ZyWALL 2/2X 3.62(WK.14) Command Interface List

1.

? 

Shows the following commands and all major (sub)commands

2.

exit

Returns to SMT

Command

Description

sys

atsh

show system information

baud

<1|2|3|4|5>

change console speed
1: 38400 bps (default if none specified!)
2: 19200 bps
3: 9600 bps
4: 57600 bps
5: 115200 bps

callhist

display

display call history

remove

<index>

remove entry from call history

cmgr

trace

disp <ch-name>

show the connection trace of this channel

clear <ch-name>

clear the connection trace of this channel

cnt

<ch-name>

show channel connection related counter

countrycode

[countrycode]

set country code

cpu

display

display CPU utilization

datetime

date

[year month date]

set/display date

time

[hour [min [sec]]]

display/set system time

period

[days]

set time synch period to days

sync

synch to configured time server

ddns

debug

<level>

enable/disable ddns service

display

<iface name>

display ddns information

restart

<iface name>

restart ddns

logout

<iface name>

logout ddns

debug

romfile

cert

display

isp

prekey

profile

pwd

radius

update

domainname

display domain name

edit

<filename> (autoexec.net)

edit a text file

errctl

[level]

set the error control level
0:crash no save,not in debug mode (default)
1:crash no save,in debug mode
2:crash save,not in debug mode
3:crash save,in debug mode

event

display

display tag flags information

trace

[display|clear]

display system event information

extraphnum

add

<set 1-3> <1st phone num> [2nd phone num]

add extra phone numbers

display

display extra phone numbers

node

<num>

set all extend phone number to remote node <num>

remove

<set 1-3>

remove extra phone numbers

reset

reset flag and mask

feature

display feature bit

fid

display

display function id list

filter

netbios

config

disp

firewall

acl

disp

Display specific ACL set # rule #, or all ACLs.

active

<yes|no>

Active firewall or deactivate firewall

cnt

disp

Display firewall log type and count.

clear

Clear firewall log count.

dynamicrule

schedule

tcprst

rst

Set TCP reset sending on/off.

rst113

Set TCP reset sending for port 113 on/off.

display

Display TCP reset sending setting.

dos

smtp

Set SMTP DoS defender on/off

display

Display SMTP DoS defender setting.

ignore

Set if firewall ignore DoS in lan/wan/dmz/wlan

ignore

dos

Set if firewall ignore DoS in lan/wan/dmz/wlan

triangle

hostname

[hostname]

display system hostname

iface

disp

display iface list

logs | log

category

access [0:none/1:log/2:alert/3:both]

record the access control logs

attack [0:none/1:log/2:alert/3:both]

record and alert the firewall attack logs

cdr

display

display the category setting

error [0:none/1:log/2:alert/3:both]

record and alert the system error logs

icmp

ipsec [0:none/1:log/2:alert/3:both]

record the access control logs

ike [0:none/1:log/2:alert/3:both]

record the access control logs

javablocked [0:none/1:log]

record the java etc. blocked logs

mten [0:none/1:log]

record the system maintenance logs

packetfilter

pki

ppp

remote

tcpreset

tls

upnp [0:none/1:log]

record upnp logs

urlblocked [0:none/1:log/2:alert/3:both]

record and alert the web blocked logs

urlforward [0:none/1:log]

record web forward logs

clear

clear log

display

[access|attack|error|ipsec|ike|javablocked|mten|urlblocked|urlfor
ward]

display all logs or specify category logs

errlog

clear

display log error

disp

clear log error

online

turn on/off error log online display

load

load the log setting buffer

mail

alertAddr [mail address]

send alerts to this mail address

clearLog

display

display mail setting

logAddr [mail address]

send logs to this mail address

schedule display

display mail schedule

schedule hour [0-23]

hour time to send the logs

schedule minute [0-59]

minute time to send the logs

schedule policy [0:full/1:hourly/2:daily/3:weekly/4:none]

mail schedule policy

schedule week [0:sun/1:mon/2:tue/3:wed/4:thu/5:fri/6:sat]

weekly time to send the logs

server [domainName/IP]

mail server to send the logs

subject [mail subject]

mail subject

save

save the log setting buffer

switch

display

bmlog <0:no|1:yes>

trilogy <0:no|1:yes>

syslog

active [0:no/1:yes]

