User's Manual
Table Of Contents
- ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
- Contents
- 1. Introduction
- 2. Overview of the Configuration Commands
- 3. Net Mode Configuration Commands
- 4. Security Mode Configuration Commands
- Security Services Commands
- Security Schedules Commands
- IPv4 Add Firewall Rule and Edit Firewall Rule Commands
- IPv4 General Firewall Commands
- IPv6 Firewall Commands
- Attack Check Commands
- Session Limit, Time-Out, and Advanced Commands
- Address Filter and IP/MAC Binding Commands
- Port Triggering Commands
- UPnP Command
- Bandwidth Profile Commands
- Content Filtering Commands
- 5. System Mode Configuration Commands
- 6. Dot11 Mode Configuration Commands
- 7. VPN Mode Configuration Commands
- IPSec VPN Wizard Command
- IPSec IKE Policy Commands
- IPSec VPN Policy Commands
- IPSec VPN Mode Config Commands
- SSL VPN Portal Layout Commands
- SSL VPN Authentication Domain Commands
- SSL VPN Authentication Group Commands
- SSL VPN User Commands
- SSL VPN Port Forwarding Commands
- SSL VPN Client Commands
- SSL VPN Resource Commands
- SSL VPN Policy Commands
- RADIUS Server Command
- L2TP Server Commands
- 8. Overview of the Show Commands
- 9. Show Commands
- 10. Utility Commands
- CLI Command Index
VPN Mode Configuration Commands
184
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
auth_method Pre_shared_key or
RSA_Signature
Specifies the authentication method:
• Pre_shared_key. A secret that is
shared between the wireless VPN
firewall and the remote endpoint. You
also need to issue the
pre_shared_key keyword and specify
the key.
• RSA_Signature. Uses the active
self-signed certificate that you uploaded
on the Certificates screen of the web
management interface.
Note: You cannot upload certificates by
using the CLI.
pre_shared_key key If the auth_method keyword is set to
Pre_shared_key, specifies a key with a
minimum length of 8 characters and no
more than 49 characters.
dh_group Group1_768_bit,
Group2_1024_bit, or
Group5_1536_bit
The DH Group sets the strength of the
algorithm in bits. The higher the group,
the more secure the exchange.
lifetime seconds The period in seconds for which the IKE
SA is valid. When the period times out,
the next rekeying occurs.
enable_dead_peer_detection Y or N Enables or disables dead peer detection
(DPD). When DPD is enabled, you also
need to issue the detection_period
and reconnect_failure_count
keywords and associated parameters.
detection_period seconds The period in seconds between
consecutive DPD R-U-THERE
messages, which are sent only when the
IPSec traffic is idle.
reconnect_failure_count number The maximum number of DPD failures
before the wireless VPN firewall tears
down the connection and then attempts to
reconnect to the peer.
Keyword Associated Keyword to
Select or Parameter to Type
Description