D-Link DFL-260E CLI Guide for DFL-260E

D-Link DFL-260E Manual

Get D-Link DFL-260E PDF manuals and user guides View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals

D-Link DFL-260E manual content summary:

  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 1
    Network Security Firewall CLI Reference Guide NetDefendOS Ver. 2.40.00 SecurSiteycurity Network Security Solution http://www.dlink.com
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 2
    CLI Reference Guide DFL-260E/860E/1660/2560/2560G NetDefendOS version 2.40.00 D-Link Corporation No. 289, Sinhu 3rd Rd, Neihu District, Taipei City 114, Taiwan R.O.C. http://www.DLink.com Published 2011-09-06 Copyright © 2011
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 3
    CLI Reference Guide DFL-260E/860E/1660/2560/2560G NetDefendOS version 2.40.00 Published 2011-09-06 Copyright © 2011 Copyright Notice This publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. Neither this manual
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 4
    and Default value 15 1.5.3. Configuration object type categories 16 1.6. User roles 17 2. Command Reference 19 2.1. Configuration . crashdump 37 2.2.14. dhcp 37 2.2.15. dhcprelay 38 2.2.16. dhcpserver 39 2.2.17. dns 39 2.2.18. dnsbl 40 2.2.19. frags 40 2.2.20. ha 41 2.2.21. hostmon 42
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 5
    CLI Reference Guide 2.2.30. ldap 47 2.2.31. 55 2.2.44. routes 55 2.2.45. rules 56 2.2.46. selftest 57 2.2.47. services 59 2.2.48. sessionmanager 60 2.2.49. settings 61 2.2.50. shutdown 61 2.2.51 72 2.4.4. ls 72 2.4.5. script 73 3. Configuration Reference 76 3.1. Access 77 3.2. Address 79
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 6
    CLI Reference Guide 3.6. BlacklistWhiteHost 93 3.7. Certificate 94 3.8. .1. DHCPServerPoolStaticHost 104 3.14.2. DHCPServerCustomOption 104 3.15. DNS 105 3.16. Driver 106 3.16.1. E1000EthernetPCIDriver 106 LDAPServer 141 3.35. LinkMonitor 142 3.36. LocalUserDatabase 143 3.36.1. User 143 6
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 7
    CLI Reference Guide 3.37. LogReceiver 144 3.37.1. EventReceiverSNMP2c 144 3.37.2. LogReceiverMemory 145 3.37.3. 162 3.49.2. Route 163 3.49.3. SwitchRoute 165 3.50. ScheduleProfile 166 3.51. Service 167 3.51.1. ServiceGroup 167 3.51.2. ServiceICMP 167 3.51.3. ServiceICMPv6 168 3.51
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 8
    interfaces 'if1' and 'if2 57 2.14. Start a 30 min burn-in duration test, testing RAM, storage media and crypto the accelerator ...58 2.15. List all services which names begin with "http 59 2.16. Show a range of rules 67 2.17. Hello World 71 2.18. Transfer script files to and from the device
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 9
    guide is: • Administrators that are responsible for configuring and managing the D-Link Firewall. • Administrators that are responsible for troubleshooting the D-Link Firewall. This guide assumes that the reader is familiar with the D-Link Firewall lookup=
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 10
    Notation Preface Because the table name option is followed by ellipses it is possible to specify more than one routing table. Since table name is optional as well, the user can specify zero or more policy-based routing tables. gw-world:/> routes Virroute Virroute2 10
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 11
    11 • Help, page 12 • Function keys, page 13 • Command line history, page 14 • Tab completion, page 15 • User roles, page 17 This guide is a reference for all commands and configuration object types that are available in the command line interface for NetDefendOS. 1.1. Running a command The commands
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 12
    guide. Using the help command gives a more detailed help corresponding to the information found in this guide command. Arp is also the name of a configuration object type, so it is necessary to specify that in an object type, such as data type, default value, etc. by entering the ? character when
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 13
    1.3. Function keys Chapter 1. Introduction 1.3. Function keys In addition to the return key there are a number of function keys that are used in the CLI. Backspace Tab Ctrl-A or Home Ctrl-B or Left Arrow Ctrl-C Ctrl-D or Delete Ctrl-E or End Ctrl-F or Right Arrow Ctrl-K Ctrl-N or Down Arrow Ctrl
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 14
    1.4. Command line history Chapter 1. Introduction 1.4. Command line history Every time a command is run, the command line is added to a history list. The up and down arrow keys are used to access previous command lines (up arrow for older command lines and down arrow to move back to a newer
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 15
    will be completed. At this point the user can either enter more characters or press tab IP4 (tab, or double tab if IP4 were entered manually) A list of all types starting with IP4 is listed which contains more information such as data type, default value, etc. is displayed. Example 1.5. Inline
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 16
    . The "
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 17
    1.6. User roles Chapter 1. Introduction 1.6. User roles Some commands and options cannot be used unless the logged in user has administrator priviege. This is indicated in this guide by a note following the command or "Admin only" written next to an option. 17
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 18
    1.6. User roles Chapter 1. Introduction 18
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 19
    . Usage activate Note Requires Administrator privilege. 2.1.2. add Create a new object. Description Create a new object and add it to the configuration. Specify the type of object you want to create and the identifier, if the type has one, unless the object is identified by an index.
