ZyXEL Communications ZyWall User Manual

Lists other relevant documentation like Quick Start Guide and User's Guide for device configuration.

Refers to sections containing detailed command references and explanations.

Describes how to access and use the Command Line Interface (CLI) on the ZyWALL.

Details the methods for connecting to and accessing the ZyWALL's Command Line Interface.

Guides on accessing the CLI through the web configurator using SSH and Java.

Explains how to use an SSH client to access the ZyWALL's CLI.

Details the conventions and structure used to explain CLI commands throughout the guide.

Lists common input values required for commands, often presented in tables.

Offers practical examples of how to use commands for a given feature.

Recommends changing the default password for security and references the relevant section for commands.

Covers features for obtaining command assistance, such as listing available commands and sub-commands.

Explains how to get detailed help for a command, including sub-commands and required input.

Explains how to use the "?" character for help information and how to enter it literally using CTRL+V.

Provides keyboard shortcuts (CTRL+A, CTRL+E) for navigating within the command line input.

Explains the usage of "no" commands to disable or revert settings to their default state.

Explains how Ethernet interface names vary depending on the ZyWALL model (USG 300+ vs. USG 200 and below).

Details the commands ('exit' or 'end') used to exit configuration mode or log out of the CLI session.

Describes the initial user mode upon login and how to enter privilege mode using the 'enable' command.

Lists debug commands, noting their availability depends on the debug flag and that they are primarily for service personnel.

Explains how to use commands to view configuration settings that reference specific objects.

Details commands used to check object references, helpful for deletion tasks.

Explains commands for displaying system status, CPU, disk, memory, and version information.

Describes myzyxel.com as ZyXEL's portal for managing subscription services and device registration.

Details commands required for registering the device and activating subscription services.

Lists country codes used in registration and other settings.

Provides a general overview of interfaces, their characteristics, and logical structure.

Explains the hierarchical relationships and dependencies between different types of interfaces.

Lists commands for configuring basic interface properties like IP address, subnet mask, and gateway.

Demonstrates configuring DHCP pools, static entries, and assigning IP addresses to clients.

Lists commands for configuring RIP (Routing Information Protocol) settings on interfaces.

Explains commands used to regularly check interface connectivity to the gateway using ping or TCP.

Covers commands specific to configuring Ethernet interfaces.

Explains commands related to configuring port grouping and assigning physical ports to representative interfaces.

Covers commands specific to configuring virtual interfaces.

Details commands specific to configuring PPPoE and PPTP interfaces for ISP connections.

Describes various statuses related to cellular connections, including device detection, network availability, and signal quality.

Covers commands specific to configuring GRE, IPv6 in IPv4, and 6to4 tunnel interfaces.

Covers commands for configuring settings related to USB storage devices connected to the ZyWALL.

Covers commands for configuring WLAN interfaces to act as access points.

Shows an example of configuring WLAN settings like band, channel, and security.

Explains commands to control wireless client access based on MAC addresses.

Provides examples of setting up VLAN interfaces with specified IDs, ports, and IP configurations.

Demonstrates configuring bridge interfaces by joining Ethernet or VLAN interfaces.

Provides examples of configuring auxiliary interfaces with dial string, port speed, and authentication.

Provides an overview of trunks, their benefits for load balancing, and network reliability.

Explains the values required for interface-group commands, such as group name and interface names.

Demonstrates creating weighted round robin and least load first trunks with Ethernet and VLAN interfaces.

Lists commands related to link sticking, which affects load balancing behavior.

Covers configuring policies for IP routing and static routes on the ZyWALL.

Details commands for configuring policy routes, including destination, source, next-hop, and bandwidth settings.

Demonstrates creating address objects and a policy route to direct traffic through a specific interface to a next-hop router.

Lists commands for configuring static IP and IPv6 routes, including destination, gateway, and interface.

Describes how routing protocols provide network information to the ZyWALL for making routing decisions.

Lists commands for configuring RIP settings, including network enabling, redistribution, and version settings.

Lists commands for configuring OSPF areas, including network interfaces, authentication, and area types.

Lists commands to view learned routing information from protocols like OSPF and RIP.

Explains how to set up zones for configuring network security and policies.

Summarizes values and lists commands for zone management, binding, and blocking traffic.

Describes how to configure dynamic DNS (DDNS) services for the ZyWALL.

