CLIguide
CLI Guide
This appendix contains a categorized listing of Command Line Interface (CLI) commands for SonicOS 6.1 firmware. Each command is described, and where appropriate, an example of usage is included. Refer to the firewall website located at:
http://smweb/default.aspx
At the bottom of the page, navigate to the Tech Pubs Product Documentation file list as shown below.
Select the SonicWALL 6.0.1.7 CLI Reference Guide from the list, and click the Download a Copy button.
Contents
- ecli/nsa-addressObjects.cdl
- ecli/nsa-networkMonitor.cdl
- ecli/nsa-serviceObjects.cdl
- ecli/nsa-failoverLoadBalancing.cdl
- ecli/nsa-macIpAntiSpoof.cdl
- ecli/nsa-administration.cdl
- ecli/nsa-virtualAssist.cdl
- ecli/nsa-diagAdvanced.cdl
- ecli/nsa-matchObjects.cdl
- ecli/nsa-actionObjects.cdl
- ecli/nsa-emailAddressObjects.cdl
Syntax
configure [ terminal ]
Mode
Top Level
Description
Enter configuration mode. Options
| terminal | Terminal. |
Example
configure
Syntax
show checksum [ pending-config ]
Mode
All Modes
Options
| pending-config | Show pending configuration changes. |
Syntax
import firmware ftp <FTP_URL>
Mode
Config
Description
Import firmware to the firewall. Options
| ftp | Import using the FTP protocol |
|
<FTP_URL>
|
FTP URL in the form: ftp://username:password@hostname/.
Example: ftp://username:password@hostname/ |
Example
import firmware ftp ftp://user:password@servername/firmware.bin.sig
Syntax
show version
Mode
All Modes
Syntax
ping <HOSTNAME> [ interface <IF_WAN_NAME> ]
Mode
Top Level
Config
Description
Ping the specified host.
Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
| interface | Route ping request through the specified interface. |
|
<IF_WAN_NAME>
|
WAN interface name.
Example: X1 |
Example
ping 10.10.10.1
ping 10.10.10.1 interface X1
Syntax
traceroute <HOSTNAME> [ interface <IF_WAN_NAME> ]
Mode
Top Level
Config
Description
Traceroute to the specified host.
Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
| interface | Route traceroute request through the specified interface. |
|
<IF_WAN_NAME>
|
WAN interface name.
Example: X1 |
Example
traceroute 10.10.10.1
traceroute 10.10.10.1 interface X1
Syntax
nslookup <HOSTNAME>
Mode
Top Level
Config
Description
DNS lookup of the specified host.
Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
nslookup www.sonicwall.com
Syntax
diag stack-trace [ process <WORD> ]
Mode
All Modes
Description
Print a process stack trace. Options
| process | Process name. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
diag stack-trace process tNtp
Syntax
diag show processes
Mode
All Modes
Description
Show all system processes. Example
diag show processes
Syntax
diag show process <WORD>
Mode
All Modes
Description
Show a system process. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
diag show process tNtp
Syntax
diag show netstat
Mode
All Modes
Description
Show all active connections for Internet protocol sockets. Example
diag show netstat
Syntax
diag show cores
Mode
All Modes
Description
Show all CPU core status information. Example
diag show cores
Syntax
diag show core <UINT32>
Mode
All Modes
Description
Show CPU core status information. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
diag show core 1
Syntax
diag show multicore
Mode
All Modes
Description
Show multicore utilization information. Example
diag show multicore
Syntax
diag show build-info
Mode
All Modes
Description
Show build information. Example
diag show build-info
Syntax
diag show cpu
Mode
All Modes
Description
Show all cpu information. Example
diag show cpu
Syntax
diag show fpa
Mode
All Modes
Description
Show fpa information. Example
diag show fpa
Syntax
diag show mem-pools
Mode
All Modes
Description
Show mem-pools information. Example
diag show mem-pools
Syntax
diag show memory
Mode
All Modes
Description
Show memory information. Example
diag show memory
Syntax
diag show buf-memzone
Mode
All Modes
Description
Show buf-memzone information. Example
