CLI Guide for DFL-260E
Page 9
...] [-lookup=] [-verbose] [-setmtu=] [-cacheinfo] []... Since the topic is optional, it is possible to display. This is because that option has a default value, 100, which will yield the same result: gw-world:/> routes -flushl3cache=100 gw-world:/> routes -flushl3cache 9 Used for specifying the available values ...for troubleshooting the D-Link Firewall. This guide assumes that the reader is familiar with the D-Link Firewall, and has the necessary basic knowledge in this case is a search string used to ...
...] [-lookup=] [-verbose] [-setmtu=] [-cacheinfo] []... Since the topic is optional, it is possible to display. This is because that option has a default value, 100, which will yield the same result: gw-world:/> routes -flushl3cache=100 gw-world:/> routes -flushl3cache 9 Used for specifying the available values ...for troubleshooting the D-Link Firewall. This guide assumes that the reader is familiar with the D-Link Firewall, and has the necessary basic knowledge in this case is a search string used to ...
CLI Guide for DFL-260E
Page 31
... ethernet address. arpsnoop Toggle snooping and displaying of specified interface. Options -flush -hashinfo -hw= -hwsender= -ip= -notify= -num= -show [] [-ip=] [-hw=] [-num=] Show ARP entries. The snooped messages are displayed before the access section validates the sender...Show only IP addresses matching pattern. Command Reference arp Show all specified interfaces. Show information on hash table health. Description Toggle snooping and displaying of all ARP entries. arpsnoop Chapter 2. Show only the first entries per interface. (Default: 20) Show ARP entries for IP. 2.2.4....
... ethernet address. arpsnoop Toggle snooping and displaying of specified interface. Options -flush -hashinfo -hw= -hwsender= -ip= -notify= -num= -show [] [-ip=] [-hw=] [-num=] Show ARP entries. The snooped messages are displayed before the access section validates the sender...Show only IP addresses matching pattern. Command Reference arp Show all specified interfaces. Show information on hash table health. Description Toggle snooping and displaying of all ARP entries. arpsnoop Chapter 2. Show only the first entries per interface. (Default: 20) Show ARP entries for IP. 2.2.4....
CLI Guide for DFL-260E
Page 36
... [-srcport=] [-destport=] [-srcip=] [-destip=] Close connections. Command Reference 2.2.11. Description List current state-tracked connections. Usage connections -show ". Filter on destination IP address. cpuid Chapter 2. connections Same as "connections -show [-num=] [-verbose] [-srciface=] [-destiface=] [-protocol=] [-srcport=] [-destport=] [-srcip=] [-destip=] .... (Admin only) Filter on source interface. Limit list to connections. (Default: 20) Show only given IP protocol. Filter on destination interface. Show only given source TCP/UDP port. 2.2.12. Show connections.
... [-srcport=] [-destport=] [-srcip=] [-destip=] Close connections. Command Reference 2.2.11. Description List current state-tracked connections. Usage connections -show ". Filter on destination IP address. cpuid Chapter 2. connections Same as "connections -show [-num=] [-verbose] [-srciface=] [-destiface=] [-protocol=] [-srcport=] [-destport=] [-srcip=] [-destip=] .... (Admin only) Filter on source interface. Limit list to connections. (Default: 20) Show only given IP protocol. Filter on destination interface. Show only given source TCP/UDP port. 2.2.12. Show connections.
CLI Guide for DFL-260E
Page 46
... to subsystem. Description Manage language files on disk. Limit list to entries. (Default: 10) Forcibly free IP assigned to free. 2.2.29. Verbose output. Multicast Address. Description Show information about the current state of the configured IP pools. ippool Show IP pool information. languagefiles Manage language files on disk Usage 46 Usage ippool -release [] [-all...
... to subsystem. Description Manage language files on disk. Limit list to entries. (Default: 10) Forcibly free IP assigned to free. 2.2.29. Verbose output. Multicast Address. Description Show information about the current state of the configured IP pools. ippool Show IP pool information. languagefiles Manage language files on disk Usage 46 Usage ippool -release [] [-all...