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 20
    pair> Add object, even if it has errors. Do not show any errors. Category that groups object types. The property that identifies the configuration object. May not be applicable depending on the specified . One or more property-value pairs, i.e. = or
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 21
    . 2.1.4. cc Change the current context. Description Change the current configuration context. A context is a group of objects that are dependent "root" context and do not have a specific parent. Other objects, e.g. User objects lie in a sub-context (or child context) of the root - in this case in
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 22
    activate command. Usage commit Note Requires Administrator privilege. 2.1.6. delete Delete specified objects. Description Delete the specified object, removing it from the configuration. Add the force flag to delete the object even if it is referenced by other objects or if it is a context that
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 23
    that identifies the configuration object. May not be applicable depending on the specified . Type of configuration object to perform this key. Number of bits of data in the generated key. (Default: 64) Name of key. Note Requires Administrator privilege. 2.1.8. reject Reject changes. 23
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 24
    flag to reject the changes in all objects in the configuration. See also: activate, commit Example 2.4. Reject changes Reject user database and all users) gw-world:/exampledb> set User user1 Comments="Something" gw-world:/exampledb> set User user2 Comments="that will be" gw-world:/exampledb> set User
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 25
    . Description Reset configuration or binaries to factory defaults. Usage reset -configuration Reset the configuration to factory defaults. reset -unit Reset the unit to factory defaults. Options -configuration -unit Reset configuration to factory default. Reset unit to factory defaults. Note
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 26
    object. This option is not available if the object is already enabled. Category that groups object types. The property that identifies the configuration object. May not be applicable depending on the specified . One or more property-value pairs, i.e. = or
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 27
    . When showing a table of all objects of a certain type, the status of each object since the last time the configuration was committed is indicated by a flag. The flags used are: - The object is deleted. o The object is disabled. ! The object has errors. + The object is
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 28
    -references -verbose Chapter 2. Command Reference Show all changes in the current configuration. Show disabled properties. Show all errors in the current configuration. Show all references to this object from other objects. Show error details. Category that groups
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 29
    2. Command Reference Category that groups object types. The property that identifies the configuration object. May not be applicable depending on the specified . Type of configuration object to perform operation on. Note Requires Administrator privilege. 29
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 30
    specified interfaces. If no interface is given the ARP cache entries of all interfaces will be presented. The presented list can be filtered using the ip and hw options. Usage 30
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 31
    table health. Show only hardware addresses matching pattern. Sender ethernet address. Show only IP addresses matching pattern. Send gratuitous ARP for . Show only the first entries per interface. (Default: 20) Show ARP entries for given interface(s). Interface name. 2.2.4. arpsnoop Toggle
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 32
    active ARP Transaction States. Description Show active ARP Transaction States. Usage ats [-num=] Options -num= Limit list to entries. (Default: 20) 2.2.6. bigpond Show BigPond information. Description Show the BigPond information about specified interface. Usage bigpond Show ALL BigPond
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 33
    | UDP | ICMP | OTHER | TCPUDP | ALL}] [-port=] [-dest=] [-time=] Block specified netobject. blacklist -unblock [-serv=] [-prot={TCP | UDP | ICMP | OTHER | TCPUDP | ALL}] [-port=] [-dest=] [-time=] [-force] Unblock
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 34
    2.2.8. buffers Chapter 2. Command Reference -creationtime -dest= -dynamic -force -info -listtime -port= -prot={TCP | UDP | ICMP | OTHER | TCPUDP | ALL} -serv= -show -time= -unblock -white Show creation time. Destination address to block/unblock (
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 35
    -num= Flush CAM table. If interface is specified, only entries using this interface are flushed. (Admin only) Limit list to entries per CAM table. (Default: 20) Interface. 2.2.10. cfglog Display configuration log. Description Display the log of the last
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 36
    that match the filter expression. (Admin only) Filter on destination interface. Filter on destination IP address. Show only given destination TCP/UDP port. Limit list to connections. (Default: 20) Show only given IP protocol. Show connections. Filter on source interface. Filter on source
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 37
    2.2.13. crashdump Chapter 2. Command Reference Display info about the cpu. Description Display the make and model of the machine's CPU. Usage cpuid 2.2.13. crashdump Show the contents of the crash.dmp file. Description Show the contents of the crash.dmp file, if it exists. Usage crashdump 2.2.14.
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 38
    enabled interface. DHCP Interface. 2.2.15. dhcprelay Show DHCP/BOOTP relayer ruleset. Description Display the content of the DHCP/BOOTP relayer ruleset and the current routed DHCP relays. Display filter filters relays based on interface/ip (example: if1 192.168.*) Usage dhcprelay Show the currently
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 39
    server leases. Show DHCP server IP mappings. Limit list to leases. Release specific type of IPs. (Admin only) Release an active IP. (Admin only) Show DHCP server rules. Show ruleset. Display filters for leases based on interface/mac/ip (eg. if1 192.168.*). Interface. IP address. 2.2.17. dns
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 40
    query=] [-list] [-remove] Options -list -query= -remove List pending DNS queries. Resolve domain name. Remove all pending DNS queries. 2.2.18. dnsbl DNSBL. Description Show status of DNSBL. Usage dnsbl [-show] [] [-clean] Options -clean -show Clear
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 41
    -num= {NEW | ALL | } List done (lingering) reassemblies. List free instead of active. List entries. (Default: 20) Show in-depth info about reassembly . (Default: all) 2.2.20. ha Show current HA status. Description Show current HA status. Usage ha [-activate] [-deactivate
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 42
    =] Options -num= -verbose Limit list to entries. (Default: 20) Verbose output. 2.2.22. httpalg Commands related to the httpalg -wcfcache [-show] [-url=] [-flush] [-verbose] [-count] [-server[={STATUS | CONNECT | DISCONNECT}]] [-num=] Display URL cache information. Options -
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 43
    Filtering Server options. (Default: status) Show Web Content Filtering cache data. Limits the output from the show command to only match the specified characters. Verbose. Show statistics of WCF functionality. 2.2.23. httpposter Display HTTP Poster status. Description Display configuration and
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 44
    Lists hosts for which new connections are piped by IDP. idppipes -unpipe [-all] [-host=] Remove piping for the specified host. Options -all -host= -show -unpipe mark all hosts. Filter on source IP address. Lists hosts for which new connections are piped by IDP. Remove piping for
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 45
    about all interfaces. Filter list of interfaces. Limit list to lines. (Default: 20) Only list members of given PBR table(s). Stop and restart the interface state of the IGMP interfaces. Send simulated messages to test configuration of the interface. Usage igmp Prints the current IGMP state.
