D-Link DFL-1600 CLI Guide

D-Link DFL-1600 - Security Appliance Manual

Get D-Link DFL-1600 - Security Appliance PDF manuals and user guides
UPC - 790069282225
View all D-Link DFL-1600 manuals
Add to My Manuals
Save this manual to your list of manuals

D-Link DFL-1600 manual content summary:

  • D-Link DFL-1600 | CLI Guide - Page 1
    Network Security Firewall CLI Reference Guide DFL-210/ 800/1600/ 2500 DFL-260/ 860 Ver. 1.02 SecurSiteycurity Network Security Solution http://www.dlink.com
  • D-Link DFL-1600 | CLI Guide - Page 2
    CLI Reference Guide DFL-210/260/800/860/1600/2500 NetDefendOS version 2.20 D-Link NetDefend Security http://security.dlink.com.tw Published 2007-12-24 Copyright © 2007
  • D-Link DFL-1600 | CLI Guide - Page 3
    CLI Reference Guide DFL-210/260/800/860/1600/2500 NetDefendOS version 2.20 Published 2007-12-24 Copyright © 2007 Copyright Notice This publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. Neither this manual,
  • D-Link DFL-1600 | CLI Guide - Page 4
    Tab completion 15 1.5.1. Inline help 15 1.5.2. Autocompleting current value and default value 15 1.5.3. Configuration object type categories 16 1.6. User roles 17 2. Command Reference 19 2.1. Configuration 19 2.1.1. activate 19 2.1.2. add 19 2.1.3. cancel 20 2.1.4. cc 20 2.1.5. commit
  • D-Link DFL-1600 | CLI Guide - Page 5
    CLI Reference Guide 2.2.29. ikesnoop 44 2.2.30. ippool 45 2.2.31. ipsecglobalstats 46 2.2.32. vlan 61 2.2.57. vpnstats 61 2.2.58. zonedefense 61 2.3. Utility 62 2.3.1. ping 62 2.4. Misc ...63 2.4.1. help 63 2.4.2. history 63 3. Configuration Reference 65 3.1. Access 66 3.2. Address
  • D-Link DFL-1600 | CLI Guide - Page 6
    CLI Reference Guide 3.8.7. LoginClientBigPond 82 3.9. COMPortDevice 106 3.24.7. L2TPServer 107 3.24.8. PPPoETunnel 108 3.24.9. VLAN 109 3.25. IPPool 111 3.26. IPRule 112 3.27. LDAPServer 116 3.30. LocalUserDatabase 117 3.30.1. User 117 3.31. LogReceiver 118 3.31.1. EventReceiverSNMP2c
  • D-Link DFL-1600 | CLI Guide - Page 7
    CLI Reference Guide 3.41. ScheduleProfile 137 3.42. Service 138 3.42.1. ServiceGroup 138 3.42.2. ServiceICMP 138 3.42.3. ServiceIPProto 139 3.42.4. ServiceTCPUDP 139 3.43. Settings 141 3.43.1. ARPTableSettings 141 3.43.2. ConnTimeoutSettings 141 3.43.3. DHCPRelaySettings 142 3.
  • D-Link DFL-1600 | CLI Guide - Page 8
    List of Examples 1. Command option notation 9 1.1. Help for commands 12 1.2. Help for object types 12 1.3. Command line history 14 1.4. Tab completion 15 1.5. Inline help ...15 1.6. Edit an existing property value 16 1.7. Using categories with tab completion 16 2.1. Create a new object 19
  • D-Link DFL-1600 | CLI Guide - Page 9
    audience for this reference guide is: • Administrators that are responsible for configuring and managing the D-Link Firewall. • Administrators that are responsible for troubleshooting the D-Link Firewall. This guide assumes that the reader is familiar with the D-Link Firewall, and has the necessary
  • D-Link DFL-1600 | CLI Guide - Page 10
    Notation Preface Because the table name option is followed by ellipses it is possible to specify more than one routing table. Since table name is optional as well, the user can specify zero or more policy-based routing tables. gw-world:/> routes Virroute Virroute2 10
  • D-Link DFL-1600 | CLI Guide - Page 11
    11 • Help, page 12 • Function keys, page 13 • Command line history, page 14 • Tab completion, page 15 • User roles, page 17 This guide is a reference for all commands and configuration object types that are available in the command line interface for NetDefendOS. 1.1. Running a command The commands
  • D-Link DFL-1600 | CLI Guide - Page 12
    guide. Using the help command gives a more detailed help corresponding to the information found in this guide command. Arp is also the name of a configuration object type, so it is necessary to specify that in an object type, such as data type, default value, etc. by entering the ? character when
  • D-Link DFL-1600 | CLI Guide - Page 13
    1.3. Function keys Chapter 1. Introduction 1.3. Function keys In addition to the return key there are a number of function keys that are used in the CLI. Backspace Tab Ctrl-A or Home Ctrl-B or Left Arrow Ctrl-C Ctrl-D or Delete Ctrl-E or End Ctrl-F or Right Arrow Ctrl-K Ctrl-N or Down Arrow
  • D-Link DFL-1600 | CLI Guide - Page 14
    back to a newer command line). See also Section 2.4.2, "history". Example 1.3. Command line history Using the command line history via the arrow keys: gw-world:/> show Address gw-world:/> (up arrow) gw-world:/> show Address (the previous commandline is displayed) 14
  • D-Link DFL-1600 | CLI Guide - Page 15
    At this point the user can either enter more Address ("ress" was autocompleted) gw-world:/> add Address i (tab) gw-world:/> add Address IP4 ("IP4" was autocompleted) gw-world:/> add Address IP4 (tab, or double tab if IP4 were entered manually such as data type, default value, etc. is displayed
  • D-Link DFL-1600 | CLI Guide - Page 16
    LogSeverity=< (tab) gw-world:/> add LogReceiverSyslog example Address=example_ip LogSeverity=Emergency, Alert,Critical,Error,Warning,Notice,Info (the default value was inserted) Now it is easy to remove a log severity. 1.5.3. Configuration object type categories Some object types are grouped
  • D-Link DFL-1600 | CLI Guide - Page 17
    1.6. User roles Chapter 1. Introduction 1.6. User roles Some commands and options cannot be used unless the logged in user has administrator priviege. This is indicated in this guide by a note following the command or "Admin only" written next to an option. 17
  • D-Link DFL-1600 | CLI Guide - Page 18
    1.6. User roles Chapter 1. Introduction 18
  • D-Link DFL-1600 | CLI Guide - Page 19
    . Usage activate Note Requires Administrator privilege. 2.1.2. add Create a new object. Description Create a new object and add it to the configuration. Specify the type of object you want to create and the identifier, if the type has one, unless the object is identified by an index.
  • D-Link DFL-1600 | CLI Guide - Page 20
    :/> add Address IP4Address example_ip Address=1.2.3.4 Comments="This is an example" gw-world:/> add IP4Address example_ip2 Address=2.3.4.5 Add Type> Category that groups object types. The property that identifies the configuration object. May not be applicable depending on the specified .
