Filter
Top Products
Chapter 16 Firewall
ZyWALL (ZLD) CLI Reference Guide
134
16.2 Firewall Commands
The following table identifies the values required for many of these commands. Other input values
are discussed with the corresponding commands.
The following table describes the commands available for the firewall. You must use the
configure terminal command to enter the configuration mode before you can use the
configuration commands. Commands that do not have IPv6 specified in the description are for IPv4.
Table 65 Input Values for General Firewall Commands
LABEL DESCRIPTION
address_object The name of the IP address (or address group) object. You may use 1-31
alphanumeric characters, underscores(
_), or dashes (-), but the first character
cannot be a number. This value is case-sensitive.
address6_object The name of the IPv6 address (or address group) object. You may use 1-31
alphanumeric characters, underscores(
_), or dashes (-), but the first character
cannot be a number. This value is case-sensitive.
user_name The name of a user (group). You may use 1-31 alphanumeric characters,
underscores(
_), or dashes (-), but the first character cannot be a number. This value
is case-sensitive.
zone_object The name of the zone. For the ZyWALL USG 300 and above, use up to 31 characters
(a-zA-Z0-9_-). The name cannot start with a number. This value is case-sensitive.
The ZyWALL USG 200 and lower models use pre-defined zone names like DMZ, LAN1,
SSL VPN, WLAN, IPSec VPN, OPT, and WAN.
rule_number The priority number of a firewall rule. 1 - X where X is the highest number of rules
the ZyWALL model supports. See the ZyWALL’s User’s Guide for details.
schedule_object The name of the schedule. You may use 1-31 alphanumeric characters,
underscores(
_), or dashes (-), but the first character cannot be a number. This value
is case-sensitive.
service_name The name of the service (group). You may use 1-31 alphanumeric characters,
underscores(
_), or dashes (-), but the first character cannot be a number. This value
is case-sensitive.
Table 66 Command Summary: Firewall
COMMAND DESCRIPTION
[no] firewall asymmetrical-route activate Allows or disallows asymmetrical route topology.
[no] connlimit max-per-host <1..8192> Sets the highest number of sessions that the ZyWALL
will permit a host to have at one time. The
no
command removes the settings.
firewall rule_number Enters the firewall sub-command mode to set a
firewall rule. See Table 67 on page 137 for the sub-
commands.
firewall zone_object {zone_object|ZyWALL} rule_number Enters the firewall sub-command mode to set a
direction specific through-ZyWALL rule or to-ZyWALL
rule. See Table 67 on page 137 for the sub-
commands.
firewall zone_object {zone_object|ZyWALL} append Enters the firewall sub-command mode to add a
direction specific through-ZyWALL rule or to-ZyWALL
rule to the end of the global rule list. See Table 67 on
page 137 for the sub-commands.