active to enable unix syslog

display

display syslog setting

facility [Local ID(1-7)]

log the messages to different files

server [domainName/IP]

syslog server to send the logs

updateSvrIP

link

link

list system mbuf link

pool

<id> [type]

list system mbuf pool

status

display system mbuf status

disp

<address>

display mbuf status

cnt

disp

display system mbuf count

clear

clear system mbuf count

debug

[on|off]

memutil

usage

display memory allocate and heap status

mq

<address> <len>

display memory queues

mcell

mid [f|u] 

display memory cells by given ID

msecs

display memory sections

pro

disp

display all process information

stack

[tag]

display process's stack by a given tag

ps

[tag]

display process's status by a given tag

pwderrtm

[minute]

Set or display the password error blocking timeout value.

queue

disp

[a|f|u] [start#] [end#]

display queue by given status and range numbers

ndisp

[#]

display a queue by a given number

quit

quit CI command mode (logout)

reboot

[code]

reboot system
code =0 cold boot,
      =1 immediately boot
      = 2 bootModule debug mode

reslog

[disp|clear]

display resources trace

rn

accessblock

load

<entry no.>

load remote node information

disp

<entry no.>(0:working buffer)

display remote node information

nat

<none|sua|full_feature>

config remote node nat

nailup

<no|yes>

config remote node nailup

mtu

<value>

set remote node mtu

pingcheck

<0|1>

save

[entry no.]

save remote node information

roadrunner

debug

<level>

enable/disable roadrunner service
0: diable <default>
1: enable

display

<iface name>

display roadrunner information
iface-name: enif0, wanif0

restart

<iface name>

restart roadrunner

romreset

restore default romfile

server

access

<telnet|ftp|web|icmp|snmp|dns> <value>

set server access type

load

load server information

disp

display server information

port

<telnet|ftp|web|snmp> <port>

set server port

save

save server information

secureip

<telnet|ftp|web|icmp|snmp|dns> <ip>

set server secure ip addr

certificate

<https|ssh> [certificate name]

auth_client

<https> [on|off]

socket

display system socket information

spt

dump

[root|rn|user|slot]

dump spt raw data

size

display spt record size

stdio

[minute]

change terminal timeout value

timer

disp

[a|f|u]

display timer cell 

tos

debug

display

listPerHost

sessPerHost

timeout

trcdisp

monitor packets

trclog

trcpacket

upnp

active

[0:no/1:yes]

Activate or deactivate the saved upnp settings

config

[0:deny/1:permit]

Allow users to make configuration changes. through UPnP

display

display upnp information

firewall

[0:deny/1:pass]

Allow UPnP to pass through Firewall.

load

save upnp information

reserve

save

save upnp information

version

display RAS code and driver version

view

<filename> (autoexec.net)

view a text file

wdog

switch

[on|off]

set on/off wdog

cnt

[value]

display watchdog counts value: 0-34463

Command

Description

exit

exit smt menu

Command

Description

dev

channel

drop

<channel_name>

drop channel

dial

<node#>

dial to remote node

Command

Description

ether

config

display LAN configuration information

driver

cnt

disp <name>

display ether driver counters

ioctl

<ch_name>

status

<ch_name>

see LAN status

edit

load

<ether no.>

load ether data from spt

mtu

<value>

set ether data mtu

accessblock

<0:disable 1:enable>

block internet access

save

save ether data to spt

speed

<auto|10/half|10/full|100/half|100/full>

set WAN port speed

pkttest

disp

packet <level>

set ether test packet display level

event <ch> [on|off]

turn on/off ether test event display

sap

[ch_name]

send sap packet

arp

<ch_name> <ip-addr>

send arp packet to ip-addr

version

see ethernet device type

Command

Description

poe

status

[ch_name]

see poe status

dial

<node>

dial a remote node

drop

<node>

drop a pppoe call

ether

[rfc|3com]

set /display pppoe ether type

Command

Description

pptp

dial

<rn-name>

dial a remote node

drop

<rn-name>

drop a remote node call

enque

tunnel

<tunnel id>

display pptp tunnel information

Command

Description

config

The parameters of config are listed below.

cli

Display the choices of command list.

debug

<1|0>

Turn on|off trace for firewall debug information.

delete

firewall

e-mail

Remove all email alert settings

attack

Reset all alert settings to defaults

set <set#>

Remove a specified set from the firewall configuration

set <set#>

rule <rule#>

Remove a specified rule in a set from the firewall configuration

display

firewall

Displays all the firewall settings

set <set#>

Display current entries of a set configuration; including timeout values, name, default-permit, and number of rules in the set.

set <set#>

rule <rule#>

Display current entries of a rule in a set.

attack

Display all the attack alert settings in PNC

buffer

Display stats

e-mail

Display all the e-mail settings in PNC

?