Summarizes values and lists commands for configuring DDNS profiles, including service types, IP selection, and hostnames.

Defines virtual servers as port forwarding or translation for making private network computers available externally.

Summarizes values and lists commands for creating, deleting, and managing virtual server profiles.

Guides on creating address objects, configuring NAT, and setting up firewall rules to allow public access to a server.

Defines HTTP redirect as forwarding client HTTP requests to a web proxy server.

Lists commands for setting, activating, deactivating, and clearing HTTP redirect rules.

Defines ALG as an Application Layer Gateway that handles NAT-unfriendly applications by modifying IP addresses and port numbers in data payloads.

Lists commands for configuring ALG for SIP, H.323, and FTP, including timeouts and port settings.

Describes the purpose of IP/MAC binding in securing privileged IP addresses and preventing unauthorized access.

Demonstrates enabling IP/MAC binding on an interface and checking its status.

Describes the firewall as a stateful inspection firewall that restricts access by screening data packets against rules.

Details sub-commands used within firewall rules to define actions, sources, destinations, and logging.

Explains commands for setting limits on concurrent NAT/firewall sessions per host or user.

Defines VPNs and IPSec, explaining VPN tunnel establishment in phases (IKE SA, IPSec SA).

Lists commands for configuring IKE SAs (Internet Key Exchange Security Associations), which establish VPN gateways.

Lists additional commands for configuring IPSec SAs that use manual keys for VPN connections.

Lists commands for provisioning VPN configurations, allowing automatic rule distribution to users or groups.

Explains how to set up secure SSL VPN access for remote user login.

Defines SSL application objects that specify allowed applications and servers for SSL VPN access.

Summarizes values and lists commands for configuring SSL VPN access policies, including application objects and endpoint security.

Provides a tutorial with examples for configuring an SSL VPN rule, including user accounts and network extensions.

Defines L2TP VPN as a protocol tunneling network traffic over IPSec, allowing remote users to access networks without separate VPN software.

Guides on editing the pre-configured default L2TP VPN connection and its local/remote policies.

Summarizes values and lists commands for L2TP VPN configuration, including IPsec policy, address pools, and authentication.

Demonstrates configuring L2TP VPN settings, including IP address pools, DNS servers, and user accounts.

Guides on configuring local and remote policies for the default L2TP VPN connection.

Demonstrates configuring a policy route for the L2TP VPN connection, specifying source, destination, and next hop.

Describes application patrol's function in managing applications, protocols, and bandwidth, including traffic prioritization.

Lists commands for managing pre-defined applications, such as activating, setting bandwidth limits, and defining actions.

Details sub-commands used for application patrol rules, including access actions, bandwidth limits, and destination/source specifications.

Details sub-commands for application patrol exception rules, covering actions, bandwidth, and DSCP marking.

Lists commands for creating and managing rules for other applications.

Provides general commands for application patrol, including activation and bandwidth management settings.

Introduces and guides on configuring the anti-virus scanner for threat detection.

Summarizes values and lists commands for general anti-virus configuration, activation, and EICAR test file detection.

Demonstrates activating and deactivating the anti-virus service on the ZyWALL.

Lists commands for configuring zone-to-zone anti-virus rules, including scanning protocols and actions for infected files.

Describes commands for configuring white lists (to allow) and black lists (to block) for anti-virus checks based on file patterns.

Describes the command for searching anti-virus signatures by ID, name, severity, or category.

Details commands for updating anti-virus signatures, including automatic and scheduled downloads.

Lists commands for collecting and displaying anti-virus statistics, including ranking by IP address or virus name.

Explains that IDP commands mirror web configurator features and provides valid input for IDP commands.

Details how to activate or deactivate IDP services, noting the requirement for service registration.

Lists commands for managing IDP profiles, including renaming, deleting, and displaying signature details.

Covers commands for renaming or deleting IDP profiles and showing base profiles.

Explains how to apply IDP profiles to specific traffic directions between zones.

Guides on creating or editing IDP anomaly profiles, recommending the web configurator.

Guides on creating or editing IDP anomaly profiles, recommending the web configurator.

Explains how to search for signatures within a named profile using various criteria.

Explains how to create or edit custom IDP signatures, recommending the web configurator for this process.

Demonstrates managing IDP signature updates, including automatic and scheduled downloads.