diag show buf-memzone
Syntax
diag show memzone [ verbose ]
Mode
All Modes
Description
Show memzone information. Options
| verbose | Verbose. |
Example
diag show memzone
Syntax
diag show tracelog { all | current | last }
Mode
All Modes
Description
Show tracelog information. Options
| |
|---|
| all | All tracelog. |
| |
|---|
| current | Current tracelog. |
| |
|---|
| last | Last tracelog. |
Example
diag show tracelog
Syntax
diag clear cp-stats
Mode
All Modes
Description
Clear CP-related network driver Counters. Example
diag clear cp-stats
Syntax
diag show cp-stats
Mode
All Modes
Description
Show CP-related network driver Counters. Example
diag show cp-stats
Syntax
diag clear hw-stats
Mode
All Modes
Description
Clear Octeon Hardware Statistics. Example
diag clear hw-stats
Syntax
diag show hw-stats
Mode
All Modes
Description
Show Octeon Hardware Statistics. Example
diag show hw-stats
Syntax
diag show timer-counters
Mode
All Modes
Description
Show Timer Counters. Example
diag show timer-counters
Syntax
diag show wd-stats
Mode
All Modes
Description
Show Watchdog Statistics. Example
diag show wd-stats
Syntax
diag clear pp-stats
Mode
All Modes
Description
Clear Packet Processing Statistics. Example
diag clear pp-stats
Syntax
diag show pp-stats [ full ]
Mode
All Modes
Description
Show Packet Processing Statistics. Options
| full | Full Statistics. |
Example
diag show pp-stats
Syntax
diag clear active-utm
Mode
All Modes
Description
Clear Active UTM Statistics. Example
diag clear active-utm
Syntax
diag show active-utm
Mode
All Modes
Description
Show Active UTM Statistics. Example
diag show active-utm
Syntax
diag show debug interface <IF_NAME>
Mode
All Modes
Description
Show interface debug information. Options
|
<IF_NAME>
|
Interface name.
Example: X0 |
Example
diag show active-utm
Syntax
diag show xos-debug [ flag <UINT32> ]
Mode
All Modes
Description
Set xos-debug flag. Options
| flag | Debug flag. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
diag xos-debug 1
Syntax
diag xos-debug [ flag <UINT32> ]
Mode
All Modes
Description
Set xos-debug flag. Options
| flag | Debug flag. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
diag xos-debug 1
Syntax
diag no xos-debug [ flag <UINT32> ]
Mode
All Modes
Description
Clear xos-debug flag. Options
| flag | Debug flag. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
diag no xos-debug 1
Syntax
diag grab-debug-output [ task <WORD> ]
Mode
All Modes
Description
Redirect xos debug out to this session. Options
| task | VxWorks task name. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
diag no xos-debug 1
Syntax
diag test memory { sw | vx } { alloc <UINT32> | double-free | free }
Mode
All Modes
Description
Test memory allocation and free. Options
| |
|---|
| sw | SonicWALL memory allocation tests. |
| |
|---|
| vx | VxWorks memory allocation tests. |
| |
|---|
| alloc | Test memory allocation. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| |
|---|
| double-free | Test memory double-free. |
| |
|---|
| free | Test memory free. |
Example
diag test memory sw alloc
diag test memory sw free
diag test memory sw double-free
diag test memory vx alloc
diag test memory vx free
diag test memory vx double-free
Syntax
diag show alerts [ top <UINT32> ]
Mode
All Modes
Description
Show alerts. Options
| top | Maximum alerts to display. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
diag show alerts
diag show alerts top 100
Syntax
diag show log [ top <UINT32> ]
Mode
All Modes
Description
Show log entries. Options
| top | Maximum entries to display. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
diag show log
diag show log top 100
Syntax
diag show drop-stats
Mode
All Modes
Description
Show Packet Drop Statistics. Example
diag show drop-stats
Syntax
show status
Mode
All Modes
Description
Show basic system status and information. Example
show status
Syntax
show dns cache
Mode
All Modes
Description
Show DNS cache. Example
show dns cache
Syntax