CLI Guide for DFL-260E
Page 49
...Show all interfaces will be filtered using the ip and hw options. Verbose (more information). Translated IP. The presented list can be presented. nd -show [] [-ip=] [-hw=] [-num=] 49 Description Show ...current NAT Pools and in-depth information. Usage natpool [-verbose] [ []] [-num=] Options -num= -verbose Maximum number of specified interfaces. 2.2.35. natpool Chapter 2. NAT Pool name. 2.2.36. nd Show Neighbor Discovery entries for given interface. Description List the Neighbor Discovery cache entries of items to list (default...
...Show all interfaces will be filtered using the ip and hw options. Verbose (more information). Translated IP. The presented list can be presented. nd -show [] [-ip=] [-hw=] [-num=] 49 Description Show ...current NAT Pools and in-depth information. Usage natpool [-verbose] [ []] [-num=] Options -num= -verbose Maximum number of specified interfaces. 2.2.35. natpool Chapter 2. NAT Pool name. 2.2.36. nd Show Neighbor Discovery entries for given interface. Description List the Neighbor Discovery cache entries of items to list (default...
CLI Guide for DFL-260E
Page 50
... The snooped messages are displayed before the access section validates the sender IP addresses in the ARP data. Show information on hash table health. Show only IP addresses matching pattern. nd -hashinfo [] Show information on hash table ...health. nd -flush [] Flush Neighbor Discovery cache of Neighbor Discovery queries and responses on-screen. Usage ndsnoop 50 Options Chapter 2. nd -query= Send Neighbor Solicitation for given interface(s). Show only the first entries per interface. (Default...
... The snooped messages are displayed before the access section validates the sender IP addresses in the ARP data. Show information on hash table health. Show only IP addresses matching pattern. nd -hashinfo [] Show information on hash table ...health. nd -flush [] Flush Neighbor Discovery cache of Neighbor Discovery queries and responses on-screen. Usage ndsnoop 50 Options Chapter 2. nd -query= Send Neighbor Solicitation for given interface(s). Show only the first entries per interface. (Default...
CLI Guide for DFL-260E
Page 53
...-srcport= -start -status -stop -tcp -udp -wipe -write Destination IP address filter. TCP/UDP port filter. Maximum length of configured pipes / pipe details / pipe users. Unbuffered (not stored in memory (default 512kb). Stop capture. it is not executed right away; Start capture. TCP... filter. UDP filter. Description Show list of each packet to console. Source IP address filter. IP protocol filter. pipes Show pipes information. 2.2....
...-srcport= -start -status -stop -tcp -udp -wipe -write Destination IP address filter. TCP/UDP port filter. Maximum length of configured pipes / pipe details / pipe users. Unbuffered (not stored in memory (default 512kb). Stop capture. it is not executed right away; Start capture. TCP... filter. UDP filter. Description Show list of each packet to console. Source IP address filter. IP protocol filter. pipes Show pipes information. 2.2....
CLI Guide for DFL-260E
Page 56
Description Shows the content of the various types of named (PBR) routing tables. Use the -switched switch to entries. (Default: 20) Only show switched routes and L3C entries. rules Show rules lists. Command Reference show single-host routes. DHCP relay, IPsec, ...a range of routing table. 2.2.45. Flush Layer 3 Cache. main ruleset, pipe ruleset, etc. Example 2.11. Limit display to show routes for the given IP address. rules Chapter 2. Explanation of Flags field of the routing tables: O Learned via OSPF X Route is Disabled M Route is Monitored A Published via Proxy...