  • D-Link DFL-1600 | CLI Guide - Page 21
    commit Chapter 2. Command Reference Change the current configuration context. A context is a group of objects that are dependent on and grouped by a parent object. Many objects lie in the "root" context and do not have a specific parent. Other objects, e.g. User objects lie in a sub-context (or
  • D-Link DFL-1600 | CLI Guide - Page 22
    copy command. Usage commit Chapter 2. Command Reference Note Requires Administrator privilege. 2.1.6. copy Copy object. Description Make a copy of a configuration object. The created copy will have identical values for all properties, except for the identifier, which is modified to be unique for
  • D-Link DFL-1600 | CLI Guide - Page 23
    set IPRule examplerule SourceNetwork=examplenet gw-world:/> delete Address IP4Address examplenet -force Usage delete []
  • D-Link DFL-1600 | CLI Guide - Page 24
    its children recursively or the -all flag to reject the changes in all objects in the configuration. See also: activate, commit Example 2.4. Reject changes Reject changes in individual objects: gw-world:/> set Address IP4Address example_ip Comments="This comment will be rejected" gw-world:/> reject
  • D-Link DFL-1600 | CLI Guide - Page 25
    privilege. 2.1.10. reset Reset unit configuraition and/or binaries. Description Reset configuration or binaries to factory defaults. Usage reset [-configuration] [-unit] Options -configuration -unit Reset configuration to factory default. Reset unit to factory defaults. Note Requires
  • D-Link DFL-1600 | CLI Guide - Page 26
    set Address IP4Address example_ip Address=1.2.3.4 Comments="This is an example" gw-world:/> set IP4Address example_ip2 Address=2.3.4.5 enabled. Category that groups object types. The property that identifies the configuration object. May not be applicable depending on the specified . One
  • D-Link DFL-1600 | CLI Guide - Page 27
    2.1.12. show Chapter 2. Command Reference configuration was committed is indicated by a flag. The flags Example 2.6. Show objects Show the properties of an individual object: gw-world:/> show Address IP4Address example_ip gw-world:/main> show Route 1 gw-world:/> show Client DynDnsClientDyndnsOrg
  • D-Link DFL-1600 | CLI Guide - Page 28
    IP4Address examplenet -force gw-world:/> undelete Address IP4Address examplenet Usage undelete [] [] Options Category that groups object types. The property that identifies the configuration object. May not be applicable depending on
  • D-Link DFL-1600 | CLI Guide - Page 29
    2.1.13. undelete Note Requires Administrator privilege. Chapter 2. Command Reference 29
  • D-Link DFL-1600 | CLI Guide - Page 30
    specified interfaces. If no interface is given the ARP cache entries of all interfaces will be presented. The presented list can be filtered using the ip and hw options. Usage arp Show all ARP entries. 30
  • D-Link DFL-1600 | CLI Guide - Page 31
    . Show information on hash table health. Show only hardware addresses matching pattern. Sender ethernet address. Show only IP addresses matching pattern. Send gratuitous ARP for . Show only the first entries per interface. (Default: 20) Show ARP entries for given interface(s). Interface name
  • D-Link DFL-1600 | CLI Guide - Page 32
    ARP Transaction States. Description Show active ARP Transaction States. Usage ats [-num=] Options -num= Limit list to entries. (Default: 20) 2.2.6. bigpond Show BigPond information. Description Show the BigPond information about specified interface. Usage bigpond [] Options 32
  • D-Link DFL-1600 | CLI Guide - Page 33
    ICMP | OTHER | TCPUDP | ALL}] [-port=] [-dest=] [-time=] Block specified netobject. blacklist -unblock [-serv=] [-prot={TCP | UDP | ICMP | OTHER | TCPUDP | ALL}] [-port=] [-dest=] [-time=] [-force] Unblock specified
  • D-Link DFL-1600 | CLI Guide - Page 34
    hosts). Number of the port to block/unblock. Protocol to block/unblock. Service to block/unblock. Show information about the blacklisted hosts. The time that the host will remain blocked. Unblock specified netobject. (Admin only) Show whitelist hosts only. IP address range. 2.2.8. buffers List
  • D-Link DFL-1600 | CLI Guide - Page 35
    (Admin only) Limit list to entries per CAM table. (Default: 20) Interface. 2.2.10. certcache Show the contents of the certificate cache. Description Show all certificates in the certificate cache. Usage certcache 2.2.11. cfglog Display configuration log. Description Display the log of the last
  • D-Link DFL-1600 | CLI Guide - Page 36
    . (Admin only) Filter on destination interface. Filter on destination IP address. Show only given destination TCP/UDP port. Show information on hash table health. Limit list to connections. (Default: 20) Show only given IP protocol. Show connections. Filter on source interface. Filter on source
  • D-Link DFL-1600 | CLI Guide - Page 37
    list of custom configured log messages. Usage customlog [-num=] Options -num= Maximum number of items to list. (Default: 10) 2.2.16. dconsole Displays the content of the diagnose console. Description The diagnose console is used to help troubleshooting internal problems within the security
  • D-Link DFL-1600 | CLI Guide - Page 38
    all diagnose entries. (Admin only) YYYY-MM-DD. Only show entries from this date and forward. Flush all diagnose entries to disk. (Admin only) 2.2.17. dhcp Display information about DHCP-enabled routed DHCP relays. Display filter filters relays based on interface/ip (example: if1 192.168.*) Usage 38
  • D-Link DFL-1600 | CLI Guide - Page 39
    Show the currently relayed DHCP sessions. Show the DHCP/BOOTP relayer ruleset. Show ruleset. Display filter, filters relays based on interface/ip. IP address. 2.2.19. dhcpserver Show content of the DHCP server ruleset. Description Show the content of the DHCP server ruleset and various information
  • D-Link DFL-1600 | CLI Guide - Page 40
    . (Admin only) Show DHCP server rules. Show ruleset. Display filters for leases based on interface/mac/ip (eg. if1 192.168.*). Interface. IP address. 2.2.20. dns DNS client and queries. Description Show status of the DNS client and manage pending DNS queries. Usage dns [-query=] [-list
  • D-Link DFL-1600 | CLI Guide - Page 41
    2.2.22. dynroute Chapter 2. Command Reference dnsbl [-show] [] [-clean] Options -clean Clear DNSBL statistics for ALG. -show Show DNSBL statistics for ALG. Name of SMTP ALG. 2.2.22. dynroute Show dynamic routing policy. Description Show the dynamic routing policy filter
  • D-Link DFL-1600 | CLI Guide - Page 42
    -num= {NEW | ALL | } List done (lingering) reassemblies. List free instead of active. List entries. (Default: 20) Show in-depth info about reassembly . (Default: all) 2.2.24. ha Show current HA status. Description Show current HA status. Usage ha [-activate] [-deactivate
  • D-Link DFL-1600 | CLI Guide - Page 43
    only) 2.2.26. hwaccel List configured Hardware Accelerators. Description Display information about configured Hardware Accelarators. Usage hwaccel about all interfaces. Filter list of interfaces. Limit list to lines. (Default: 20) Only list members of given PBR table(s). Stop and restart the
  • D-Link DFL-1600 | CLI Guide - Page 44
    to test configuration of the address> Simulate an incoming IGMP join message. Simulate an incoming IGMP leave message. Simulate an incoming IGMP query message. Show the current IGMP state. Host IP address. Interface. Multicast Address. Router IP address
  • D-Link DFL-1600 | CLI Guide - Page 45
    Reference Enable or disable IKE-snooping. Description Turn IKE on-screen snooping on/off. Useful for troubleshooting IPsec connections. Usage ikesnoop Show IKE snooping status. ikesnoop -on [] [-verbose] Enable IKE snooping. ikesnoop -off Disable IKE snooping. Options -off -on -verbose
  • D-Link DFL-1600 | CLI Guide - Page 46
