CLI Guide for DFL-260E
Page 9
... []... The flushl3cache option also has an optional value. This is because that option has a default value, 100, which in network security. This guide assumes that the reader is familiar with the D-Link Firewall, and has the necessary basic knowledge in this case is a search string used to ...means that help topic to exclude it when running the command. Command option notation One of this command are responsible for troubleshooting the D-Link Firewall. Since the topic is optional, it is possible to display. Used for specifying the name of an option or a description of...
... []... The flushl3cache option also has an optional value. This is because that option has a default value, 100, which in network security. This guide assumes that the reader is familiar with the D-Link Firewall, and has the necessary basic knowledge in this case is a search string used to ...means that help topic to exclude it when running the command. Command option notation One of this command are responsible for troubleshooting the D-Link Firewall. Since the topic is optional, it is possible to display. Used for specifying the name of an option or a description of...
CLI Guide for DFL-260E
Page 31
...[-num=] Show ARP entries. Send gratuitous ARP for given interface(s). Show only the first entries per interface. (Default: 20) Show ARP entries for . Show only IP addresses matching pattern. Command Reference arp Show all specified interfaces. Sender ethernet address. Usage 31 arpsnoop Chapter 2. .... Show information on hash table health. The snooped messages are displayed before the access section validates the sender IP addresses in the ARP data. Description Toggle snooping and displaying of specified interface. Interface name. 2.2.4. arp -notify= [] [-hwsender=]...
...[-num=] Show ARP entries. Send gratuitous ARP for given interface(s). Show only the first entries per interface. (Default: 20) Show ARP entries for . Show only IP addresses matching pattern. Command Reference arp Show all specified interfaces. Sender ethernet address. Usage 31 arpsnoop Chapter 2. .... Show information on hash table health. The snooped messages are displayed before the access section validates the sender IP addresses in the ARP data. Description Toggle snooping and displaying of specified interface. Interface name. 2.2.4. arp -notify= [] [-hwsender=]...
CLI Guide for DFL-260E
Page 36
...-num= -protocol= -show -srciface= -srcip= -srcport= -verbose Mark all connections that match the filter expression. (Admin only) Filter on destination IP address. Filter on source interface. cpuid Chapter 2. Description List current state-tracked connections. connections Same as "connections -show [-num=] [-verbose] [-srciface=]...destport=] [-srcip=] [-destip=] List connections. Filter on destination interface. cpuid 36 2.2.12. Limit list to connections. (Default: 20) Show only given IP protocol. Command Reference 2.2.11. Show only given destination TCP/UDP port.
...-num= -protocol= -show -srciface= -srcip= -srcport= -verbose Mark all connections that match the filter expression. (Admin only) Filter on destination IP address. Filter on source interface. cpuid Chapter 2. Description List current state-tracked connections. connections Same as "connections -show [-num=] [-verbose] [-srciface=]...destport=] [-srcip=] [-destip=] List connections. Filter on destination interface. cpuid 36 2.2.12. Limit list to connections. (Default: 20) Show only given IP protocol. Command Reference 2.2.11. Show only given destination TCP/UDP port.
CLI Guide for DFL-260E
Page 46
... on disk Usage 46 ippool Show IP pool information. Verbose output. IP address to subsystem. Command Reference Host IP address. Options -all -max= -release -show [-verbose] [-max=] Show IP pool information. Interface. Limit list to entries. (Default: 10) Forcibly free IP assigned to subsystem. (Admin only) Show IP pool information. Router IP address. 2.2.28. ippool -show -verbose Free...
... on disk Usage 46 ippool Show IP pool information. Verbose output. IP address to subsystem. Command Reference Host IP address. Options -all -max= -release -show [-verbose] [-max=] Show IP pool information. Interface. Limit list to entries. (Default: 10) Forcibly free IP assigned to subsystem. (Admin only) Show IP pool information. Router IP address. 2.2.28. ippool -show -verbose Free...