Description Shows the content of the various types of named (PBR) routing tables. Use the -switched switch to entries. (Default: 20) Only show switched routes and L3C entries. rules Show rules lists. Command Reference show single-host routes. DHCP relay, IPsec, ...a range of routing table. 2.2.45. Flush Layer 3 Cache. main ruleset, pipe ruleset, etc. Example 2.11. Limit display to show routes for the given IP address. rules Chapter 2. Explanation of Flags field of the routing tables: O Learned via OSPF X Route is Disabled M Route is Monitored A Published via Proxy...
CLI Guide for DFL-260E
Page 57
... of each received packet is validated. Example 2.12. selftest Chapter 2. Range of rules to display. (default: all parameters of the rules. Command Reference rules -verbose 1-5 7-9 Usage rules [-type={IP | ROUTING | PIPE | IDP | IGMP}] [-verbose] [-schedule] []... Type of large buffers (LocalReassSettings... outcome of the throughput crypto accelerator tests are used to verify the correct function of packets sent to display. (Default: IP) Verbose: show all rules). 2.2.46. The content of the received packets. Interface ping test between interfaces 'if1' and '...
... of each received packet is validated. Example 2.12. selftest Chapter 2. Range of rules to display. (default: all parameters of the rules. Command Reference rules -verbose 1-5 7-9 Usage rules [-type={IP | ROUTING | PIPE | IDP | IGMP}] [-verbose] [-schedule] []... Type of large buffers (LocalReassSettings... outcome of the throughput crypto accelerator tests are used to verify the correct function of packets sent to display. (Default: IP) Verbose: show all rules). 2.2.46. The content of the received packets. Interface ping test between interfaces 'if1' and '...
CLI Guide for DFL-260E
Page 64
...status [-verbose] Show server status and list all connected clients. Options -b= -keygen -restart Bitsize. (Default: 1024) Generate SSH Server private keys. Show or flush registration table. (Default: show ) SIP-ALG name. Enable or disable SIP snooping. Use with caution. Usage sshserver Show...outputs a lot of information on the console which may take a long time to finish, up to system instability. Show or flush SIP counters. (Default: show ) Show active SIP sessions. Command Reference -definition -flags= -registration[={SHOW | FLUSH}] -session -snoop={ON | OFF | VERBOSE} -...
...status [-verbose] Show server status and list all connected clients. Options -b= -keygen -restart Bitsize. (Default: 1024) Generate SSH Server private keys. Show or flush registration table. (Default: show ) SIP-ALG name. Enable or disable SIP snooping. Use with caution. Usage sshserver Show...outputs a lot of information on the console which may take a long time to finish, up to system instability. Show or flush SIP counters. (Default: show ) Show active SIP sessions. Command Reference -definition -flags= -registration[={SHOW | FLUSH}] -session -snoop={ON | OFF | VERBOSE} -...
CLI Guide for DFL-260E
Page 68
...authenticated user. (Admin only) Show all information for user(s). 68 IP address for user(s) with this IP address. Also allows logged-on users and other information. Usage userauth List all ) 2.2.59. Default: all authenticated users. userauth Show logged-on users. userauth -privilege... List all authenticated users. userauth -user Show all ) Force an update now for user(s) with this IP address. Default: all information for the specified service. (Admin only; userauth -list [-num=] List all known privileges (usernames and groups). Command ...
...authenticated user. (Admin only) Show all information for user(s). 68 IP address for user(s) with this IP address. Also allows logged-on users and other information. Usage userauth List all ) 2.2.59. Default: all authenticated users. userauth Show logged-on users. userauth -privilege... List all authenticated users. userauth -user Show all ) Force an update now for user(s) with this IP address. Default: all information for the specified service. (Admin only; userauth -list [-num=] List all known privileges (usernames and groups). Command ...
CLI Guide for DFL-260E
Page 70
... to ping. 70 Description Sends one or more information). Destination port of service. Use this source IP. IP address of host to the specified IP address of a host. 2.3. Utility 2.3.1. Send TCP ping. Command Reference 2.3. ping Ping host. ...pbr= -port= -recvif= -srcip= -tcp -tos= -udp -verbose Number of ICMP data results in a 1500-byte IP datagram (1514 bytes ethernet). Pass packet through the rule set, simulating that the packet was received by . All datagrams are ... of packets to send. (Default: 1) Packet size. (Default: 4) Route using PBR Table. Utility Chapter 2.
