ENGLISH BAHASA INDONESIA BAHASA MALAYSIA 墙锚使用指南: 应使用哪种硬件来确保抽屉柜稳固地贴合在墙上,取决于抽屉柜的款式和墙体材料。墙体材料类型:
RG-WALL 1600-AF 系列千兆多功能应用防火墙
427
命令手册 RG-WALL 1600-AF 系列千兆多功能应用防火墙 RG SecOS V5.2-A1.0 版本 文档版本号:V1.0 版权声明 锐捷网络 ©2014 锐捷网络版权所有,并保留对本手册及本声明的一切权利。 未得到锐捷网络的书面许可,任何人不得以任何方式或形式 对本手册内的 任何部分进行复制、摘录、备份、修改、传播、 翻译成其他语言、将其全部或部分用于商业用途。
Transcript of RG-WALL 1600-AF 系列千兆多功能应用防火墙
fortigate-cli-50.book
cli check-template-status ........................................................................................................................................... 369
cli status-msg-only ..................................................................................................................................................... 369
router restart ............................................................................................................................................................. 385
set-next-reboot ......................................................................................................................................................... 386
sfp-mode-sgmii ......................................................................................................................................................... 387
shutdown .................................................................................................................................................................. 387
ssh ............................................................................................................................................................................. 387
sync-session .............................................................................................................................................................. 388
vpn sslvpn del-all ....................................................................................................................................................... 395
vpn sslvpn del-tunnel ................................................................................................................................................. 395
vpn sslvpn del-web .................................................................................................................................................... 396
vpn sslvpn list ............................................................................................................................................................ 396
router info gwdetect .................................................................................................................................................. 410
router info kernel ....................................................................................................................................................... 410
router info multicast .................................................................................................................................................. 410
router info ospf .......................................................................................................................................................... 410
router info protocols .................................................................................................................................................. 411
router info rip ............................................................................................................................................................ 412
router info routing-table ............................................................................................................................................ 412
router info vrrp .......................................................................................................................................................... 413
system admin list ....................................................................................................................................................... 413
system admin status .................................................................................................................................................. 413
system interface physical ........................................................................................................................................... 418
system performance firewall ..................................................................................................................................... 419
system performance status ........................................................................................................................................ 420
system performance top ............................................................................................................................................ 421
system session list ..................................................................................................................................................... 421
vpn status l2tp ........................................................................................................................................................... 431
vpn status pptp .......................................................................................................................................................... 431
RG SecOS™ 5.0 CLI CLI RG-
WALL
5.0 CLI
“config” “config”
“get”
CLI “?”
• RG-WALL RG-WALL RG-WALL
aggregate interface type config system interface
RG-WALL Web execute restore
RG-WALL BIOS
19
“Press any key” BIOS
C R T F I B QH
“Enter”
“H" ”Q“
BIOS RG-WALL TFTP IP
[0]: 1 - 7
20
DHCP
DHCP
[S]:
TFTP
[F]:
BIOS
RG-WALL
antivirus
heuristic
end
| disable}
detected files.
set analytics-max-upload <mbytes>
set extended-utm-log {eanble | disable}
set inspection-mode {flow-based | proxy}
config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp | smtps
| nntp | im}
set options {avmonitor | avquery | quarantine | scan}
config nac-quar
set expiry <duration_str>
filepattern.
0
analytics-max-upload
10
block-botnet-connections
extended-utm-log
inspection-mode
23
config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp | smtps | nntp | im}
quarantine —
RG-WALL
for viruses.
config nac-quar
###d##h##m 5
infected none
5m
quarantine
WALL
24
set drop-heuristic {ftp ftps http im imap nntp pop3 smtp}
set drop-infected {ftp ftps http im imap mapi nntp pop3 smtp}
set drop-intercepted {ftp http imap pop3 smtp}
set lowspace {drop-new | ovrw-old}
set store-heuristic {ftp http im imap nntp pop3 smtp}
set store-infected {ftp ftps http https im imap imaps nntp pop3 pop3s smtp smtps}
set store-intercepted {ftp http imap pop3 smtp}
end
TTL
0
NULL
smtp}
drop-heuristic http {ftp ftps http im imap mm1 im
mm3 mm4 mm7 nntp pop3 NNTP imap nntp
smtp} pop3 smtp
drop-infected im {ftp ftps http im imap mapi imap nntp
nntp
drop-intercepted
{ftp http imap pop3 smtp} RG SecOS
imap smtp
pop3 http
drop-new
ovrw-old
RG-WALL
0
0
smtp} NNTP
smtp}
store-infected
imaps nntp pop3 pop3s
store-intercepted
{ftp http imap pop3 smtp} RG SecOS Carrier
ftp
service
RG-WALL HTTP HTTPS FTP POP3 IMAP SMTP
IM IMAP NNTP POP3 SMTP
block-page-status-code
CPU
scan-bzip2
2 100. arj
bzip2 cab gzip lha lzh msc rar tar
zip Bzip2
1 “?”
RG-WALL 0
set grayware {enable | disable}
extreme | normal}
extended
“zoo”
extended
“zoo”
{enable | disable} RAT
application
27
0
comment
<comment_str>
protocol <protocol_str | All> All
set protocols ?
0—Network protocol
set vendor ?
set application [<app1_int><app2_int> ...]
set behavior {0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8}
set block-audio {enable | disable}
set block-encrypt {enable | disable}
set block-file {enable | disable}
set block-im {enable | disable}
set block-photo {enable | disable}
set block-video {enable | disable}
set category {<cat_int> | All}
set session-ttl <ttl_int>
set shaper <shaper_str>
set shaper-reverse <shaper_str>
set other-application-action {block | pass}
set other-application-log {enable | disable}
set unknown-application-action {block | pass}
set unknown-application-log {disable | enable}
behavior {0 | 1 | 2 | 3 | 4 | 5 | 6 |
7 | 8}
0 — Other
1 — Reasonable
2 — Botnet
3 — Evasion
{enable | disable} AIM ICQ MSN Yahoo
{enable | disable} application AIM ICQ MSN Yahoo
{enable | disable} application AIM ICQ MSN Yahoo
{enable | disable} application AIM ICQ MSN Yahoo
{enable | disable} application AIM ICQ MSN Yahoo
application MSN
disable
category im application
All
im-no-content- disable
{enable | disable} AIM ICQ MSN Yahoo
options [allow-dns
allow-http allow-icmp
{enable | disable}
protocols
TTL config system session-ttl CLI
0
shaper-reverse <shaper_str>
sub-category “all” all
{<subcat_int> | all}
0—Other
unknown-application- disable
allset
vendor ?
all
name
name ?
IP IP IP
IP
set visibility {enable | disable}
set start-port <port_int>
type fqdn
0
1
0
comment
null
end-ip
fqdn
33
start-ip
subnet type ipmask IP 0.0.0.0
<address_ipv4mask CIDR 0.0.0.0
>
type {ipmask ipmask
| iprange | fqdn IP | geography
| network-service
| wildcard}
{enable | disable}
<address_ip4mask> 0.0.0.0
<service_id> ID 0 ID
end-port <port_int> 0
enable
0
auth-portal
central-nat
RG-WALL NAT
orig-addr <name_ip> IP
nat-ippool <name_ip> IP
orig-port <port_int> IP 0
nat-port <port_int-
HTTPS FTPS SMTPS firewall profile-protocol-options
set ssl-ca-list {enable | disable}
set status {enable | disable}
set unsupported-ssl {bypass | block}
set ssl-ca-list {enable | disable}
set status {enable | disable}
set unsupported-ssl {bypass | block}
set ssl-ca-list {enable | disable}
set status {enable | disable}
set unsupported-ssl {bypass | block}
set ssl-ca-list {enable | disable}
set status {enable | disable}
set unsupported-ssl {bypass | block}
set ssl-ca-list {enable | disable}
set status {enable | disable}
set unsupported-ssl {bypass | block}
set ip <ipv4_addr>
end
end
37
SSL
extended-utm-log
ssl-invalid-server-
allow-invalid-server-cert
bypass
ssl-ca-list
disable
unsupported-ssl
config https
allow-invalid-server-ce
disable
client-cert-request
bypass
38
ssl-ca-list
status
unsupported-ssl
config imaps
allow-invalid-server- SSL disable
cert {enable | disable}
{bypass | inspect | block} SSL SSL
ssl-ca-list
unsupported-ssl
config pop3s
allow-invalid-server- SSL disable
cert {enable | disable}
{bypass | inspect | block} SSL SSL
ssl-ca-list
status
unsupported-ssl
39
allow-invalid-server- SSL disable
cert {enable | disable}
{bypass | inspect | block}
ssl-ca-list
status
unsupported-ssl
config ssl
SSL
disable
ftps-client-cert-request
bypass
https-client-cert- HTTPS bypass
request RG-WALL SSL {block | bypass | inspec t} SSL SSL
40
imaps-client-cert-
request
bypass
pops3-client-cert- POP3S bypass
request RG-WALL SSL {block | bypass | inspec t} SSL SSL
smtps-client-cert- SMTPS bypass
request RG-WALL SSL {block | bypass | inspec t} SSL SSL
{block | bypass | inspec RG-WALL SSL t}
SSL SSL
dnstranslation
DNS DNS IP
IP RG-WALL IP .
DNS
dst
0.0.0.0
netmask
<address_ipv4mask
src dst IP src
dst
dst
TCP UDP ICMP
set status {enable | disable}
42
log {enable | disable} DoS disable
quarantine {attacker RG-WALL none
| both | interface | none}
IP
IP IP
IP
threshold <threshold_int>
1 2147483647
interface-policy
DoS CLI DoS RG-WALL
DoS
Interface-policy IPS
DoS
disable
application-list-status enable
av-profile-status
disable
enable
webfilter-profile-status
IP/MAC RG-WALL / IP IP
IP RG-WALL IP
MAC
IP MAC
44
IP / MAC IP/ MAC IP MAC IP
IP/ MAC IP/ MAC
“ipmacbinding table”
RG-WALL DHCP IP MAC
IP/ MAC IP / MAC
DHCP IP/ MAC DHCP
WALL
disable
{allow | block} IP/ MAC IP MAC
ipmacbinding table
IP/ MAC IP MAC IP
MAC MAC IP
IP/ MAC “ipmacbinding setting” RG-
WALL IP/ MAC ipmac “system interface”
IP / MAC IP/ MAC IP MAC IP
IP/ MAC IP/ MAC
RG-WALL
RG-WALL DHCP IP MAC
IP/ MAC IP / MAC
DHCP IP/ MAC DHCP
MAC IP
IP 0.0.0.0
0.0.0.0
IP MAC 00
MAC 00:00:00:00:00:00
name <name_str> IP/MAC noname
status IP/MAC disable
{enable | disable} IP/MAC
IP/ MAC
RG SecOS™ IP IP RG-WALL CLI
IP IP IP IP IP IP
IP 1.1.1.1 IP 1.1.1.1 1.1.1.1
RG-WALL IP IP IP
IP ARP
RG-WALL port1 port2 IP
• port1 IP 1.1.1.1/255.255.255.0 1.1.1.0-1.1.1.255
• port2 IP 2.2.2.2/255.255.255.0 2.2.2.0-2.2.2.255
IP
46
• (2.2.2.0-2.2.2.255) & (2.2.2.10-2.2.2.20) = 2.2.2.10-2.2.2.20
• (2.2.2.0-2.2.2.255) & (2.2.2.30-2.2.2.40) = 2.2.2.30-2.2.2.40
• port2 2.2.2.10-2.2.2.20 2.2.2.30-2.2.2.40 ARP
NAT Dynamic IP Pool IP RG-WALL
IP
end
arp-intf
arp-reply
block-size <size_int> type port-block-allocation
64 4096
128
endip
<address_ipv4> IP IP IP IP
IP IP
0.0.0.0
num-blocks-per-user
1 128
source-endip
startip
IP
endip <ipv4_addr> IP 0.0.0.0
map-startip 0.0.0.0
local-in-policy,
edit <index_int>
ID
48
action
deny
auto-asic-offload
intf <name_str> RG-WALL
srcaddr
schedule
OSPF, all_hosts, all_routers.
0
comment
start-ip
subnet <ip4mask> IP/ type
broadcastmask
ip
multicastrang
e
visibility
enable
multicast-policy
IP IP IP
multicast-forward {enable | disable} tp-mc-skip-policy{enable | disable}
action
NAT/Route
logtraffic
srcaddr
firewall address
status
0
start-port
set action {accept | deny | ipsec | ssl-vpn}
set active-auth-method {basic | digest | form | ntlm}
set application {enable | disable}
set logtraffic-app {enable | disable}
set logtraffic-start {enable | disable}
set log-unmatched-traffic {disable | enable}
set match-vip {enable | disable}
set nat {enable | disable}
set natinbound {enable | disable}
set sslvpn-ccert {enable | disable}
set status {enable | disable}
set application-list <name_str>
set av-profile <name_str>
{accept | deny | ipsec | ssl-vpn} accept —
nat NAT NAT /
ippool NAT
IP
fixedport NAT
ipsec vpntunnel
inbound outbound natoutbound natinbound
/ natip
vpn sslvpn-authsslvpn-ccert
sslvpn-cipher
{basic identity-based | digest | form | ntlm} sso-auth-method
basic — ID
URI MD5
54
enable
disable
auth-redirect-addr IP <domainname_str> HTTP URL
auto-asic-offload NP SP enable
{enable | disable}
enable av-profile
profile-protection-options
disable
capture-packet
{enable | disable} logtraffic all utm
disable
client-reputation
disable
learning
disable}
IP
IPSec VPN IP
action ssl-vpn IP
RG-WALL
disable
56
email-collection-portal
disable
unauthenticated {enable | disable}
{enable | disable}
IP
auto-profiling
disable
identity-based-route
identity-from
web-proxy
IPSec VPN
{enable | disable} IP
57
identity-based disable utm-status
enable
disable
NAT
ippool fixedport
disable
natinbound
WALL IP
disable
natip action ipsec natoutbound 0.0.0.0
<address_ipv4mask> IP 0.0.0.0
RG-WALL
IP
192.168.1.0/24
58
{enable | disable} RG-WALL IP
natip
IP
disable
disable
ntlm-enabled-browsers
outbound
IPSec VPN
firewall shaper per-ip-
shaper
permit-any-host
disable
permit-stun-host
NAT’d iPhones FaceTime
disable
nat ippool enable
identity-based
enable config identity-based-
enable identity-based enable
config identity-based-policy
enable identity-based enable
config identity-based-policy
URL
replacemsg-group
enable
require-tfa
rtp-addr
send-deny-packet
deny-tcp-with-icmp ICMP
TCP TCP
disable
service-negate
disable
auto-profiling
ttl
IP
only all
IP
disable
60
proxy web-proxy
{any | ldap | local | radius | tacacs+}
• RG-WALL
sslvpn-ccert
SSLVPN
| medium | high} SSL
• 164-bit
• 128-bit
<maximumsize_int> RG-WALL PPPoE ISP
PPPoE
“ ICMP ”
Web
timeout-send-rst
traffic-shaper-reverse <name_str> 1 2
2 1
utm-status {disable | UTM UTM disable
enable} UTM
identity-based
enable config identity-based-
identity-based disable utm-status
enable
action ipsec
enable webfilter-profile
profile-protection-options
application-list
identificatio
n
deep-inspection-
options
<profile_name>
logtraffic
profile-group {group |
(null)
profile-protocol-
profile-type {group |
single
schedule
action ssl-vpn
traffic-shaper
enable} UTM
webfilter-profile
IPS Web VoIP
UTM
63
set application-list <name_str>
set voip-profile <name_str>
set replacemsg-group <name_str>
deep-inspection- options “firewall deep-inspection-options”
<profile_name>
<name_str> profile profile-protection-options
<name_str> webfilter-profile profile-protection-options
ips-sensor
application-chart
{top10-app
| top10-media-user
| top10-p2p-user}
(null)
application-list
replacemsg-group
default
profile-protocol-options
HTTP FTP SMTP UTM
64
| servercomfort}
set oversize-limit <size_int>
set retry-count <retry_int>
| no-content-summary | oversize | splice}
set comfort-interval <interval_int>
set comfort-amount <amount_int>
set oversize-limit <size_int>
set oversize-limit <size_int>
set oversize-limit <size_int>
set oversize-limit <size_int>
set oversize-limit <size_int>
set oversize-limit <size_int>
intercept
config http
inspect-all {enable |
disable
{chunkedbypass summary
comfort-amount 1
Ruijie-bar
Ruijie-bar-port
<port_int> Ruijie Bar 8011
post-lang <charset1> HTTPS post HTTPS post [<charset2>...<charset 5>] RG-WALL
HTTPS POST UTF-8 RG-
WALL
<size_int> oversize-limit
oversize HTTP
RG-WALL
Web
switching-protocols
inspect-all {disable |
disable
comfort-amount 1
options FTP no-
{bypass-mode-comma content-
d | clientcomfort “block” “compressed”
| no-content-summary
0
oversize-limit
RG-WALL 10
config dns
53
status
config imaps
68
inspect-all
disable
| no-content-summar no-
oversize-limit
RG-WALL 10
config mapi
options {fragmail MAPI fragmail
| no-content-summar no-
oversize-limit
RG-WALL 10
config pop3
inspect-all
disable
| no-content-summar
oversize-limit
RG-WALL 10
config smtp
inspect-all
disable
| no-content-summar no-
content- summary
SMTP
oversize-limit
RG-WALL 10
{enable | disable}
RG-WALL
status
config nntp
inspect-all
disable
no-content-summary content-
| oversize | splice} no-content-summary —
oversize-limit
RG-WALL 10
config im
no-content-summary content-
| oversize} no-content-summary — summary
oversize-limit
RG-WALL 10
config mail-signature
RG-WALL
(‘ ")
0
end <hh:mm> 00:00 <yyyy/mm/dd> • hh - 00 23 2001/01/01
• mm - 00 15 30 45
• yyyy - 1992
• yyyy - 1992
1-100 0
• mm 00 15 30 45
00:00
• mm 00 15 30 45
00:00
0
73
0
Authentication Remote Access Tunneling
VoIP Messaging\ &\ Other Applications
Web Proxy
“Web Access“ ”Web\ Access“
74
comment
set category <category_name>
set color <color_int>
set comment <string>
set protocol-number <protocol_int>
<srcporthigh_int>]
<srcporthigh_int>]
<srcporthigh_int>]
{disable | strict
• strict — RG-WALL IP(A,B) |
TCP(C,D) ICMP RG
SecOS A:C->B:D
TCP
ICMP
“log-invalid-packet {enable | disable}”
anti-replay
protocol TCP/UDP/SCTP
explicit-proxy
0
{enable | disable}
icmpcode
icmptype <type_int> ICMP type_int 0 255
www.iana.org ICMP
protocol
ALL
protocol-number
http://www.iana.org
0
0-65535
session-ttl per-VDOM session-ttl
0
86400
tcp-halfopen-timer 0
0 system global
protocol TCP/UDP/SCTP
tcp-portrange TCP <dstportlow_int>[- <dstporthigh_int>:
0-65535
<seconds_int> 793 ”TIME-WAIT state represents waiting for
enough time to pass to be sure the remote TCP received
the acknowledgment of its connection termination
request“
0 300 0 TCP TIME-WAIT 0
udp-idle-timer UDP 1 86400 0
<seconds>
udp-portrange UDP <dstportlow_int>[- <dstporthigh_int>:
0-65535
disable
set member ?