show dns servers [ pending-config ]
Mode
All Modes
Description
Show DNS server configuration. Options
| pending-config | Show pending configuration changes. |
Example
show dns servers
Syntax
show dns rebinding [ pending-config ]
Mode
All Modes
Description
Show DNS Rebinding Attack Prevention configuration. Options
| pending-config | Show pending configuration changes. |
Example
show dns rebinding
Syntax
dns server primary <IPV4_HOST>
Mode
Config
Description
Set primary DNS server with the associated DNS server IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
dns server primary 192.168.168.165
Syntax
dns server secondary <IPV4_HOST>
Mode
Config
Description
Set secondary DNS server with the associated DNS server IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
dns server secondary 192.168.168.166
Syntax
dns server tertiary <IPV4_HOST>
Mode
Config
Description
Set tertiary DNS server with the associated DNS server IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
dns server tertiary 192.168.168.167
Syntax
no dns server primary
Mode
Config
Description
Clear the primary DNS server IP address. Example
no dns server primary
Syntax
no dns server secondary
Mode
Config
Description
Clear the secondary DNS server IP address. Example
no dns server secondary
Syntax
no dns server tertiary
Mode
Config
Description
Clear the tertiary DNS server IP address. Example
no dns server tertiary
Syntax
dns server inherit
Mode
Config
Description
Set DNS server is inherited. Example
dns server inherit
Syntax
dns rebinding [ action { drop-dns-reply | log-attack-only | return-query-refused } ] [ allowed-domains { fqdn <ADDR_FQDN> | group <ADDR_NONE_DEFAULT_FQDN_GROUP> | name <ADDR_FQDN_NAME> | none } ]
Mode
Config
Description
Enable and configure DNS Rebinding Attack Prevention. Options
| action | Set action when experiencing attack. |
| |
|---|
| drop-dns-reply | Log the attack and drop the DNS reply. |
| |
|---|
| log-attack-only | Log the attack only. |
| |
|---|
| return-query-refused | Log the attack and return a Query Refused reply. |
| allowed-domains | Specify the domains for which checking is not done. |
| |
|---|
| fqdn | Create FQDN Address Object with same name as defined. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| group | Specify FQDN Group Name. |
|
<ADDR_NONE_DEFAULT_FQDN_GROUP>
|
Address FQDN Group name.
Example: Forbidden Domains |
| |
|---|
| name | Specify FQDN Address Object Name. |
|
<ADDR_FQDN_NAME>
|
Address FQDN Object name.
Example: *.example.com |
| |
|---|
| none | Check all domains. |
Example
dns rebinding action drop-dns-reply allowed-domains name "DNS RAP WHITELIST"
Syntax
no dns rebinding
Mode
Config
Description
Disable DNS Rebinding Attack Prevention. Example
no dns rebinding
Syntax
show dynamic-dns profiles [ pending-config ]
Mode
All Modes
Description
Show all Dynamic DNS profiles. Options
| pending-config | Show pending configuration changes. |
Example
show dynamic-dns profiles
Syntax
show dynamic-dns profile <DDNS_PROFILE_NAME> [ pending-config ]
Mode
All Modes
Description
Show Dynamic DNS profile. Options
|
<DDNS_PROFILE_NAME>
|
Dynamic DNS profile name.
Example: mydns |
| pending-config | Show pending configuration changes. |
Example
show dynamic-dns profile DynDNS.org
Syntax
no dynamic-dns profile <DDNS_PROFILE_NAME>
Mode
Config
Description
Deletes a DDNS profile. Options
|
<DDNS_PROFILE_NAME>
|
Dynamic DNS profile name.
Example: mydns |
Example
no dynamic-dns profile "abc"
Syntax
no dynamic-dns profiles
Mode
Config
Description
Deletes all DDNS profiles. Example
no dynamic-dns profiles
Syntax
dynamic-dns profile <DDNS_PROFILE_NAME>
Mode
Config
Description
Add/edit a Dynamic DNS Profile. Options
|
<DDNS_PROFILE_NAME>
|
Dynamic DNS profile name.
Example: mydns |
Example
dynamic-dns profile CorpNoIP
Syntax
profile-name <DDNS_PROFILE_NAME>
Mode
Dynamic DNS
Description
Edit a Dynamic DNS Profile Name. Options
|
<DDNS_PROFILE_NAME>
|
Dynamic DNS profile name.