    ip address> Show IP pool information. Verbose output. IP address to free. 2.2.31. ipsecglobalstats Show global ipsec statistics. Description List global IPsec to display (default: 48). 2.2.33. ipsecstats Show the SAs in use. Description List the currently active IKE and IPsec SAs, optionally
  • D-Link DFL-1600 | CLI Guide - Page 47
    Kill all SAs belonging to the given remote SG/peer. Description Kill all (IPsec and IKE) SAs associated with a given remote IKE peer IP or optional all SA:s in the system. IKE delete messages are sent. Usage killsa Delete SAs belonging to provided remote SG/peer. killsa -all Delete all
  • D-Link DFL-1600 | CLI Guide - Page 48
    of the license file. Usage license 2.2.36. linkmon Display link montitoring statistics. Description . If link monitor hosts have been configured, linkmon will monitor host reachability to detect link/ NIC problems. Usage linkmon 2.2.37. lockdown Enable / disable lockdown. Description During
  • D-Link DFL-1600 | CLI Guide - Page 49
    Administrator privilege. 2.2.38. logout Logout user. Description Logout current user. Usage logout 2.2.39. memory Show IP address>]] [-num=] Options -num= -verbose Maximum number of items to list (default: 20). Verbose (more information). Translated IP
  • D-Link DFL-1600 | CLI Guide - Page 50
    [-process=] Show details for a specified LSA. ospf -snoop={ON | OFF} [-process=] Show troubleshooting messages on the console. ospf -ifacedown [-process=] Take specified interface offline. ospf -ifaceup [-process
  • D-Link DFL-1600 | CLI Guide - Page 51
    . Show troubleshooting messages on the console. Increase amount of information to display. OSPF enabled interface. OSPF enabled interface. LSA ID. OSPF Area. Neighbor. Show HA routingtable. 2.2.42. pipes Show pipes information. Description Show list of configured pipes / pipe details / pipe users
  • D-Link DFL-1600 | CLI Guide - Page 52
    Show pipe details. Options -expr= -show -users Pipe wildcard(*) expression. Show pipe details. List users of a given pipe. Show pipe details. Chapter 2. Command Reference 2.2.43. reconfigure Initiates a configuration re-read. Description Restart the Security Gateway using the
  • D-Link DFL-1600 | CLI Guide - Page 53
    -num= -switched -tables -verbose Also show routes for interface addresses. Flush Layer 3 Cache. Lookup the route for the given IP address. Do not show single-host routes. Limit display to entries. (Default: 20) Only show switched routes and L3C entries. Display list of named
  • D-Link DFL-1600 | CLI Guide - Page 54
    . Type of rules to display. (Default: IP) Verbose: show all parameters of the rules. Range of rules to display. (default: all rules). 2.2.47. sessionmanager Session Manager. Description Show information about the Session Manager, and list currently active users. Explanation of Timeout flags for
  • D-Link DFL-1600 | CLI Guide - Page 55
    Show in-depth information about session. List active sessions. Send message to session. List number of session. Show Session Manager status. Name of user database. Message to send. Name of session. 2.2.48. shutdown Initiate core shutdown. Description Initiate shutdown of the core. The core will
  • D-Link DFL-1600 | CLI Guide - Page 56
    (Default: 5) Note Requires Administrator privilege. 2.2.49. sipalg SIP ALG. Description List running SIP-ALG configurations, for troubleshooting SIP transactions. Options -calls -connection -definition Show active calls table. Show SIP connections. Show running ALG configuration parameters.
  • D-Link DFL-1600 | CLI Guide - Page 57
    : show) Show active SIP sessions. Enable or disable SIP snooping. Show or flush SIP counters. (Default: show) Run SIP snooping in verbose mode. SIP-ALG name. IP Address to snoop. 2.2.50. sshserver SSH Server. Description Show SSH Server status, or start/stop/restart SSH Server. Usage sshserver
  • D-Link DFL-1600 | CLI Guide - Page 58
    Show server status and list all connected clients. Stop the SSH Server. Type, (default: both RSA and DSA keys will be created). Verbose output. SSH Server. Note 51. stats Display various general firewall statistics. Description Display general information about the firewall, such as uptime, CPU load
  • D-Link DFL-1600 | CLI Guide - Page 59
    -status[={ANTIVIRUS | IDP | ALL}] Show update status and database information. (Admin only; Default: all) -update[={ANTIVIRUS | IDP | ALL}] Force an update now for the specified service. (Admin only; Default: all) 2.2.54. urlcache List contents of the URL cache. Description List contents of the
  • D-Link DFL-1600 | CLI Guide - Page 60
    -user Show all information for user(s) with this IP address. userauth -remove Forcibly log out an authenticated user. Options -list -num= -privilege -remove -user List all authenticated users. Limit list of authenticated users. (Default
  • D-Link DFL-1600 | CLI Guide - Page 61
    Usage vlan [-vlan=] [-interface=] Options -interface= -vlan= List VLANs connected to physical interface . VLAN to show information about. 2.2.57. vpnstats Alias for ipsecstats. 2.2.58. zonedefense Zonedefense. Description Block/unblock IP addresses/net
  • D-Link DFL-1600 | CLI Guide - Page 62
    verbose] Options -count= -length= -pbr= -port= -recvif= -srcip= -tcp -udp -verbose Number of packets to send. (Default: 1) Packet size. (Default: 4) Route using PBR Table. Destination port of UDP or TCP ping. Pass packet through the
  • D-Link DFL-1600 | CLI Guide - Page 63
    simply type help followed by the topic that you want help with. A topic can be for example a command name (e.g. set) or the name of a configuration object type (e.g. User). When you don't know the name of what you are looking for you can specify the category of the wanted topic with the -category
  • D-Link DFL-1600 | CLI Guide - Page 64
    2.4.2. history Chapter 2. Command Reference 64
  • D-Link DFL-1600 | CLI Guide - Page 65
    Chapter 3. Configuration Reference • Access, page 66 • Address, page 68 • AdvancedScheduleProfile, page 71 • ALG, page 72 • ARP, page 77 • BlacklistWhiteHost, page 78 • Certificate, page 79 • Client, page 80 • COMPortDevice, page 83 • ConfigModePool, page
  • D-Link DFL-1600 | CLI Guide - Page 66
    , page 135 • ScheduleProfile, page 137 • Service, page 138 • Settings, page 141 • Configuration Reference 3.1. Access Description Use an access rule to allow or block specific source IP addresses The IP span that the sender must belong to for this rule to be carried out. Enable logging. (Default:
  • D-Link DFL-1600 | CLI Guide - Page 67
    3.1. Access Chapter 3. Configuration Reference Comments Text describing the current object. (Optional) Note If no Index is specified when creating an instance of this type, the object will be placed last in the list and the Index will be equal to the length of the list. 67
  • D-Link DFL-1600 | CLI Guide - Page 68
    groups) defined. This means that the object only requires that a user is authenticated, but ignores any kind of group membership. (Default: No) Text describing the current object. (Optional) 3.2.1.2. EthernetAddressGroup Description An Ethernet Address Group is used for combining several Ethernet
  • D-Link DFL-1600 | CLI Guide - Page 69
    NoDefinedCredentials Comments Specifies a symbolic name for the network object. (Identifier) IP address, e.g. "172.16.50.8", "192.168.30.7,192.168.30.11", "192.168.7.0/24" or "172.16.25.10-172.16.25.50". Groups and user names that belong to this object. Objects that filter on credentials can
  • D-Link DFL-1600 | CLI Guide - Page 70
    object. (Identifier) An IP address with one instance for each node in the high availability cluster. Groups and user names that belong to this means that the object only requires that a user is authenticated, but ignores any kind of group membership. (Default: No) Text describing the current object.