Display all the available sub commands

e-mail

mail-server <mail server IP>

Edit the mail server IP to send the alert

return-addr <e-mail address>

Edit the mail address for returning an email alert

e-mail-to <e-mail address>

Edit the mail address to send the alert

policy <full | hourly |daily | weekly>

Edit email schedule when log is full or per hour, day, week.

day <sunday | monday | tuesday | wednesday | thursday | friday | saturday>

Edit the day to send the log when the email policy is set to Weekly

hour <0~23>

Edit the hour to send the log when the email policy is set to daily or weekly

minute <0~59>

Edit the minute to send to log when the email policy is set to daily or weekly

Subject <mail subject>

Edit the email subject

attack

send-alert <yes|no>

Activate or deactivate the firewall DoS attacks notification emails

block <yes|no>

Yes: Block the traffic when exceeds the tcp-max-incomplete threshold

No: Delete the oldest half-open session when exceeds the tcp-max-incomplete threshold

block-minute <0~255>

Only valid when sets 'Block' to yes. The unit is minute

minute-high <0~255>

The threshold to start to delete the old half-opened sessions to minute-low

minute-low <0~255>

The threshold to stop deleting the old half-opened session

max-incomplete-high <0~255>

The threshold to start to delete the old half-opened sessions to max-incomplete-low

max-incomplete-low <0~255>

The threshold to stop deleting the half-opened session

tcp-max-incomplete <0~255>

The threshold to start executing the block field

set <set#>

name <desired name>

Edit the name for a set

default-permit <forward|block>

Edit whether a packet is dropped or allowed when it does not match the default set

icmp-timeout <seconds>

Edit the timeout for an idle ICMP session before it is terminated

udp-idle-timeout <seconds>

Edit the timeout for an idle UDP session before it is terminated

connection-timeout <seconds>

Edit the wait time for the SYN TCP sessions before it is terminated

fin-wait-timeout <seconds>

Edit the wait time for FIN in concluding a TCP session before it is terminated

tcp-idle-timeout <seconds>

Edit the timeout for an idle TCP session before it is terminated

pnc <yes|no>

PNC is allowed when 'yes' is set even there is a rule to block PNC

log <yes|no>

Switch on/off sending the log for matching the default permit

rule <rule#>

permit <forward|block>

Edit whether a packet is dropped or allowed when it matches this rule

active <yes|no>

Edit whether a rule is enabled or not

protocol <0~255>

Edit the protocol number for a rule. 1=ICMP, 6=TCP, 17=UDP...

log <none|match|not-match|both>

Sending a log for a rule when the packet none|matches|not match|both the rule

alert <yes|no>

Activate or deactivate the notification when a DoS attack occurs or there is a violation of any alert settings. In case of such instances, the function will send an email to the SMTP destination address and log an alert.

srcaddr-single <ip address>

Select and edit a source address of a packet which complies to this rule

srcaddr-subnet <ip address> <subnet mask>

Select and edit a source address and subnet mask if a packet which complies to this rule.

srcaddr-range <start ip address> <end ip address>

Select and edit a source address range of a packet which complies to this rule.

destaddr-single <ip address>

Select and edit a destination address of a packet which complies to this rule

destaddr-subnet <ip address> <subnet mask>

Select and edit a destination address and subnet mask if a packet which complies to this rule.

destaddr-range <start ip address> <end ip address>

Select and edit a destination address range of a packet which complies to this rule.

tcp destport-single <port#>

Select and edit the destination port of a packet which comply to this rule. For non-consecutive port numbers, the user may repeat this command line to enter the multiple port numbers.

tcp destport-range <start port#> <end port#>

Select and edit a destination port range of a packet which comply to this rule.