Example: mydns |
Example
dynamic-dns profile-name CorpNoIP
Syntax
enable
Mode
Dynamic DNS
Description
Enable Dynamic DNS Profile. Example
enable
Syntax
no enable
Mode
Dynamic DNS
Description
Disable Dynamic DNS Profile. Example
no enable
Syntax
use-online
Mode
Dynamic DNS
Description
Enable Use Online settings. Example
use-online
Syntax
no use-online
Mode
Dynamic DNS
Description
Disable Use Online settings. Example
no use-online
Syntax
provider { changeip | dyndns | noip | yi }
Mode
Dynamic DNS
Description
Select Dynamic DNS Provider. Options
| |
|---|
| changeip | changeip.com. |
| |
|---|
| dyndns | DynDNS.org. |
| |
|---|
| noip | No-IP.com. |
| |
|---|
| yi | yi.org. |
Example
provider noip
Syntax
username <WORD>
Mode
Dynamic DNS
Description
Set Dynamic DNS User Name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
username ddnsadmin
Syntax
password <WORD>
Mode
Dynamic DNS
Description
Set Dynamic DNS Password. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
password thisisasecret
Syntax
domain <HOSTNAME>
Mode
Dynamic DNS
Description
Set Dynamic DNS domain. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
domain testsite.hopto.org
Syntax
bound-to { any | interface <IF_WAN_NAME> }
Mode
Dynamic DNS
Description
Set Dynamic DNS WAN interface to bind to. Options
| |
|---|
| any | Any interface. |
| |
|---|
| interface | Specify interface. |
|
<IF_WAN_NAME>
|
WAN interface name.
Example: X1 |
Example
bound-to interface X1
Syntax
online-settings { detect | manual <IPV4_HOST> | set-to-wan }
Mode
Dynamic DNS
Description
Configure Dynamic DNS Online settings. Options
| |
|---|
| detect | Let the DDNS Provider detect the IP address. |
| |
|---|
| manual | Specify the IP address manually. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| set-to-wan | Automatically set the IP address to the Primary WAN IP address. |
Example
online-settings manual 10.10.10.10
Syntax
offline-settings { do-nothing | make-host-unknown | manual <IPV4_HOST> | use-previous }
Mode
Dynamic DNS
Description
Configure Dynamic DNS Offline settings. Options
| |
|---|
| do-nothing | Allows the previously registered IP address to remain current with the Provider. |
| |
|---|
| make-host-unknown | Let the DDNS Provider detect the IP address. |
| |
|---|
| manual | Specify the IP address manually. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| use-previous | Use the Off-Line IP address previously configured at the provider's site. |
Example
offline-settings manual 10.10.10.10
Syntax
service-type { custom | dynamic | static }
Mode
Dynamic DNS
Description
Configure Dynamic DNS service type. Options
| |
|---|
| custom | Custom. |
| |
|---|
| dynamic | Dynamic. |
| |
|---|
| static | Static. |
Example
service-type static
Syntax
wildcard
Mode
Dynamic DNS
Description
Enable Wildcard. Example
wildcard
Syntax
no wildcard
Mode
Dynamic DNS
Description
Disable wildcard. Example
no wildcard
Syntax
mail-exchanger <HOSTNAME>
Mode
Dynamic DNS
Description
Enter address of Mail Exchanger. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
mail-exchanger
Syntax
backup-mx
Mode
Dynamic DNS
Description
Enable Backup MX. Example
backup-mx
Syntax
no backup-mx
Mode
Dynamic DNS
Description
Disable Backup MX. Example
no backup-mx
Syntax
show web-proxy [ pending-config ]
Mode
All Modes
Description
Show Web Proxy configuration. Options
| pending-config | Show pending configuration changes. |
Example
show web-proxy
Syntax
web-proxy
Mode
Config
Description
Set Automatic Proxy Forwarding (Web Only). Example
web-proxy
Syntax
no server
Mode
Web Proxy
Description
Clear web proxy hostname/IP and port. Example
no server
Syntax
server <HOSTNAME> port <UINT16>
Mode
Web Proxy
Description
Set web proxy hostname/IP and port. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
| port | Set web proxy TCP port. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
server 10.10.10.100 port 3129
Syntax
bypass-upon-failure
Mode
Web Proxy
Description
Enable Bypass Proxy Servers Upon Proxy Server Failure. Example
bypass-upon-failure
Syntax
no bypass-upon-failure
Mode
Web Proxy
Description
Disable Bypass Proxy Servers Upon Proxy Server Failure. Example
no bypass-upon-failure
Syntax
forward-public-requests
Mode
Web Proxy
Description
Enable Forward Public Zone Client Requests to Proxy Server. Example
forward-public-requests
Syntax
no forward-public-requests
Mode
Web Proxy
Description
Disable Forward Public Zone Client Requests to Proxy Server. Example
no forward-public-requests
Syntax
user-proxy-server <HOSTNAME>
Mode
Web Proxy
Description
Add proxy server through which users' web requests may come. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
user-proxy-server example.com
Syntax
no user-proxy-server <USER_NETPROXY_SERVER>
Mode
Web Proxy
Description
Delete proxy server through which users' web requests may come. Options
|
<USER_NETPROXY_SERVER>
|
User Net Proxy Server.