... to ping. 70 Description Sends one or more information). Destination port of service. Use this source IP. IP address of host to the specified IP address of a host. 2.3. Utility 2.3.1. Send TCP ping. Command Reference 2.3. ping Ping host. ...pbr= -port= -recvif= -srcip= -tcp -tos= -udp -verbose Number of ICMP data results in a 1500-byte IP datagram (1514 bytes ethernet). Pass packet through the rule set, simulating that the packet was received by . All datagrams are ... of packets to send. (Default: 1) Packet size. (Default: 4) Route using PBR Table. Utility Chapter 2.
CLI Guide for DFL-260E
Page 78
The IP span that the sender must arrive on for this rule to be equal to the length of this rule to the specified log receivers. (Default: Default) Text describing the current object. (Optional) Note If no Index is specified when creating an instance of the list. 78 3.1. Configuration ...Reference Action Interface Network LogEnabled LogSeverity Comments Accept, Expect or Drop. (Default: Drop) The interface the packet must belong to for this type, the object will be placed last in the list and the Index will...
The IP span that the sender must arrive on for this rule to be equal to the length of this rule to the specified log receivers. (Default: Default) Text describing the current object. (Optional) Note If no Index is specified when creating an instance of the list. 78 3.1. Configuration ...Reference Action Interface Network LogEnabled LogSeverity Comments Accept, Expect or Drop. (Default: Drop) The interface the packet must belong to for this type, the object will be placed last in the list and the Index will...
CLI Guide for DFL-260E
Page 81
...filter on credentials can only be used for combining several IP4 Address objects for the network object. (Identifier) IP address, e.g. Properties Name Members UserAuthGroups NoDefinedCredentials Comments 3.2.1.7. The dynamically set address used as source networks and destinations networks...172.16.25.50". IP4Group Description An IP4 Address Group is authenticated, but ignores any kind of group membership. (Default: No) Text describing the current object. (Optional) 3.2.1.6. Properties Name Address ActiveAddress UserAuthGroups Specifies a symbolic name for ...
...filter on credentials can only be used for combining several IP4 Address objects for the network object. (Identifier) IP address, e.g. Properties Name Members UserAuthGroups NoDefinedCredentials Comments 3.2.1.7. The dynamically set address used as source networks and destinations networks...172.16.25.50". IP4Group Description An IP4 Address Group is authenticated, but ignores any kind of group membership. (Default: No) Text describing the current object. (Optional) 3.2.1.6. Properties Name Address ActiveAddress UserAuthGroups Specifies a symbolic name for ...
CLI Guide for DFL-260E
Page 178
... Settings related to take on too low unicast Hop-Limit values. (Default: DropLog) The minimum IP multicast Hop-Limit value accepted on too low multicast Hop-Limit values. (Default: DropLog) The default IP Hop-Limit of packets originated by the name of IPv6 traffic. (Default: No) Log received packets with Hop-Limit=0; this type. 3.52.10...
... Settings related to take on too low unicast Hop-Limit values. (Default: DropLog) The minimum IP multicast Hop-Limit value accepted on too low multicast Hop-Limit values. (Default: DropLog) The default IP Hop-Limit of packets originated by the name of IPv6 traffic. (Default: No) Log received packets with Hop-Limit=0; this type. 3.52.10...
CLI Guide for DFL-260E
Page 179
...Default: DropLog) The minimum IP Time-To-Live value accepted on receipt. (Default: 3) What action to take on too low unicast TTL values. (Default: DropLog) The minimum IP multicast Time-To-Live value accepted on receipt. (Default: 3) What action to take on too low multicast TTL values. (Default: DropLog) The default IP... Time-To-Live of packets originated by the security gateway (32-255). (Default: 255) TCP/UDP/ICMP/etc layer data and header sizes matching lower layer size information. (Default: ValidateLogBad) Allow IP data to contain ...