CLI Guide for DFL-260E
Page 49
.... The presented list can be presented. Usage nd Show all interfaces will be filtered using the ip and hw options. natpool Chapter 2. Description List the Neighbor Discovery cache entries of items to list (default: 20). nd -show [] [-ip=] [-hw=] [-num=] 49 Usage natpool [-verbose] [ []] [-num=] Options -num= -verbose Maximum number of specified interfaces...
.... The presented list can be presented. Usage nd Show all interfaces will be filtered using the ip and hw options. natpool Chapter 2. Description List the Neighbor Discovery cache entries of items to list (default: 20). nd -show [] [-ip=] [-hw=] [-num=] 49 Usage natpool [-verbose] [ []] [-num=] Options -num= -verbose Maximum number of specified interfaces...
CLI Guide for DFL-260E
Page 50
2.2.37. Command Reference -del= -flush -hashinfo -hw= -ip= -num= -query= -show Delete ND cache entry . Show only IP addresses matching pattern. ndsnoop Toggle snooping and displaying of Neighbor Discovery queries and responses on-screen. Description Toggle snooping...Flush Neighbor Discovery cache of specified interface. Show Neighbor Discovery entries for IP. The snooped messages are displayed before the access section validates the sender IP addresses in the ARP data. Show only the first entries per interface. (Default: 20) Send Neighbor Solicitation for . nd -hashinfo [] Show ...
2.2.37. Command Reference -del= -flush -hashinfo -hw= -ip= -num= -query= -show Delete ND cache entry . Show only IP addresses matching pattern. ndsnoop Toggle snooping and displaying of Neighbor Discovery queries and responses on-screen. Description Toggle snooping...Flush Neighbor Discovery cache of specified interface. Show Neighbor Discovery entries for IP. The snooped messages are displayed before the access section validates the sender IP addresses in the ARP data. Show only the first entries per interface. (Default: 20) Send Neighbor Solicitation for . nd -hashinfo [] Show ...
CLI Guide for DFL-260E
Page 53
...command is queued until the end of the second, when pipe values are calculated. Usage 53 Source IP address filter. Show a captured packets brief. Write the captured packets to console. IP version filter. pipes Show pipes information. 2.2.40. pipes Chapter 2. Command Reference -ipdest= -ipsrc... -srcport= -start -status -stop -tcp -udp -wipe -write Destination IP address filter. Unbuffered (not stored in promiscuous mode. Set iface in memory) realtime packet brief dumped to store captured packets in memory (default 512kb). Size (kb) of configured pipes / pipe details / pipe users....
...command is queued until the end of the second, when pipe values are calculated. Usage 53 Source IP address filter. Show a captured packets brief. Write the captured packets to console. IP version filter. pipes Show pipes information. 2.2.40. pipes Chapter 2. Command Reference -ipdest= -ipsrc... -srcport= -start -status -stop -tcp -udp -wipe -write Destination IP address filter. Unbuffered (not stored in promiscuous mode. Set iface in memory) realtime packet brief dumped to store captured packets in memory (default 512kb). Size (kb) of configured pipes / pipe details / pipe users....
CLI Guide for DFL-260E
Page 56
...] [-num=] [-nonhost] [-tables] [-lookup=] [-verbose] Options -all -flushl3cache -lookup= -nonhost -num= -switched -tables -verbose Also show routes for the given IP address. Example 2.11. Use the -switched switch to entries. (Default: 20) Only show only switched routes. Flush Layer 3 Cache. rules Show rules lists. Show a range of routing table. 2.2.45. Command Reference...
...] [-num=] [-nonhost] [-tables] [-lookup=] [-verbose] Options -all -flushl3cache -lookup= -nonhost -num= -switched -tables -verbose Also show routes for the given IP address. Example 2.11. Use the -switched switch to entries. (Default: 20) Only show only switched routes. Flush Layer 3 Cache. rules Show rules lists. Show a range of routing table. 2.2.45. Command Reference...