Example: example.com |
Example
no user-proxy-server example.com
Syntax
no user-proxy-servers
Mode
Web Proxy
Description
Delete all proxy servers through which users' web requests may come. Example
no user-proxy-servers
Syntax
show nat-policies [ { custom | default } ] [ pending-config ]
Mode
All Modes
Description
Show all NAT Policies. Options
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| pending-config | Show pending configuration changes. |
Example
show nat-policies
Syntax
show nat-policy inbound <NAT_IF_NAME> outbound <NAT_IF_NAME> [ source { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ translated-source { { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | original | range <ADDR_BEGIN> <ADDR_END> } } ] [ destination { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ translated-destination { { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | original | range <ADDR_BEGIN> <ADDR_END> } } ] [ service { { any | group <SVC_GROUP_NAME> | name <SVC_NAME> | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } } ] [ translated-service { { group <SVC_GROUP_NAME> | name <SVC_NAME> | original | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } } ]
Mode
All Modes
Description
Show NAT Policy. Options
|
<NAT_IF_NAME>
|
Interface name.
Example: X0 |
| outbound | Outbound interface. |
|
<NAT_IF_NAME>
|
Interface name.
Example: X0 |
| source | Original source (\"Any\" if not specified). |
| |
|---|
| any | Any Host |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| translated-source | Translated source (\"Original\" if not specified). |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| original | Original source IP |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| destination | Original destination (\"Any\" if not specified). |
| |
|---|
| any | Any Host |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| translated-destination | Translated destination (\"Original\" if not specified). |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| original | Original destination IP |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| service | Original service (\"Any\" if not specified). |
| |
|---|
| any | Any Service |
| |
|---|
| group | Service Group |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| protocol | Service Object protocol |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
| translated-service | Translated service (\"Original\" if not specified). |
| |
|---|
| group | Service Group |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| original | Original Service |
| |
|---|
| protocol | Service Object protocol |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
Example
show nat-policy inbound X3 outbound X4 source any translated-source original destination name "Web Server Public" translated-destination name "Web Server Private" service "My Web Services" translated-service original
Syntax
show nat-policy id <UINT32> [ pending-config ] [ json | validate | xml ]
Mode
All Modes
Description
Show NAT Policy by associated ID. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| pending-config | Show pending configuration changes. |
| |
|---|
| json | Format output as JSON. |
| |
|---|
| validate | Validate configuration settings. |
| |
|---|
| xml | Format output as XML. |
Example
show nat-policy id 15
Syntax
no nat-policy inbound <NAT_IF_NAME> outbound <NAT_IF_NAME> [ source { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ translated-source { { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | original | range <ADDR_BEGIN> <ADDR_END> } } ] [ destination { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ translated-destination { { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | original | range <ADDR_BEGIN> <ADDR_END> } } ] [ service { { any | group <SVC_GROUP_NAME> | name <SVC_NAME> | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } } ] [ translated-service { { group <SVC_GROUP_NAME> | name <SVC_NAME> | original | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } } ]
Mode
Config
Description
Delete a NAT policy. Options
|
<NAT_IF_NAME>
|
Interface name.
Example: X0 |
| outbound | Outbound interface. |
|
<NAT_IF_NAME>
|
Interface name.