0
IP
{enable | disable} DSCP
diffservcode-forward
{enable | disable} DSCP
diffservcode-rev
max-bandwidth
0 16776000 Kbits/second 0
0
max-concurrent-
session
<sessions_int>
0 2097000 0
0
IP
end
end
QoS
0
0
per-policy disable
{enable | disable}
ttl-policy
“253-255”
null
vip
IP ARP RG-WALL
ARP ARP RFC 1027
IP RG-WALL
DMZ
(NAPT) / (NAT)
IP NAT NAT
• NAT
(DNAT)
80
PAT / NAT IP
NAT NAT IP IP
IP IP
IP
NAT
NAT IP IP
IP IP IP IP
IP IP
NAT IP IP
IP IP IP
IP
IP IP 0.0.0.0 IP
IP
DNAT
IP RG-WALL IP
arp-reply
comment
82
RG-WALL extip IP
IP IP
IP
0.0.0.0
server-type http 443 server-type https
0
gratuitous-arp-interval
ARP 0
ARP
[<start_ipv4>- <end_ipv4>]
RG-WALL extip IP
IP IP
IP
RG-WALL
ssl ” not off“
1000
83
nat-source-vip
RG-WALL IP
IP NAT
RG-WALL RG-WALL
disable
outlook-web-access
Front-End-Https: on HTTP
outlook-web-access
RG-WALL HTTP
type http https
disable
portforward
mappedport
1-to-1
protocol
src-filter <addr_str> IP/
x.x.x.x/n x.x.x.x-y.y.y.y
{load-balance | server-load-balance |
static-nat}
vipgrp
IP DMZ IP
VIP VIP external-to-
DMZ
interface
member
gui
console
console
Status
Web CLI
imp2p
imp2p Instant Messaging Peer-to-Peer
icq-user
msn-user
old-version
86
effort | block}
best-effort
best-effort
best-effort
best-effort
imp2p VDOM imp2p allow
ips
DoS
sensor
setting
IPS MAC IPS
Peer VDOM
custom
RG-WALL RG-WALL
set anomaly-mode {continuous | periodical}
set database {regular | extended}
set session-limit-mode {accurate | heuristic}
engine-count RG-WALL 0
<integer>
{enable | disable}
hardware-accel- CP NP engine-pick
mode {engine-pick none engine-pick | cp-only | np-only | np-cp | none}
session-limit-mode
heuristic
RG-WALL Skype
rule
get
90
set severity {all | info low medium high critical}
set protocol <protocol_str>
set application <app_str>
set tags <tags_str>
set log-packet {disable | enable}
set quarantine-expiry <minutes_int>
set rule [<rule1_int> <rule2_int> ...] get
config exempt-ip
edit <exempt-ip_id>
”?“ IPS
comment
<filter_int> ID IPS ID
”?“ ID ID
location {all | client | all
server} • client
protocol
Other
Other
disable
disable} • enable
enable} PCAP
RG-WALL
| pass | reject} • block
both | interface | none}
IP
92
IP
<minutes_int> 259200
<count_int> 65535 0
rate-duration 60
rate-mode
<continuous
| periodical>
• periodical — action rate-duration rate-
count
ID
null
• count-enabled IPS
• count
93
• os
• application
“pass all”“block all”“reset all”
“default”
edit <exempt-ip_id> exempt-ip ID IPS
exempt-ip ”?“ ID ID
exempt-ip
0.0.0.0
0.0.0.0
setting
0
<packets_int>
IPS 6
packet-log-history 1 255 1
packet-log-history 1 RG-
WALL
packet-log-post-attack IPS 0
<packets_int> packet-log-post- attack 10 RG-WALL
IPS 10
packet-log-attack 0 255 0
log
SSL VPN
custom-field
diisk setting eventfilter
Ruijieguard setting gui-
display memory setting
# 16
95
{disk | memory | syslogd | syslogd2 | syslogd3 | webtrends } filter
RG-WALL
config log {disk |memory | syslogd | syslogd2 | syslogd3 | webtrends | Ruijieguard} filter
set analytics {enable | disable}
set anomaly {enable | disable}
set app-crtl {enable | disable}
set app-crtl-all {enable | disable}
set attack {enable | disable}
set blocked {enable | disable}
set discovery {enable | disable}
set email {enable | disable}
set email-log-google {enable | disable}
set email-log-imap {enable | disable}
set email-log-msn {enable | disable}
set email-log-pop3 {enable | disable}
set email-log-smtp {enable | disable}
set email-log-yahoo {enable | disable}
set forward-traffic {enable | disable}
set ftgd-wf-block {enable | disable}
set ftgd-wf-errors {enable | disable}
set local-traffic {enable | disable}
set gtp {enable | disable}
set infected {enable | disable}
set multicast-traffic {enable | disable}
set netscan {enable | disable}
set oversized {enable | disable}
set scanerror {enable | disable}
set signature {enable | disable}
set suspicious {enable | disable}
set switching-protocols {enable | disable}
set traffic {enable | disable}
set url-filter {enable | disable}
set virus {enable | disable}
set voip {enable | disable}
set vulnerability {enable | disable}
set web {enable | disable}
set web-content {enable | disable}
set web-filter-activex {enable | disable}
set web-filter-applet {enable | disable}
set web-filter-command-block {enable | disable}
anomaly
<377 attack </377
ftgd-wf-errors
web
{enable | disable}
gtp {enable | disable} GTP RG SecOS Carrier
infected virus {enable | disable} </614
multicast-traffic
oversized virus {enable | disable} </660
scanerror
severity {alert | RG-WALL critical | debug | emergency | error | error </686 error </687critical </688alert information | notification | warning}
</689 emergency </690
emergency </694 -
alert </698 -
critical </702 -
attack
<788 web </788
virus
vulnerability
web-content
web </851
web-filter-activex
web-filter-applet
web-filter-command-
block
web-filter-ftgd-quota
web-filter-ftgd-quota-
counting
98
FTP
RG-WALL AMC disk setting </964AMC
RG-WALL RG-WALL AMC
AMC Log&Report > Log Access > Disk
SQL SQL SQLlite
SQL
conn {default | high | low | disable} set uploaddir
<dir_name_str>
set uploadtype {attack event im spamfilter traffic virus voip webfilter}
set uploaduser <user_str>
overwrite
<0-19800>
threshold
threshold
threshold
maximum-log-age
<integer max> RG-WALL
max-policy-packet-
capture-size
<size_int>
roll-schedule
RG-WALL
source-ip
<address_ipv4>
upload {enable | disable} upload </1377 FTP
uploaddir uploadipuploadpass uploadport
uploaduser FTP
100
upload-delete-files
uploaddir FTP <dir_name_str> FTP
uploadip
uploadpass
uploadport
FTP
RG-WALL
uploadsched enable </1554.
0
uploadzip
app-ctr
attack
event
traffic
virus
webfilter
101
eventfilter
admin
dns
network
{enable | disable} DHCP L2TP/PPTP/PPPoE VIP SSL
GTP
AMC
{enable | disable} UTM NAC
vpn
wan-opt
{syslogd} override-filter
VDOM config log {syslogd} filter </1904
“{disk | memory | syslogd | syslogd2 | syslogd3 | webtrends } filter”
gui-display
resolve-apps
memory setting
RG-WALL RG-
WALL
memory global-setting
RG-WALL RG-
WALL
100
98
setting
local-in-admin
local-in-other
{enable | disable}
log-invalid-packet VDOM ICSA {enable | disable}
• ICMP
• IP
neighbor-event
resolve-port
syslogd override-setting
set override {enable | disable}
set status {enable | disable}
set csv {enable | disable}
set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2
| local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}
set port <port_integer>
setting
csv {enable | disable} enable </3077 RG-WALL
CSV CSV
RG- WALL
facility {alert | audit facility </3090 local7
| auth | authpriv | clock facility RG-WALL | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 • alert:
105
| local5 | local6 | local7 • audit </3100 | lpr | mail | news | ntp
| syslog | user | uucp} • auth </3104 /
• authpriv: /
RG-WALL RFC 3195 RAW TCP
source-ip
<address_ipv4> syslogd syslog2 syslog3 IP 0.0.0.0
{syslogd | syslogd2 | syslogd3} setting
set status {enable | disable}
set csv {enable | disable}
set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2
| local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}
set port <port_integer>
csv {enable | disable} enable </3321 RG-WALL
CSV CSV RG-WALL
facility {alert | audit | facility </3341 local7
auth | authpriv | clock | facility RG-WALL cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | • alert:
local5 | local6 | local7 | • audit </3351 lpr | mail | news | ntp |
syslog | user | uucp} • auth </3355 /
• authpriv: /
port <port_integer> 514
reliable {enable | disable} RG-WALL RFC 3195 RAW
RFC1035
<address_ipv4> syslogd syslog2 syslog3 IP 0.0.0.0
webtrends setting
4.1
status {enable | disable} enable </3560
chart
end config report chart
config report
chart comments CLI
comments
config report chart edit
set group <group_str>
set header-value <string>
set legend {enable | disable}
set period {last24 | last7d}
set scale-format {YYYY MM DD HH MM | YYYY-MM-DD | HH | YYYY-MM-DD | YYYY MM |
YYYY | HH MM | MM DD}
set scale-number-of-step <steps_int>
set scale-step <step_int>
set scale-type datetime
set style {auto | manual}
manual type table
style manual type graph
config y-series y
style manual type graph
<chart_name> CLI
<chart_name> comments
0x 0xff0000
<size_int> 5 20
color-palette HTML <palette_hex> 0x
comments <comment_str> Web
report dataset
detail-value <value str>
displayname <name_str>
extra-y-legend
5 20
0
footer-value <value str>
graph-type {bar | flow | line
is-category {no | yes} x
label-angle {45 degree | x y vertical | horizontal}
legend {enable | disable}
legend-font-size 0 0
<size_int> 5 20
110
scale-format {YYYY MM
DD-HH-MM
scale-number-of-step
scale-origin {max | min} x
X max scale-start
2001
style {auto | manual} style auto
style
comments
5 20
0
value1 {<value_int>
| <value_str>}
value2 {<value_int>
| <value_str>}
dataset
end
end
SQL
edit <field-id> SQL 1 SQL
displayname
layout
set cutoff-time <time_str>
set description <text>
set email-recipients <recipients_str>
set time <HH:MM>
112
set style-theme <theme name>
set options {include table of contents | auto numbering heading | view chart as heading
| show html navbar before-heading} config page
set paper{A4|letter}
set options {header on first page | footer-on-first-page}
set style <style name>
set description <text>
set content <text>
set img-src <text>
set misc-component {hline | page break | column break | section-start}
set parameter1 <value_str>
604 800 1
86400
113
custom
send email-send
schedule-type
00:00
schedule-type weekly
numbering heading
view-chart-as-heading —
column-break-before
content <text> type text
image
image
description <text> type text misc
image
img-src <chart name> type chart
115
config report style
edit <style name>
set options {font | text | color | align | size | margin | border | padding | column}
set font-family {Verdana | Arial | Helvetica | Courier | Times}
set font-style {normal|italic}
set font-weight {normal | bold}
set font-size {xx small | x small | small | medium | large | x large | xx large} | 5-28
set line-height <integer | percentage>
set fg-color {aqua | black | blue | fuchsia | gray | green | lime | maroon | navy | olive
| purple | red | silver | teal | white | yellow | <color value>}
set bg-color {aqua | black | blue | fuchsia | gray | green | lime | maroon | navy | olive
| purple | red | silver | teal | white | yellow | <color value>}
set align {left | center | right | justify}
set height <integer | percentage>
set width <integer | percentage>
set border-top <topwidth_int> {none | dotted | dashed | solid} {aqua | black | blue
| fuchsia | gray | green | lime | maroon | navy | olive | purple | red | silver | teal
| white | yellow | <color value>}
set border-bottom <bottomwidth_int> {none | dotted | dashed | solid} {aqua | black
| blue | fuchsia | gray | green | lime | maroon | navy | olive | purple | red | silver
| teal | white | yellow | <color value>}
set border-left <leftwidth_int> {none | dotted | dashed | solid} {aqua | black | blue
| fuchsia | gray | green | lime | maroon | navy | olive | purple | red | silver | teal
| white | yellow | <color value>
set border-right <rightwidth_int> {none | dotted | dashed | solid} {aqua | black
| blue| fuchsia | gray | green | lime | maroon | navy | olive | purple | red | silver
| teal | white | yellow | <color value>
set padding-top <integer>
set padding-bottom <integer>
set padding-left <integer>
set padding-right <integer>
options {font | text
| color | align | size
{normal | bold}
font-size {xx small 5 28 | x small | small | medium | large | x large | xx large} | 5-
28
line-height
10 120%
fg-color {aqua 6 | black | blue 0033CC | fuchsia | gray
| green | lime
| maroon | navy
value>}
bg-color {aqua 6 | black | blue FF0000 | fuchsia | gray | green | lime
| maroon | navy
margin-top
border-top <topwidth_int> 6 {none | dotted
| dashed | solid}
| dashed | solid}
| dashed | solid}
118
column-gap
set schedule {daily | weekly}
day {sunday
| monday | tuesday
schedule
00:00
widget
set default-html-style <style_name>
set default-pdf-style <style_name>
set page-style <style_name>
set page-header-style <style_name>
page-orient
120
default-pdf-style
page-style
page-footer-style
report-title-style ? <style name>
report-subtitle-style ? <style_name>
heading1-style 1 ? 1 <style_name>
heading2-style 2 ? 2 <style_name>
heading3-style 3 ? 3 <style_name>
heading4-style
toc-title-style
toc-heading1-style 1 ? <style_name> 1
toc-heading2-style 2 ? <style_name> 2
toc-heading3-style 3 ? <style_name> 3
toc-heading4-style 4 ? <style_name> 4
normal-text-style ? <style_name>
bullet-text-style ? <style_name>
numbered-text-style ? <style_name>
image-style
hline-style
table-chart-caption- ?
