suspect client blocked at the AP.
Use the no command to have traffic from the suspect client blocked at the
Zyxel Device.
cdr block http-service-port
<1..65535>
Changes the port number of the CDR HTTP blocking page.
cdr block https-service-
port <1..65535>
Changes the port number of the CDR HTTPS blocking page.
cdr block message
denied_message
Sets the message that is displayed on the default Zyxel Device notification
page. The client is redirected here when a Block or Quarantine action is
triggered.
The message must be less than 127 characters.
cdr block period <0..1440>
Sets how long the client is blocked after a block action is triggered. 0
means the client is blocked forever.
This should be at least twice the DHCP server lease time, in order to prevent
false positives.
cdr block redirect <url>
Sets a URL in “http://domain” or “https://domain” format to an external
notification page. The client is redirected here when a Block or Quarantine
action is triggered.
Make sure the external notification page is accessible from the Zyxel
Device.
To Next Page
Loading...