Example: X0 |
| source | Original source (\"Any\" if not specified). |
| |
|---|
| any | Any Host |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| translated-source | Translated source (\"Original\" if not specified). |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| original | Original source IP |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| destination | Original destination (\"Any\" if not specified). |
| |
|---|
| any | Any Host |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| translated-destination | Translated destination (\"Original\" if not specified). |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| original | Original destination IP |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| service | Original service (\"Any\" if not specified). |
| |
|---|
| any | Any Service |
| |
|---|
| group | Service Group |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| protocol | Service Object protocol |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
| translated-service | Translated service (\"Original\" if not specified). |
| |
|---|
| group | Service Group |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| original | Original Service |
| |
|---|
| protocol | Service Object protocol |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
Example
no nat-policy inbound X3 outbound X4 source any translated-source original destination name "Web Server Public" translated-destination name "Web Server Private" service "My Web Services" translated-service original
Syntax
no nat-policy id <UINT32>
Mode
Config
Description
Delete a NAT policy by associated ID. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
no nat-policy id 14
Syntax
no nat-policies
Mode
Config
Description
Delete all NAT policies. Example
no nat-policies
Syntax
nat-policy inbound <NAT_IF_NAME> outbound <NAT_IF_NAME> [ source { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ translated-source { { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | original | range <ADDR_BEGIN> <ADDR_END> } } ] [ destination { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ translated-destination { { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | original | range <ADDR_BEGIN> <ADDR_END> } } ] [ service { { any | group <SVC_GROUP_NAME> | name <SVC_NAME> | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } } ] [ translated-service { { group <SVC_GROUP_NAME> | name <SVC_NAME> | original | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } } ]
Mode
Config
Description
Add/edit a NAT policy and enter its Configuration Mode. Options
|
<NAT_IF_NAME>
|
Interface name.
Example: X0 |
| outbound | Outbound interface. |
|
<NAT_IF_NAME>
|
Interface name.
Example: X0 |
| source | Original source (\"Any\" if not specified). |
| |
|---|
| any | Any Host |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| translated-source | Translated source (\"Original\" if not specified). |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| original | Original source IP |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| destination | Original destination (\"Any\" if not specified). |
| |
|---|
| any | Any Host |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| translated-destination | Translated destination (\"Original\" if not specified). |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| original | Original destination IP |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| service | Original service (\"Any\" if not specified). |
| |
|---|
| any | Any Service |
| |
|---|
| group | Service Group |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| protocol | Service Object protocol |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
| translated-service | Translated service (\"Original\" if not specified). |
| |
|---|
| group | Service Group |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| original | Original Service |
| |
|---|
| protocol | Service Object protocol |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
Example
nat-policy inbound X3 outbound X4 source any translated-source original destination name "Web Server Public" translated-destination name "Web Server Private" service "My Web Services" translated-service original
Syntax
nat-policy id <UINT32>
Mode
Config
Description
Edit a NAT policy by associated ID. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
nat-policy id 15
Syntax
id <UINT32>
Mode
NAT
Description
Nat Policy ID. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
id 55
Syntax
comment <WORD>
Mode
NAT
Description
Specify a comment for this NAT Policy. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
comment "Public HTTP Server"
Syntax
no comment
Mode
NAT
Description
Clear NAT Policy comment. Example
no comment
Syntax
enable
Mode
NAT
Description
Enable NAT Policy. Example
enable
Syntax
no enable
Mode
NAT
Description
Enable NAT Policy. Example
no enable
Syntax
inbound <NAT_IF_NAME>
Mode
NAT
Description
Specify the inbound interface for the NAT policy. Options
|
<NAT_IF_NAME>
|
Interface name.
Example: X0 |
Example
inbound X1
Syntax
outbound <NAT_IF_NAME>
Mode
NAT
Description
Specify the outbound interface for the NAT policy. Options
|
<NAT_IF_NAME>
|
Interface name.