router
RG-WALL RG-WALL
RG-WALL RIP OSPF
deny
122
config rule
exact-match
any
wildcard IP <address_ipv4> 0.0.255.0 0 <wildcard_mask> 1
any
interface <if_name>
123
set server <servername_string>
set source-ip <ipv4_addr>
failtime <attempts_int>
ha-priority <priority_int> HA 1 50
1
HA
RIP 2
RG-WALL
RG-WALL “config system global”
hh:mm: ss day month year end
infinite —
hh — 0 23
mm — 0 59
ss — 0 59
day — 1 31
month — 1 12
year — 1993 2035
hh mm ss day month 1
125
mm:ss day month year end
hh:mm:ss day month year
infinite —
hh — 0 23
mm — 0 59
ss —0 59
day — 1 31
month — 1 12
year — 1993 2035
hh mm ss day month 1
ospf
RG-WALL OSPF RFC 2328
OSPF
AS
ABR LSA
BRF BFD
CLI BFD
auto-cost-ref-bandwidth <mbps_integer> set bfd
set default-information-route-map <name_str>
set default-metric <metric_integer>
set distance <distance_integer>
set distance-external <distance_integer>
set distance-inter-area <distance_integer>
set distance-intra-area <distance_integer>
set distribute-list-in <access_list_name>
set restart-period
set default-cost <cost_integer>
set stub-type {no-summary | summary}
config filter-list
edit <filter-list_id>
set authentication-key <password_str>
set dead-interval <seconds_integer>
set hello-interval <seconds_integer>
end end
config neighbor
edit <neighbor_id>
set authentication-key <password_str>
set cost <cost_integer>
set metric <metric_integer>
128
WALL OSPF ABR
ABR
bfd {enable | disable | global} BFD
• enable - BFD
• disable - BFD
• global -
database-overflow-max-lsas
LSA OSPF
OSPF lsas_integer
lsas_integer 0
4294967294
10000
database-overflow-time-to-
seconds_integer 0
RG-WALL
300
default-information-metric
16777214
10
default-information-metric-
OSPF
{always | disable | enable} always RG-WALL
10
<distance_integer> 255
<distance_integer> 255
<distance_integer> 255
“router
WALL
rfc1583-compatible RFC 1583 disable
{enable | disable} OSPF RFC 1583 RFC 1583
IP
ID
0.0.0.0 ID
<hold_integer>
SPF
hold_integer 0 4294967295
SPF OSPF
CPU spf-timers 0
CPU
config router ospf
ABR
OSPF
OSPF NSSA AS
AS
OSPF
ABR
ABR
direction list
none | text}
<cost_integer>
nssa-default-information-
originate
disable
nssa-default-information-
originate-metric
<metric>
{enable | disable} NSSA enable
nssa-translator-role NSSA NSSA candidate
{always | candidate | Type 7 LSA OSPF never} Type 5 LSA NSSA NSSA
NSSA
NSSA NSSA
NSSA
NSSA
summary
direction {in | out} in out
out
edit <range_id> ID 0
4294967295
substitute-status {enable |
none —
text —
<password_str> 15
authentication-key
text
dead-interval hello-interval
40
hello-interval
seconds_integer 1 65535
10
md5-key md5 <id_integer><key_str> MD5 ID
set md5-key 6 "ENC yYKaPSrY89CeXn66WUybbLZQ5YM="
ID
16
0.0.0.0
<seconds_integer> seconds_integer
1 65535
transmit-delay 1
133
id 15.1.1.1 summary 20 MD5
config router ospf config
config router ospf
end
access-list <name_str> Null
config router ospf config
cost <cost_integer> cost_integer 1
65535
10
poll-interval
10
priority
255
prefix <address_ipv4mask> OSPF IP 0.0.0.0
0.0.0.0
10.1.1.1
end
RG-WALL interface <name_str>
{md5 | none | text}
authentication-key text <password_str> text
authentication-key
136
database-filter-out
dead-interval
dead-interval hello-interval
40
hello-interval
1 65535
IPSec GRE
IP OSPF
0.0.0.0
MD5 ID
set md5-key 6 "ENC yYKaPSrY89CeXn66WUybbLZQ5YM="
ID
16
65535
mtu-ignore OSPF MTU
137
broadcast
prefix-length <int> OSPF hello 0 32 0
priority 1
<integer>
<seconds_integer> seconds_integer 1
65535
transmit-delay 1
static | rip}
16777214
10
routemap <name_str>
tag <tag_integer>
0
config router ospf
ASBR LSA
OSPF
prefix <address_ipv4mask> IP
0.0.0.0 0.0.0.0
0
policy,
139
IP
RG-WALL
move
RG-WALL
<policy_integer>
dst
0.0.0.0 0.0.0.0
destination-port-range
start-port end-port
start-port end-port
port_integer 0 65535
6 TCP 17 UDP 132 SCTP
65 535
protocol 6 TCP 17 UDP 132
SCTP
65 535
0 255
0
UDP 1 ICMP 47 GRE
92
0.0.0.0 0.0.0.0
destination-port-range
start-port end-port
start-port end-port
port_integer 0 65535
6 TCP 17 UDP 132 SCTP
protocol 6 TCP 17 UDP 132
SCTP
1
prefix-list,
RIP OSPF
IP permit
deny
config router setting
comments <string> 127
ge
0
32
{<address_ipv4mask> | any ge 0.0.0.0
any} any ge le
prefix-list
RIP
15 X 16
RIP RG SecOS RIP 1 RFC 1058 RIP 2 RFC 2453 RIP
2 RIP
142
set auth-string <password_str>
set metric <metric_integer>
set routemap <name_str>
default-metric 1
1 16
RIP
<timer_integer> RIP
version {1 2} RIP RIP 1
RIP 2
receive-version {1 2} send-version {1 2}
“config interface”
1 5 -
config router rip
distance
Null
distance
0
prefix
config router rip config
“router access-list “router prefix-list”
direction listname
145
direction {in | out}
in
out
RIP 2 RIP
RIP 2 receive-version send-version 1 1
2 1 auth-mode none
IPSec GRE
auth-keychain
none —
<password_str> auth-
string 35
receive-version {1 2} RIP 520 UDP
1 — RIP RIP 1
2 — RIP RIP 2
1 2 — RIP RIP 1 2
send-version {1 2} RIP 520 UDP
1 — RIP RIP 1
2 — RIP RIP 2
1 2 — RIP RIP 1 2
{enable | disable} RIP 2 RIP 1
{poisoned | regular}
test1
ip <address_ipv4> IPv4 0.0.0.0
prefix
0.0.0.0
config router rip
end
access-list <name_str>
5 10
15
acc_list1
ospf | static}
16
setting
149
show-filter <prefix_list> prefix-list
RG-WALL
ECMP IP NAT
IP IP
Source based ECMP Weighted Spill-over config system setting CLI set v4-ecmp-mode Source Based Weighted ECMP spill-over usage-based ECMP RG-WALL RG-WALL ECMP ECMP “system settings”
end
blackhole dst gateway blackhole dst
blackhole disable
{enable | disable}
150
config system interface “distance
<distance_integer>”
10
disable
IPv4
IP NAT IP
0 4294967295
CLI
0
weighted
weight-based
3g-modem custom interface replacemsg nac-quar
accprofile ipip-tunnel replacemsg nntp
amc mac-address-table replacemsg sslvpn
arp-table modem replacemsg traffic-quota
dedicated-mgmt replacemsg alertmail storage
dns replacemsg ec vdom-dns
dns-database replacemsg Ruijieguard-wf vdom-link
dns-server replacemsg ftp vdom-property
email-server replacemsg http vdom-radius-server
fips-cc replacemsg im vdom-sflow
Ruijieguard replacemsg mail virtual-switch
class-id <cid_hex> USB 0x00 - 0xFF
152
end
end
end
<access-group>
153
LDAP
fwgrp firewall configuration
get system status
autoupdate
utmgrp UTM
vpngrp VPN
<access-level> none
none
read
read-write
address
device
others
policy
profile
service
config loggrp-permission loggrp custom
config
data-access
154
antivirus
application-control
ips
netscan
voip
webfilter
admin
RG-WALL
Web
admin super_admin
super_admin_readonly super_admin_readonly
super_admin super-admin
RADIUS RG-WALL
super_admin CLI
super_admin ITAdmin 123456
config system admin
“null”
“empty” “null”
vdom
vdom-override
| trusthost9 | trusthost10} <address_ipv4mask>
super_admin
<comments_string>
gui-log-display Web {
| memory |disk}
password-expire <date> 0 0000-00-00
<time> 00:00:00
{disable | enable}
config user group
HTTPS
disable
remote-auth
TACACS+
schedule Null
ssh-public-key1 SSH "<key-type> SSH
157
type>
<key-value>"
DSA <key type> ssh-dss RSA
ssh-rsa
ssh-public-key3 "<key-
{trusthost1 | trusthost2 IPv4 0.0.0.0 0.0.0.0
| trusthost3 | trusthost4 RG-WALL | trusthost5 | trusthost6 | trusthost7 | trusthost8 RG-WALL
| trusthost9 | trusthost10} 0.0.0.0 0.0.0.0
<address_ipv4mask>
wildcard
RG-WALL
set widget-type ?
<column_number>
name <name_str>
IP
(msg-counts) bytes
top-n <results_int> —
10 10
-
0
refresh-interval <interval_int> — 10 240 0 bytes
sort-by {bytes | msg-counts}— bytes
(msg-counts)
10
show-local-traffic
ID
disable
sort-by
chart-color <color_int> —
MAC
ip <address_ipv4> ARP IP
mac <mac_address> MAC xx:xx:xx:xx:xx:xx
auto-install
U
U U FAT16
U RG-WALL
“exe usb-disk format”.
U Windows “format <drive_letter>:/FS:
FAT /V:<drive_label>” where <drive_letter> USB <drive_label>
U
RG-WALL USB U U
auto-install-image
default-config-file U system.conf
default-image-file U image.out
autoupdate push-update
RG-WALL
RG-WALL RG-WALL SETUP FDN
FDN RG-WALL
60 RG-WALL FDN
IP
FDN NAT RG-WALL NAT
NAT IP PPPoE DHCP
NAT
override
FDN
NAT
9443
set time <hh:mm>
set day <day_of_week>
frequency
interval
time
00:00
Monday
IP
RG-WALL HTTP CONNECT RFC 2616 RG-WALL
HTTP CONNECT FDN
IP FDN RG-WALL FDN
163
HTTPS RG-
WALL HTTPS 8890 FDN
port <proxy_port> 0
username <name>
<baudrate> 9600 19200 38400 57600 115200
9600
no
server <servername> SMTP
Ruijievirussubmit.com
bug_report
username-smtp
bug_report
bypass
set bypass-watchdog {enable | disable}
set poweroff-bypass {enable | disable}
10
bypass-watchdog
set Ruijiemanager-fds-override {enable | disable}
schedule-script-restore
allow-monitor
allow-push-
configuration
57600 115200
mode {batch | line} line
output {standard | more} standard more
more
ddns
DDNS
ddns-password
dipdns.net
DDNS
genericDDNS — ddns-server-ip DDNS
(RFC 2136)
now.net.cn — ip.todayisp.com
ods.org — ods.org
tzo.com — rh.tzo.com
vavic.com — ph001.oray.net
ddns-username
monitor-interface
dedicated-mgmt
VDOM CLI
default-gateway <IPv4_addr> 192.168.1.1
interface <port_name> mgmt
DHCP IP 200
database
regular
IP
“system dhcp reserved-address”
set domain <domain_name_str>
set interface <interface_name>
set option1 <option_code> [<option_hex>]
set option2 <option_code> [<option_hex>]
set option3 <option_code> [<option_hex>]
set option4 <option_code> [<option_hex>]
set option5 <option_code> [<option_hex>]
set option6 <option_code> [<option_hex>]
set server-type {ipsec | regular}
RG- WALL
auto-configuration
1 100
dns-server1
dns-service specify
0.0.0.0
dns-server2
dns-service specify
0.0.0.0
dns-server3
dns-service specify
0.0.0.0
dns-service {default
| specify | local} config system dns DNS
RG-WALL DHCP
specify DHCP DHCP
DNS dns-server# DNS
DHCP
specify
domain
interface
DHCP IP
DHCP
IPsec VPN IP
server-type ipsec
range
ipsec-lease-hold
DHCP-over-IPSec
server-type ipsec
60
lease-time <seconds> DHCP DHCP 604800
300 864000 10 7
netmask <mask> DHCP DHCP 0.0.0.0
ntp-server1 NTP IP 0.0.0.0 <ipv4_addr>
ntp-server2 <ipv4_addr> 0.0.0.0
ntp-server3 <ipv4_addr> 0.0.0.0
DHCP
specify
171
option1
<option_code>
[<option_hex>]
option2
<option_code>
[<option_hex>]
option3
<option_code>
[<option_hex>]
option4
<option_code>
[<option_hex>]
option5
<option_code>
[<option_hex>]
option6
<option_code>
[<option_hex>]
option_code 1 255 DHCP option_hex
DHCP
RFC 2132 DHCP BOOTP
0
server-type
regular
vci-match
DHCP
wifi-ac2 <ipv4_addr> 0.0.0.0
wifi-ac3 <ipv4_addr> 0.0.0.0
0.0.0.0
wins-server2
0.0.0.0
wins-server3
0.0.0.0
IP DHCP
16 RG-WALL DHCP DHCP
IP
end-ip <end_ipv4> IP IP IP
0.0.0.0
start-ip <start_ipv4> IP IP IP
0.0.0.0
DHCP DHCP IP
16 RG-WALL DHCP
172
end-ip <address_ipv4> DHCP DHCP IP IP
I start-ip end-ip IP
I start-ip end-ip IP
IP DHCP
16
mac <mac_addr> IP MAC MAC
DHCP
DNS RG-WALL URL
DNS
dns-cache-limit <integer> DNS 5000
dns-cache-ttl <int> DNS 1800
domain <domain_name>
primary <dns_ipv4> DNS IP 208.91.112.53
secondary <dns_ip4> DNS IP 208.91.112.52
source-ip <ipv4_addr> DNS IP 0.0.0.0
dns-database
RG-WALL DNS RG-WALL DNS DNS
173
IPv4 A NS CNAME MX
end
end
authoritative {enable | disable} enable
contact <email_string>
example.com
primary-name <name_string> DNS dns
source-ip <ipv4_addr> DNS IP 0.0.0.0
status {enable | disable} DNS enable
ttl <int> 0
2,147,483,647
86400
mailto:[email protected]
174
DNS
Null
hostname <hostname_string> Null
ip <ip_address> IP IPv4 type A
0.0.0.0
10
ttl <entry_ttl_value> 0 2147483
647
0
type {A | AAAA | MX | NS A — IPv4 A | CNAME}
CNAME —
MX —
NS —
end
| non-recursive | recursive} forward-only — RG-WALL DNS
175
system dns-database
email-server
set server {<name-str> | <address_ipv4>}
SMTP
disable
server
TCP SMTP 25 SMTP
security {none | smtps | starttls} none
server
smtp.domain.com RG-WALL
SMTP RG-WALL
176
SMTP
Ruijieguard
• RuijieGuard Antivirus IPS
IP
RuijieGuard
177
ddns-server-port
service-account-id
ID
load-balance-servers
RG-WALL RuijieGuard
balance-servers 1 RG-WALL
RuijieGuard
load-balance-servers 2 RuijieGuard
RG-WALL
1
{enable | disable} RG-WALL
FDN IP
URL
<ttl_int> TTL RG-WALL
FDN
avquery-cache-
1 15
avquery-license RuijieGuard
N/A
avquery-timeout
7
central-mgmt-auto-
backup
WALL service-account-id
RuijieGuard
webfilter-cache-ttl TTL 3600
<ttl_int> TTL RG-
WALL FDN
86400
N/A
webfilter-force-off
disable
RuijieGuard
webfilter-sdns-
0.0.0.0
webfilter-sdns-
443
webfilter-timeout
15
geoip-override
179
global
runtime-only config RG-
WALL runtime-only
set cfg-save {automatic | manual | revert}
set cfg-revert-timeout <seconds> execute cfg reload
set auth-cert <cert-name>
set auth-http-port <http_port>
set auth-https-port <https_port>
set av-failopen-session {enable | disable}
set batch-cmdb {enable | disable}
set cfg-revert-timeout <seconds>
set fmc-xg2-load-balance {disable | enable}
set gui-antivirus {enable | disable}
set gui-application-control {enable | disable}
set gui-ap-profile {disable | enable}
set gui-central-nat-table {disable | enable}
set gui-certificates {enable | disable}
set gui-client-reputation {enable | disable}
set gui-dns-database {disable | enable}
set gui-dynamic-profile-display {disable | enable}
set gui-dynamic-routing {enable | disable}
set gui-implicit-policy {disable | enable}
set gui-ips {enable | disable}
set gui-ipsec-manual-key {enable | disable}
set ie6workaround {enable | disable}
set internal-switch-speed {100full | 100half | 10full | 10half | auto}
set ip-src-port-range <start_port>-<end_port>
set ipsec-hmac-offload {disable | enable}
two-factor-email-expiry <seconds_int> set
admin IP
15 300
0
admin-https-pki-required
admin
disable
admin-lockout-duration
{enable | disable}
admin-reset-button
30
enable
admin-scp
admin-server-cert { HTTPS self-sign | <certificate> }
Ruijie_Factory self-sign
admin-ssh-grace-time
120
admin-ssh-port
admin-ssh-v1
admin-telnet-port
admintimeout 5
5
enable
183
anti-replay {disable | loose TCP TCP strict
| strict} SYN TCP
SYN ACK TCP
TCP
TCP
• RG-WALL TCP
RG-WALL
RST
self-sign
auth-http-port <http_port> HTTP <http_port> 1 65535 1000
auth-https-port
65535
1003
{enable | disable} IP
av-failopen pass
{idledrop | off | one-shot | idledrop off one-shot pass} pass
• idledrop —
184
{enable | disable} failopen av-failopen
{enable | disable}
cert-chain-max <int> 8
manual | revert} runtime-only
• automatic —
600
check-protocol-header loose
{disable | strict} • — RG-WALL ICMP
• strict — RG-WALL IP(A,B) |
185
A:C->RG SecOSB:D
TCP
ICMP
ICMP
anti-replay
disable
csr-ca-attribute
CA CSR
restart-time
dst {enable | disable}
AV/IPS HA
enable
fds-statistics-period
<minutes> FDS 1 1440 60
fgd-alert-subscription
latest-attack — RuijieGuard
latest-threat — RuijieGuard
latest-virus — RuijieGuard
new-attack-db — RuijieGuard IPS
fwpolicy-implicit log
gui-antivirus
gui-application-control
{enable | disable} Web enable
gui-ap-profile {disable | Web AP enable} 30D
disable
186
gui-dns-database {disable |
gui-dynamic-profile-
display {disable | enable} Web enable
gui-dynamic-routing Web {enable | disable} System > Network > Routing
System > Monitor > Routing Monitor
gui-ipsec-manual-key
gui-lines-per-page
gui-load-balance Web disable
{disable | enable}
gui-multiple-utm-profiles
enable
{enable | disable}
VPN
gui-sslvpn-personal-
bookmarks
gui-sslvpn-realms
gui-voip-profile {disable |
gui-vpn {enable | disable} Web VPN enable
gui-vulnerability-scan
gui-webfilter
hostname <unithostname> RG-WALL RG-WALL
16
CLI
URL
header-only — HTTP
disable
| interface | switch}
RG-WALL
100full
100half
10full
10half
auto
100 10 100M 10M Full half
<start_port>-<end_port> <start_port> <end_port> 1
65535 1 65535
FDN
IPsec HMAC
english french japanese korean
portuguese spanish simch ( ) trach
( )
disable
ldapconntimeout
login-timestamp
TCP/IP TCP/IP
telnet 23 HTTP 80
disable
log-user-in-upper
VDOM
max-report-db-size <size> MByte 1024
miglogd-children <int> miglogd 0 15 0
num-cpus <int> CPU
optimize antivirus
{antivirus | throughput}
throughput
phase1-rekey 1 IKE enable
{enable | disable}
<limit_int> 100 0
per-user-bwl
pre-login-banner
“system replacemsg
post-login-banner
radius-port <radius_port> RADIUS RADIUS
1812 RADIUS 1645
CLI RG-WALL
RADIUS
enable
189
300 0
RADIUS 5
reset-sessionless-tcp
RESET
daily-restart
disable
revision-image-auto-
scanunit-count <count_int> CPU
CPU RG-WALL
Web
{enable | disable}
sp-load-balance 3950B 3951B 3140B SP disable
{enable | disable}
sslvpn-max-worker-count
CPU
CPU
190
sslvpn-worker-count SSL CPU <count_int> CPU 1
strict-dirty-session-check disable
{enable | disable} 3DES SHA1 HTTPS/ SSH
Netscape 7.2 Netscape 8.0 Firefox
Microsoft Internet Explorer 7.0 (beta)
Internet Explorer 5.0
6.0
syncinterval
NTPsyncinterval
0
tcp-halfopen-timer 60
tcp-option
{enable | disable} SACKtimestamp MSS TCP
tcp-option
tcp-timewait-timer TCP TIME-WAIT 1
<seconds_int> RFC 793 ”TIME-WAIT state represents waiting
for enough time to pass to be sure the remote TCP
received the acknowledgment of its connection
termination request“
0 300 0 TCP TIME-WAIT
0
<timezone_number> RG-WALL
tp-mc-skip-policy
two-factor-email-expiry 60
udp-idle-timer <seconds> UDP 1
86400
disable
http://www.faqs.org/rfcs/rfc793.html
191
sign
vdom-admin
ARP
8192 ARP
ARP
<integer> CPU
gre-tunnel
NAT/Route
• IP ping
ha
RG-WALL (HA)
RG-WALL DHCP PPPoE IP HA
192
HA
• override
• config system interface RG-WALL HA
set encryption {enable | disable}
set gratuitous-arps {enable | disable}
set hc-eth-type <type_int>
set helo-holddown <holddown_integer>
set l2ep-eth-type <type_int>
set minimum-worker-threshold <threshold_int>
set monitor <interface_names>
set override {enable | disable}
set priority <priority_integer>
set session-pickup {enable | disable}
set session-pickup-connectionless {enable | disable}
set session-pickup-delay {enable | disable}
set session-pickup-expectation {enable | disable}
set session-pickup-nat {enable | disable}
set sync-config {enable | disable}
set uninterruptible-upgrade {enable | disable}
set update-all-session-timer {enable | disable}
set weight <priority_integer> <weight_integer>
ARP
<interval_integer>
IP MAC
1 20
authentication
194
encryption {enable | disable} / AES-128 SHA1
HA
link-failed-signal ARP
enable
group-id <id_integer> HA ID ID 0 255 HA
ID ID
MAC
32
<type_int> 4
8890
ha-mgmt-status
{enable | disable} HA disable
ha-mgmt-interface RG-WALL HA <interface_name> “config system interface” IP
HA
<diff_int>
hb-interval 2
<interval_integer> 1 20 100* hb-interval 2
200
hb-lost-threshold 6
hbdev <interface_name> RG-WALL <priority_integer> RG-WALL
[<interface_name> <priority_integer>]...