  • D-Link DFL-1600 | CLI Guide - Page 71
    Configuration Reference 3.3. AdvancedScheduleProfile Description An advanced schedule profile contains definitions of occurrences used by various policies in the system. Properties Name Comments Specifies a symbolic name for the service that exists in the month. (Default: 1-31) Text describing the
  • D-Link DFL-1600 | CLI Guide - Page 72
    3.4. ALG Chapter 3. Configuration Reference 3.4. ALG This is a category Default: No) Server data ports. (Default: 1024-65535) Allow client to use active mode (unsafe for client). (Default: No) Client data ports. (Default: 1024-65535) Allow unknown commands. (Default: No) Allow SITE EXEC. (Default
  • D-Link DFL-1600 | CLI Guide - Page 73
    3.4.3. ALG_HTTP Chapter 3. Configuration Reference 3.4.2. ALG_H323 Description Use an H.323 channels per call. (Default: 10) Automatic or Specific. (Default: Automatic) Translate logical channel addresses. (Default: Yes) Max Gatekeeper Registration Lifetime. (Default: 1800) Text describing
  • D-Link DFL-1600 | CLI Guide - Page 74
    to block. (Optional) Action to take for content that hasn't been classified. (Default: Allow) Allow the user to display a blocked site. (Default: No) Allow reclassification of sites. (Default: No) Text describing the current object. (Optional) 3.4.3.1. ALG_HTTP_URL Description Blacklist URLs to
  • D-Link DFL-1600 | CLI Guide - Page 75
    3.4.5. ALG_SIP Chapter 3. Configuration Reference BlockUserPass HideUser AllowUnknownCommands FileListType FailModeBehavior File VerifyContentMimetype Antivirus ScanExclude CompressionRatio CompressionRatioAction Comments Block clients from sending USER and PASS command. (Default: No) Prevent
  • D-Link DFL-1600 | CLI Guide - Page 76
    MaxBlocksize MaxFileTransferSize BlockDirectoryTraversal Comments Chapter 3. Configuration Reference Specifies a symbolic name for the ALG. (Identifier) Specifies allowed commands. (Default: ReadWrite) Remove option part from request packet. (Default: No) Allow unknown options in
  • D-Link DFL-1600 | CLI Guide - Page 77
    3. Configuration Reference 3.5. ARP Description Use an ARP entry to publish additional IP addresses and/or MAC addresses on a specified interface. Properties Index Mode Interface IP MACAddress Comments The index of the object, starting at 1. (Identifier) Static, Publish or XPublish. (Default
  • D-Link DFL-1600 | CLI Guide - Page 78
    3.6. BlacklistWhiteHost Chapter 3. Configuration Reference 3.6. BlacklistWhiteHost Description Manually configured whitelist hosts are used to prevent from blocking a host/network on either by default or based on a schedule. Properties Index Addresses Service Schedule Comments The index of the
  • D-Link DFL-1600 | CLI Guide - Page 79
    3.7. Certificate Chapter 3. Configuration Reference 3.7. Certificate Description An X. 509 certificate is used to authenticate a VPN client or gateway when establishing an IPsec tunnel. Properties Name Type CertificateData PrivateKey NoCRLs Comments Specifies a symbolic name for the certificate.