...Default: DropLog) The minimum IP Time-To-Live value accepted on receipt. (Default: 3) What action to take on too low unicast TTL values. (Default: DropLog) The minimum IP multicast Time-To-Live value accepted on receipt. (Default: 3) What action to take on too low multicast TTL values. (Default: DropLog) The default IP... Time-To-Live of packets originated by the security gateway (32-255). (Default: 255) TCP/UDP/ICMP/etc layer data and header sizes matching lower layer size information. (Default: ValidateLogBad) Allow IP data to contain ...
User Manual for DFL-260E
Page 31
... 192.168.1.1. • On the NetDefend DFL-260E, 860E, 1660, 2560 and 2560G, the default management interface IP address is assigned automatically by NetDefendOS to model ). Using HTTPS ensures that communication with factory defaults, a default internal IP address is 192.168.10.1. Therefore, the connecting Ethernet interface of a Default IP Address For a new D-Link NetDefend firewall with NetDefendOS is successfully...
... 192.168.1.1. • On the NetDefend DFL-260E, 860E, 1660, 2560 and 2560G, the default management interface IP address is assigned automatically by NetDefendOS to model ). Using HTTPS ensures that communication with factory defaults, a default internal IP address is 192.168.10.1. Therefore, the connecting Ethernet interface of a Default IP Address For a new D-Link NetDefend firewall with NetDefendOS is successfully...
User Manual for DFL-260E
Page 86
... of operation and will startup with its default factory settings. The default IP address factory setting for the DFL-1660, DFL-2560 and DFL-2560G models will be used . The IPv4 address 192.168.1.1 will default to Enter Setup message appears on the unit. The management interface IP address for the default management interface is discussed further in order...
... of operation and will startup with its default factory settings. The default IP address factory setting for the DFL-1660, DFL-2560 and DFL-2560G models will be used . The IPv4 address 192.168.1.1 will default to Enter Setup message appears on the unit. The management interface IP address for the default management interface is discussed further in order...
User Manual for DFL-260E
Page 137
... log the dropped connections, it is placed as the last IP rule in the IP rule set name in the IP rule set is, by default, dropped by default. A second route must be several IP rule sets in order to include the IP rule set . If the IP rule used is an Allow rule then this is recommended... Iface any any rule in the name of these steps is started for the first time, the default IP rules drop all name There may be either IPv4 or IPv6 addresses as a Drop All rule. The IP Addresses in IP Rules can be called main_drop_all or similar. In order to be IPv4 or IPv6...
... log the dropped connections, it is placed as the last IP rule in the IP rule set name in the IP rule set is, by default, dropped by default. A second route must be several IP rule sets in order to include the IP rule set . If the IP rule used is an Allow rule then this is recommended... Iface any any rule in the name of these steps is started for the first time, the default IP rules drop all name There may be either IPv4 or IPv6 addresses as a Drop All rule. The IP Addresses in IP Rules can be called main_drop_all or similar. In order to be IPv4 or IPv6...
User Manual for DFL-260E
Page 172
... Return to : Routing > Routing Tables > main > Add > Route 2. 4.2.2. This option has no other purpose but to the Internet. Routing Default Static Routes are assigned a default IP address object in the main routing table for the route. Adding a Route to the main Table This example shows how an all-nets... route is the route to all -nets route is accessed via a router with the IP address isp_gw_ip which usually corresponds to...
... Return to : Routing > Routing Tables > main > Add > Route 2. 4.2.2. This option has no other purpose but to the Internet. Routing Default Static Routes are assigned a default IP address object in the main routing table for the route. Adding a Route to the main Table This example shows how an all-nets... route is the route to all -nets route is accessed via a router with the IP address isp_gw_ip which usually corresponds to...