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 46
    of the configured IP pools. Usage ippool -release [] [-all] Forcibly free IP assigned to subsystem. ippool -show [-verbose] [-max=] Show IP pool information. Options -all -max= -release -show -verbose Free all IP addresses. Limit list to entries. (Default: 10
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 47
    and statistics for the configured LDAP databases. Usage ldap List all LDAP databases. ldap -list List all LDAP databases. ldap -show [] Show LDAP database status and statistics. ldap -reset [] Reset LDAP database. Options -list -reset -show List all LDAP
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 48
    . Usage license 2.2.32. linkmon Display link montitoring statistics. Description . If link monitor hosts have been configured, linkmon will monitor host reachability to detect link/ NIC problems. Usage linkmon 2.2.33. logout Logout user. Description Logout current user. Usage logout 2.2.34. memory
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 49
    Address>]] [-num=] Options -num= -verbose Maximum number of items to list (default: 20). Verbose (more information). Translated IP. NAT Pool name. 2.2.36. nd Show Neighbor Discovery entries for given interface. Description List the Neighbor Discovery
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 50
    on hash table health. Show only hardware addresses matching pattern. Show only IP addresses matching pattern. Show only the first entries per interface. (Default: 20) Send Neighbor Solicitation for . Show Neighbor Discovery entries for given interface(s). Interface name. 2.2.37. ndsnoop
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 51
    2.10. List network objects which have names containing "net". netobjects *net* Usage netobjects [] [-num=] Options -num= Number of entries to show. (Default: 20) Name or pattern. 2.2.39. pcapdump Packet capturing. Description Packet capture engine Usage 51
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 52
    out] [-out-nocap] [-eth=] [-ethsrc=] [-ethdest=] [-ip=] [-ipsrc=] [-ipdest=] [-port=] [-srcport=] [-destport=] [-proto=] [-icmp] [-tcp] [-udp] [-promisc] [-ipversion
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 53
    port filter. Set iface in promiscuous mode. IP protocol filter. Show a captured packets brief. Size (kb) of buffer to store captured packets in memory (default pipes Show pipes information. Description Show list of configured pipes / pipe details / pipe users. Note: The "pipes" command is not
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 54
    users of a given pipe. Show pipe details. 2.2.41. pptpalg Show PPTP ALG information. Description Shows information and statistics of the PPTP ALGs. Usage pptpalg Show all configured PPTP ALGs. pptpalg -sessions [-verbose] [-num=] List all PPTP sessions. pptpalg -services
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 55
    Verbose output. PPTP ALG. 2.2.42. reconfigure Initiates a configuration re-read. Description Restart the Security Gateway using the currently active configuration. are single-host routes. Note that "core" routes for interface IP addresses are not normally shown. Use the -all switch to 55
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 56
    Monitored A Published via Proxy ARP D Dynamic (from e.g. DHCP relay, IPsec, L2TP/PPP servers, etc.) H HA synced from cluster peer Usage routes [-all] Lookup the route for the given IP address. Do not show single-host routes. Limit display to entries. (Default: 20) Only show switched routes and
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 57
    Type of rules to display. (Default: IP) Verbose: show all parameters of the rules. Range of rules to display. (default: all rules). 2.2.46. selftest outcome of the throughput crypto accelerator tests are dependent on configuration values. If the number of large buffers (LocalReassSettings->
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 58
    2.2.46. selftest selftest -ping -interfaces=if1,if2 Chapter 2. Command Reference Example 2.14. Start a 30 min burn-in duration test, testing RAM, storage media and crypto the accelerator selftest -burnin -minutes 30 -media -memory -cryptoaccel Usage selftest -memory [-num=] Check the
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 59
    functioning of available crypto accelerator cards. Test duration in hours. (Default: 48) Ethernet interface(s). Check if there are MAC address services Show runtime values of configured services. Description Shows the runtime values of all configured services. Example 2.15. List all services
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 60
    services [] Options Name or pattern. 2.2.48. sessionmanager Session Manager. Description Show information about the Session Manager, and list currently active users with console. sessionmanager -disconnect [ [{LOCAL | SSH | HTTP | HTTPS}]]
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 61
    -depth information about session. List active sessions. Send message to session. List number of session. Show Session Manager status. Name of user database. IP address. Message to send. Name of session. Session type. 2.2.49. settings Show settings. Description Show the contents of the settings
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 62
    -reboot Initiate core shutdown. Initiate system reboot. Seconds until shutdown. (Default: 5) Note Requires Administrator privilege. 2.2.51. sipalg SIP ALG. Description List running SIP-ALG configurations, SIP registration and call information. The -flags option with -snoop allows any
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 63
    be added in the usual way. The default value is 0x00000003 (GENERAL and ERRORS). -definition Show running ALG configuration parameters. sipalg -registration[={SHOW | FLUSH [-flags=] Control SIP snooping. Useful for troubleshooting SIP transactions. NOTE: 'verbose' option outputs a
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 64
    . Use with caution. Show or flush SIP counters. (Default: show) SIP-ALG name. IP Address to snoop. 2.2.52. sshserver SSH Server. Description Show SSH Server status, or start/stop/restart SSH Server. Usage sshserver Show server status and list all connected clients. sshserver -status [-verbose
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 65
    default: both RSA and DSA keys will be created). Verbose output. SSH Server. Note Requires Administrator privilege. 2.2.53. sslvpn SSLVPN tunnels. Description List running SSLVPN configurations, SSLVPN active tunnels and call information. Usage sslvpn 2.2.54. stats Display various general firewall
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 66
    time: . Synchronize time with timeserver(s) (specified in settings). Date YYYY-MM-DD. Time HH:MM:SS. 2.2.57. uarules Show user authentication rules. Description Displays the contents of the
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 67
    the specified signature database. updatecenter -status[={ANTIVIRUS | IDP | ALL}] Show update status and database information. updatecenter -servers Show status of update servers. Options -removedb={ANTIVIRUS | IDP} -servers Remove the database for the specified service. Show status of update
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 68
    -user Show all information for user(s) with this IP address. userauth -remove Forcibly log out an authenticated user. Options -list -num= -privilege -remove -user List all authenticated users. Limit list of authenticated users. (Default
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 69
    2.2.60. vlan Chapter 2. Command Reference 2.2.60. vlan Show information about VLAN. Description Show list of attached Virtual LAN Interfaces, or in-depth information about a specified VLAN. Usage vlan List attached VLANs. vlan Display VLANs connected to physical iface . Options
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 70
    host> Number of packets to send. (Default: 1) Packet size. (Default: 4) Route using PBR Table. Destination port of UDP or TCP ping. Pass packet through the rule set, simulating that the packet was received by . Use this source IP. Send TCP ping. Type of service. Send UDP ping. Verbose (more
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 71
    simply type help followed by the topic that you want help with. A topic can be for example a command name (e.g. set) or the name of a configuration object type (e.g. User). When you don't know the name of what you are looking for you can specify the category of the wanted topic with the -category
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 72