  • D-Link DFL-1600 | CLI Guide - Page 80
    by the name of the type only. There can only be one instance of this type. 3.8.2. DynDnsClientDLink Description Configure the parameters used to connect to the D-Link DynDNS service. Properties DNSName Username Password Comments The DNS name excluding the .dlinkddns.com suffix. Username. The
  • D-Link DFL-1600 | CLI Guide - Page 81
    by the name of the type only. There can only be one instance of this type. 3.8.4. DynDnsClientDyndnsOrg Description Configure the parameters used to connect to the dyndns.org DynDNS service. Properties DNSName Username Password Comments The DNS name excluding the .dyndns.org suffix. Username. The
  • D-Link DFL-1600 | CLI Guide - Page 82
    type only. There can only be one instance of this type. 3.8.6. DynDnsClientPeanutHull Description Configure the parameters used to connect to the Peanut Hull DynDNS service. Properties Index DNSNames Username Password Comments The index of the object, starting at 1. (Identifier) Specifies the DNS
  • D-Link DFL-1600 | CLI Guide - Page 83
    3. Configuration Reference 3.9. COMPortDevice Description A serial communication port, that is used for accessing the CLI. Properties Port BitsPerSecond DataBits Parity StopBits FlowControl Comments Port. (Identifier) Bits per second. (Default: 9600) Data bits. (Default: 8) Parity. (Default: None
  • D-Link DFL-1600 | CLI Guide - Page 84
    3.10. ConfigModePool Chapter 3. Configuration Reference 3.10. ConfigModePool Description An IKE Config Mode Pool will dynamically assign the IP address, DNS server, WINS server etc. to the VPN client connecting to this gateway. Properties IPPoolType IPPool IPPoolAddress IPPoolNetmask DNS NBNSIP
  • D-Link DFL-1600 | CLI Guide - Page 85
    3.11. DateTime Chapter 3. Configuration Reference 3.11. DateTime Description Set Default: SNTP) DNS hostname or IP Address of Timeserver 1. DNS hostname or IP Address of Timeserver 2. (Optional) DNS hostname or IP Address of Timeserver 3. (Optional) Seconds between each resynchronization. (Default
  • D-Link DFL-1600 | CLI Guide - Page 86
    3.12. Device Description Global parameters for this device. Properties Name ConfigVersion Comments Name of the device. (Default: Device) Version number of the configuration. (Default: 1) Text describing the current object. (Optional) Note This object type does not have an identifier and
  • D-Link DFL-1600 | CLI Guide - Page 87
    3.13. DHCPRelay Chapter 3. Configuration Reference 3.13. DHCPRelay Description Use a DHCP Relay to what IP the relay should use as gateway IP when passing the requests to the DHCP server. (Default: Recv) Accept server responses offering IP address "0.0.0.0" (no IP address offered). (Default: No
  • D-Link DFL-1600 | CLI Guide - Page 88
    set of IP addresses and host configuration parameters to hand Service (WINS) server that is used in Microsoft environments which uses the NetBIOS Name Servers (NBNS) to assign IP addresses to NetBIOS names. (Optional) IP address of next server in the boot process. (Optional) Enable logging. (Default
  • D-Link DFL-1600 | CLI Guide - Page 89
    Configuration Reference Index Host MACAddress Comments The index of the object, starting at 1. (Identifier) IP Address of the host. The hardware address (Identifier) What type the option is, i.e. STRING, IP4 and so on. (Default: UINT8) The parameter sent with the code, this can be one parameter or
  • D-Link DFL-1600 | CLI Guide - Page 90
    3.15. DNS Chapter 3. Configuration Reference 3.15. DNS Description Configure the DNS (Domain Name System) client settings. Properties DNSServer1 DNSServer2 DNSServer3 Comments IP of the primary DNS Server. (Optional) IP of the secondary DNS Server. (Optional) IP of the tertiary DNS Server. (
  • D-Link DFL-1600 | CLI Guide - Page 91
    3.16. Driver Chapter 3. Configuration Reference 3.16. Driver This is a category that groups the following object types. 3.16.1. IXP4NPEEthernetDriver Description Intel (IXP4xxNPE) Fast Ethernet Adaptor. Properties Comments Text describing the
  • D-Link DFL-1600 | CLI Guide - Page 92
    Dynamic Routing Policy rule creates a filter to catch statically configured or OSPF learned routes. The matched routes can be Specifies a symbolic name for the rule. (Optional) OSPF or Routing table. (Default: OSPF) Specifies from which OSPF process the route should be imported from into either
  • D-Link DFL-1600 | CLI Guide - Page 93
    Configuration value then specified it will be set to the specified value. (Optional) IP to route over. (Optional) Text describing the current object. (Optional) Note exported. Allow override of static routes. (Default: No) Allow overwrite of default route. (Default: No) Increases the metric by this
  • D-Link DFL-1600 | CLI Guide - Page 94
    3.17.2. DynamicRoutingRuleAddRoute Chapter 3. Configuration Reference ProxyARPAllInterfaces ProxyARPInterfaces Comments Always select all interfaces, including new ones, for publishing routes via Proxy ARP. (Default: No) Specifies the interfaces on which the security gateway should publish routes
  • D-Link DFL-1600 | CLI Guide - Page 95
    EthernetDevice Chapter 3. Configuration Reference 3.18. port to be used. Specifies if the link speed should be auto-negotiated or locked to a static speed. (Default: Auto) Specifies if the duplex should be auto-negotiated or locked to full or half duplex. (Default: Auto) The hardware address
  • D-Link DFL-1600 | CLI Guide - Page 96
    ) The maximum number of state sync packets to send in a burst. (Default: 20) The number of seconds to stay silent on startup or after reconfiguration. (Default: 5) Use a unique shared mac address for each interface. (Default: No) Note This object type does not have an identifier and is identified
  • D-Link DFL-1600 | CLI Guide - Page 97
    3. Configuration Reference 3.20. HTTPPoster Description Use the HTTP poster for dynamic DNS or automatic logon to services using web is loaded. (Optional) Delay in seconds until all URLs are refetched. (Default: 1200) Text describing the current object. (Optional) Note This object type does
  • D-Link DFL-1600 | CLI Guide - Page 98
    certificate when establishing an IPsec tunnel. Properties Name Type IP Hostname CommonName OrganizationName OrganizationalUnit Country LocalityName EMailAddress Comments Specifies a symbolic name for the object. (Identifier) IP, DNS, E-Mail or Distinguished name. IP address. Host name. Common name
  • D-Link DFL-1600 | CLI Guide - Page 99
    IDPRule Chapter 3. Configuration Reference 3.22. Specifies the span of IP addresses to be compared to the destination IP of the received packet. Specifies a service that will be used to take if the given signature is found. (Default: Audit) Specifies what signature(s) to search for in the
  • D-Link DFL-1600 | CLI Guide - Page 100
    Chapter 3. Configuration Reference BlackList BlackListTimeToBlock BlackListBlockOnlyService BlackListIgnoreEstablished LogEnabled LogSeverity Comments Activate BlackList. (Default: No) The number of seconds that the dynamic black list should remain. (Optional) Only block the service that triggered