8891
<holddown_integer>
l2ep-eth-type <type_int> HA HA telnet
<type_int> 4
8893
TCP UTM
UTM
disable
load-balance-udp
mode a-a schedule weight-round-robin
0
HA “minimum-
worker-threshold”
mode {a-a | a-p | standalone} HA
a-p Active-Passive
a-a Active-Passive
standalone HA
RG-WALL dhcp pppoe
standalone
monitor <interface_names>
RG-WALL
Enter the names of the interfaces to monitor.Use a space to separate each interface name.
802.3ad
64
<weight_int> <low_int>
196
0
HA
15
<threshold_integer> 0 50
0 HA IP ping
HA
<timeout_integer> HA IP
IP
2147483647
IP
<weight_int> <low_int> <high_int> <high_int>
mode a-a schedule weight-round-robin
0
HA
10
0
| leastconnection | none
| weight-round-robin} IP IP
{enable | disable}
UDP ICMP
mode a-a a-p mode standalone
TCP
{enable | disable} session-pickup
session-pickup-expectation
mode standalone
disable
session-pickup-nat
session-pickup
mode standalone
number <process_id_int>
session-sync-dev RG-WALL <interface_name> 8 [<interface_name>]...
slave-switch-standby FS-5203B disable
198
<weight_int> <low_int> <high_int> <high_int>
mode a-a schedule weight-round-robin
0
round-robin weight
4
priority_integer 0 3
1 1
1
2
vdom
domain_2 set vdom domain_1 domain_2
VDOM
2 2
config secondary-vcluster 2
1
2
config secondary-vcluster 2 monitor 1
override priority vdom
HA priority override
active-interface
IPSec
edit VLAN
RG-WALL “internal” internal-
switch-mode
config system interface
set bfd-desired-min-tx <interval_msec>
set bfd-detect-mult <multiplier>
set bfd-required-min-rx <interval_msec>
set lacp-speed {fast | slow}
set sample-rate <rate_int>
set sflow-sampler {disable | enable}
link | vlan }
set defaultgw {enable | disable}
allowaccess IP <access_types> append clear
set
probe-response — config system server-probe
alias <name_string>
25
physical
DHCP MS Windows Client ARP
enable
atm-protocol
{ipoa | none} IPoA IPoA ADSL none
auth-type PPP auto
<ppp_auth_method> auto —
global} — BFD BFD
— BFD
bfd-desired-min-tx BFD 1 50
<interval_msec> 100000 msec
<interval_msec> 100000 msec
bfd
disable
defaultgw
DHCP PPPoE
disable
dedicated-to
static “mgmt”
DHCP DHCP
RG-WALL
RG-WALL DHCP RG-WALL MAC
dhcp-relay-ip
<dhcp_relay1_ipv4>
{...<dhcp_relay8_ipv4
8 DHCP
DHCPREQUEST ACKNOWLEDGE
DHCP
dhcp-relay-type
regular
regular
mode pppoe NAT/Route
<admin_distance>
“distance <distance>”
NAT/Route
DNS
enable
drop-fragment
edit <secondary_ip_id> 1 IP
205
SIP NAT
ping (detectserver) detectserver
NAT
<collision_group_num 0 ber>
ARP
RG-WALL
disable
<pppoe_timeout_secon 0 ds>
mode pppoe
inbandwidth Kbit/sec 0
<bandwidth_integer>
ip IP <interface_ipv4mask> dhcp pppoe
IP
MAC “ipmacbinding
setting” “ipmacbinding table”
disable
ipunnumbered IP PPPoE <unnumbered_ipv4> IP IP IP
IP
IP ISP
IP IP
{enable | disable} 2 IPX PPTP L2TP
RG-WALL
{enable | disable}
RG-WALL
HA
5
lcp-max-echo-fails
mode pppoe
3
macaddr MAC <mac_address> MAC xx:xx:xx:xx:xx:xx
Independent Interface)
SFP
SFP 1000 Mbps
sgmii-sfp SGMII SGMII
10 100 1000 Mbps
mode
NAT/Route
eoa — Ethernet over ATM
NAT/Route
MTU
• RG-WALL
RG-WALL MTU 1500
MTU
1 500
{enable | disable} 1500
IPsec
VLAN MTU
1500 MTU
Windows Internet Name Service (WINS)
wins-ip <wins_server_ip> WINS
IP
NAT/Route
208
<padt_retry_seconds> PPPoE
mode pppoe NAT/Route
password
RG-WALL
PoE
<interval_int> sFlow collector 1
255
pptp-client PPTP disable
{disable | enable} l2forward
HA
HA
pptp-password
pptp-server-ip
209
pptp-auth-type
pptp-timeout <pptp_idletimeout> PPTP 0
priority
pppoe dhcp
0
ip
captive-portal
tx)
rate 10 99999
sample-rate
sFlow
sample-rate
{enable | disable}
security-groups
captive-portal
sample-rate polling-interval sample-direction
sFlow RG-WALL
VLAN
sFlow “system sflow”
disable
speed auto
ECMP v4-ecmp-mode
config system settings
usage-based spillover-
{enable | disable}
STP RG-WALL VLAN
VDOM
rpl-bridge-ext-id ID
xx:xx:xx:xx:xx:xx
trust-ip-1 <ipmask>
trust-ip-2 <ipmask>
trust-ip-3 <ipmask>
“mgmt”
0.0.0.0/24
type {aggregate | hard- vlan switch | hdlc | loopback | physical |
redundant | tunnel | vap-
802.3ad 8
physical
switch-hardware
T1/E1
DNS CLI Web
type {aggregate | hard- physical — RG-WALL vlan switch | hdlc | type physical loopback | physical | physical redundant | tunnel | vap-
switch | vdom- redundant — 2
link | vlan }
intf phase1 IPSec
vdom-link —
NAT/Route
vdom <vdom_name>
IP
root
vlanforward
VLAN VLAN
enable
VLAN ID
VLAN ID 1 4094 0
4095 IEEE
VLAN
VLAN
RG-WALL
MAC VRRP MAC
RFC 3768
0
wins-ip
pap —
password <password> L2TP n/a
peer-host <ipv4_addr> L2TP IP n/a
peer-mask <netmask> L2TP
255.255.255.255
0
gwaddr <IPv4> IP
mux-type
ISP
vci <integer> VCI 0 255
ISP
0 65535 ISP
35
algorithm L4
L2
lacp-ha-slave
LACP Active-
Passive HA lacp-mode static
enable LACP slave
enable
passive | static} active — LACP PDU
214
{fast | slow} slow — 30 LACP PDU
LACP PDU
slow
member <if_name1> <if_name 2> ...
VDOM vdom
member
• DHCP
• VLAN
• VIP
•
port1 5
1
VRRP RFC 3768
<VRID_int> VRRP ID 1 255 VRRP
adv-interval
preempt VRRP enable
{enable | disable}
VRRP
<seconds_int>
ipip-tunnel
ips-urlfilter-dns
status {enable | disable} enable
mac-address-table
11:22:33:00:ff:aa
reply-substitute
modem
set auto-dial {enable | disable}
set holddown-timer <seconds>
set idle-timer <minutes>
set interface <name>
set lockdown-lac <lac_str>
set network-init <init_str>
set phone1 <phone-number>
set phone2 <phone-number>
set phone3 <phone-number>
set pin-init <init_str>
set redial <tries_integer>
{equal | fallback} equal —
authtype1 {pap chap
pap chap
standalone
dial-on-demand
idle-timer
standalone
IP
“distance <distance>”
extra-init3 <init_str>
holddown-timer 60
1-60
idle-timer <minutes>
5
mode standalone
PCMCIA
internal pcmcia-wireless internal
3G PCMCIA pcmcia-wireless
AT+COPS=<mode>,[<format>,<oper>[,<AcT>]]
<mode>
generic
generic
generic
phone2 <phone-number>
pin-init <init_str> AT PIN
null
{disable | enable} ppp-echo-request1
{disable | enable} ppp-echo-request2
{enable | disable} ppp-echo-request3
“router
ISP 1 10 none
disable
wireless-port <port_int> 3G TTY 0
0
monitors
widget-type
| virus | webfilter} — monitor
sort-by {bytes | msg-counts}— bytes
(msg-counts)
report-by {source | destination | destination-port}
resolve-host {enable | disable} —
show-auth-user {enable | disable} —
(msg-counts)
top-n <results_int> —
refresh-interval <interval_int> —
top-n <results_int> —
RG-WALL CPU
“traffic-shaping-mode” bidirection 2
IPSEC FB4
{enable | disable}
{enable | disable}
IPSEC FB4
{enable | disable} FB4
server-mode
disable
source-ip <ipv4_addr> NTP IP 0.0.0.0
syncinterval <interval_int> NTP
1 1440
ntpsync
d
edit <serverid_int> NTP
authentication {enable | disable} MD5 disable
key <password_str> MD5 null
key-id <int> MD5 Key-ID 0
ntpv3 {enable | disable} NTPv3 NTPv4 disable
server
object-tag
minimum-length
min-lower-case-letter
90
status
probe-response
http-probe-value <string> OK
http-probe
interface <port> IP
ip <ipv4_address> IP
225
CLI RG-WALL Web CLI RG-WALL
set buffer <message>
set format <format>
set header <header_type>
%%TIMEOUT%%
“system email-server”
HTTP HTML
set buffer <message>
set format <format>
set header <header_type>
buffer <message>
8bit
http
none
Send alert email for logs based on severity
AntivirusFileFilter
level Alert Emergency
alertmail-disk-full Diskusage
alertmail-nids-event Intrusion detected IPS DoS
227
%%VIRUS%% %%VIRUS%%
%%URL%% HTTP
URL
%%PROTOCOL%%
HTTP HTTPS HTML
FTP Telnet
HTML
•
228
• <INPUT TYPE="text" NAME="%%USERNAMEID%%" size=25>
• <INPUT TYPE="password" NAME="%%PASSWORDID%%" size=25>
HTTP HTML
set buffer <message>
set format <format>
set header <header_type>
8,192
RADIUS challenge-access auth
challenge-access Reply-Message
“Please enter new PIN”
RADIUS
PIN
SecurID PIN
Web
8192 16384 24576
config system global
set auth-keepalive enable
%%TIMEOUT%%
HTML
auth-reject-page Disclaimer page URL URL
RG-WALL
%%TIMEOUT%%
• ACTION =“/” METHOD =“POST” HTML
•
• The form must contain the following visible controls:
• <INPUT TYPE="text" NAME="%%USERNAMEID%%" size=25>
• <INPUT TYPE="password" NAME="%%PASSWORDID%%" size=25>
replacemsg device-detection-portal
set buffer <message>
set format <format>
set header <header_type>
RuijieGuardWeb
RuijieGuard URL RG-WALL HTTP 8
RuijieGuard Web HTTP 4xx 5xx
RuijieGuard RuijieGuard HTTP
RG-WALL SSL HTTPS
set buffer <message>
set format <format>
set header <header_type>
8,192
ftgd-block Enable RuijieGuard Web Filtering Web HTTP
HTTPS ftgd-block
8: RuijieGuard
“web filter override”
232
http-err Provide details for blocked HTTP 4xx and 5xx errors Web
HTTP HTTPS http-err
FTP FTP
set buffer <message>
set format <format>
set header <header_type>
8,192
FTP
233
%%URL%% HTTP
URL
%%PROTOCOL%%
IP
IP
HTTP HTTP HTTP HTML
RG-WALL SSL HTTPS
set buffer <message>
set format <format>
set header <header_type>
8,192
bannedword
http-block Antivirus File Filter Web HTTP
HTTPS HTTP GET
http-block
http-client-archive-
block
http-client-bannedword
http-client-block Antivirus File Filter HTTP HTTPS
HTTP POST
http-client-block
http-client-filesize Oversized File/Email Block HTTP HTTPS HTTP
PUT http-client-filesize
http-contenttype-
block
http-contenttype-block
http-filesize HTTP HTTPS Antivirus Oversized File/Email Block
HTTP GET http-filesize
http-post-block HTTP POST Action Block RG-WALL HTTP POST
http-post-block
URL infcache-block
URL “firewall policy”
url-block URL URL
URL url-block
235
%%VIRUS%% %%VIRUS%%
%%URL%% HTTP
URL
%%PROTOCOL%%
IP
set buffer <message>
set format <format>
set header <header_type>
8,192
Message name
Message name
AIM ICQ MSN Yahoo CLI
im-photo-share-block block-photo CLI
MSN Yahoo CLI
im-voice-chat-block block-long-chatBlock Audio
AIM ICQ MSN Yahoo!
im-video-chat-block block-video CLI
MSN CLI
%%VIRUS%% %%VIRUS%%
%%PROTOCOL%%
IP
IP
set buffer <message>
set format <format>
set header <header_type>
8,192
Message name
Message name
email-filesize
partial
RG-WALL SMTP 554 SMTP
smtp-block
RG-WALL SMTP RG-WALL
SMTP 554 SMTP smtp-
filesize
%%VIRUS%% %%VIRUS%%
%%PROTOCOL%%
8,192
comment <comment_str>
http
SSL VPN
<msg_category>
replacemsg-group
message mm1 mm3 mm4 mm7 buffer
set group-type {auth | captive-portal | ec | utm}
config {auth | ec | Ruijieguard-wf | ftp | http | mail | mm1 | mm3 | mm4 | mm7 | nntp | spam}
edit <msgkey_integer>
VDOM
comment <string>
captive-portal — captive-portal
utm — UTM
message <string>
buffer
SMIL image-base64 image-type
242
NAC DoS IPS
HTTP HTML
set buffer <message>
set format <format>
set header <header_type>
8,192
Message name
nac-quar-dos DoS CLI quarantine attacker interface
DoS DoS IP IP RG-WALL
RG-WALL 80
HTTP RG-WALL
quarantine both
17: nac-quar message types
Message name
RG-WALL 80 HTTP
RG-WALL 80 HTTP
RG-WALL method
Attacker and Victim IP Address
nac-quar-virus Antivirus Quarantine Virus Sender IP RG-WALL
RG-WALL 80 HTTP
RG-WALL
set buffer <message>
set format <format>
set header <header_type>
8,192
Message name
NNTP RG-WALL nntp-dl-blocked
FTP
nntp-dl-filesize NNTP Antivirus Oversized File/Email Block RG-WALL
NNTP nntp-dl-
filesize
sslvpn-logon RG-WALL SSL VPN
sslvpn-limit SSL VPN
RG-WALL
HTTP HTML
set buffer <message>
set format <format>
set header <header_type>
8,192
RG-WALL RG-WALL HTTP per-IP
HTTP HTML
set buffer <message>
set format <format>
set header <header_type>
8,192
set buffer <message>
set format <format>
set header <header_type>
8,192
virus-text
23:
%%VIRUS%% %%VIRUS%%
%%PROTOCOL%%
VDOM
VDOM VDOM 100 VPN IPSec Phase1
d end
100 VPN IPSec Phase 1 VDOM
VDOM VDOM
“system vdom-property”
RG-WALL RG-WALL
RG-WALL RG-WALL Maximum
Values Matrix
0
0
firewall-address
log-disk-quota
IP
port <port_int> HTTP-GET TCP 80
protocol {ping | http-get} ping
response-v
cli check-template-status ........................................................................................................................................... 369
cli status-msg-only ..................................................................................................................................................... 369
router restart ............................................................................................................................................................. 385
set-next-reboot ......................................................................................................................................................... 386
sfp-mode-sgmii ......................................................................................................................................................... 387
shutdown .................................................................................................................................................................. 387
ssh ............................................................................................................................................................................. 387
sync-session .............................................................................................................................................................. 388
vpn sslvpn del-all ....................................................................................................................................................... 395
vpn sslvpn del-tunnel ................................................................................................................................................. 395
vpn sslvpn del-web .................................................................................................................................................... 396
vpn sslvpn list ............................................................................................................................................................ 396
router info gwdetect .................................................................................................................................................. 410
router info kernel ....................................................................................................................................................... 410
router info multicast .................................................................................................................................................. 410
router info ospf .......................................................................................................................................................... 410
router info protocols .................................................................................................................................................. 411
router info rip ............................................................................................................................................................ 412
router info routing-table ............................................................................................................................................ 412
router info vrrp .......................................................................................................................................................... 413
system admin list ....................................................................................................................................................... 413
system admin status .................................................................................................................................................. 413
system interface physical ........................................................................................................................................... 418
system performance firewall ..................................................................................................................................... 419
system performance status ........................................................................................................................................ 420
system performance top ............................................................................................................................................ 421
system session list ..................................................................................................................................................... 421
vpn status l2tp ........................................................................................................................................................... 431
vpn status pptp .......................................................................................................................................................... 431
RG SecOS™ 5.0 CLI CLI RG-
WALL
5.0 CLI
“config” “config”
“get”
CLI “?”