    data which are available through SCP. Example 2.18. Transfer script files to and from the device Upload: scp myscript user@sgw-ip:script/myscript Download: scp user@sgw-ip:script/myscript ./myscript In addition to the files listed it is possible to upload license, certificates and ssh public key
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 73
    user@sgw-ip:certificate/certificate_name scp certificate.key user@sgw-ip:certificate/certificate_name Example 2.21. Upload ssh public key data scp sshkey.pub user@sgw-ip [[] []] [-name=] Create configuration script from specified object, class or category. script -
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 74
    -create -execute -force -name= -quiet -remove -show -store -verbose Apply to all scripts. Create configuration script from specified object, class or category. Execute script. Force script execution. Name of script. Quiet script execution. Remove
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 75
    2.4.5. script Chapter 2. Command Reference 75
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 76
    Chapter 3. Configuration Reference • Access, page 77 • Address, page 79 • AdvancedScheduleProfile, page 83 • ALG, DateTime, page 100 • Device, page 101 • DHCPRelay, page 102 • DHCPServer, page 103 • DNS, page 105 • Driver, page 106 • EthernetDevice, page 110 • HighAvailability, page 111 •
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 77
    • Service, page 167 • Settings, page 171 • SSHClientKey, page 190 • UpdateCenter, page 191 • UserAuthRule, page 192 Chapter 3. Configuration Reference 3.1. Access Description Use an access rule to allow or block specific source IP addresses on a
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 78
    3.1. Access Chapter 3. Configuration Reference Action Interface Network LogEnabled LogSeverity Comments Accept, Expect or Drop. (Default: Drop) The interface the packet must arrive on for this rule to be carried out. Exception: the Expect rule. The IP span that the sender must belong to for this
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 79
    3.2. Address Chapter 3. Configuration Reference 3.2. Address This is a category that groups the following Address Comments 3.2.1.2. IP6Group Specifies a symbolic name for the network object. (Identifier) IPv6 address, e.g. "1:2:3::4", "1234:5678:9abc:def0:1234:5678:9abc:def0", "1:2::/32"
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 80
    3.2.1. AddressFolder Chapter 3. Configuration Reference 3.2.1.3. EthernetAddress Description Use an Ethernet Address item to the network object. (Identifier) An IP address with one instance for each node in the high availability cluster. Groups and user names that belong to this object. Objects
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 81
    If this property is enabled the object requires user authentication, but has no credentials (user names or groups) defined. This means that the object only requires that a user is authenticated, but ignores any kind of group membership. (Default: No) Text describing the current object. (Optional
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 82
    names or groups) defined. This means that the object only requires that a user is authenticated, but ignores any kind of group membership. (Default: No) Text describing the current object. (Optional) 3.2.2. EthernetAddress The definitions here are the same as in Section 3.2.1.3, "EthernetAddress
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 83
    Configuration Reference 3.3. AdvancedScheduleProfile Description An advanced schedule profile contains definitions of occurrences used by various policies in the system. Properties Name Comments Specifies a symbolic name for the service that exists in the month. (Default: 1-31) Text describing the
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 84
    3.4. ALG Chapter 3. Configuration Reference 3.4. ALG This is a server). (Default: No) Server data ports. (Default: 1024-65535) Allow client to use active mode (unsafe for client). (Default: No) Client data ports. (Default: 1024-65535) Allow unknown commands. (Default: No) Allow SITE EXEC. (Default
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 85
    3.4.2. ALG_H323 Chapter 3. Configuration Reference FileListType FailModeBehavior File VerifyContentMimetype Comments 3.4.2. ALG_H323 Specifies if the file list contains files to allow or deny. (Default: Block) Standard behaviour on error: Allow or Deny. (Default: Deny) List of file types to allow
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 86
    ALG_HTTP Chapter 3. Configuration Reference VerifyUTF8URL BlackURLDisplayReason HTTPBanners take for content that hasn't been classified. (Default: Allow) Allow the user to display a blocked site. (Default: No) Allow reclassification of sites. (Default: No) Text describing the current object. (
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 87
    . Properties Action URL Comments Chapter 3. Configuration Reference Whitelist or Blacklist. (Default: Blacklist) Specifies the URL to blacklist sending USER and PASS command. (Default: No) Prevent server from revealing that a user name do not exist. (Default: No) Allow unknown commands. (Default:
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 88
    Specifies a symbolic name for the ALG. (Identifier) Specifies idle timeout for Echo messages in the PPTP tunnel. (Default: 0) SPecifies idle timeout for user traffic in the PPTP tunnel. (Default: 0) Text describing the current object. (Optional) Description Use a SIP ALG to manage SIP based
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 89
    3.4.7. ALG_SMTP Chapter 3. Configuration Reference Comments 3.4.7. ALG_SMTP (Default: 5) Text describing the current object. (Optional) Description Use an SMTP Application Layer Gateway to manage SMTP traffic through the system. Properties Name VerifySenderEmail VerifySenderEmailAction
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 90
    : "*** SPAM ***") Forward blocked mails to DropAddress. (Default: No) Email address that emails reaching the drop threshold will be rerouted to. Use TXT records (will only be used if reaching the drop threshold). (Default: No) Size of the IP Cache of checked sender IP addresses. (Default: 0) Timeout
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 91
    3.4.8. ALG_TFTP Chapter 3. Configuration Reference Note If no Index is specified when size for transferred file. (Optional) Prevent directory traversal (consecutive dots in filenames). (Default: No) Text describing the current object. (Optional) Name HostCert RootCert Comments Specifies
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 92
    3.5. ARPND Chapter 3. Configuration Reference 3.5. ARPND Description Use an ARP/Neighbor Discovery entry to publish additional IP addresses and/or MAC addresses on a specified interface. Properties Mode Interface IP MACAddress Comments Static, Publish or XPublish. (Default: Publish) Indicates
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 93
    Chapter 3. Configuration Reference 3.6. BlacklistWhiteHost Description Hosts and networks added to this whitelist can never be blacklisted by IDP or Threshold Rules. Properties Addresses Service Schedule Comments Specifies the addresses that will be whitelisted. Specifies the service that will
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 94
    Configuration Reference 3.7. Certificate Description An X. 509 certificate is used to authenticate a VPN client or gateway when establishing an IPsec Disable CRLs (Certificate Revocation Lists). (Default: No) Encryption algorithm of the public key. (Default: Unknown) Text describing the current
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 95
    to the length of the list. 3.8.2. DynDnsClientDLink Description Configure the parameters used to connect to the D-Link DynDNS service. Properties DNSName Username Password Comments The DNS name excluding the .dlinkddns.com suffix. Username. The password for the specified username. (Optional) Text
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 96
    length of the list. 3.8.5. DynDnsClientDynsCx Description Configure the parameters used to connect to the dyns.cx DynDNS service. Properties DNSName Username Password Comments The DNS name excluding the .dyns.cx suffix. Username. The password for the specified username. (Optional) Text describing
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 97
    the length of the list. 3.8.6. DynDnsClientPeanutHull Description Configure the parameters used to connect to the Peanut Hull DynDNS service. Properties DNSNames Username Password Comments Specifies the DNS names separated by ";". Username. The password for the specified username. (Optional) Text
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 98