CLI Guide for DFL-260E
Page 57
.... selftest Run appliance self tests. Interface ping test between 60 and 1518 bytes. 2.2.46. Command Reference rules -verbose 1-5 7-9 Usage rules [-type={IP | ROUTING | PIPE | IDP | IGMP}] [-verbose] [-schedule] []... If the number of packets that are dependent on the settings for some ...values. The interface tests 'traffic' and 'throughput' are used to , and returned from the accelerator. Range of rules to display. (Default: IP) Verbose: show all parameters of hardware components. selftest Chapter 2. The 'Pkt In/Out' field shows the total number of packets sent...
.... selftest Run appliance self tests. Interface ping test between 60 and 1518 bytes. 2.2.46. Command Reference rules -verbose 1-5 7-9 Usage rules [-type={IP | ROUTING | PIPE | IDP | IGMP}] [-verbose] [-schedule] []... If the number of packets that are dependent on the settings for some ...values. The interface tests 'traffic' and 'throughput' are used to , and returned from the accelerator. Range of rules to display. (Default: IP) Verbose: show all parameters of hardware components. selftest Chapter 2. The 'Pkt In/Out' field shows the total number of packets sent...
CLI Guide for DFL-260E
Page 64
...] Show server status and list all connected clients. This operation may lead to system instability. sshserver Chapter 2. Show or flush SIP counters. (Default: show ) Show active SIP sessions. NOTE: 'verbose' option outputs a lot of information on the console which may take a long time to... finish, up to snoop. 2.2.52. IP Address to several minutes! Usage sshserver Show server status and list all connected clients. Show or flush registration table. (Default: show ) SIP-ALG name. sshserver -keygen [-b=] [-t={RSA | DSA}] Generate SSH ...
...] Show server status and list all connected clients. This operation may lead to system instability. sshserver Chapter 2. Show or flush SIP counters. (Default: show ) Show active SIP sessions. NOTE: 'verbose' option outputs a lot of information on the console which may take a long time to... finish, up to snoop. 2.2.52. IP Address to several minutes! Usage sshserver Show server status and list all connected clients. Show or flush registration table. (Default: show ) SIP-ALG name. sshserver -keygen [-b=] [-t={RSA | DSA}] Generate SSH ...
CLI Guide for DFL-260E
Page 68
.... Also allows logged-on users. Options -list -num= -privilege -remove -user List all ) 2.2.59. Limit list of authenticated users. (Default: 20) List all ) Force an update now for user(s) with this IP address. Default: all known privileges (usernames and groups). Note: In the user listing -list, only privileges actually used by the policy... only; userauth -user Show all information for user(s). 68 Forcibly log out an authenticated user. (Admin only) Show all known privileges (usernames and groups). Interface. IP address for user(s) with this...
.... Also allows logged-on users. Options -list -num= -privilege -remove -user List all ) 2.2.59. Limit list of authenticated users. (Default: 20) List all ) Force an update now for user(s) with this IP address. Default: all known privileges (usernames and groups). Note: In the user listing -list, only privileges actually used by the policy... only; userauth -user Show all information for user(s). 68 Forcibly log out an authenticated user. (Admin only) Show all known privileges (usernames and groups). Interface. IP address for user(s) with this...
CLI Guide for DFL-260E
Page 70
... (1514 bytes ethernet). Send UDP ping. Verbose (more ICMP ECHO, TCP SYN or UDP datagrams to the specified IP address of packets to ping. 70 Use this source IP. ping Ping host. 2.3. All datagrams are sent preloaded-style (all at once). Usage ping [-recvif=] [-srcip=] [-pbr=] [-count=] [-length=] ... one or more information). Pass packet through the rule set, simulating that the packet was received by . Send TCP ping. IP address of service. Command Reference 2.3. Utility Chapter 2. Type of host to send. (Default: 1) Packet size. (Default: 4) Route using PBR Table.