udp destport-single <port#>

Select and edit the destination port of a packet which comply to this rule. For non-consecutive port numbers, users may repeat this command line to enter the multiple port numbers.

udp destport-range <start port#> <end port#>

Select and edit a destination port range of a packet which comply to this rule.

desport-custom <desired custom port name>

Type in the desired custom port name

edit

firewall

active <yes|no>

Activate or deactivate the saved firewall settings

insert

firewall

e-mail

Insert email alert settings

attack

Insert attack alert settings

set <set#>

Insert a specified rule set to the firewall configuration

set <set#>

rule <rule#>

Insert a specified rule in a set to the firewall configuration

retrieve

firewall

Retrieve current saved firewall settings

save

firewall

Save the current firewall settings

Command

Description

ip

address

[addr]

display host ip address

adjmss

[<mss>]

change TCP MSS (maximum segment size)

adjTcp

<iface> [<mss>]

  alg

disable

display

enable

siptimeout

alias

<iface>

alias iface

aliasdis

<0|1>

disable alias

antiprobe

[0|1]

send RST for closed TCP ports
0-yes (“closed”)
1-no (“stealth”)

arp

attpret

<on|off>

period

<period>

status

<iface>

display ip arp status

add

<hostid> ether <ether addr>

add arp

drop

<hostid> [ether]

drop arp 

flush

flush arp

publish

add proxy arp

replydif

[<0:No|1:yes>]

disable/enable ARP reply between LAN and WAN ethernet interface

resolve

<hostid>

resolve IP address (doesn’t seem to work)

force

<on|off>

See 3.62 WK.6 release notes

dhcp <iface>

client

release

release DHCP client IP

renew

renew DHCP client IP

status

show dhcp status

server

release <entry num>

release specified lease

dnsserver <dns1> <dns2> <dns3>

set IP of DNS servers for clients (default: use DNS proxy)

gateway <gateway IP>

set IP of default gateway for clients (default: IP of interface)

hostname <hostname-prefix>

set host-name prefix for served in pool (default dhcp)

leasetime <period>

set lease time for server (default: 259600 seconds)

netmask <netmask>

set netmask for clients in pool (default: /24)

pool <start IP> <num>

set base and number of IP addresses in pool

rebindtime <period>

set rebind time for clients (default: 226800 seconds)

renewaltime <period>

set renewal time for clients (default: 129600 seconds)

reset

reset DHCP leases

winsserver <winsip1> [winsip2]

set WINS server(s)

dns

lan

proxy

query

address <ip address> [tm]

name <host name> [tm]

status

table

stats

clear

clear dns statistics 

disp

display dns statistics 

system

dropIcmp

httpd

debug

[on|off]

HTTPD debug

icmp

status

display icmp statistic counter

discovery

<iface> [on|off]

set icmp router discovery flag

echo

[on|off]

turn on/off echo response

trace

[on|off]

turn on/off trace for debugging

ifconfig

[iface] [ipaddr] [broadcast <addr> |mtu <value>|dynamic]

configure network interface

igmp

debug

[level]

set igmp debug level

forwardall

[on|off]

turn on/off igmp forward to all interfaces flag

querier

[on|off]

turn on/off igmp stop query flag

iface

<iface> grouptm <timeout>

set igmp group timeout

<iface> interval <interval>

set igmp query interval

<iface> join <group>

join a group on iface

<iface> leave <group>

leave a group on iface

<iface> query

send query on iface

<iface> rsptime [time]

set igmp response time

<iface> start

turn on of igmp on iface

<iface> stop

turn off of igmp on iface

<iface> ttl <threshold>

set ttl threshold

<iface> v1compat [on|off]

turn on/off v1compat on iface

robustness

<num>

set igmp robustness variable

status

dump igmp status

nat

hashTable

 <iface>

session

<sessions>

NAT sessions per host

server

disp

display nat server table

load <set id>

load nat server information from ROM

save

save nat server information to ROM

clear <set id>

clear nat server information

edit active <yes|no>

set nat server edit active flag

edit svrport <start port> [end port]

set nat server server port

edit intport <start port> [end port]

set nat server forward port

edit remotehost <start ip> [end ip]

set nat server remote host ip

edit leasetime [time]

set nat server lease time

edit rulename [name]

set nat server rule name