  • D-Link DFL-1600 | CLI Guide - Page 101
    3.23. IKEAlgorithms Chapter 3. Configuration Reference 3.23. IKEAlgorithms Description Configure algorithms which are used in the IKE phase of an IPsec session. Properties Name NULLEnabled DESEnabled DES3Enabled AESEnabled BlowfishEnabled TwofishEnabled CAST128Enabled BlowfishMinKeySize
  • D-Link DFL-1600 | CLI Guide - Page 102
    3.24. Interface Chapter 3. Configuration Reference 3.24. Interface This is a category that groups the The IP address of the interface. The network of the interface. The default gateway of the interface. (Optional) The broadcast address of the connected network. (Optional) The private IP address
  • D-Link DFL-1600 | CLI Guide - Page 103
    . Add an extra level of checksum above the one provided by the IPv4 layer. (Default: No) Specifies what IP address to use as source IP in e.g. NAT. (Default: LocalInterface) Manually specified originator IP address to use as source IP in e.g. NAT. Specifies the metric for the auto-created route
  • D-Link DFL-1600 | CLI Guide - Page 104
    Chapter 3. Configuration Reference need to be moved between the two interfaces. (Default: No) Specifies the interfaces that are included in the IP address of the remote endpoint. This is the address the security gateway will establish the IPsec tunnel to. It also dictates from where inbound IPsec
  • D-Link DFL-1600 | CLI Guide - Page 105
    group to use with PFS. (Default: 2) Setup security association per network, host or port. (Default: Net) Enable Dead Peer Detection. (Default: Yes) Enable or disable NAT traversal. (Default: OnIfNeeded) Disabled, Auto or Manual. (Default: Disabled) Source IP address used when sending keep-alive ICMP
  • D-Link DFL-1600 | CLI Guide - Page 106
    tunnel. The IP address of the L2TP/PPTP server. Specifies if PPTP or L2TP should be used for this tunnel. (Default: PPTP) Specifies what IP address to use as source IP in e.g. NAT. (Default: LocalInterface) Manually specified originator IP address to use as source IP in e.g. NAT. IP of the primary
  • D-Link DFL-1600 | CLI Guide - Page 107
    name for the interface. (Identifier) The IP address of the PPTP/L2TP server interface. Specifies if PPTP or L2TP should be used for this tunnel. (Default: PPTP) The interface that the PPTP/L2TP Server should be listening on. Specifies the IP that the PPTP/L2TP server should listen on, this can
  • D-Link DFL-1600 | CLI Guide - Page 108
    protocol. (Default: Yes) A range, group or network that the PPTP/L2TP server will use as IP address pool to give out IP addresses to the clients from. IP of the primary DNS server. (Optional) IP of the secondary DNS server. (Optional) IP of the primary Windows Internet Name Service (WINS
  • D-Link DFL-1600 | CLI Guide - Page 109
    LANs cannot have the same VLAN ID if they are defined on the same Ethernet interface. (Default: 0) Specifies the IP address of the virtual LAN interface, if other than the IP of the Ethernet interface. Specifies the network address of the virtual LAN interface. The default gateway of the virtual LAN
  • D-Link DFL-1600 | CLI Guide - Page 110
    3.24.9. VLAN Chapter 3. Configuration Reference Broadcast PrivateIP Metric AutoSwitchRoute AutoInterfaceNetworkRoute AutoDefaultGatewayRoute Comments Specifies the broadcast address of the virtual LAN interface. (Optional) The private IP address of this high availability node. (Optional)
  • D-Link DFL-1600 | CLI Guide - Page 111
    IP leases that are fetched from a DHCP Server. The IPPool itself is used as resource of addresses by subsystems that may need to distribute addresses, e.g. by IPsec in Configuration of leases an IP Pool will keep prefetched. (Default: 3) Maximum number of free address that the IP pool will keep,
  • D-Link DFL-1600 | CLI Guide - Page 112
    be used. Specifies whether to translate source IP or destination IP. (Default: DestinationIP) Translate to this IP address. Translate to this port. (Optional) Rewrite all destination IPs to a single IP. (Default: No) Specifies stickiness mode. (Default: None) New connections that arrive within the
  • D-Link DFL-1600 | CLI Guide - Page 113
    : 10) The IP addresses of the servers in the server farm. Multicast traffic must have been requested using IGMP before it is forwarded. (Default: Yes) Specifies how the traffic should be forwarded and translated. Rewrite all destination IPs to a single IP. (Default: No) Enable logging. (Default: No
  • D-Link DFL-1600 | CLI Guide - Page 114
    3.27. IPRuleFolder Chapter 3. Configuration Reference 3.27. IPRuleFolder Description An IP Rule folder can be used to group IP Rules into logical groups for better overview and simplified management. Properties Index Name Comments The index of the object, starting at 1. (Identifier) Specifies
  • D-Link DFL-1600 | CLI Guide - Page 115
    3.28. IPSecAlgorithms Chapter 3. Configuration Reference 3.28. IPSecAlgorithms Description Configure algorithms which are used in the IPsec phase of an IPsec session. Properties Name NULLEnabled DESEnabled DES3Enabled AESEnabled BlowfishEnabled TwofishEnabled CAST128Enabled BlowfishMinKeySize
  • D-Link DFL-1600 | CLI Guide - Page 116
    at 1. (Identifier) Specifies the IP address or hostname of the LDAP server. Specifies the username to use when accessing the LDAP server. (Optional) Specifies the password to use when accessing the LDAP server. (Optional) Specifies the LDAP service port number. (Default: 389) Text describing the
  • D-Link DFL-1600 | CLI Guide - Page 117
    add into the user database. (Identifier) The password for this user. Specifies the user groups that this user is a member of, e.g. Administrators. (Optional) If the user is logging in over PPTP/L2TP it will be assigned this static IP. (Optional) PPTP/L2TP networks behind the user. (Optional) Metric
  • D-Link DFL-1600 | CLI Guide - Page 118
    EventReceiverSNMP2c Description A SNMP2c event receiver is used to receive SNMP events from the system. Properties Name IPAddress Port Community RepeatCount LogSeverity Comments Specifies a symbolic name for the log receiver. (Identifier) (Default: 162) Specifies with what severity log events will
  • D-Link DFL-1600 | CLI Guide - Page 119
    the system in the standard Syslog format. Properties Name IPAddress Port Facility Specifies a symbolic name for the log receiver. (Identifier) Specifies the IP address of the log receiver. Specifies the port number of the log service. (Default: 514) Specifies what facility is used when logging
  • D-Link DFL-1600 | CLI Guide - Page 120
    3.31.4. LogReceiverSyslog Chapter 3. Configuration Reference LogSeverity Comments Specifies with what severity log events will be sent to the specified log receivers. (Optional; Default: Emergency,Alert,Critical,Error,Warning,Notice,Info) Text describing the current object. (Optional) 3.31.4.1.