    3. Configuration Reference 3.9. COMPortDevice Description A serial communication port, that is used for accessing the CLI. Properties Port BitsPerSecond DataBits Parity StopBits FlowControl Comments Port. (Identifier) Bits per second. (Default: 9600) Data bits. (Default: 8) Parity. (Default: None
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 99
    . ConfigModePool Chapter 3. Configuration Reference 3.10. ConfigModePool Description An IKE Config Mode Pool will dynamically assign the IP address, DNS server, WINS server etc. to the VPN client connecting to this gateway. Properties IPPoolType IPPool IPPoolAddress IPPoolNetmask DNS NBNSIP DHCP
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 100
    Configuration Default: 1) Enable time synchronization. (Default: Disable) Type of server for time synchronization, UDPTime or SNTP (Simple Network Time Protocol). (Default: SNTP) DNS hostname or IP Address of Timeserver 1. DNS hostname or IP Address of Timeserver 2. (Optional) DNS hostname or IP
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 101
    of the configuration. (Default: 1) Name of the user who committed the current configuration. (Default: BaseConfiguration) Session type used when the current configuration was committed. (Default: BaseConfiguration) IP address of the user who committed the current configuration. (Optional) Date
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 102
    DHCP clients are allowed to be relayed through each interface. (Optional) Define what IP the relay should use as gateway IP when passing the requests to the DHCP server. (Default: Recv) Accept server responses offering IP address "0.0.0.0" (no IP address offered). (Default: No) Always select all
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 103
    specific DHCP Relayers access to the DHCP Server. (Default: 0/0) A range, group or network that the DHCP Server will use as IP address pool Default: 86400) IP of the primary DNS server. (Optional) IP of the secondary DNS server. (Optional) IP of the primary Windows Internet Name Service (WINS) server
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 104
    the current object. (Optional) 3.14.1. DHCPServerPoolStaticHost Description Static DHCP Server host entry Properties Host StaticHostType MACAddress ClientIdentType ClientIdent Comments IP Address of the host. Identifier for host. (Default: MACAddress) The hardware address of the host. Type of
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 105
    3.15. DNS Chapter 3. Configuration Reference 3.15. DNS Description Configure the DNS (Domain Name System) client settings. Properties DNSServer1 DNSServer2 DNSServer3 Comments IP of the primary DNS Server. (Optional) IP of the secondary DNS Server. (Optional) IP of the tertiary DNS Server. (
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 106
    Chapter 3. Configuration Reference 3. Default: 64) Rx ringsize. (Default: 256) Enable monitoring. (Default: No) Below CPU load. (Default: 80) Below interface load. (Default: 70) Minimum interval. (Default: 30) Rx error percentage. (Default: 20) Tx error percentage. (Default: 7) Error time. (Default
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 107
    3.16.4. MarvellEthernetPCIDriver Chapter 3. Configuration Reference 3.16.3. IXP4NPEEthernetDriver Description Intel (IXP4xxNPE) Fast Ethernet Adaptor. Properties Comments Text describing the current object. (Optional) Note This object type does not have an
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 108
    3.16.7. R8139EthernetPCIDriver Chapter 3. Configuration Reference Description WIN32 packet.dll Adaptor Properties Comments Text describing the current object. (Optional) Note This object type does not have an identifier and is
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 109
    3.16.9. SwitchEthernetDriver Chapter 3. Configuration Reference Description WIN32 switch.dll Adaptor. Properties Comments Text describing the current object. (Optional) Note This object type does not have an identifier and is
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 110
    3.17. EthernetDevice Chapter 3. Configuration Reference 3.17. EthernetDevice Description Hardware settings for ports that share the same bus and slot number. This parameter specifies what port to be used. Specifies if the link speed should be auto-negotiated or locked to a static speed. (Default:
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 111
    Description Configure the High Availability cluster parameters for this system. Properties Enabled ClusterID SyncIface NodeID HASyncBufSize HASyncMaxPktBurst HAInitialSilence UseUniqueSharedMac HADeactivateBeforeReconf ReconfFailoverTime HAFailoverTime Enable high availability. (Default: No
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 112
    3.19. HTTPALGBanners Chapter 3. Configuration Reference 3.19. HTTPALGBanners Description HTTP banner files specifies the look and feel of HTTP ALG restriction web pages. Properties Name CompressionForbidden ContentForbidden URLForbidden RestrictedSiteNotice ReclassifyURL
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 113
    3.20. HTTPAuthBanners Chapter 3. Configuration Reference 3.20. HTTPAuthBanners Description HTTP banner files specifies the look and feel of HTML authentication web pages. Properties Name FormLogin LoginSuccess LoginFailure LoginAlreadyDone LoginChallenge LoginChallengeTimeout
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 114
    the HTTP poster for dynamic DNS or automatic logon to services using web-based authentication. Properties URL RepostDelay AlwaysRepost PostValues Comments The URL that will be posted when the security gateway is loaded. Delay in seconds until the URL is refetched. (Default: 1200) Respost on each
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 115
    3.22. HWM Chapter 3. Configuration Reference 3.22. HWM Description Hardware Monitoring allows monitoring . Sensor index. Lower limit. (Optional) Upper limit. (Optional) Enable/disable monitoring. (Default: No) Text describing the current object. (Optional) Note If no Index is specified when
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 116
    Configuration Reference 3.23. IDList Description An ID list contains IDs, which are used within the authentication process when establishing an IPsec IPsec tunnel. Properties Name Type IP Optional) E-mail address. (Optional) Enter the most common DN types above, or as a comma seperated list of types
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 117
    Chapter 3. Configuration Reference 3.24 the span of IP addresses to be compared to the destination IP of the received packet. Specifies a service that will be used HTTP URI. (Default: DropLog) Specifies what action to take when seeing double encoded characters in a HTTP URI. (Default: Ignore) Text
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 118
    Only block the service that triggered the blacklisting. (Default: No) Do not drop existing connection. (Default: No) Specifies configured amount of time. (Default: 10) Enable logging. (Default: Yes) Specifies with what severity log events will be sent to the specified log receivers. (Default: Default
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 119
    3.25. IGMPRule Chapter 3. Configuration Reference 3.25. IGMPRule Description An IGMP rule specifies how interface via which to relay IGMP messages. Translate the multicast group for packets matching this rule. (Default: No) Rewrite all multicast groups to a single IP. (Default: No) Translate the
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 120
    3.25. IGMPRule Chapter 3. Configuration Reference Note If no Index is specified when creating an instance of this type, the object will be placed last in the list and the Index will be equal to the length of the list. 120
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 121
    3.26. IGMPSetting Chapter 3. Configuration Reference 3.26. IGMPSetting Description IGMP parameters can be send an answer to a query. (Default: 10000) The maximum time until a host (client) has to send an answer to a group and group-and-source specific query. (Default: 10000) The number of group and
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 122
    3.27. IKEAlgorithms Chapter 3. Configuration Reference 3.27. IKEAlgorithms Description Configure algorithms which are used in the IKE phase of an IPsec session. Properties Name NULLEnabled DESEnabled DES3Enabled AESEnabled BlowfishEnabled TwofishEnabled CAST128Enabled BlowfishMinKeySize
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 123