• RG-WALL RG-WALL RG-WALL
aggregate interface type config system interface
RG-WALL Web execute restore
RG-WALL BIOS
19
“Press any key” BIOS
C R T F I B QH
“Enter”
“H" ”Q“
BIOS RG-WALL TFTP IP
[0]: 1 - 7
20
DHCP
DHCP
[S]:
TFTP
[F]:
BIOS
RG-WALL
antivirus
heuristic
end
| disable}
detected files.
set analytics-max-upload <mbytes>
set extended-utm-log {eanble | disable}
set inspection-mode {flow-based | proxy}
config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp | smtps
| nntp | im}
set options {avmonitor | avquery | quarantine | scan}
config nac-quar
set expiry <duration_str>
filepattern.
0
analytics-max-upload
10
block-botnet-connections
extended-utm-log
inspection-mode
23
config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp | smtps | nntp | im}
quarantine —
RG-WALL
for viruses.
config nac-quar
###d##h##m 5
infected none
5m
quarantine
WALL
24
set drop-heuristic {ftp ftps http im imap nntp pop3 smtp}
set drop-infected {ftp ftps http im imap mapi nntp pop3 smtp}
set drop-intercepted {ftp http imap pop3 smtp}
set lowspace {drop-new | ovrw-old}
set store-heuristic {ftp http im imap nntp pop3 smtp}
set store-infected {ftp ftps http https im imap imaps nntp pop3 pop3s smtp smtps}
set store-intercepted {ftp http imap pop3 smtp}
end
TTL
0
NULL
smtp}
drop-heuristic http {ftp ftps http im imap mm1 im
mm3 mm4 mm7 nntp pop3 NNTP imap nntp
smtp} pop3 smtp
drop-infected im {ftp ftps http im imap mapi imap nntp
nntp
drop-intercepted
{ftp http imap pop3 smtp} RG SecOS
imap smtp
pop3 http
drop-new
ovrw-old
RG-WALL
0
0
smtp} NNTP
smtp}
store-infected
imaps nntp pop3 pop3s
store-intercepted
{ftp http imap pop3 smtp} RG SecOS Carrier
ftp
service
RG-WALL HTTP HTTPS FTP POP3 IMAP SMTP
IM IMAP NNTP POP3 SMTP
block-page-status-code
CPU
scan-bzip2
2 100. arj
bzip2 cab gzip lha lzh msc rar tar
zip Bzip2
1 “?”
RG-WALL 0
set grayware {enable | disable}
extreme | normal}
extended
“zoo”
extended
“zoo”
{enable | disable} RAT
application
27
0
comment
<comment_str>
protocol <protocol_str | All> All
set protocols ?
0—Network protocol
set vendor ?
set application [<app1_int><app2_int> ...]
set behavior {0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8}
set block-audio {enable | disable}
set block-encrypt {enable | disable}
set block-file {enable | disable}
set block-im {enable | disable}
set block-photo {enable | disable}
set block-video {enable | disable}
set category {<cat_int> | All}
set session-ttl <ttl_int>
set shaper <shaper_str>
set shaper-reverse <shaper_str>
set other-application-action {block | pass}
set other-application-log {enable | disable}
set unknown-application-action {block | pass}
set unknown-application-log {disable | enable}
behavior {0 | 1 | 2 | 3 | 4 | 5 | 6 |
7 | 8}
0 — Other
1 — Reasonable
2 — Botnet
3 — Evasion
{enable | disable} AIM ICQ MSN Yahoo
{enable | disable} application AIM ICQ MSN Yahoo
{enable | disable} application AIM ICQ MSN Yahoo
{enable | disable} application AIM ICQ MSN Yahoo
{enable | disable} application AIM ICQ MSN Yahoo
application MSN
disable
category im application
All
im-no-content- disable
{enable | disable} AIM ICQ MSN Yahoo
options [allow-dns
allow-http allow-icmp
{enable | disable}
protocols
TTL config system session-ttl CLI
0
shaper-reverse <shaper_str>
sub-category “all” all
{<subcat_int> | all}
0—Other
unknown-application- disable
allset
vendor ?
all
name
name ?
IP IP IP
IP
set visibility {enable | disable}
set start-port <port_int>
type fqdn
0
1
0
comment
null
end-ip
fqdn
33
start-ip
subnet type ipmask IP 0.0.0.0
<address_ipv4mask CIDR 0.0.0.0
>
type {ipmask ipmask
| iprange | fqdn IP | geography
| network-service
| wildcard}
{enable | disable}
<address_ip4mask> 0.0.0.0
<service_id> ID 0 ID
end-port <port_int> 0
enable
0
auth-portal
central-nat
RG-WALL NAT
orig-addr <name_ip> IP
nat-ippool <name_ip> IP
orig-port <port_int> IP 0
nat-port <port_int-
HTTPS FTPS SMTPS firewall profile-protocol-options
set ssl-ca-list {enable | disable}
set status {enable | disable}
set unsupported-ssl {bypass | block}
set ssl-ca-list {enable | disable}
set status {enable | disable}
set unsupported-ssl {bypass | block}
set ssl-ca-list {enable | disable}
set status {enable | disable}
set unsupported-ssl {bypass | block}
set ssl-ca-list {enable | disable}
set status {enable | disable}
set unsupported-ssl {bypass | block}
set ssl-ca-list {enable | disable}
set status {enable | disable}
set unsupported-ssl {bypass | block}
set ip <ipv4_addr>
end
end
37
SSL
extended-utm-log
ssl-invalid-server-
allow-invalid-server-cert
bypass
ssl-ca-list
disable
unsupported-ssl
config https
allow-invalid-server-ce
disable
client-cert-request
bypass
38
ssl-ca-list
status
unsupported-ssl
config imaps
allow-invalid-server- SSL disable
cert {enable | disable}
{bypass | inspect | block} SSL SSL
ssl-ca-list
unsupported-ssl
config pop3s
allow-invalid-server- SSL disable
cert {enable | disable}
{bypass | inspect | block} SSL SSL
ssl-ca-list
status
unsupported-ssl
39
allow-invalid-server- SSL disable
cert {enable | disable}
{bypass | inspect | block}
ssl-ca-list
status
unsupported-ssl
config ssl
SSL
disable
ftps-client-cert-request
bypass
https-client-cert- HTTPS bypass
request RG-WALL SSL {block | bypass | inspec t} SSL SSL
40
imaps-client-cert-
request
bypass
pops3-client-cert- POP3S bypass
request RG-WALL SSL {block | bypass | inspec t} SSL SSL
smtps-client-cert- SMTPS bypass
request RG-WALL SSL {block | bypass | inspec t} SSL SSL
{block | bypass | inspec RG-WALL SSL t}
SSL SSL
dnstranslation
DNS DNS IP
IP RG-WALL IP .
DNS
dst
0.0.0.0
netmask
<address_ipv4mask
src dst IP src
dst
dst
TCP UDP ICMP
set status {enable | disable}
42
log {enable | disable} DoS disable
quarantine {attacker RG-WALL none
| both | interface | none}
IP
IP IP
IP
threshold <threshold_int>
1 2147483647
interface-policy
DoS CLI DoS RG-WALL
DoS
Interface-policy IPS
DoS
disable
application-list-status enable
av-profile-status
disable
enable
webfilter-profile-status
IP/MAC RG-WALL / IP IP
IP RG-WALL IP
MAC
IP MAC
44
IP / MAC IP/ MAC IP MAC IP
IP/ MAC IP/ MAC
“ipmacbinding table”
RG-WALL DHCP IP MAC
IP/ MAC IP / MAC
DHCP IP/ MAC DHCP
WALL
disable
{allow | block} IP/ MAC IP MAC
ipmacbinding table
IP/ MAC IP MAC IP
MAC MAC IP
IP/ MAC “ipmacbinding setting” RG-
WALL IP/ MAC ipmac “system interface”
IP / MAC IP/ MAC IP MAC IP
IP/ MAC IP/ MAC
RG-WALL
RG-WALL DHCP IP MAC
IP/ MAC IP / MAC
DHCP IP/ MAC DHCP
MAC IP
IP 0.0.0.0
0.0.0.0
IP MAC 00
MAC 00:00:00:00:00:00
name <name_str> IP/MAC noname
status IP/MAC disable
{enable | disable} IP/MAC
IP/ MAC
RG SecOS™ IP IP RG-WALL CLI
IP IP IP IP IP IP
IP 1.1.1.1 IP 1.1.1.1 1.1.1.1
RG-WALL IP IP IP
IP ARP
RG-WALL port1 port2 IP
• port1 IP 1.1.1.1/255.255.255.0 1.1.1.0-1.1.1.255
• port2 IP 2.2.2.2/255.255.255.0 2.2.2.0-2.2.2.255
IP
46
• (2.2.2.0-2.2.2.255) & (2.2.2.10-2.2.2.20) = 2.2.2.10-2.2.2.20
• (2.2.2.0-2.2.2.255) & (2.2.2.30-2.2.2.40) = 2.2.2.30-2.2.2.40
• port2 2.2.2.10-2.2.2.20 2.2.2.30-2.2.2.40 ARP
NAT Dynamic IP Pool IP RG-WALL
IP
end
arp-intf
arp-reply
block-size <size_int> type port-block-allocation
64 4096
128
endip
<address_ipv4> IP IP IP IP
IP IP
0.0.0.0
num-blocks-per-user
1 128
source-endip
startip
IP
endip <ipv4_addr> IP 0.0.0.0
map-startip 0.0.0.0
local-in-policy,
edit <index_int>
ID
48
action
deny
auto-asic-offload
intf <name_str> RG-WALL
srcaddr
schedule
OSPF, all_hosts, all_routers.
0
comment
start-ip
subnet <ip4mask> IP/ type
broadcastmask
ip
multicastrang
e
visibility
enable
multicast-policy
IP IP IP
multicast-forward {enable | disable} tp-mc-skip-policy{enable | disable}
action
NAT/Route
logtraffic
srcaddr
firewall address
status
0
start-port
set action {accept | deny | ipsec | ssl-vpn}
set active-auth-method {basic | digest | form | ntlm}
set application {enable | disable}
set logtraffic-app {enable | disable}
set logtraffic-start {enable | disable}
set log-unmatched-traffic {disable | enable}
set match-vip {enable | disable}
set nat {enable | disable}
set natinbound {enable | disable}
set sslvpn-ccert {enable | disable}
set status {enable | disable}
set application-list <name_str>
set av-profile <name_str>
{accept | deny | ipsec | ssl-vpn} accept —
nat NAT NAT /
ippool NAT
IP
fixedport NAT
ipsec vpntunnel
inbound outbound natoutbound natinbound
/ natip
vpn sslvpn-authsslvpn-ccert
sslvpn-cipher
{basic identity-based | digest | form | ntlm} sso-auth-method
basic — ID
URI MD5
54
enable
disable
auth-redirect-addr IP <domainname_str> HTTP URL
auto-asic-offload NP SP enable
{enable | disable}
enable av-profile
profile-protection-options
disable
capture-packet
{enable | disable} logtraffic all utm
disable
client-reputation
disable
learning
disable}
IP
IPSec VPN IP
action ssl-vpn IP
RG-WALL
disable
56
email-collection-portal
disable
unauthenticated {enable | disable}
{enable | disable}
IP
auto-profiling
disable
identity-based-route
identity-from
web-proxy
IPSec VPN
{enable | disable} IP
57
identity-based disable utm-status
enable
disable
NAT
ippool fixedport
disable
natinbound
WALL IP
disable
natip action ipsec natoutbound 0.0.0.0
<address_ipv4mask> IP 0.0.0.0
RG-WALL
IP
192.168.1.0/24
58
{enable | disable} RG-WALL IP
natip
IP
disable
disable
ntlm-enabled-browsers
outbound
IPSec VPN
firewall shaper per-ip-
shaper
permit-any-host
disable
permit-stun-host
NAT’d iPhones FaceTime
disable
nat ippool enable
identity-based
enable config identity-based-
enable identity-based enable
config identity-based-policy
enable identity-based enable
config identity-based-policy
URL
replacemsg-group
enable
require-tfa
rtp-addr
send-deny-packet
deny-tcp-with-icmp ICMP
TCP TCP
disable
service-negate
disable
auto-profiling
ttl
IP
only all
IP
disable
60
proxy web-proxy
{any | ldap | local | radius | tacacs+}
• RG-WALL
sslvpn-ccert
SSLVPN
| medium | high} SSL
• 164-bit
• 128-bit
<maximumsize_int> RG-WALL PPPoE ISP
PPPoE
“ ICMP ”
Web
timeout-send-rst
traffic-shaper-reverse <name_str> 1 2
2 1
utm-status {disable | UTM UTM disable
enable} UTM
identity-based
enable config identity-based-
identity-based disable utm-status
enable
action ipsec
enable webfilter-profile
profile-protection-options
application-list
identificatio
n
deep-inspection-
options
<profile_name>
logtraffic
profile-group {group |
(null)
profile-protocol-
profile-type {group |
single
schedule
action ssl-vpn
traffic-shaper
enable} UTM
webfilter-profile
IPS Web VoIP
UTM
63
set application-list <name_str>
set voip-profile <name_str>
set replacemsg-group <name_str>
deep-inspection- options “firewall deep-inspection-options”
<profile_name>
<name_str> profile profile-protection-options
<name_str> webfilter-profile profile-protection-options
ips-sensor
application-chart
{top10-app
| top10-media-user
| top10-p2p-user}
(null)
application-list
replacemsg-group
default
profile-protocol-options
HTTP FTP SMTP UTM
64
| servercomfort}
set oversize-limit <size_int>
set retry-count <retry_int>
| no-content-summary | oversize | splice}
set comfort-interval <interval_int>
set comfort-amount <amount_int>
set oversize-limit <size_int>
set oversize-limit <size_int>
set oversize-limit <size_int>
set oversize-limit <size_int>
set oversize-limit <size_int>
set oversize-limit <size_int>
intercept
config http
inspect-all {enable |
disable
{chunkedbypass summary
comfort-amount 1
Ruijie-bar
Ruijie-bar-port
<port_int> Ruijie Bar 8011
post-lang <charset1> HTTPS post HTTPS post [<charset2>...<charset 5>] RG-WALL
HTTPS POST UTF-8 RG-
WALL
<size_int> oversize-limit
oversize HTTP
RG-WALL
Web
switching-protocols
inspect-all {disable |
disable
comfort-amount 1
options FTP no-
{bypass-mode-comma content-
d | clientcomfort “block” “compressed”
| no-content-summary
0
oversize-limit
RG-WALL 10
config dns
53
status
config imaps
68
inspect-all
disable
| no-content-summar no-
oversize-limit
RG-WALL 10
config mapi
options {fragmail MAPI fragmail
| no-content-summar no-
oversize-limit
RG-WALL 10
config pop3
inspect-all
disable
| no-content-summar
oversize-limit
RG-WALL 10
config smtp
inspect-all
disable
| no-content-summar no-
content- summary
SMTP
oversize-limit
RG-WALL 10
{enable | disable}
RG-WALL
status
config nntp
inspect-all
disable
no-content-summary content-
| oversize | splice} no-content-summary —
oversize-limit
RG-WALL 10
config im
no-content-summary content-
| oversize} no-content-summary — summary
oversize-limit
RG-WALL 10
config mail-signature
RG-WALL
(‘ ")
0
end <hh:mm> 00:00 <yyyy/mm/dd> • hh - 00 23 2001/01/01
• mm - 00 15 30 45
• yyyy - 1992
• yyyy - 1992
1-100 0
• mm 00 15 30 45
00:00
• mm 00 15 30 45
00:00
0
73
0
Authentication Remote Access Tunneling
VoIP Messaging\ &\ Other Applications
Web Proxy
“Web Access“ ”Web\ Access“
74
comment
set category <category_name>
set color <color_int>
set comment <string>
set protocol-number <protocol_int>
<srcporthigh_int>]
<srcporthigh_int>]
<srcporthigh_int>]
{disable | strict
• strict — RG-WALL IP(A,B) |
TCP(C,D) ICMP RG
SecOS A:C->B:D
TCP
ICMP
“log-invalid-packet {enable | disable}”
anti-replay
protocol TCP/UDP/SCTP
explicit-proxy
0
{enable | disable}
icmpcode
icmptype <type_int> ICMP type_int 0 255
www.iana.org ICMP
protocol
ALL
protocol-number
http://www.iana.org
0
0-65535
session-ttl per-VDOM session-ttl
0
86400
tcp-halfopen-timer 0
0 system global
protocol TCP/UDP/SCTP
tcp-portrange TCP <dstportlow_int>[- <dstporthigh_int>:
0-65535
<seconds_int> 793 ”TIME-WAIT state represents waiting for
enough time to pass to be sure the remote TCP received
the acknowledgment of its connection termination
request“
0 300 0 TCP TIME-WAIT 0
udp-idle-timer UDP 1 86400 0
<seconds>
udp-portrange UDP <dstportlow_int>[- <dstporthigh_int>:
0-65535
disable
set member ?
