Chapter 40 Reputation Filter
ZyWALL Series CLI Reference Guide
344
show dns-filter profile
{all | profilename}
Shows the name and settings of each DNS Threat Filter profiles, or the
specified DNS Threat Filter profile.
show dns-filter search FQDN
Runs a DNS query for the specified Fully Qualified Domain Name (FQDN)
and returns the result according to the current DNS Threat Filter rules.
show dns-filter statistics
collect
Displays whether the collection of DNS Threat Filter statistics is turned on or
off.
show dns-filter statistics
list
Displays the collected DNS Threat Filter statistics.
show dns-filter statistics
summary
Displays the total number of Fully Qualified Domain Names (FQDNs) that
the Zyxel Device has scanned, and the number of malicious FQDNs
detected.
show dns-filter status
Displays the action and log settings for the dns-filter service.
[no] security-service dns-
filter activate
Turns on the DNS Threat Filter service on the Zyxel Device.
The no command disables the DNS Threat Filter service.
security-service dns-
filter inspect {all-traffic
| by-policy}
Sets how the security service inspects traffic.
all-traffic: The security service inspects all traffic passing through the
Zyxel Device.
by-policy: The security service inspects traffic only when its profile is
bound to a security policy.
For information on binding a security service profile to a security policy, see
Section 29.2.1 on page 226.
show security-service
status
Displays whether the security services are enabled on the Zyxel Device.
dns-filter fake-dns-
response-ttl <300...86400>
Sets the time period in seconds for redirecting clients to a default or
custom-defined IP address when the clients try to access a blocked FQDN.
If you remove an FQDN from the block list before the response time-to-live
(TTL) time is up, the clients will still be redirected to a default or custom-
defined IP address when they try to access the FQDN.
show dns-filter fake-dns-
response-ttl
Displays how long the clients will be redirected to a default or custom-
defined IP address when the clients try to access a blocked FQDN.
dns-filter secure-dns
action {drop | pass}
Sets what action the Zyxel Device takes when there is an encrypted DNS
query packet. An encrypted DNS query packet might endanger your
network because the Zyxel Device cannot inspect it to check if a user on
your network is trying to access a suspect site.
pass: Use this command to have the Zyxel Device allow the DNS query
packet through the Zyxel Device.
drop: Use this command to have the Zyxel Device discard the encrypted
DNS query packet. Please note that if you enable Use secure DNS in your
browser (with Google Chrome as the example) in Customize and control >
Privacy and security > Security > Advanced, the Zyxel Device will discard
all the DNS query packets over HTTPS you send to the DoH server that’s in
the Zyxel Device database.
dns-filter secure-dns {log
| no log}
Sets if you want to have the Zyxel Device create a log when there is an
encrypted DNS query packet.
[no] utm-manager {doh |dot}
defaultport port number
Sets the default port through which the encrypted DNS query packets are
sent. The no command sets the value you configure back to default.
The default port through which the DoH query packets are sent is 443. The
default port through which the DoT query packets are sent is 853.
Table 188 DNS Threat Filter Commands (continued)
COMMAND DESCRIPTION
To Next Page
Loading...