    3.28. Interface Chapter 3. Configuration Reference 3.28. Interface This is a category that groups the following (Optional) TODO. (Default: No) The IP address of the interface. The network of the interface. The default gateway of the interface. (Optional) The private IP address of this high
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 124
    a route for this interface using the given network. (Default: Yes) Automatically add a default route for this interface using the given default gateway. (Default: Yes) IP of the primary DNS server. (Optional) IP of the secondary DNS server. (Optional) Sets the multicast receive mode of the interface
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 125
    AutoInterfaceNetworkRoute UseSessionKey SessionKey Comments 3.28.4. InterfaceGroup NAT. (Default: LocalInterface) Manually specified originator IP address to use as source IP in e.g. NAT. Specifies the metric for the auto-created route. (Default: 90) Automatically add a route for this interface
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 126
    Allow DHCP over IPsec from single-host clients. (Default: No) Dynamically add route to the remote networks when a tunnel is established. (Default: No) Specifies the size in bytes at which to fragment plaintext packets (rather than fragmenting IPsec). (Default: 1420) Specifies what IP address to use
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 127
    Specifies whether PFS should be used or not. (Default: None) Specifies which Diffie-Hellman group to use with PFS. (Default: 2) Setup security association per network, host or port. (Default: Net) Disabled, Auto or Manual. (Default: Disabled) Source IP address used when sending keep-alive ICMP pings
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 128
    to use as source IP in e.g. NAT. (Default: LocalInterface) Manually specified originator IP address to use as source IP in e.g. NAT. IP of the primary DNS server. (Optional) IP of the secondary DNS server. (Optional) Specifies the username to use for this PPTP/L2TP interface. The password to use for
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 129
    tunnel. (Default: PPTP) The interface that the PPTP/L2TP Server should be listening on. Specifies the IP that the PPTP/L2TP server should listen on, this can be an IP of a interface, or for example an ARP published IP. Enable the use of user authentication rules on this server. (Default: Yes) Allow
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 130
    traffic should be routed into the tunnel. IP of the primary DNS server. (Optional) IP of the secondary DNS server. (Optional) Specifies the username to use for this PPPoE tunnel. The password to use for this PPPoE tunnel. Specifies the PPPoE server service name used to distinguish between two or
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 131
    this tunnel. User name and password are sent in plaintext. (Default: Yes) Use CHAP authentication protocol for this tunnel. (Default: Yes) Use MS-CHAP authentication protocol for this tunnel. (Default: Yes) Use MS-CHAP v2 authentication protocol for this tunnel. (Default: Yes) Enable Dial-on-demand
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 132
    Comments 3.28.10. VLAN The physical interface that the SSL VPN interface will listen on. The listening port for the SSL VPN interface. (Default: 443) Listening IP for the SSL VPN interface. Optional. FQDN of the SSL VPN server given to clients, eg: (sslvpn.example.com). (Optional) A range, group
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 133
    PrivateIP Metric AutoSwitchRoute AutoInterfaceNetworkRoute AutoDefaultGatewayRoute PrioCopyPolicy EnableRouterAdvertisement Comments Chapter 3. Configuration Reference interface. (Optional) TODO. (Default: No) Specifies the IP address of the virtual LAN interface. Specifies the network of
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 134
    3.29. IPPool Description An IP Pool is a dynamic object which consists of IP leases that are fetched from a DHCP Server. The IP Pool is used as an address source by subsystems that may need to distribute addresses, e.g. by IPsec in Configuration mode. Properties Name DHCPServerType ServerIP
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 135
    to translate source IP or destination IP. (Default: DestinationIP) Translate to this IP address. Translate to this port. (Optional) Rewrite all destination IPs to a single IP. (Default: No) Multicast traffic must have been requested using IGMP before it is forwarded. (Default: Yes) Specifies how
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 136
    3.30. IPRule Chapter 3. Configuration Reference LogEnabled LogSeverity Comments Enable logging. (Default: Yes) Specifies with what severity log events will be sent to the specified log receivers. (Default: Default) Text describing the current object. (Optional) Note If no Index is specified when
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 137
    3.31. IPRuleFolder Chapter 3. Configuration Reference 3.31. IPRuleFolder Description An IP Rule Folder can be used to group IP Rules into logical groups for better overview and simplified management. Properties Index Name Comments The index of the object, starting at 1. (Identifier) Specifies
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 138
    3.32. IPsecAlgorithms Chapter 3. Configuration Reference 3.32. IPsecAlgorithms Description Configure algorithms which are used in the IPsec phase of an IPsec session. Properties Name NULLEnabled DESEnabled DES3Enabled AESEnabled BlowfishEnabled TwofishEnabled CAST128Enabled SDT2Enabled
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 139
    3.32. IPsecAlgorithms Comments Chapter 3. Configuration Reference Text describing the current object. (Optional) 139
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 140
    server used to verify user names and passwords. Properties Name IP Port Timeout NameAttr PassAttr GroupsAttr GetGroups DomainName BaseObject UserName Password Type Comments Specifies a symbolic name for the server. (Identifier) The IP address of the server. The TCP port of the server. (Default
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 141
    Host Username Password Port Comments Specifies the IP address or hostname of the LDAP server. Specifies the username to use when accessing the LDAP server. (Optional) Specifies the password to use when accessing the LDAP server. (Optional) Specifies the LDAP service port number. (Default: 389) Text
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 142
    Chapter 3. Configuration Reference 3.35. LinkMonitor Description The Link Monitor allows the Default: 7) Milliseconds between each monitor attempt. (Default: 250) Do not allow triggering of the link monitor for this number of seconds after the last reconfiguration. (Default: 45) Use the shared IP
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 143
    add into the user database. (Identifier) The password for this user. Specifies the user groups that this user is a member of, e.g. Administrators. (Optional) If the user is logging in over PPTP/L2TP it will be assigned this static IP. (Optional) PPTP/L2TP networks behind the user. (Optional) Metric
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 144
    RepeatCount LogSeverity Comments Specifies a symbolic name for the log receiver. (Identifier) Destination IP address. Destination port. (Default: 162) Community string. (Default: public) Repetition counter. (Default: 0) Specifies with what severity log events will be sent to the specified log
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 145
    3.37.3. LogReceiverSMTP Chapter 3. Configuration Reference 3.37.2. LogReceiverMemory Description A memory log receiver is for the log receiver. (Identifier) The IP address of the SMTP server. Specifies the which port to use to connect to the SMTP server. (Default: 25) The email address that the
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 146
    Comments Specifies a symbolic name for the log receiver. (Identifier) Specifies the IP address of the log receiver. Specifies the port number of the log service. (Default: 514) Specifies what facility is used when logging. (Default: local0) Specifies with what severity log events will be sent to
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 147
    connections are assigned a NAT IP address. (Default: stateful) Specify which IP Address source to use. (Default: IPRange) Specifies the IP Pool used for retrieving IP addresses for NAT translation. The number of IP addresses to get from the IP Pool. Specifies the range of IP addresses used for NAT
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 148
    3.39. Pipe Chapter 3. Configuration Reference 3.39. Pipe Description A pipe defines basic traffic shaping parameters. The pipe rules then determines which traffic goes through which pipes. Properties Name LimitKbpsTotal LimitPPSTotal