Lists commands for collecting and displaying IDP statistics, including summary and ranking by signature, source, or destination.

Explains content filtering's ability to block web features, specific sites, or categories, and create custom policies.

Outlines how content filtering policies use schedule, address, and user objects to apply filtering profiles.

Refers to the user's guide for viewing content filtering reports after activating subscription services.

Explains input values for content filter commands, including policy numbers, addresses, schedules, and categories.

Lists commands for collecting and displaying content filtering statistics, including total pages inspected and blocked.

Demonstrates limiting web access for a sales group by creating address objects, schedules, and filtering profiles.

Explains the anti-spam feature for sender reputation checking, mail content analysis, and virus outbreak detection.

Details general anti-spam commands, including activation, status display, and scanning protocols.

Lists commands for configuring zone-to-zone anti-spam rules, including scanning protocols and actions for spam emails.

Describes commands for configuring white lists and black lists for anti-spam checks based on e-mail headers and subjects.

Explains the use of question marks (?) and wildcards (*) for pattern matching in black or white list entries.

Describes commands for checking sender and relay IP addresses against DNS-based spam Black Lists (DNSBLs).

Lists commands for collecting and displaying anti-spam statistics, including total mails scanned and spam detected.

Describes Active-Passive and Legacy modes for device HA and management access.

Provides prerequisites for device HA, including static IP configuration and service subscriptions.

Lists general commands for managing device HA, including activation, mode setting, and status display.

Lists commands for configuring active-passive mode device HA, including preempt, role, cluster ID, priority, and authentication.

Explains VRRP's role in creating redundant backup gateways to ensure gateway availability.

Lists commands for configuring VRRP groups and synchronization.

Lists commands for link monitoring, which can shut down VRRP interfaces if a link goes down, allowing the backup to take over.

Defines user accounts and their role in privileges, firewall rules, and service access control.

Lists and describes different types of user accounts (Admin, Limited-Admin, Access Users) and their abilities.

Lists commands for managing user groups, including creating, deleting, renaming, and adding users/groups.

Lists commands for user settings, specifically related to lease times, reauthorization times, and default user types.

Details sub-commands for force-auth policies, such as activation, description, destination, EPS association, and schedule.

Explains how to set up addresses and address groups for specifying network locations in rules and policies.

Lists commands for creating and managing address objects and address groups, adding address objects to groups, and setting descriptions.

Lists commands for creating and managing address groups, adding address objects to groups, and renaming groups.

Explains how to use service objects to define TCP, UDP, and ICMP applications, and create service groups.

Lists commands for creating and deleting service objects for TCP, UDP, and ICMP, and renaming services.

Lists commands for creating and managing service groups, adding services to groups, and renaming groups.

Explains the two types of schedules: one-time and recurring, and their applications.

Summarizes values and lists commands for creating, updating, and deleting schedule objects.

Explains AAA servers for access control and lists supported authentication server types: Local, Directory Service (LDAP/AD), and RADIUS.

Lists commands for setting up the default Active Directory (AD) server, including base DN, bind DN, and host address.

Lists commands for setting up the default LDAP server, including base DN, bind DN, host, and port.

Lists commands for setting up the default RADIUS server, including host, port, key, and timeout.

Lists commands for configuring groups of AD servers, including renaming and case-sensitivity settings.

Lists commands for configuring groups of LDAP servers, including attributes and host settings.

Explains how to select authentication methods for user authentication using AAA servers or the internal database.

Lists commands for configuring authentication profiles, including renaming, clearing, and setting default members.

Lists the command used to test a user account on an authentication server.

Explains how to use certificates for user authentication and exchange public keys.

Describes commands for configuring certificates, including generation and management.

Demonstrates creating a self-signed X.509 certificate and displaying the list of local certificates.

Explains how to use ISP accounts to manage Internet Service Provider information for PPPoE, PPTP, and cellular interfaces.

Lists commands for managing PPPoE and PPTP ISP accounts, including username, password, authentication, and encryption.

Describes how to configure SSL application objects for use in SSL VPN for remote user login.

Defines SSL application objects that specify allowed applications and servers for SSL VPN access.

Explains Endpoint Security (EPS) for enforcing corporate policies on user computers before granting network or SSL VPN access.

Lists commands for creating endpoint security objects, specifying anti-virus, personal firewall, application, and file information checks.

Lists the various settings EPS can check on user computers, such as OS, software versions, and registry settings.