0
IP
{enable | disable} DSCP
diffservcode-forward
{enable | disable} DSCP
diffservcode-rev
max-bandwidth
0 16776000 Kbits/second 0
0
max-concurrent-
session
<sessions_int>
0 2097000 0
0
IP
end
end
QoS
0
0
per-policy disable
{enable | disable}
ttl-policy
“253-255”
null
vip
IP ARP RG-WALL
ARP ARP RFC 1027
IP RG-WALL
DMZ
(NAPT) / (NAT)
IP NAT NAT
• NAT
(DNAT)
80
PAT / NAT IP
NAT NAT IP IP
IP IP
IP
NAT
NAT IP IP
IP IP IP IP
IP IP
NAT IP IP
IP IP IP
IP
IP IP 0.0.0.0 IP
IP
DNAT
IP RG-WALL IP
arp-reply
comment
82
RG-WALL extip IP
IP IP
IP
0.0.0.0
server-type http 443 server-type https
0
gratuitous-arp-interval
ARP 0
ARP
[<start_ipv4>- <end_ipv4>]
RG-WALL extip IP
IP IP
IP
RG-WALL
ssl ” not off“
1000
83
nat-source-vip
RG-WALL IP
IP NAT
RG-WALL RG-WALL
disable
outlook-web-access
Front-End-Https: on HTTP
outlook-web-access
RG-WALL HTTP
type http https
disable
portforward
mappedport
1-to-1
protocol
src-filter <addr_str> IP/
x.x.x.x/n x.x.x.x-y.y.y.y
{load-balance | server-load-balance |
static-nat}
vipgrp
IP DMZ IP
VIP VIP external-to-
DMZ
interface
member
gui
console
console
Status
Web CLI
imp2p
imp2p Instant Messaging Peer-to-Peer
icq-user
msn-user
old-version
86
effort | block}
best-effort
best-effort
best-effort
best-effort
imp2p VDOM imp2p allow
ips
DoS
sensor
setting
IPS MAC IPS
Peer VDOM
custom
RG-WALL RG-WALL
set anomaly-mode {continuous | periodical}
set database {regular | extended}
set session-limit-mode {accurate | heuristic}
engine-count RG-WALL 0
<integer>
{enable | disable}
hardware-accel- CP NP engine-pick
mode {engine-pick none engine-pick | cp-only | np-only | np-cp | none}
session-limit-mode
heuristic
RG-WALL Skype
rule
get
90
set severity {all | info low medium high critical}
set protocol <protocol_str>
set application <app_str>
set tags <tags_str>
set log-packet {disable | enable}
set quarantine-expiry <minutes_int>
set rule [<rule1_int> <rule2_int> ...] get
config exempt-ip
edit <exempt-ip_id>
”?“ IPS
comment
<filter_int> ID IPS ID
”?“ ID ID
location {all | client | all
server} • client
protocol
Other
Other
disable
disable} • enable
enable} PCAP
RG-WALL
| pass | reject} • block
both | interface | none}
IP
92
IP
<minutes_int> 259200
<count_int> 65535 0
rate-duration 60
rate-mode
<continuous
| periodical>
• periodical — action rate-duration rate-
count
ID
null
• count-enabled IPS
• count
93
• os
• application
“pass all”“block all”“reset all”
“default”
edit <exempt-ip_id> exempt-ip ID IPS
exempt-ip ”?“ ID ID
exempt-ip
0.0.0.0
0.0.0.0
setting
0
<packets_int>
IPS 6
packet-log-history 1 255 1
packet-log-history 1 RG-
WALL
packet-log-post-attack IPS 0
<packets_int> packet-log-post- attack 10 RG-WALL
IPS 10
packet-log-attack 0 255 0
log
SSL VPN
custom-field
diisk setting eventfilter
Ruijieguard setting gui-
display memory setting
# 16
95
{disk | memory | syslogd | syslogd2 | syslogd3 | webtrends } filter
RG-WALL
config log {disk |memory | syslogd | syslogd2 | syslogd3 | webtrends | Ruijieguard} filter
set analytics {enable | disable}
set anomaly {enable | disable}
set app-crtl {enable | disable}
set app-crtl-all {enable | disable}
set attack {enable | disable}
set blocked {enable | disable}
set discovery {enable | disable}
set email {enable | disable}
set email-log-google {enable | disable}
set email-log-imap {enable | disable}
set email-log-msn {enable | disable}
set email-log-pop3 {enable | disable}
set email-log-smtp {enable | disable}
set email-log-yahoo {enable | disable}
set forward-traffic {enable | disable}
set ftgd-wf-block {enable | disable}
set ftgd-wf-errors {enable | disable}
set local-traffic {enable | disable}
set gtp {enable | disable}
set infected {enable | disable}
set multicast-traffic {enable | disable}
set netscan {enable | disable}
set oversized {enable | disable}
set scanerror {enable | disable}
set signature {enable | disable}
set suspicious {enable | disable}
set switching-protocols {enable | disable}
set traffic {enable | disable}
set url-filter {enable | disable}
set virus {enable | disable}
set voip {enable | disable}
set vulnerability {enable | disable}
set web {enable | disable}
set web-content {enable | disable}
set web-filter-activex {enable | disable}
set web-filter-applet {enable | disable}
set web-filter-command-block {enable | disable}
anomaly
<377 attack </377
ftgd-wf-errors
web
{enable | disable}
gtp {enable | disable} GTP RG SecOS Carrier
infected virus {enable | disable} </614
multicast-traffic
oversized virus {enable | disable} </660
scanerror
severity {alert | RG-WALL critical | debug | emergency | error | error </686 error </687critical </688alert information | notification | warning}
</689 emergency </690
emergency </694 -
alert </698 -
critical </702 -
attack
<788 web </788
virus
vulnerability
web-content
web </851
web-filter-activex
web-filter-applet
web-filter-command-
block
web-filter-ftgd-quota
web-filter-ftgd-quota-
counting
98
FTP
RG-WALL AMC disk setting </964AMC
RG-WALL RG-WALL AMC
AMC Log&Report > Log Access > Disk
SQL SQL SQLlite
SQL
conn {default | high | low | disable} set uploaddir
<dir_name_str>
set uploadtype {attack event im spamfilter traffic virus voip webfilter}
set uploaduser <user_str>
overwrite
<0-19800>
threshold
threshold
threshold
maximum-log-age
<integer max> RG-WALL
max-policy-packet-
capture-size
<size_int>
roll-schedule
RG-WALL
source-ip
<address_ipv4>
upload {enable | disable} upload </1377 FTP
uploaddir uploadipuploadpass uploadport
uploaduser FTP
100
upload-delete-files
uploaddir FTP <dir_name_str> FTP
uploadip
uploadpass
uploadport
FTP
RG-WALL
uploadsched enable </1554.
0
uploadzip
app-ctr
attack
event
traffic
virus
webfilter
101
eventfilter
admin
dns
network
{enable | disable} DHCP L2TP/PPTP/PPPoE VIP SSL
GTP
AMC
{enable | disable} UTM NAC
vpn
wan-opt
{syslogd} override-filter
VDOM config log {syslogd} filter </1904
“{disk | memory | syslogd | syslogd2 | syslogd3 | webtrends } filter”
gui-display
resolve-apps
memory setting
RG-WALL RG-
WALL
memory global-setting
RG-WALL RG-
WALL
100
98
setting
local-in-admin
local-in-other
{enable | disable}
log-invalid-packet VDOM ICSA {enable | disable}
• ICMP
• IP
neighbor-event
resolve-port
syslogd override-setting
set override {enable | disable}
set status {enable | disable}
set csv {enable | disable}
set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2
| local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}
set port <port_integer>
setting
csv {enable | disable} enable </3077 RG-WALL
CSV CSV
RG- WALL
facility {alert | audit facility </3090 local7
| auth | authpriv | clock facility RG-WALL | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 • alert:
105
| local5 | local6 | local7 • audit </3100 | lpr | mail | news | ntp
| syslog | user | uucp} • auth </3104 /
• authpriv: /
RG-WALL RFC 3195 RAW TCP
source-ip
<address_ipv4> syslogd syslog2 syslog3 IP 0.0.0.0
{syslogd | syslogd2 | syslogd3} setting
set status {enable | disable}
set csv {enable | disable}
set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2
| local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}
set port <port_integer>
csv {enable | disable} enable </3321 RG-WALL
CSV CSV RG-WALL
facility {alert | audit | facility </3341 local7
auth | authpriv | clock | facility RG-WALL cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | • alert:
local5 | local6 | local7 | • audit </3351 lpr | mail | news | ntp |
syslog | user | uucp} • auth </3355 /
• authpriv: /
port <port_integer> 514
reliable {enable | disable} RG-WALL RFC 3195 RAW
RFC1035
<address_ipv4> syslogd syslog2 syslog3 IP 0.0.0.0
webtrends setting
4.1
status {enable | disable} enable </3560
chart
end config report chart
config report
chart comments CLI
comments
config report chart edit
set group <group_str>
set header-value <string>
set legend {enable | disable}
set period {last24 | last7d}
set scale-format {YYYY MM DD HH MM | YYYY-MM-DD | HH | YYYY-MM-DD | YYYY MM |
YYYY | HH MM | MM DD}
set scale-number-of-step <steps_int>
set scale-step <step_int>
set scale-type datetime
set style {auto | manual}
manual type table
style manual type graph
config y-series y
style manual type graph
<chart_name> CLI
<chart_name> comments
0x 0xff0000
<size_int> 5 20
color-palette HTML <palette_hex> 0x
comments <comment_str> Web
report dataset
detail-value <value str>
displayname <name_str>
extra-y-legend
5 20
0
footer-value <value str>
graph-type {bar | flow | line
is-category {no | yes} x
label-angle {45 degree | x y vertical | horizontal}
legend {enable | disable}
legend-font-size 0 0
<size_int> 5 20
110
scale-format {YYYY MM
DD-HH-MM
scale-number-of-step
scale-origin {max | min} x
X max scale-start
2001
style {auto | manual} style auto
style
comments
5 20
0
value1 {<value_int>
| <value_str>}
value2 {<value_int>
| <value_str>}
dataset
end
end
SQL
edit <field-id> SQL 1 SQL
displayname
layout
set cutoff-time <time_str>
set description <text>
set email-recipients <recipients_str>
set time <HH:MM>
112
set style-theme <theme name>
set options {include table of contents | auto numbering heading | view chart as heading
| show html navbar before-heading} config page
set paper{A4|letter}
set options {header on first page | footer-on-first-page}
set style <style name>
set description <text>
set content <text>
set img-src <text>
set misc-component {hline | page break | column break | section-start}
set parameter1 <value_str>
604 800 1
86400
113
custom
send email-send
schedule-type
00:00
schedule-type weekly
numbering heading
view-chart-as-heading —
column-break-before
content <text> type text
image
image
description <text> type text misc
image
img-src <chart name> type chart
115
config report style
edit <style name>
set options {font | text | color | align | size | margin | border | padding | column}
set font-family {Verdana | Arial | Helvetica | Courier | Times}
set font-style {normal|italic}
set font-weight {normal | bold}
set font-size {xx small | x small | small | medium | large | x large | xx large} | 5-28
set line-height <integer | percentage>
set fg-color {aqua | black | blue | fuchsia | gray | green | lime | maroon | navy | olive
| purple | red | silver | teal | white | yellow | <color value>}
set bg-color {aqua | black | blue | fuchsia | gray | green | lime | maroon | navy | olive
| purple | red | silver | teal | white | yellow | <color value>}
set align {left | center | right | justify}
set height <integer | percentage>
set width <integer | percentage>
set border-top <topwidth_int> {none | dotted | dashed | solid} {aqua | black | blue
| fuchsia | gray | green | lime | maroon | navy | olive | purple | red | silver | teal
| white | yellow | <color value>}
set border-bottom <bottomwidth_int> {none | dotted | dashed | solid} {aqua | black
| blue | fuchsia | gray | green | lime | maroon | navy | olive | purple | red | silver
| teal | white | yellow | <color value>}
set border-left <leftwidth_int> {none | dotted | dashed | solid} {aqua | black | blue
| fuchsia | gray | green | lime | maroon | navy | olive | purple | red | silver | teal
| white | yellow | <color value>
set border-right <rightwidth_int> {none | dotted | dashed | solid} {aqua | black
| blue| fuchsia | gray | green | lime | maroon | navy | olive | purple | red | silver
| teal | white | yellow | <color value>
set padding-top <integer>
set padding-bottom <integer>
set padding-left <integer>
set padding-right <integer>
options {font | text
| color | align | size
{normal | bold}
font-size {xx small 5 28 | x small | small | medium | large | x large | xx large} | 5-
28
line-height
10 120%
fg-color {aqua 6 | black | blue 0033CC | fuchsia | gray
| green | lime
| maroon | navy
value>}
bg-color {aqua 6 | black | blue FF0000 | fuchsia | gray | green | lime
| maroon | navy
margin-top
border-top <topwidth_int> 6 {none | dotted
| dashed | solid}
| dashed | solid}
| dashed | solid}
118
column-gap
set schedule {daily | weekly}
day {sunday
| monday | tuesday
schedule
00:00
widget
set default-html-style <style_name>
set default-pdf-style <style_name>
set page-style <style_name>
set page-header-style <style_name>
page-orient
120
default-pdf-style
page-style
page-footer-style
report-title-style ? <style name>
report-subtitle-style ? <style_name>
heading1-style 1 ? 1 <style_name>
heading2-style 2 ? 2 <style_name>
heading3-style 3 ? 3 <style_name>
heading4-style
toc-title-style
toc-heading1-style 1 ? <style_name> 1
toc-heading2-style 2 ? <style_name> 2
toc-heading3-style 3 ? <style_name> 3
toc-heading4-style 4 ? <style_name> 4
normal-text-style ? <style_name>
bullet-text-style ? <style_name>
numbered-text-style ? <style_name>
image-style
hline-style
table-chart-caption- ?