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 149
    UserLimitPPS7 Grouping GroupingNetworkSize Chapter 3. Configuration Reference 7 (the highest precedence precedence). (Optional) Grouping enables per-port/IP/network static bandwidth limits as well as dynamic balancing between groups. (Default: None) If users are grouped according to source or
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 150
    3.39. Pipe Dynamic PrecedenceMin PrecedenceDefault PrecedenceMax Comments Chapter 3. Configuration Reference tion network, the size of the network has to be specified by this setting. (Default: 0) Enable dynamic balancing of groups. (Default: No) Specifies the lowest allowed precedence for traffic
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 151
    Configuration IP addresses to be compared to the destination IP of the received packet. Specifies a service forward traffic. (Optional) Specifies one or more pipes to be used for return traffic. (Optional) Specifies what precedence should be assigned to the packets before sent into a pipe. (Default
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 152
    3.41. PSK Chapter 3. Configuration Reference 3.41. PSK Description PSK (Pre-Shared Key) authentication is based on a shared secret that is known only by the parties involved. Properties Name Type
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 153
    RadiusAccounting Description External RADIUS server used to collect user statistics. Properties Name IPAddress Port RetryTimeout SharedSecret Comments Specifies a symbolic name for the server. (Identifier) The IP address of the server. The UDP port of the server. (Default: 1813) The retry timeout
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 154
    43. RadiusServer Description External RADIUS server used to verify user names and passwords. Properties Name IPAddress Port RetryTimeout SharedSecret Comments Specifies a symbolic name for the server. (Identifier) The IP address of the server. The UDP port of the server. (Default: 1812) The retry
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 155
    3.44. RemoteIDList Chapter 3. Configuration Reference 3.44. RemoteIDList Description List of Remote IDs that are allowed access when using Pre Shared Keys as authentication method. Properties Type PSKAscii PSKHex IDType
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 156
    ) Specifies the local user database to use for login. Enable remote management via HTTP. (Default: No) Enable remote management via HTTPS. (Default: No) Specifies the network for which remote access is granted. Text describing the current object. (Optional) Description Configure SNMP management to
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 157
    access is granted. The listening port for the SSH server. (Default: 22) Allow password client authentication. (Default: Yes) Allow public key client authentication. (Default: Yes) Allow DSA public key algorithm. (Default: Yes) Allow RSA public key algorithm. (Default: Yes) Allow Diffie-Hellman Group
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 158
    LoginGraceTime AuthenticationRetries AccessLevel LocalUserDatabase Network Comments Chapter 3. Configuration Reference When the user has supplied the username, the password has to be provided within this number of seconds or the session will be closed. (Default: 30) The number of retires allowed
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 159
    3.46. RouteBalancingInstance Chapter 3. Configuration Reference 3.46. RouteBalancingInstance Description A route balancing instance is assoicated with a . (Identifier) Specify which algorithm to use when balancing the routes. (Default: RoundRobin) Text describing the current object. (Optional) 159
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 160
    RouteBalancingSpilloverSetting s Chapter 3. Configuration Reference 3.47. RouteBalancingSpilloverSettings affected routes. (Default: 30) Outbound threshold limit. (Optional) The outbound units. (Default: kbps) Inbound threshold limit. (Optional) The inbound units. (Default: kbps) Text
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 161
    Service Schedule LogEnabled LogSeverity Comments The index of the object, starting at 1. (Identifier) Specifies a symbolic name for the rule. (Optional) The forward logging. (Default: Yes) Specifies with what severity log events will be sent to the specified log receivers. (Default: Default) Text
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 162
    Configuration Reference 3.49. RoutingTable Description The system has a predefined main routing table. Alternate routing tables can be defined by the user the security gateway's interface IPv6 address will be used. (Optional) Specifies the metric for this route. (Default: 0) Always select all
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 163
    is specified, the security gateway's interface IP address will be used. (Optional) link status changes to down. (Default: No) Mark the route as down if the next hop does not answer on ARP lookups during a specified time. (Default: No) Enable a manually specified ARP lookup interval. (Default
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 164
    Samples MaxPollFails MaxAverageLatency RequestURL ExpectedResponse Comments Monitoring method. (Default: ICMP) Specifies the IP address of the host to monitor. Specifies the TCP port to monitor. Delay in milliseconds between each monitor attempt. (Default: 10000) Specifies if this host is required
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 165
    3.49.3. SwitchRoute Chapter 3. Configuration Reference Note If no Index is specified when creating an route. Specifies the metric for this route. (Default: 0) Always select all interfaces, including new ones, for publishing routes via Proxy ARP. (Default: No) Specifies the interfaces on which the
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 166
    Chapter 3. Configuration Reference 3.50. ScheduleProfile Description A Schedule Profile defines days and dates and are then used by the various policies in the system. Properties Name Mon Tue Wed Thu Fri Sat Sun StartDate EndDate Comments Specifies a symbolic name for the service. (Identifier
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 167
    Redirect RedirectCodes ParameterProblem Specifies a symbolic name for the service. (Identifier) Specifies the ICMP message types that are applicable to this service. (Default: All) Enable matching of Echo Request messages. (Default: No) Specifies which Echo Request message codes should
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 168
    ) Specifies how many concurrent sessions that are permitted using this service. (Default: 200) Text describing the current object. (Optional) Description An IPv6-ICMP Service is an object definition representing IPv6-ICMP traffic with specific parameters. Properties Name MessageTypes EchoRequest
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 169
    0-255) Enable matching of Parameter Problem messages. (Default: No) Specifies which Parameter Problem message codes should be matched. (Default: 0-255) Enable passing an ICMP error message only if it is related to an existing connection using this service. (Default: No) An Application Layer Gateway
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 170
    the destination port or the port ranges applicable to this service. Specifies whether this service uses the TCP or UDP protocol or both. (Default: TCP) Specifies the source port or the port ranges applicable to this service. (Default: 0-65535) Enable SYN flood protection (SYN Relay). (Default: No
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 171
    3.52. Settings Chapter 3. Configuration Reference 3.52. Settings This is a category that groups the Default: DropLog) If the IP source address of an ARP query (NOT response!) is "0.0.0.0". (Default: DropLog) The IP Source address in ARP packets. (Default: Validate) Unsolicited ARP replies. (Default
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 172
    Configuration Default: Yes) Validate the IP source address of the ND packet. (Default: Yes) Action to take when ND packets are received that would modify an existing entry. (Default Logout authenticated accounting users and send AccountingStop packets prior to shutdown. (Default: Yes) 172
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 173
    Chapter 3. Configuration Reference AllowAuthIfNoAccountingResponse LogALGUser MaxRADIUSContexts Allow an authenticated user to still have access even if no response is received by the Accounting Server. (Default: Yes) Log authenticated user together with URL in ALG log messages. (Default: Yes