  • D-Link DFL-1600 | CLI Guide - Page 121
    assigned a NAT IP address. (Default: stateful) Specify which IP Address source to use. (Default: IPRange) Specifies the range of IP addresses used for NAT translation. Specifies the IP Pool used for retrieving IP addresses for NAT translation. The number of IP addresses to get from the IP Pool. The
  • D-Link DFL-1600 | CLI Guide - Page 122
    on the highest IP address of any interface participating in the OSPF process. (Optional) The private router ID of this high availability node. (Optional) Enable this if the security gateway will be used in a environment that consists of routers that only support RFC 1583. (Default: No) Specifies the
  • D-Link DFL-1600 | CLI Guide - Page 123
    that routers in the stub area can reach destinations outside the area. (Default: No) Become a default router for stub area (Summarize). (Default: Yes) Route metric for stub area. (Optional) Specifies the network addresses allowed to be imported into this area from external routing sources. (Optional
  • D-Link DFL-1600 | CLI Guide - Page 124
    it takes to forward a LSA packet trough the router. (Default: 1) Specifies Default: No) Enable to allow OSPF MTU mismatches. (Default: No) Text describing the current object. (Optional) 3.33.1.2. OSPFNeighbor Description For point-to-point and point-to-multipoint networks, specify the IP addresses
  • D-Link DFL-1600 | CLI Guide - Page 125
    Configuration Reference Interface IPAddress Metric Comments Specifies the OSPF interface of the neighbor. (Identifier) IP Address of link. Use the authentication configuration specified in the OSPF process. (Default: Yes) Specifies the authentication type for the OSPF protocol exchanges. (Default
  • D-Link DFL-1600 | CLI Guide - Page 126
    3.34. Pipe Chapter 3. Configuration Reference 3.34. Pipe Description A pipe defines basic traffic shaping parameters. The pipe rules then determines which traffic goes through which pipes. Properties Name LimitKbpsTotal LimitPPSTotal
  • D-Link DFL-1600 | CLI Guide - Page 127
    Pipe Chapter 3. Configuration Reference UserLimitKbps1 UserLimitPPS1 (the highest precedence). (Optional) Grouping enables per-port/IP/network static bandwidth limits as well as dynamic balancing between groups. (Default: None) If users are grouped according to source or destination network,
  • D-Link DFL-1600 | CLI Guide - Page 128
    3.34. Pipe Comments Chapter 3. Configuration Reference Text describing the current object. (Optional) 128
  • D-Link DFL-1600 | CLI Guide - Page 129
    Configuration IP addresses to be compared to the destination IP of the received packet. Specifies a service forward traffic. (Optional) Specifies one or more pipes to be used for return traffic. (Optional) Specifies what precedence should be assigned to the packets before sent into a pipe. (Default
  • D-Link DFL-1600 | CLI Guide - Page 130
    3.36. PSK Chapter 3. Configuration Reference 3.36. PSK Description PSK (Pre-Shared Key) authentication is based on a shared secret that is known only by the parties involved. Properties Name Type
  • D-Link DFL-1600 | CLI Guide - Page 131
    37. RadiusServer Chapter 3. Configuration Reference 3.37. RadiusServer Description External RADIUS server used to verify user names and passwords. Properties Name IPAddress Port RetryTimeout SharedSecret Comments Specifies a symbolic name for the server. (Identifier) The IP address of the server
  • D-Link DFL-1600 | CLI Guide - Page 132
    3.38. RemoteManagement Chapter 3. Configuration Reference 3.38. RemoteManagement This is a category that groups the user that logs in. (Default: Admin) Specifies the local user database to use for login. Enable remote management via HTTP. (Default: No) Enable remote management via HTTPS. (Default:
  • D-Link DFL-1600 | CLI Guide - Page 133
    Chapter 3. Configuration Reference Name Port AllowAuthMethodPassword AllowAuthMethodPublicKey at the same time. (Default: 5) The number of seconds a user can be idle before the session is closed. (Default: 1800) When the user has supplied the username, the password has to be provided within this
  • D-Link DFL-1600 | CLI Guide - Page 134
    RoutingRule Chapter 3. Configuration Reference 3.39. RoutingRule Description A Routing Rule forces the use of a routing table in the forward and/or return packet. Specifies the span of IP addresses to be compared to the destination IP of the received packet. Specifies a service that will be used as
  • D-Link DFL-1600 | CLI Guide - Page 135
    is specified, the security gateway's interface IP address will be used. (Optional) Specifies if this route should be monitored for route changes for route failover purposes. (Default: No) Mark the route as down if the interface link status changes to down. (Default: No) Mark the route as down
  • D-Link DFL-1600 | CLI Guide - Page 136
    3.40.2. SwitchRoute Chapter 3. Configuration Reference Network Metric ProxyARPAllInterfaces ProxyARPInterfaces Comments 1000) Specifies the network address for this route. Specifies the metric for this route. (Default: 0) Always select all interfaces, including new ones, for publishing routes via
  • D-Link DFL-1600 | CLI Guide - Page 137
    Chapter 3. Configuration Reference 3.41. ScheduleProfile Description A Schedule Profile defines days and dates and are then used by the various policies in the system. Properties Name Mon Tue Wed Thu Fri Sat Sun StartDate EndDate Comments Specifies a symbolic name for the service. (Identifier
  • D-Link DFL-1600 | CLI Guide - Page 138
    which Redirect message codes should be matched. (Default: 0-255) Enable matching of Parameter Problem messages. (Default: No) Specifies which Parameter Problem message codes should be matched. (Default: 0-255) Enable matching of Echo Reply messages. (Default: No) Specifies which Echo Reply message
  • D-Link DFL-1600 | CLI Guide - Page 139
    Properties Name IPProto PassICMPReturn ALG MaxSessions Comments Specifies a symbolic name for the service. (Identifier) IP protocol number or range, e.g. "1-4,7" will match the protocols ICMP, IGMP, GGP, IP-in-IP and CBT. (Default: 0-255) Enable passing an ICMP error message only if it is related
  • D-Link DFL-1600 | CLI Guide - Page 140
    name for the service. (Identifier) Specifies the destination port or the port ranges applicable to this service. Specifies whether this service uses the TCP or UDP protocol or both. (Default: TCP) Specifies the source port or the port ranges applicable to this service. (Default: 0-65535) Enable SYN
  • D-Link DFL-1600 | CLI Guide - Page 141
    ARPHashSize ARPHashSizeVLAN The Ethernet Sender address matching the hardware address in the ARP data. (Default: DropLog) If the IP source address of an ARP query (NOT response!) is "0.0.0.0". (Default: DropLog) The IP Source address in ARP packets. (Default: Validate) Unsolicited ARP replies
  • D-Link DFL-1600 | CLI Guide - Page 142
    ) allowed from the DHCP server (too high times will be lowered silently). (Default: 10000) Maximum number of DHCP client IPs automatically added to the routing table. (Default: 256) Policy for saving the relay list to disk. (Default: ReconfShut) Seconds between auto saving the relay list to disk
  • D-Link DFL-1600 | CLI Guide - Page 143
    3.43.4. DHCPServerSettings Chapter 3. Configuration Reference Note This object type does not have an identifier and is Policy for saving the lease database to disk. (Default: ReconfShut) Seconds between auto saving the lease database to disk. (Default: 86400) Note This object type does not have
  • D-Link DFL-1600 | CLI Guide - Page 144
