Chapter 25 Secure Policy
ZyWALL / USG (ZLD) CLI Reference Guide
167
25.2.1 Secure Policy Sub-Commands
The following table describes the sub-commands for several secure-policy and secure-policy6
commands.
session-status-update alg {active|inactive} Enables or Disables ALG session updates
show session-status-update reply-time Displays idle session timeout
Table 85 Command Summary: Secure Policy (continued)
COMMAND DESCRIPTION
Table 86 firewall Sub-commands
COMMAND DESCRIPTION
action {allow|deny|reject} Sets the action the ZyWALL / USG takes when packets
match this rule.
[no] activate Enables a secure policy rule. The no command disables the
rule.
[no] ctmatch {dnat | snat} Use dnat to block packets sent from a computer on the
ZyWALL / USG’s WAN network from being forwarded to an
internal network according to a virtual server rule.
Use snat to block packets sent from a computer on the
ZyWALL / USG’s internal network from being forwarded to
the WAN network according to a 1:1 NAT or Many 1:1 NAT
rule.
The no command forwards the matched packets.
Subcommands cannot be used with secure-policy6.
[no] description description Sets a descriptive name (up to 60 printable ASCII
characters) for a secure policy rule. The no command
removes the descriptive name from the rule.
[no] destinationip address_object Sets the destination IP address. The no command resets
the destination IP address(es) to the default (any). any
means all IP addresses.
[no] destinationip6 address_object Sets the destination IPv6 address. The no command resets
the destination IP address(es) to the default (any). any
means all IP addresses.
[no] from zone_object Sets the zone on which the packets are received. The no
command removes the zone on which the packets are
received and resets it to the default (any) meaning all
interfaces or VPN tunnels.
[no] log [alert] Sets the ZyWALL / USG to create a log (and optionally an
alert) when packets match this rule. The no command sets
the ZyWALL / USG not to create a log or alert when packets
match this rule.
[no] schedule schedule_object Sets the schedule that the rule uses. The no command
removes the schedule settings from the rule.
[no] service service_name Sets the service to which the rule applies. The no command
resets the service settings to the default (any). any means
all services.
[no] sourceip address_object Sets the source IP address(es). The no command resets
the source IP address(es) to the default (any). any
means
all IP addresses.
To Next Page
Loading...