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 174
    traversed more than this many relays will not be relayed. (Default: 5) Maximum lease time (seconds) allowed from the DHCP server (too high times will be lowered silently). (Default: 10000) Maximum number of DHCP client IPs automatically added to the routing table. (Default: 256) Policy for saving
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 175
    FragSettings Chapter 3. Configuration Reference Properties PseudoReass_MaxConcurrent for more fragments). (Default: 60) Illegaly constructed fragments; partial overlaps, bad sizes, etc. (Default: DropLog) On receipt of duplicate fragments, verify matching data... (Default: Check8) Failed packet
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 176
    3.52.7. HWMSettings Chapter 3. Configuration Reference IP6ReassIllegalLinger (watching for old dups). (Default: 20) How long to remember an illegal reassembly (watching for more fragments). (Default: 60) Note This object type does not have an identifier and is identified by the name of the type
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 177
    (ESP/AH) traffic sent to the security gateway directly to the IPsec engine without consulting the ruleset. (Default: Yes) Amount of time to keep an IPsec tunnel open when the remote DNS name fails to resolve. (Default: 14400) Metric 10s of seconds with no traffic or other evidence of life in tunnel
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 178
    on too low multicast Hop-Limit values. (Default: DropLog) The default IP Hop-Limit of packets originated by the security gateway (32-255). (Default: 255) Validate IPV6 Flow label header field. (Default: Ignore) Validate IPV6 Traffic class header field. (Default: Ignore) Maximum allowed size of all
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 179
    IPSettings Chapter 3. Configuration Reference IP6ValidateSyntax IP6OPT_PADN Default: RFC2460NoSupportLog) Validate routing header other than type 0 or 2 option. (Default: RFC2460NoSupportLog) Log IP packets with bad checksums. (Default: Yes) Log occurrences of non-IPv4/IPv6 packets. (Default
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 180
    take when ethernet and IP multicast addresses do not match. (Default: DropLog) Note This object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type. 3.52.11. L2TPServerSettings Description PPTP/L2TP server settings. Properties
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 181
    Chapter 3. Configuration Reference 3.52 Default: 10000) Encapsulated (tunneled transport), used by PPTP. (Default: 2000) IPsec ESP; Encrypted communication. (Default: 2000) IPsec AH; Authenticated communication. (Default: 2000) SKIP; Simple Key management for IP, VPN protocol. (Default
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 182
    . MiscSettings Description Miscellaneous Settings Properties UDPSrcPort0 Port0 AVSW_Engine How to treat UDP packets with source port 0. (Default: DropLog) How to treat TCP/UDP packets with destination port 0 and TCP packets with source port 0. (Default: DropLog) Antivirus Software Engine Selection
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 183
    3.52.16. MulticastSettings Chapter 3. Configuration Reference Note This object type does not have an the Security Gateway by default. (Default: Yes) Maximum number of requests per second. (Default: 1000) Maximum number of requests per interface per second. (Default: 100) The Security Gateway
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 184
    gateway regardless of configured IP Rules. (Default: Yes) Specifies the HTTP port for the web user interface. (Default: 80) Specifies the HTTPS port for the web user interface. (Default: 443) Allow the web browser to remember the username and password on the login page. (Default: Yes) Enable SSH
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 185
    Description Configure the routing Default: 8192) Allocate the L3 Cache Size value dynamically. (Default: Yes) Maximum number of entries in each Layer 3 Cache. (Default: 8192) Relay Spanning-Tree (STP, RSTP and MSTP) Bridge Protocol Data Units to all switch interfaces. (Default: Drop) Forward
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 186
    3.52.19. SSLSettings Chapter 3. Configuration Reference Note This object type does not Default: No) Note This object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type. 3.52.20. SSLVPNInterfaceSettings Description SSL VPN
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 187
    3.52.21. StateSettings Chapter 3. Configuration Reference Properties SSLVPNBeforeRules Pass SSL VPN connections sent to the security gateway directly to the SSL VPN engine without consulting the ruleset. (Default: Yes) Note This object type does not have an identifier and is identified by the
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 188
    Chapter 3. Configuration Reference Validity of TCP header option sizes. (Default: ValidateLogBad) Minimum allowed TCP MSS (Maximum Segment Size). (Default: 100) How to handle too low MSS values. (Default: DropLog) Maximum allowed TCP MSS (Maximum Segment Size). (Default: 1460) Limits TCP MSS for VPN
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 189
    3.52.23. VLANSettings Chapter 3. Configuration Reference TCPSynFin TCPFinUrg TCPUrg TCPECN TCPRF TCPNULL TCPSequenceNumbers TCPAllowReopen valid (strip=strip RST). (Default: DropLog) The TCP FIN flag together with SYN; normally invalid (strip=strip FIN). (Default: DropLog) The TCP URG flag
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 190
    3.53. SSHClientKey Chapter 3. Configuration Reference 3.53. SSHClientKey Description The public key of the client connecting to the SSH server. Properties Name Type Subject PublicKey Comments Specifies a symbolic name for the key. (Identifier) DSA or RSA. (Default: DSA) Value of the Subject
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 191
    Reference 3.54. UpdateCenter Description Configure automatical updates. Properties AVEnabled IDPEnabled AdvancedIDPEnabled UpdateInterval UpdateDate UpdateWeekday Hourly UpdateHour UpdateMinute Comments Automatic updates of antivirus definitions and engine. (Default: No) Automatic updates of
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 192
    before RADIUS challenge expires. (Default: 160) Disallow, LDAP, RADIUS or Local. The interface on which the connection was received. The network object that the incoming IP address must be a part of. Specifies the destination IP configured on the PPTP/ L2TP server configuration. Only used when agent
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 193
    or not. (Optional) Use timeouts received from the authentication server. If no values are received, the manually specified values will be used. (Default: No) Specifies how multiple username logins will be handled. (Default: AllowMultiple) Replace existing user if idle for more than this number of
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 194
    Configuration Reference InterimValue LogEnabled LogSeverity Comments Yes) The interval in seconds in which interim accounting events should be sent. (Default: 600) Enable logging. (Default: Yes) Specifies with what severity log events will be sent to the specified log receivers. (Default: Default
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 195
    3.55. UserAuthRule Chapter 3. Configuration Reference 195
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 196
    , 36 cpuid, 36 crashdump, 37 D delete, 22 dhcp, 37 dhcprelay, 38 dhcpserver, 39 dns, 39 dnsbl, 40 E echo, 71 F frags, 40 H ha, 41 help, 71 history 23 R reconfigure, 55 reject, 23 reset, 25 routemon, 55 routes, 55 rules, 56 S script, 73 selftest, 57 services, 59 sessionmanager, 60 set, 25 settings
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 197
    , 101 DHCPRelay, 102 DHCPRelaySettings, 173 DHCPServer, 103 DHCPServerCustomOption, 104 DHCPServerPoolStaticHost, 104 DHCPServerSettings, 174 DNS, 105 DynDnsClientCjbNet, 95 DynDnsClientDLink, 95 DynDnsClientDLinkChina, 95 DynDnsClientDyndnsOrg, 96 DynDnsClientDynsCx, 96 DynDnsClientPeanutHull, 97
  • D-Link DFL-260E | CLI Guide for DFL-260E - Page 198
    , 168 ServiceIPProto, 169 ServiceTCPUDP, 170 SSHClientKey, 190 SSLSettings, 186 SSLVPNInterface, 131 SSLVPNInterfaceSettings, 186 StateSettings, 187 SwitchEthernetDriver, 108 SwitchRoute, 165 T TCPSettings, 187 U UpdateCenter, 191 User, 143 UserAuthRule, 192 V VLAN, 132 VLANSettings, 189 198 Index
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
Network Security Solution
NetDefendOS
Ver.
2.40.00
Network Security Firewall
CLI Reference Guide
Security
Security