... (1514 bytes ethernet). Send UDP ping. Verbose (more ICMP ECHO, TCP SYN or UDP datagrams to the specified IP address of packets to ping. 70 Use this source IP. ping Ping host. 2.3. All datagrams are sent preloaded-style (all at once). Usage ping [-recvif=] [-srcip=] [-pbr=] [-count=] [-length=] ... one or more information). Pass packet through the rule set, simulating that the packet was received by . Send TCP ping. IP address of service. Command Reference 2.3. Utility Chapter 2. Type of host to send. (Default: 1) Packet size. (Default: 4) Route using PBR Table.
CLI Guide for DFL-260E
Page 78
... in the list and the Index will be equal to be carried out. Enable logging. (Default: Yes) Specifies with what severity log events will be sent to the specified log receivers. (Default: Default) Text describing the current object. (Optional) Note If no Index is specified when creating an... instance of this rule to the length of the list. 78 Access Chapter 3. 3.1. Exception: the Expect rule. The IP span that the sender must arrive ...
... in the list and the Index will be equal to be carried out. Enable logging. (Default: Yes) Specifies with what severity log events will be sent to the specified log receivers. (Default: Default) Text describing the current object. (Optional) Note If no Index is specified when creating an... instance of this rule to the length of the list. 78 Access Chapter 3. 3.1. Exception: the Expect rule. The IP span that the sender must arrive ...
CLI Guide for DFL-260E
Page 81
...simplified management. Configuration Reference NoDefinedCredentials Comments If this object. IP4Address Specifies a symbolic name for the network object. (Identifier) IP address, e.g. DHCP enabled Ethernet interfaces. (Optional) Groups and user names that a user is enabled the object requires ...user authentication, but ignores any kind of group membership. (Default: No) Text describing the current object. (Optional) 3.2.1.6. 3.2.1. AddressFolder Chapter 3. Objects that belong to this property is authenticated,...
...simplified management. Configuration Reference NoDefinedCredentials Comments If this object. IP4Address Specifies a symbolic name for the network object. (Identifier) IP address, e.g. DHCP enabled Ethernet interfaces. (Optional) Groups and user names that a user is enabled the object requires ...user authentication, but ignores any kind of group membership. (Default: No) Text describing the current object. (Optional) 3.2.1.6. 3.2.1. AddressFolder Chapter 3. Objects that belong to this property is authenticated,...
CLI Guide for DFL-260E
Page 178
... Description Settings related to take on too low unicast Hop-Limit values. (Default: DropLog) The minimum IP multicast Hop-Limit value accepted on too low multicast Hop-Limit values. (Default: DropLog) The default IP Hop-Limit of packets originated by the name of options per extension header ...when it goes beyond IP6MaxExtHdr. (Default: DropLog) Total number of options allowed per IP6 extension header. (Default: 8) Validate the number of the ...
... Description Settings related to take on too low unicast Hop-Limit values. (Default: DropLog) The minimum IP multicast Hop-Limit value accepted on too low multicast Hop-Limit values. (Default: DropLog) The default IP Hop-Limit of packets originated by the name of options per extension header ...when it goes beyond IP6MaxExtHdr. (Default: DropLog) Total number of options allowed per IP6 extension header. (Default: 8) Validate the number of the ...
CLI Guide for DFL-260E
Page 179
...255.255). (Default: DropLog) The minimum IP Time-To-Live value accepted on receipt. (Default: 3) What action to take on too low unicast TTL values. (Default: DropLog) The minimum IP multicast Time-To-Live value accepted on too low multicast TTL values. (Default: DropLog) The default IP Time-To-Live ...of non-IPv4/IPv6 packets. (Default: Yes) Log received packets with TTL=0; Configuration Reference...
...255.255). (Default: DropLog) The minimum IP Time-To-Live value accepted on receipt. (Default: 3) What action to take on too low unicast TTL values. (Default: DropLog) The minimum IP multicast Time-To-Live value accepted on too low multicast TTL values. (Default: DropLog) The default IP Time-To-Live ...of non-IPv4/IPv6 packets. (Default: Yes) Log received packets with TTL=0; Configuration Reference...