Summarizes values and lists commands for creating and editing DHCPv6 lease and request objects.

Explains how to set up and manage DHCPv6 request and lease objects for IPv6 address assignment.

Provides information on commands for general system configuration, including system time, console port speed, and DNS settings.

Lists commands for setting the domain name and hostname for the ZyWALL.

Details commands for setting the date, time, daylight saving, and time zones, plus NTP configuration.

Explains the role of DNS in mapping domain names to IP addresses and vice versa.

Describes domain zone forwarders for resolving domain zones used by features like VPN and DDNS.

Explains how to manage the ZyWALL remotely via Internet, LAN, or DMZ, and lists limitations.

Lists conditions under which remote management may not work, such as disabled services or firewall blocks.

Identifies values required for many system commands, like address objects and zone objects.

Lists commands for configuring HTTP/HTTPS access, including authentication methods, ports, and secure server settings.

Details the SSH implementation on the ZyWALL, including supported versions and required client software.

Lists commands for enabling SSH access, setting certificates, ports, and service control rules.

Explains how to configure ZyWALL for remote Telnet access.

Demonstrates setting a service control rule for Telnet access based on address objects and zones.

Lists commands for enabling FTP access, setting certificates, ports, TLS, and service control rules.

Introduces SNMP for network management and monitoring, supporting SNMPv1 and SNMPv2c.

Lists commands for enabling SNMP access, configuring community strings, contact information, location, and ports.

Covers configuring ICMP filter rules to discard or reject ICMP packets and specify response behavior for probing attempts.

Explains AT command strings for modem control, such as tone or pulse dialing.

Introduces Vantage CNM, a global management solution for ZyXEL devices, and provides CNM commands.

Demonstrates turning on Vantage CNM management and registering the ZyWALL with a server.

Explains how to set language for web configurator screens.

Explains how to store and apply configuration files (.conf) and run shell scripts (.zysh) for managing ZyWALL settings.

Explains how the ZyWALL processes files line-by-line, handles errors, and the effect of `setenv stop-on-error off`.

Describes the default, startup, and lastgood configuration files and their management during startup.

Lists file management commands for applying, copying, deleting, renaming, and running files.

Demonstrates saving the current configuration before applying a shell script file.

Provides an example of transferring a configuration file from a computer to the ZyWALL via FTP.

Describes the files the ZyWALL uses during system startup: Boot Module, Recovery Image, and Firmware.

Explains how the ZyWALL notifies users of damaged recovery images or firmware and provides troubleshooting steps.

Details the procedure for restoring the recovery image using the ATUK or ATUR command in debug mode.

Provides information about the ZyWALL's logs, including log commands and remote syslog server settings.

Lists commands for displaying specified log entries with filtering options like priority, source, and destination.

Lists commands for configuring system log settings, including category specification, suppression, and connectivity check logging.

Lists commands for configuring e-mail profiles to send daily reports, including SMTP settings, subject, and schedule.

Lists commands for configuring console port logging, including status, enabling/disabling, and category settings.

Provides information on report commands and how to restart the ZyWALL, including daily report e-mail features.

Demonstrates starting data collection, displaying traffic reports by IP, service, and URL, and stopping collection.

Lists commands to display current sessions for debugging and statistical analysis, with filtering options.

Explains commands to enable/disable packet size statistics data collection and display statistics.

Explains how to modify and display session timeout values for UDP, TCP, and ICMP sessions.

Covers using the diagnostics feature to generate files for troubleshooting with customer support.

Lists commands for collecting diagnostics information, including creating new diagnostic files and displaying their details.

Explains how to use the packet flow explore feature to understand packet forwarding and troubleshoot network issues.

Lists commands for displaying routing, SNAT, VPN, and WAN trunk settings.

Explains the purpose of packet flow filter in troubleshooting specific packet forwarding issues.

Covers commands specific to configuring packet flow filters, including enabling/disabling, specifying source/destination, protocol, and ports.

Lists maintenance tool commands available in privilege and configuration modes, including packet-trace and ARP table management.

Shows how to configure packet capture settings and perform a packet capture, including checking status.

Describes the hardware watchdog's function in restarting the system if hardware fails, with a recommendation not to modify its settings.

Describes the software watchdog's function in restarting the system if core firmware fails, with a recommendation not to modify its settings.