    used for establishing IPsec VPN connections to and from this system. Properties IPsecMaxTunnels IPsecMaxRules IKESendInitialContact IKESendCRLs IKECRLValidityTime Amount of IPsec tunnels allowed (0 = automatic). (Default: 0) Amount of IPsec rules allowed (0 = automatic). (Default: 0) Send 'initial
  • D-Link DFL-1600 | CLI Guide - Page 145
    should never happen! (Default: Yes) Block 0.0.0.0 as source address. (Default: Drop) Block 0.* source addresses. (Default: DropLog) Block 127.* source addresses. (Default: DropLog) Block multicast source addresses (224.0.0.0--255.255.255.255). (Default: DropLog) The minimum IP Time-To-Live
  • D-Link DFL-1600 | CLI Guide - Page 146
    when ethernet and IP multicast addresses does not match. (Default: DropLog) Note This object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type. 3.43.9. L2TPServerSettings Description PPTP/L2TP server settings. Properties
  • D-Link DFL-1600 | CLI Guide - Page 147
    Chapter 3. Configuration Reference Note This Default: 10000) Encapsulated (tunneled transport), used by PPTP. (Default: 2000) IPsec ESP; Encrypted communication. (Default: 2000) IPsec AH; Authenticated communication. (Default: 2000) SKIP; Simple Key management for IP, VPN protocol. (Default
  • D-Link DFL-1600 | CLI Guide - Page 148
    Description Miscellaneous Settings Properties UDPSrcPort0 Port0 How to treat UDP packets with source port 0. (Default: DropLog) How to treat TCP/UDP packets with destination port 0 and TCP packets with source port 0. (Default: DropLog) Note This object type does not have an identifier and is
  • D-Link DFL-1600 | CLI Guide - Page 149
    HTTP port for the web user interface. (Default: 80) Specifies the HTTP(S) port for the web user interface. (Default: 443) Enable SSH traffic to the security gateway regardless of configured IP Rules. (Default: Yes) Specifies which certificate to use for HTTPS traffic. (Optional) Enable SNMP traffic
  • D-Link DFL-1600 | CLI Guide - Page 150
    5) Transp_CAMToL3CDestLearnin Do L3 Cache learning based on destination IPs and MACs in g combination with CAM table contents. (Default: Yes) Transp_DecrementTTL Decrement TTL on packets forwarded between transparent interfaces. (Default: No) Transp_CAMSize_Dynamic Allocate the CAM Size value
  • D-Link DFL-1600 | CLI Guide - Page 151
    Configuration Reference TLS_RSA_WITH_RC4_128_MD Enable cipher TLS_RSA_WITH_RC4_128_MD5. (Default: 5 Yes) TLS_RSA_EXPORT1024_WITH Enable cipher _RC4_56_SHA1 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA1. (Default do when the connection table is full. (Default: ReplaceLog) Log packets that are neither
  • D-Link DFL-1600 | CLI Guide - Page 152
    3.43.18. TCPSettings Chapter 3. Configuration Reference Note This object type does not have an Size). (Default: 1460) TCPMSSVPNMax Limits TCP MSS for VPN connections; minimizes fragmentation. (Default: 1400) TCPMSSOnHigh How to handle too high MSS values. (Default: Adjust) TCPMSSLogLevel
  • D-Link DFL-1600 | CLI Guide - Page 153
    by some IP stacks (strip=strip PSH). (Default: StripSilent) The TCP RST flag together with SYN; normally invalid (strip=strip RST). (Default: DropLog) 1Q based Virtual LAN interfaces. Properties UnknownVLANTags VLAN packets tagged with an unknown ID. (Default: DropLog) Note This object type does not
  • D-Link DFL-1600 | CLI Guide - Page 154
    3.44. SSHClientKey Chapter 3. Configuration Reference 3.44. SSHClientKey Description The public key of the client connecting to the SSH server. Properties Name Type Subject PublicKey Comments Specifies a symbolic name for the key. (Identifier) DSA or RSA. (Default: DSA) Value of the Subject
  • D-Link DFL-1600 | CLI Guide - Page 155
    . ThresholdRule Chapter 3. Configuration Reference 3.45. ThresholdRule . Specifies the span of IP addresses to be compared to the destination IP of the received packet. Specifies a service that will be used as or Audit. (Default: Protect) Specifies whether the threshold should be host- or
  • D-Link DFL-1600 | CLI Guide - Page 156
    No) The number of seconds that the dynamic black list should remain. (Optional) Only block the service that triggered the blacklisting. (Default: No) Do not drop existing connection. (Default: No) Enable logging. (Default: No) Specifies with what severity log events will be sent to the specified log
  • D-Link DFL-1600 | CLI Guide - Page 157
    Reference 3.46. UpdateCenter Description Configure automatical updates. Properties AVEnabled IDPEnabled AdvancedIDPEnabled UpdateInterval UpdateDate UpdateWeekday Hourly UpdateHour UpdateMinute Comments Automatic updates of antivirus definitions and engine. (Default: No) Automatic updates of
  • D-Link DFL-1600 | CLI Guide - Page 158
    IP configured on the PPTP/L2TP server configuration. Only used when agent is PPP. Specifies the authentication servers that will be used to authenticate users matching this rule. Specifies the authentication method used for encrypting the user password. (Default: PAP) Specifies the local user
  • D-Link DFL-1600 | CLI Guide - Page 159
    UserAuthRule Chapter 3. Configuration Reference UseServerTimeouts manually specified values will be used. (Default: No) Specifies how multiple username logins will be handled. (Default: AllowMultiple) Replace existing user if idle for more than this number of seconds. (Default
  • D-Link DFL-1600 | CLI Guide - Page 160
    48. ZoneDefenseBlock Description Manually configured blocks are used to block a host/network on the switches either by default or based on schedule. Properties Index Addresses Protocol Port Schedule Comments The index of the object, starting at 1. (Identifier) Specifies the addresses to block. All
  • D-Link DFL-1600 | CLI Guide - Page 161
    3.49. ZoneDefenseExcludeList Chapter 3. Configuration Reference 3.49. ZoneDefenseExcludeList Description The exclude list is used exclude certain hosts/networks from being blocked out by IDP/Threshold rule violations. Properties Addresses Comments Specifies the addresses that should not be
  • D-Link DFL-1600 | CLI Guide - Page 162
    3.50. ZoneDefenseSwitch Chapter 3. Configuration Reference 3.50. ZoneDefenseSwitch Description A ZoneDefense switch will (Default: DES-3226S) IP The IP address of the management interface of the switch. Enabled Enable the ZoneDefense switch. (Default: Yes) SNMPCommunity The SNMP community
  • D-Link DFL-1600 | CLI Guide - Page 163
    3.50. ZoneDefenseSwitch Chapter 3. Configuration Reference 163
  • D-Link DFL-1600 | CLI Guide - Page 164
    L license, 47 linkmon, 48 lockdown, 48 logout, 49 M memory, 49 N natpool, 49 O ospf, 50 P ping, 62 pipes, 51 pskgen, 23 R reconfigure, 52 reject, 24 reset, 25 routemon, 52 routes, 52 rules, 53 S sessionmanager, 54 set, 25 show, 26 shutdown, 55 sipalg, 56 sshserver, 57 stats, 58 T time, 58 U undelete
  • D-Link DFL-1600 | CLI Guide - Page 165
    Z zonedefense, 61 Object types A Access, 66 AddressFolder, 68 AdvancedScheduleOccurrence, 71 AdvancedScheduleProfile, 71 ALG_FTP, 72 ALG_H323, 73 ALG_HTTP, 73 ALG_HTTP_URL, 74 ALG_POP3, 74 ALG_SIP, 75 ALG_TFTP, 75 ARP, 77 ARPTableSettings, 141 B BlacklistWhiteHost, 78 C Certificate, 79 COMPortDevice
  • D-Link DFL-1600 | CLI Guide - Page 166
    , 139 SSHClientKey, 154 SSLSettings, 150 StateSettings, 151 SwitchRoute, 136 T TCPSettings, 152 ThresholdAction, 155 ThresholdRule, 155 U UpdateCenter, 157 User, 117 UserAuthRule, 158 V VLAN, 109 VLANSettings, 153 Z ZoneDefenseBlock, 160 ZoneDefenseExcludeList, 161 ZoneDefenseSwitch, 162 166 Index
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
Network Security Solution
Security
Security
DFL-210/ 800/1600/ 2500
DFL-260/ 860
Ver.
1.02
Network Security Firewall
CLI Reference Guide