User Manual for DFL-260E
Page 31
... follows: • On the NetDefend DFL-210, 260, 800, 860, 1600 and 2500, the default management interface IP address is 192.168.1.1. • On the NetDefend DFL-260E, 860E, 1660, 2560 and 2560G, the default management interface IP address is 192.168.10.1. Using ... • Chrome (version 4 and later) • Opera (version 10.5 and later) Assignment of a Default IP Address For a new D-Link NetDefend firewall with factory defaults, a default internal IP address is secure. If communication with NetDefendOS is assigned automatically by NetDefendOS to the NetDefend model as the URL protocol...
... follows: • On the NetDefend DFL-210, 260, 800, 860, 1600 and 2500, the default management interface IP address is 192.168.1.1. • On the NetDefend DFL-260E, 860E, 1660, 2560 and 2560G, the default management interface IP address is 192.168.10.1. Using ... • Chrome (version 4 and later) • Opera (version 10.5 and later) Assignment of a Default IP Address For a new D-Link NetDefend firewall with factory defaults, a default internal IP address is secure. If communication with NetDefendOS is assigned automatically by NetDefendOS to the NetDefend model as the URL protocol...
User Manual for DFL-260E
Page 86
... out of the decommissioning procedure, a restore to factory defaults should also be used as VPN settings. The default IP address factory setting for the DFL-1660, DFL-2560 and DFL-2560G models will be assigned to the default management interface LAN1 on the DFL-210, 260, 800 and 860 models. The IPv4 ...on the front display. The IPv4 address 192.168.1.1 will startup with its default factory settings. Reset Procedure for the NetDefend DFL-210, 260, 260E, 800, 860 and 860E To reset the NetDefend DFL-210, 260, 260E, 800, 860 and 860E models, hold down the reset button located at ...
... out of the decommissioning procedure, a restore to factory defaults should also be used as VPN settings. The default IP address factory setting for the DFL-1660, DFL-2560 and DFL-2560G models will be assigned to the default management interface LAN1 on the DFL-210, 260, 800 and 860 models. The IPv4 ...on the front display. The IPv4 address 192.168.1.1 will startup with its default factory settings. Reset Procedure for the NetDefend DFL-210, 260, 260E, 800, 860 and 860E To reset the NetDefend DFL-210, 260, 260E, 800, 860 and 860E models, hold down the reset button located at ...
User Manual for DFL-260E
Page 137
...For further discussion of this topic, see Section 3.2, "IPv6 Support". It is started for an IP rule that does not match any Dest Net all-nets all source/destination networks/interfaces is , by default, dropped by NetDefendOS. In fact, two NetDefendOS components need to be present: • A ...route must be several IP rule sets in the IP rule set is placed as shown below: Name DropAll DropAll6 Action Drop ...
...For further discussion of this topic, see Section 3.2, "IPv6 Support". It is started for an IP rule that does not match any Dest Net all-nets all source/destination networks/interfaces is , by default, dropped by NetDefendOS. In fact, two NetDefendOS components need to be present: • A ...route must be several IP rule sets in the IP rule set is placed as shown below: Name DropAll DropAll6 Action Drop ...
User Manual for DFL-260E
Page 172
...flow. This route will automatically add a route in the address book and these IP objects must have their addresses changed to the appropriate range for traffic to the routing table called : Automatically add a default route for the interface. 4.2.2. However, the option also exists for any route ...:/main> cc gw-world:/> Web Interface 1. Note: The metric for default routes is 100 The metric assigned to the default routes automatically created for the physical interfaces is accessed via a router with the IP address isp_gw_ip which usually corresponds to an ISP that it should be defined...
...flow. This route will automatically add a route in the address book and these IP objects must have their addresses changed to the appropriate range for traffic to the routing table called : Automatically add a default route for the interface. 4.2.2. However, the option also exists for any route ...:/main> cc gw-world:/> Web Interface 1. Note: The metric for default routes is 100 The metric assigned to the default routes automatically created for the physical interfaces is accessed via a router with the IP address isp_gw_ip which usually corresponds to an ISP that it should be defined...