ZyXEL Communications ZLD User Manual
Chapter 35 Endpoint Security
ZyWALL (ZLD) CLI Reference Guide
271
[no] personal-firewall
personal_firewall_softwar
e_name detect-auto-
protection {enable |
disable | ignore}
Sets a permitted personal firewall. If you want to enter multiple personal firewalls,
use this command for each of them. Use the list signature personal-firewall
command to view the available personal firewall software package options.
use this command for each of them. Use the list signature personal-firewall
command to view the available personal firewall software package options.
detect-auto-protection
: Set this to enable if the specified firewall software is not
only detectable for the installation but also detectable for the activation status. You
can check the settings for each firewall software by using the show eps signature
personal-firewall
can check the settings for each firewall software by using the show eps signature
personal-firewall
command.
The user’s computer must have one of the listed personal firewalls to pass this
checking item. For some personal firewalls the ZyWALL can also detect whether or
not the firewall is activated; in those cases it must also be activated.
checking item. For some personal firewalls the ZyWALL can also detect whether or
not the firewall is activated; in those cases it must also be activated.
[no] application
forbidden-process
process_name
If you selected windows or linux as the operating system (using the os-type
command), you can use this command to set an application that a user’s computer is
not permitted to have running. If you want to enter multiple applications, use this
command for each of them.
command), you can use this command to set an application that a user’s computer is
not permitted to have running. If you want to enter multiple applications, use this
command for each of them.
The user’s computer must not have any of the forbidden applications running to pass
this checking item.
this checking item.
Include the filename extension for Linux operating systems.
[no] application trusted-
process process_name
If you selected windows or linux as the operating system (using the os-type
command), you can use this command to set an application that a user’s computer
must be running.
command), you can use this command to set an application that a user’s computer
must be running.
The user’s computer must have all of the trusted applications running to pass this
checking item.
checking item.
Include the filename extension for Linux operating systems.
[no] description
description
Type a description for this endpoint security object. You can use alphanumeric and
()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.
()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.
[no] file-info file-path
file_path
If you selected windows or linux as the operating system (using the os-type
command), you can use this command to check details of specific files on the user’s
computer.
command), you can use this command to check details of specific files on the user’s
computer.
The user’s computer must pass one of the file information checks to pass this
checking item.
checking item.
[no] file-info file-path
file_path {eq | gt | lt |
ge | le | neq} file-size
<1..1073741824>
Sets whether the size of the file on the user’s computer has to be equal to (eq),
greater than (gt), less than (lt), greater than or equal to (ge), less than or equal to
(le), or not equal to (neq) the size of the file specified.
greater than (gt), less than (lt), greater than or equal to (ge), less than or equal to
(le), or not equal to (neq) the size of the file specified.
[no] file-info file-path
file_path {eq | gt | lt |
ge | le | neq} file-
version file_version
Sets whether the version of the file on the user’s computer has to be equal to (eq),
greater than (gt), less than (lt), greater than or equal to (ge), less than or equal to
(le), or not equal to (neq) the version of the file specified.
greater than (gt), less than (lt), greater than or equal to (ge), less than or equal to
(le), or not equal to (neq) the version of the file specified.
[no] file-info file-path
file_path {eq | gt | lt |
ge | le | neq} file-size
<1..1073741824> {eq | gt |
lt | ge | le | neq} file-
version file_version
Sets whether the size and version of the file on the user’s computer has to be equal
to (eq), greater than (gt), less than (lt), greater than or equal to (ge), less than or
equal to (le), or not equal to (neq) the size and version of the file specified.
to (eq), greater than (gt), less than (lt), greater than or equal to (ge), less than or
equal to (le), or not equal to (neq) the size and version of the file specified.
os-type {windows | linux |
mac-osx | others}
Select the type of operating system the user’s computer must be using. Use the
windows-version
windows-version
command to configure the checking items according to the set
operating system. If you set this to mac-osx, there are no other checking items.
others
allows access for computers not using Windows, Linux, or Mac OSX operating
systems. For example you create Windows, Linux, and Mac OSX endpoint security
objects to apply to your LAN users. An “others” policy allows access for LAN
computers using Solaris, HP, Android, or other operating systems.
objects to apply to your LAN users. An “others” policy allows access for LAN
computers using Solaris, HP, Android, or other operating systems.
Table 161
Endpoint Security Object Commands
COMMAND
DESCRIPTION