router
RG-WALL RG-WALL
RG-WALL RIP OSPF
deny
122
config rule
exact-match
any
wildcard IP <address_ipv4> 0.0.255.0 0 <wildcard_mask> 1
any
interface <if_name>
123
set server <servername_string>
set source-ip <ipv4_addr>
failtime <attempts_int>
ha-priority <priority_int> HA 1 50
1
HA
RIP 2
RG-WALL
RG-WALL “config system global”
hh:mm: ss day month year end
infinite —
hh — 0 23
mm — 0 59
ss — 0 59
day — 1 31
month — 1 12
year — 1993 2035
hh mm ss day month 1
125
mm:ss day month year end
hh:mm:ss day month year
infinite —
hh — 0 23
mm — 0 59
ss —0 59
day — 1 31
month — 1 12
year — 1993 2035
hh mm ss day month 1
ospf
RG-WALL OSPF RFC 2328
OSPF
AS
ABR LSA
BRF BFD
CLI BFD
auto-cost-ref-bandwidth <mbps_integer> set bfd
set default-information-route-map <name_str>
set default-metric <metric_integer>
set distance <distance_integer>
set distance-external <distance_integer>
set distance-inter-area <distance_integer>
set distance-intra-area <distance_integer>
set distribute-list-in <access_list_name>
set restart-period
set default-cost <cost_integer>
set stub-type {no-summary | summary}
config filter-list
edit <filter-list_id>
set authentication-key <password_str>
set dead-interval <seconds_integer>
set hello-interval <seconds_integer>
end end
config neighbor
edit <neighbor_id>
set authentication-key <password_str>
set cost <cost_integer>
set metric <metric_integer>
128
WALL OSPF ABR
ABR
bfd {enable | disable | global} BFD
• enable - BFD
• disable - BFD
• global -
database-overflow-max-lsas
LSA OSPF
OSPF lsas_integer
lsas_integer 0
4294967294
10000
database-overflow-time-to-
seconds_integer 0
RG-WALL
300
default-information-metric
16777214
10
default-information-metric-
OSPF
{always | disable | enable} always RG-WALL
10
<distance_integer> 255
<distance_integer> 255
<distance_integer> 255
“router
WALL
rfc1583-compatible RFC 1583 disable
{enable | disable} OSPF RFC 1583 RFC 1583
IP
ID
0.0.0.0 ID
<hold_integer>
SPF
hold_integer 0 4294967295
SPF OSPF
CPU spf-timers 0
CPU
config router ospf
ABR
OSPF
OSPF NSSA AS
AS
OSPF
ABR
ABR
direction list
none | text}
<cost_integer>
nssa-default-information-
originate
disable
nssa-default-information-
originate-metric
<metric>
{enable | disable} NSSA enable
nssa-translator-role NSSA NSSA candidate
{always | candidate | Type 7 LSA OSPF never} Type 5 LSA NSSA NSSA
NSSA
NSSA NSSA
NSSA
NSSA
summary
direction {in | out} in out
out
edit <range_id> ID 0
4294967295
substitute-status {enable |
none —
text —
<password_str> 15
authentication-key
text
dead-interval hello-interval
40
hello-interval
seconds_integer 1 65535
10
md5-key md5 <id_integer><key_str> MD5 ID
set md5-key 6 "ENC yYKaPSrY89CeXn66WUybbLZQ5YM="
ID
16
0.0.0.0
<seconds_integer> seconds_integer
1 65535
transmit-delay 1
133
id 15.1.1.1 summary 20 MD5
config router ospf config
config router ospf
end
access-list <name_str> Null
config router ospf config
cost <cost_integer> cost_integer 1
65535
10
poll-interval
10
priority
255
prefix <address_ipv4mask> OSPF IP 0.0.0.0
0.0.0.0
10.1.1.1
end
RG-WALL interface <name_str>
{md5 | none | text}
authentication-key text <password_str> text
authentication-key
136
database-filter-out
dead-interval
dead-interval hello-interval
40
hello-interval
1 65535
IPSec GRE
IP OSPF
0.0.0.0
MD5 ID
set md5-key 6 "ENC yYKaPSrY89CeXn66WUybbLZQ5YM="
ID
16
65535
mtu-ignore OSPF MTU
137
broadcast
prefix-length <int> OSPF hello 0 32 0
priority 1
<integer>
<seconds_integer> seconds_integer 1
65535
transmit-delay 1
static | rip}
16777214
10
routemap <name_str>
tag <tag_integer>
0
config router ospf
ASBR LSA
OSPF
prefix <address_ipv4mask> IP
0.0.0.0 0.0.0.0
0
policy,
139
IP
RG-WALL
move
RG-WALL
<policy_integer>
dst
0.0.0.0 0.0.0.0
destination-port-range
start-port end-port
start-port end-port
port_integer 0 65535
6 TCP 17 UDP 132 SCTP
65 535
protocol 6 TCP 17 UDP 132
SCTP
65 535
0 255
0
UDP 1 ICMP 47 GRE
92
0.0.0.0 0.0.0.0
destination-port-range
start-port end-port
start-port end-port
port_integer 0 65535
6 TCP 17 UDP 132 SCTP
protocol 6 TCP 17 UDP 132
SCTP
1
prefix-list,
RIP OSPF
IP permit
deny
config router setting
comments <string> 127
ge
0
32
{<address_ipv4mask> | any ge 0.0.0.0
any} any ge le
prefix-list
RIP
15 X 16
RIP RG SecOS RIP 1 RFC 1058 RIP 2 RFC 2453 RIP
2 RIP
142
set auth-string <password_str>
set metric <metric_integer>
set routemap <name_str>
default-metric 1
1 16
RIP
<timer_integer> RIP
version {1 2} RIP RIP 1
RIP 2
receive-version {1 2} send-version {1 2}
“config interface”
1 5 -
config router rip
distance
Null
distance
0
prefix
config router rip config
“router access-list “router prefix-list”
direction listname
145
direction {in | out}
in
out
RIP 2 RIP
RIP 2 receive-version send-version 1 1
2 1 auth-mode none
IPSec GRE
auth-keychain
none —
<password_str> auth-
string 35
receive-version {1 2} RIP 520 UDP
1 — RIP RIP 1
2 — RIP RIP 2
1 2 — RIP RIP 1 2
send-version {1 2} RIP 520 UDP
1 — RIP RIP 1
2 — RIP RIP 2
1 2 — RIP RIP 1 2
{enable | disable} RIP 2 RIP 1
{poisoned | regular}
test1
ip <address_ipv4> IPv4 0.0.0.0
prefix
0.0.0.0
config router rip
end
access-list <name_str>
5 10
15
acc_list1
ospf | static}
16
setting
149
show-filter <prefix_list> prefix-list
RG-WALL
ECMP IP NAT
IP IP
Source based ECMP Weighted Spill-over config system setting CLI set v4-ecmp-mode Source Based Weighted ECMP spill-over usage-based ECMP RG-WALL RG-WALL ECMP ECMP “system settings”
end
blackhole dst gateway blackhole dst
blackhole disable
{enable | disable}
150
config system interface “distance
<distance_integer>”
10
disable
IPv4
IP NAT IP
0 4294967295
CLI
0
weighted
weight-based
3g-modem custom interface replacemsg nac-quar
accprofile ipip-tunnel replacemsg nntp
amc mac-address-table replacemsg sslvpn
arp-table modem replacemsg traffic-quota
dedicated-mgmt replacemsg alertmail storage
dns replacemsg ec vdom-dns
dns-database replacemsg Ruijieguard-wf vdom-link
dns-server replacemsg ftp vdom-property
email-server replacemsg http vdom-radius-server
fips-cc replacemsg im vdom-sflow
Ruijieguard replacemsg mail virtual-switch
class-id <cid_hex> USB 0x00 - 0xFF
152
end
end
end
<access-group>
153
LDAP
fwgrp firewall configuration
get system status
autoupdate
utmgrp UTM
vpngrp VPN
<access-level> none
none
read
read-write
address
device
others
policy
profile
service
config loggrp-permission loggrp custom
config
data-access
154
antivirus
application-control
ips
netscan
voip
webfilter
admin
RG-WALL
Web
admin super_admin
super_admin_readonly super_admin_readonly
super_admin super-admin
RADIUS RG-WALL
super_admin CLI
super_admin ITAdmin 123456
config system admin
“null”
“empty” “null”
vdom
vdom-override
| trusthost9 | trusthost10} <address_ipv4mask>
super_admin
<comments_string>
gui-log-display Web {
| memory |disk}
password-expire <date> 0 0000-00-00
<time> 00:00:00
{disable | enable}
config user group
HTTPS
disable
remote-auth
TACACS+
schedule Null
ssh-public-key1 SSH "<key-type> SSH
157
type>
<key-value>"
DSA <key type> ssh-dss RSA
ssh-rsa
ssh-public-key3 "<key-
{trusthost1 | trusthost2 IPv4 0.0.0.0 0.0.0.0
| trusthost3 | trusthost4 RG-WALL | trusthost5 | trusthost6 | trusthost7 | trusthost8 RG-WALL
| trusthost9 | trusthost10} 0.0.0.0 0.0.0.0
<address_ipv4mask>
wildcard
RG-WALL
set widget-type ?
<column_number>
name <name_str>
IP
(msg-counts) bytes
top-n <results_int> —
10 10
-
0
refresh-interval <interval_int> — 10 240 0 bytes
sort-by {bytes | msg-counts}— bytes
(msg-counts)
10
show-local-traffic
ID
disable
sort-by
chart-color <color_int> —
MAC
ip <address_ipv4> ARP IP
mac <mac_address> MAC xx:xx:xx:xx:xx:xx
auto-install
U
U U FAT16
U RG-WALL
“exe usb-disk format”.
U Windows “format <drive_letter>:/FS:
FAT /V:<drive_label>” where <drive_letter> USB <drive_label>
U
RG-WALL USB U U
auto-install-image
default-config-file U system.conf
default-image-file U image.out
autoupdate push-update
RG-WALL
RG-WALL RG-WALL SETUP FDN
FDN RG-WALL
60 RG-WALL FDN
IP
FDN NAT RG-WALL NAT
NAT IP PPPoE DHCP
NAT
override
FDN
NAT
9443
set time <hh:mm>
set day <day_of_week>
frequency
interval
time
00:00
Monday
IP
RG-WALL HTTP CONNECT RFC 2616 RG-WALL
HTTP CONNECT FDN
IP FDN RG-WALL FDN
163
HTTPS RG-
WALL HTTPS 8890 FDN
port <proxy_port> 0
username <name>
<baudrate> 9600 19200 38400 57600 115200
9600
no
server <servername> SMTP
Ruijievirussubmit.com
bug_report
username-smtp
bug_report
bypass
set bypass-watchdog {enable | disable}
set poweroff-bypass {enable | disable}
10
bypass-watchdog
set Ruijiemanager-fds-override {enable | disable}
schedule-script-restore
allow-monitor
allow-push-
configuration
57600 115200
mode {batch | line} line
output {standard | more} standard more
more
ddns
DDNS
ddns-password
dipdns.net
DDNS
genericDDNS — ddns-server-ip DDNS
(RFC 2136)
now.net.cn — ip.todayisp.com
ods.org — ods.org
tzo.com — rh.tzo.com
vavic.com — ph001.oray.net
ddns-username
monitor-interface
dedicated-mgmt
VDOM CLI
default-gateway <IPv4_addr> 192.168.1.1
interface <port_name> mgmt
DHCP IP 200
database
regular
IP
“system dhcp reserved-address”
set domain <domain_name_str>
set interface <interface_name>
set option1 <option_code> [<option_hex>]
set option2 <option_code> [<option_hex>]
set option3 <option_code> [<option_hex>]
set option4 <option_code> [<option_hex>]
set option5 <option_code> [<option_hex>]
set option6 <option_code> [<option_hex>]
set server-type {ipsec | regular}
RG- WALL
auto-configuration
1 100
dns-server1
dns-service specify
0.0.0.0
dns-server2
dns-service specify
0.0.0.0
dns-server3
dns-service specify
0.0.0.0
dns-service {default
| specify | local} config system dns DNS
RG-WALL DHCP
specify DHCP DHCP
DNS dns-server# DNS
DHCP
specify
domain
interface
DHCP IP
DHCP
IPsec VPN IP
server-type ipsec
range
ipsec-lease-hold
DHCP-over-IPSec
server-type ipsec
60
lease-time <seconds> DHCP DHCP 604800
300 864000 10 7
netmask <mask> DHCP DHCP 0.0.0.0
ntp-server1 NTP IP 0.0.0.0 <ipv4_addr>
ntp-server2 <ipv4_addr> 0.0.0.0
ntp-server3 <ipv4_addr> 0.0.0.0
DHCP
specify
171
option1
<option_code>
[<option_hex>]
option2
<option_code>
[<option_hex>]
option3
<option_code>
[<option_hex>]
option4
<option_code>
[<option_hex>]
option5
<option_code>
[<option_hex>]
option6
<option_code>
[<option_hex>]
option_code 1 255 DHCP option_hex
DHCP
RFC 2132 DHCP BOOTP
0
server-type
regular
vci-match
DHCP
wifi-ac2 <ipv4_addr> 0.0.0.0
wifi-ac3 <ipv4_addr> 0.0.0.0
0.0.0.0
wins-server2
0.0.0.0
wins-server3
0.0.0.0
IP DHCP
16 RG-WALL DHCP DHCP
IP
end-ip <end_ipv4> IP IP IP
0.0.0.0
start-ip <start_ipv4> IP IP IP
0.0.0.0
DHCP DHCP IP
16 RG-WALL DHCP
172
end-ip <address_ipv4> DHCP DHCP IP IP
I start-ip end-ip IP
I start-ip end-ip IP
IP DHCP
16
mac <mac_addr> IP MAC MAC
DHCP
DNS RG-WALL URL
DNS
dns-cache-limit <integer> DNS 5000
dns-cache-ttl <int> DNS 1800
domain <domain_name>
primary <dns_ipv4> DNS IP 208.91.112.53
secondary <dns_ip4> DNS IP 208.91.112.52
source-ip <ipv4_addr> DNS IP 0.0.0.0
dns-database
RG-WALL DNS RG-WALL DNS DNS
173
IPv4 A NS CNAME MX
end
end
authoritative {enable | disable} enable
contact <email_string>
example.com
primary-name <name_string> DNS dns
source-ip <ipv4_addr> DNS IP 0.0.0.0
status {enable | disable} DNS enable
ttl <int> 0
2,147,483,647
86400
mailto:[email protected]
174
DNS
Null
hostname <hostname_string> Null
ip <ip_address> IP IPv4 type A
0.0.0.0
10
ttl <entry_ttl_value> 0 2147483
647
0
type {A | AAAA | MX | NS A — IPv4 A | CNAME}
CNAME —
MX —
NS —
end
| non-recursive | recursive} forward-only — RG-WALL DNS
175
system dns-database
email-server
set server {<name-str> | <address_ipv4>}
SMTP
disable
server
TCP SMTP 25 SMTP
security {none | smtps | starttls} none
server
smtp.domain.com RG-WALL
SMTP RG-WALL
176
SMTP
Ruijieguard
• RuijieGuard Antivirus IPS
IP
RuijieGuard
177
ddns-server-port
service-account-id
ID
load-balance-servers
RG-WALL RuijieGuard
balance-servers 1 RG-WALL
RuijieGuard
load-balance-servers 2 RuijieGuard
RG-WALL
1
{enable | disable} RG-WALL
FDN IP
URL
<ttl_int> TTL RG-WALL
FDN
avquery-cache-
1 15
avquery-license RuijieGuard
N/A
avquery-timeout
7
central-mgmt-auto-
backup
WALL service-account-id
RuijieGuard
webfilter-cache-ttl TTL 3600
<ttl_int> TTL RG-
WALL FDN
86400
N/A
webfilter-force-off
disable
RuijieGuard
webfilter-sdns-
0.0.0.0
webfilter-sdns-
443
webfilter-timeout
15
geoip-override
179
global
runtime-only config RG-
WALL runtime-only
set cfg-save {automatic | manual | revert}
set cfg-revert-timeout <seconds> execute cfg reload
set auth-cert <cert-name>
set auth-http-port <http_port>
set auth-https-port <https_port>
set av-failopen-session {enable | disable}
set batch-cmdb {enable | disable}
set cfg-revert-timeout <seconds>
set fmc-xg2-load-balance {disable | enable}
set gui-antivirus {enable | disable}
set gui-application-control {enable | disable}
set gui-ap-profile {disable | enable}
set gui-central-nat-table {disable | enable}
set gui-certificates {enable | disable}
set gui-client-reputation {enable | disable}
set gui-dns-database {disable | enable}
set gui-dynamic-profile-display {disable | enable}
set gui-dynamic-routing {enable | disable}
set gui-implicit-policy {disable | enable}
set gui-ips {enable | disable}
set gui-ipsec-manual-key {enable | disable}
set ie6workaround {enable | disable}
set internal-switch-speed {100full | 100half | 10full | 10half | auto}
set ip-src-port-range <start_port>-<end_port>
set ipsec-hmac-offload {disable | enable}
two-factor-email-expiry <seconds_int> set
admin IP
15 300
0
admin-https-pki-required
admin
disable
admin-lockout-duration
{enable | disable}
admin-reset-button
30
enable
admin-scp
admin-server-cert { HTTPS self-sign | <certificate> }
Ruijie_Factory self-sign
admin-ssh-grace-time
120
admin-ssh-port
admin-ssh-v1
admin-telnet-port
admintimeout 5
5
enable
183
anti-replay {disable | loose TCP TCP strict
| strict} SYN TCP
SYN ACK TCP
TCP
TCP
• RG-WALL TCP
RG-WALL
RST
self-sign
auth-http-port <http_port> HTTP <http_port> 1 65535 1000
auth-https-port
65535
1003
{enable | disable} IP
av-failopen pass
{idledrop | off | one-shot | idledrop off one-shot pass} pass
• idledrop —
184
{enable | disable} failopen av-failopen
{enable | disable}
cert-chain-max <int> 8
manual | revert} runtime-only
• automatic —
600
check-protocol-header loose
{disable | strict} • — RG-WALL ICMP
• strict — RG-WALL IP(A,B) |
185
A:C->RG SecOSB:D
TCP
ICMP
ICMP
anti-replay
disable
csr-ca-attribute
CA CSR
restart-time
dst {enable | disable}
AV/IPS HA
enable
fds-statistics-period
<minutes> FDS 1 1440 60
fgd-alert-subscription
latest-attack — RuijieGuard
latest-threat — RuijieGuard
latest-virus — RuijieGuard
new-attack-db — RuijieGuard IPS
fwpolicy-implicit log
gui-antivirus
gui-application-control
{enable | disable} Web enable
gui-ap-profile {disable | Web AP enable} 30D
disable
186
gui-dns-database {disable |
gui-dynamic-profile-
display {disable | enable} Web enable
gui-dynamic-routing Web {enable | disable} System > Network > Routing
System > Monitor > Routing Monitor
gui-ipsec-manual-key
gui-lines-per-page
gui-load-balance Web disable
{disable | enable}
gui-multiple-utm-profiles
enable
{enable | disable}
VPN
gui-sslvpn-personal-
bookmarks
gui-sslvpn-realms
gui-voip-profile {disable |
gui-vpn {enable | disable} Web VPN enable
gui-vulnerability-scan
gui-webfilter
hostname <unithostname> RG-WALL RG-WALL
16
CLI
URL
header-only — HTTP
disable
| interface | switch}
RG-WALL
100full
100half
10full
10half
auto
100 10 100M 10M Full half
<start_port>-<end_port> <start_port> <end_port> 1
65535 1 65535
FDN
IPsec HMAC
english french japanese korean
portuguese spanish simch ( ) trach
( )
disable
ldapconntimeout
login-timestamp
TCP/IP TCP/IP
telnet 23 HTTP 80
disable
log-user-in-upper
VDOM
max-report-db-size <size> MByte 1024
miglogd-children <int> miglogd 0 15 0
num-cpus <int> CPU
optimize antivirus
{antivirus | throughput}
throughput
phase1-rekey 1 IKE enable
{enable | disable}
<limit_int> 100 0
per-user-bwl
pre-login-banner
“system replacemsg
post-login-banner
radius-port <radius_port> RADIUS RADIUS
1812 RADIUS 1645
CLI RG-WALL
RADIUS
enable
189
300 0
RADIUS 5
reset-sessionless-tcp
RESET
daily-restart
disable
revision-image-auto-
scanunit-count <count_int> CPU
CPU RG-WALL
Web
{enable | disable}
sp-load-balance 3950B 3951B 3140B SP disable
{enable | disable}
sslvpn-max-worker-count
CPU
CPU
190
sslvpn-worker-count SSL CPU <count_int> CPU 1
strict-dirty-session-check disable
{enable | disable} 3DES SHA1 HTTPS/ SSH
Netscape 7.2 Netscape 8.0 Firefox
Microsoft Internet Explorer 7.0 (beta)
Internet Explorer 5.0
6.0
syncinterval
NTPsyncinterval
0
tcp-halfopen-timer 60
tcp-option
{enable | disable} SACKtimestamp MSS TCP
tcp-option
tcp-timewait-timer TCP TIME-WAIT 1
<seconds_int> RFC 793 ”TIME-WAIT state represents waiting
for enough time to pass to be sure the remote TCP
received the acknowledgment of its connection
termination request“
0 300 0 TCP TIME-WAIT
0
<timezone_number> RG-WALL
tp-mc-skip-policy
two-factor-email-expiry 60
udp-idle-timer <seconds> UDP 1
86400
disable
http://www.faqs.org/rfcs/rfc793.html
191
sign
vdom-admin
ARP
8192 ARP
ARP
<integer> CPU
gre-tunnel
NAT/Route
• IP ping
ha
RG-WALL (HA)
RG-WALL DHCP PPPoE IP HA
192
HA
• override
• config system interface RG-WALL HA
set encryption {enable | disable}
set gratuitous-arps {enable | disable}
set hc-eth-type <type_int>
set helo-holddown <holddown_integer>
set l2ep-eth-type <type_int>
set minimum-worker-threshold <threshold_int>
set monitor <interface_names>
set override {enable | disable}
set priority <priority_integer>
set session-pickup {enable | disable}
set session-pickup-connectionless {enable | disable}
set session-pickup-delay {enable | disable}
set session-pickup-expectation {enable | disable}
set session-pickup-nat {enable | disable}
set sync-config {enable | disable}
set uninterruptible-upgrade {enable | disable}
set update-all-session-timer {enable | disable}
set weight <priority_integer> <weight_integer>
ARP
<interval_integer>
IP MAC
1 20
authentication
194
encryption {enable | disable} / AES-128 SHA1
HA
link-failed-signal ARP
enable
group-id <id_integer> HA ID ID 0 255 HA
ID ID
MAC
32
<type_int> 4
8890
ha-mgmt-status
{enable | disable} HA disable
ha-mgmt-interface RG-WALL HA <interface_name> “config system interface” IP
HA
<diff_int>
hb-interval 2
<interval_integer> 1 20 100* hb-interval 2
200
hb-lost-threshold 6
hbdev <interface_name> RG-WALL <priority_integer> RG-WALL
[<interface_name> <priority_integer>]...
8891
<holddown_integer>
l2ep-eth-type <type_int> HA HA telnet
<type_int> 4
8893
TCP UTM
UTM
disable
load-balance-udp
mode a-a schedule weight-round-robin
0
HA “minimum-
worker-threshold”
mode {a-a | a-p | standalone} HA
a-p Active-Passive
a-a Active-Passive
standalone HA
RG-WALL dhcp pppoe
standalone
monitor <interface_names>
RG-WALL
Enter the names of the interfaces to monitor.Use a space to separate each interface name.
802.3ad
64
<weight_int> <low_int>
196
0
HA
15
<threshold_integer> 0 50
0 HA IP ping
HA
<timeout_integer> HA IP
IP
2147483647
IP
<weight_int> <low_int> <high_int> <high_int>
mode a-a schedule weight-round-robin
0
HA
10
0
| leastconnection | none
| weight-round-robin} IP IP
{enable | disable}
UDP ICMP
mode a-a a-p mode standalone
TCP
{enable | disable} session-pickup
session-pickup-expectation
mode standalone
disable
session-pickup-nat
session-pickup
mode standalone
number <process_id_int>
session-sync-dev RG-WALL <interface_name> 8 [<interface_name>]...
slave-switch-standby FS-5203B disable
198
<weight_int> <low_int> <high_int> <high_int>
mode a-a schedule weight-round-robin
0
round-robin weight
4
priority_integer 0 3
1 1
1
2
vdom
domain_2 set vdom domain_1 domain_2
VDOM
2 2
config secondary-vcluster 2
1
2
config secondary-vcluster 2 monitor 1
override priority vdom
HA priority override
active-interface
IPSec
edit VLAN
RG-WALL “internal” internal-
switch-mode
config system interface
set bfd-desired-min-tx <interval_msec>
set bfd-detect-mult <multiplier>
set bfd-required-min-rx <interval_msec>
set lacp-speed {fast | slow}
set sample-rate <rate_int>
set sflow-sampler {disable | enable}
link | vlan }
set defaultgw {enable | disable}
allowaccess IP <access_types> append clear
set
probe-response — config system server-probe
alias <name_string>
25
physical
DHCP MS Windows Client ARP
enable
atm-protocol
{ipoa | none} IPoA IPoA ADSL none
auth-type PPP auto
<ppp_auth_method> auto —
global} — BFD BFD
— BFD
bfd-desired-min-tx BFD 1 50
<interval_msec> 100000 msec
<interval_msec> 100000 msec
bfd
disable
defaultgw
DHCP PPPoE
disable
dedicated-to
static “mgmt”
DHCP DHCP
RG-WALL
RG-WALL DHCP RG-WALL MAC
dhcp-relay-ip
<dhcp_relay1_ipv4>
{...<dhcp_relay8_ipv4
8 DHCP
DHCPREQUEST ACKNOWLEDGE
DHCP
dhcp-relay-type
regular
regular
mode pppoe NAT/Route
<admin_distance>
“distance <distance>”
NAT/Route
DNS
enable
drop-fragment
edit <secondary_ip_id> 1 IP
205
SIP NAT
ping (detectserver) detectserver
NAT
<collision_group_num 0 ber>
ARP
RG-WALL
disable
<pppoe_timeout_secon 0 ds>
mode pppoe
inbandwidth Kbit/sec 0
<bandwidth_integer>
ip IP <interface_ipv4mask> dhcp pppoe
IP
MAC “ipmacbinding
setting” “ipmacbinding table”
disable
ipunnumbered IP PPPoE <unnumbered_ipv4> IP IP IP
IP
IP ISP
IP IP
{enable | disable} 2 IPX PPTP L2TP
RG-WALL
{enable | disable}
RG-WALL
HA
5
lcp-max-echo-fails
mode pppoe
3
macaddr MAC <mac_address> MAC xx:xx:xx:xx:xx:xx
Independent Interface)
SFP
SFP 1000 Mbps
sgmii-sfp SGMII SGMII
10 100 1000 Mbps
mode
NAT/Route
eoa — Ethernet over ATM
NAT/Route
MTU
• RG-WALL
RG-WALL MTU 1500
MTU
1 500
{enable | disable} 1500
IPsec
VLAN MTU
1500 MTU
Windows Internet Name Service (WINS)
wins-ip <wins_server_ip> WINS
IP
NAT/Route
208
<padt_retry_seconds> PPPoE
mode pppoe NAT/Route
password
RG-WALL
PoE
<interval_int> sFlow collector 1
255
pptp-client PPTP disable
{disable | enable} l2forward
HA
HA
pptp-password
pptp-server-ip
209
pptp-auth-type
pptp-timeout <pptp_idletimeout> PPTP 0
priority
pppoe dhcp
0
ip
captive-portal
tx)
rate 10 99999
sample-rate
sFlow
sample-rate
{enable | disable}
security-groups
captive-portal
sample-rate polling-interval sample-direction
sFlow RG-WALL
VLAN
sFlow “system sflow”
disable
speed auto
ECMP v4-ecmp-mode
config system settings
usage-based spillover-
{enable | disable}
STP RG-WALL VLAN
VDOM
rpl-bridge-ext-id ID
xx:xx:xx:xx:xx:xx
trust-ip-1 <ipmask>
trust-ip-2 <ipmask>
trust-ip-3 <ipmask>
“mgmt”
0.0.0.0/24
type {aggregate | hard- vlan switch | hdlc | loopback | physical |
redundant | tunnel | vap-
802.3ad 8
physical
switch-hardware
T1/E1
DNS CLI Web
type {aggregate | hard- physical — RG-WALL vlan switch | hdlc | type physical loopback | physical | physical redundant | tunnel | vap-
switch | vdom- redundant — 2
link | vlan }
intf phase1 IPSec
vdom-link —
NAT/Route
vdom <vdom_name>
IP
root
vlanforward
VLAN VLAN
enable
VLAN ID
VLAN ID 1 4094 0
4095 IEEE
VLAN
VLAN
RG-WALL
MAC VRRP MAC
RFC 3768
0
wins-ip
pap —
password <password> L2TP n/a
peer-host <ipv4_addr> L2TP IP n/a
peer-mask <netmask> L2TP
255.255.255.255
0
gwaddr <IPv4> IP
mux-type
ISP
vci <integer> VCI 0 255
ISP
0 65535 ISP
35
algorithm L4
L2
lacp-ha-slave
LACP Active-
Passive HA lacp-mode static
enable LACP slave
enable
passive | static} active — LACP PDU
214
{fast | slow} slow — 30 LACP PDU
LACP PDU
slow
member <if_name1> <if_name 2> ...
VDOM vdom
member
• DHCP
• VLAN
• VIP
•
port1 5
1
VRRP RFC 3768
<VRID_int> VRRP ID 1 255 VRRP
adv-interval
preempt VRRP enable
{enable | disable}
VRRP
<seconds_int>
ipip-tunnel
ips-urlfilter-dns
status {enable | disable} enable
mac-address-table
11:22:33:00:ff:aa
reply-substitute
modem
set auto-dial {enable | disable}
set holddown-timer <seconds>
set idle-timer <minutes>
set interface <name>
set lockdown-lac <lac_str>
set network-init <init_str>
set phone1 <phone-number>
set phone2 <phone-number>
set phone3 <phone-number>
set pin-init <init_str>
set redial <tries_integer>
{equal | fallback} equal —
authtype1 {pap chap
pap chap
standalone
dial-on-demand
idle-timer
standalone
IP
“distance <distance>”
extra-init3 <init_str>
holddown-timer 60
1-60
idle-timer <minutes>
5
mode standalone
PCMCIA
internal pcmcia-wireless internal
3G PCMCIA pcmcia-wireless
AT+COPS=<mode>,[<format>,<oper>[,<AcT>]]
<mode>
generic
generic
generic
phone2 <phone-number>
pin-init <init_str> AT PIN
null
{disable | enable} ppp-echo-request1
{disable | enable} ppp-echo-request2
{enable | disable} ppp-echo-request3
“router
ISP 1 10 none
disable
wireless-port <port_int> 3G TTY 0
0
monitors
widget-type
| virus | webfilter} — monitor
sort-by {bytes | msg-counts}— bytes
(msg-counts)
report-by {source | destination | destination-port}
resolve-host {enable | disable} —
show-auth-user {enable | disable} —
(msg-counts)
top-n <results_int> —
refresh-interval <interval_int> —
top-n <results_int> —
RG-WALL CPU
“traffic-shaping-mode” bidirection 2
IPSEC FB4
{enable | disable}
{enable | disable}
IPSEC FB4
{enable | disable} FB4
server-mode
disable
source-ip <ipv4_addr> NTP IP 0.0.0.0
syncinterval <interval_int> NTP
1 1440
ntpsync
d
edit <serverid_int> NTP
authentication {enable | disable} MD5 disable
key <password_str> MD5 null
key-id <int> MD5 Key-ID 0
ntpv3 {enable | disable} NTPv3 NTPv4 disable
server
object-tag
minimum-length
min-lower-case-letter
90
status
probe-response
http-probe-value <string> OK
http-probe
interface <port> IP
ip <ipv4_address> IP
225
CLI RG-WALL Web CLI RG-WALL
set buffer <message>
set format <format>
set header <header_type>
%%TIMEOUT%%
“system email-server”
HTTP HTML
set buffer <message>
set format <format>
set header <header_type>
buffer <message>
8bit
http
none
Send alert email for logs based on severity
AntivirusFileFilter
level Alert Emergency
alertmail-disk-full Diskusage
alertmail-nids-event Intrusion detected IPS DoS
227
%%VIRUS%% %%VIRUS%%
%%URL%% HTTP
URL
%%PROTOCOL%%
HTTP HTTPS HTML
FTP Telnet
HTML
•
228
• <INPUT TYPE="text" NAME="%%USERNAMEID%%" size=25>
• <INPUT TYPE="password" NAME="%%PASSWORDID%%" size=25>
HTTP HTML
set buffer <message>
set format <format>
set header <header_type>
8,192
RADIUS challenge-access auth
challenge-access Reply-Message
“Please enter new PIN”
RADIUS
PIN
SecurID PIN
Web
8192 16384 24576
config system global
set auth-keepalive enable
%%TIMEOUT%%
HTML
auth-reject-page Disclaimer page URL URL
RG-WALL
%%TIMEOUT%%
• ACTION =“/” METHOD =“POST” HTML
•
• The form must contain the following visible controls:
• <INPUT TYPE="text" NAME="%%USERNAMEID%%" size=25>
• <INPUT TYPE="password" NAME="%%PASSWORDID%%" size=25>
replacemsg device-detection-portal
set buffer <message>
set format <format>
set header <header_type>
RuijieGuardWeb
RuijieGuard URL RG-WALL HTTP 8
RuijieGuard Web HTTP 4xx 5xx
RuijieGuard RuijieGuard HTTP
RG-WALL SSL HTTPS
set buffer <message>
set format <format>
set header <header_type>
8,192
ftgd-block Enable RuijieGuard Web Filtering Web HTTP
HTTPS ftgd-block
8: RuijieGuard
“web filter override”
232
http-err Provide details for blocked HTTP 4xx and 5xx errors Web
HTTP HTTPS http-err
FTP FTP
set buffer <message>
set format <format>
set header <header_type>
8,192
FTP
233
%%URL%% HTTP
URL
%%PROTOCOL%%
IP
IP
HTTP HTTP HTTP HTML
RG-WALL SSL HTTPS
set buffer <message>
set format <format>
set header <header_type>
8,192
bannedword
http-block Antivirus File Filter Web HTTP
HTTPS HTTP GET
http-block
http-client-archive-
block
http-client-bannedword
http-client-block Antivirus File Filter HTTP HTTPS
HTTP POST
http-client-block
http-client-filesize Oversized File/Email Block HTTP HTTPS HTTP
PUT http-client-filesize
http-contenttype-
block
http-contenttype-block
http-filesize HTTP HTTPS Antivirus Oversized File/Email Block
HTTP GET http-filesize
http-post-block HTTP POST Action Block RG-WALL HTTP POST
http-post-block
URL infcache-block
URL “firewall policy”
url-block URL URL
URL url-block
235
%%VIRUS%% %%VIRUS%%
%%URL%% HTTP
URL
%%PROTOCOL%%
IP
set buffer <message>
set format <format>
set header <header_type>
8,192
Message name
Message name
AIM ICQ MSN Yahoo CLI
im-photo-share-block block-photo CLI
MSN Yahoo CLI
im-voice-chat-block block-long-chatBlock Audio
AIM ICQ MSN Yahoo!
im-video-chat-block block-video CLI
MSN CLI
%%VIRUS%% %%VIRUS%%
%%PROTOCOL%%
IP
IP
set buffer <message>
set format <format>
set header <header_type>
8,192
Message name
Message name
email-filesize
partial
RG-WALL SMTP 554 SMTP
smtp-block
RG-WALL SMTP RG-WALL
SMTP 554 SMTP smtp-
filesize
%%VIRUS%% %%VIRUS%%
%%PROTOCOL%%
8,192
comment <comment_str>
http
SSL VPN
<msg_category>
replacemsg-group
message mm1 mm3 mm4 mm7 buffer
set group-type {auth | captive-portal | ec | utm}
config {auth | ec | Ruijieguard-wf | ftp | http | mail | mm1 | mm3 | mm4 | mm7 | nntp | spam}
edit <msgkey_integer>
VDOM
comment <string>
captive-portal — captive-portal
utm — UTM
message <string>
buffer
SMIL image-base64 image-type
242
NAC DoS IPS
HTTP HTML
set buffer <message>
set format <format>
set header <header_type>
8,192
Message name
nac-quar-dos DoS CLI quarantine attacker interface
DoS DoS IP IP RG-WALL
RG-WALL 80
HTTP RG-WALL
quarantine both
17: nac-quar message types
Message name
RG-WALL 80 HTTP
RG-WALL 80 HTTP
RG-WALL method
Attacker and Victim IP Address
nac-quar-virus Antivirus Quarantine Virus Sender IP RG-WALL
RG-WALL 80 HTTP
RG-WALL
set buffer <message>
set format <format>
set header <header_type>
8,192
Message name
NNTP RG-WALL nntp-dl-blocked
FTP
nntp-dl-filesize NNTP Antivirus Oversized File/Email Block RG-WALL
NNTP nntp-dl-
filesize
sslvpn-logon RG-WALL SSL VPN
sslvpn-limit SSL VPN
RG-WALL
HTTP HTML
set buffer <message>
set format <format>
set header <header_type>
8,192
RG-WALL RG-WALL HTTP per-IP
HTTP HTML
set buffer <message>
set format <format>
set header <header_type>
8,192
set buffer <message>
set format <format>
set header <header_type>
8,192
virus-text
23:
%%VIRUS%% %%VIRUS%%
%%PROTOCOL%%
VDOM
VDOM VDOM 100 VPN IPSec Phase1
d end
100 VPN IPSec Phase 1 VDOM
VDOM VDOM
“system vdom-property”
RG-WALL RG-WALL
RG-WALL RG-WALL Maximum
Values Matrix
0
0
firewall-address
log-disk-quota
IP
port <port_int> HTTP-GET TCP 80
protocol {ping | http-get} ping
response-v