Example: X0 |
Example
outbound X0
Syntax
destination { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } }
Mode
NAT
Description
Specify the original destination for the NAT policy. Options
| |
|---|
| any | Any Host |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
destination name "Web Server Public"
Syntax
source { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } }
Mode
NAT
Description
Specify the original source for the NAT policy. Options
| |
|---|
| any | Any Host |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
source any
Syntax
service { { any | group <SVC_GROUP_NAME> | name <SVC_NAME> | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } }
Mode
NAT
Description
Specify the original service for the NAT policy. Options
| |
|---|
| any | Any Service |
| |
|---|
| group | Service Group |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| protocol | Service Object protocol |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
Example
service name "My Web Services"
Syntax
reflexive
Mode
NAT
Description
Configure a reflexive rule. Example
reflexive
Syntax
no reflexive
Mode
NAT
Description
Disable configuration of a reflexive rule. Example
no reflexive
Syntax
translated-destination { { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | original | range <ADDR_BEGIN> <ADDR_END> } }
Mode
NAT
Description
Specify the translated destination for the NAT policy. Options
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| original | Original destination IP |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
translated-destination name "Web Server Private"
Syntax
translated-source { { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | original | range <ADDR_BEGIN> <ADDR_END> } }
Mode
NAT
Description
Specify the translated source for the NAT policy. Options
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| original | Original source IP |
| |
|---|
| range | Address Object Range |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
translated-source original
Syntax
translated-service { { group <SVC_GROUP_NAME> | name <SVC_NAME> | original | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } }
Mode
NAT
Description
Specify the translated service for the NAT policy. Options
| |
|---|
| group | Service Group |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| original | Original Service |
| |
|---|
| protocol | Service Object protocol |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
Example
translated-service original
Syntax
high-availability
Mode
NAT
Description
NAT High Availability and Load Balancing Configuration Mode. Example
high-availability
Syntax
nat-method { block-remap | random-distribution | round-robin | sticky-ip | symmetrical-remap }
Mode
NAT
Description
Set the NAT destination translation method. Options
| |
|---|
| block-remap | Block Remap |
| |
|---|
| random-distribution | Random Distribution |
| |
|---|
| round-robin | Round Robin |
| |
|---|
| sticky-ip | Sticky IP |
| |
|---|
| symmetrical-remap | Symmetrical Remap |
Example
nat-method sticky-ip
Syntax
probing
Mode
High Availability
Description
Enable HA Probing and enter Configuration Mode. Example
probing
Syntax
no probing
Mode
High Availability
Description
Disable HA Probing. Example
no probing
Syntax
probe-every <UINT16>
Mode
High Availability Probe
Description
Set probe interval (in seconds). Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
probe-every 5
Syntax
probe-type { icmp-ping | tcp <IPV4_PORT> }
Mode
High Availability Probe
Description
Set probe IP type. Options
| |
|---|
| icmp-ping | ICMP Ping Probe |
| |
|---|
| tcp | TCP Probe |
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
probe-type tcp 80
Syntax
reply-timeout <UINT16>
Mode
High Availability Probe
Description
Set reply timeout (in seconds). Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
reply-timeout 5
Syntax
deactivate-after <UINT16>
Mode
High Availability Probe
Description
Set number of missed probes required before deactivating the NAT policy. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
deactivate-after 4
Syntax
reactivate-after <UINT16>
Mode
High Availability Probe
Description
Set number of successful probes required before reactivating the NAT policy. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
reactivate-after 3
Syntax
ip-helper
Mode
Config
Description
Configure IP Helper. Example
ip-helper
Syntax
enable
Mode
IP Helper
Description
Enable IP Helper. Example
enable
Syntax
no enable
Mode
IP Helper
Description
Disable IP Helper. Example
no enable
Syntax
policy protocol <IPH_PROTOCOL> source { group <ADDR_GROUP_NAME> | interface <IF_NAME> | name <ADDR_NETWORK_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | zone <NONEMULTICAST_ZONE_NAME> } destination { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_IPH_POLICY_DST_NAME> | network <ADDR_NETWORK> <ADDR_MASK> }
Mode
IP Helper
Description
Add/Edit IP Helper Policy. Options
| protocol | Specify the IP Helper Relay Protocol. |
|
<IPH_PROTOCOL>
|
IP Helper relay protocol name.
Example: mydns |
| source | Specify source. |
| |
|---|
| group | IP Helper policy source address object group. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| interface | IP Helper policy source interface. |
|
<IF_NAME>
|
Interface name.
Example: X0 |
| |
|---|
| name | IP Helper policy source address object name. |
|
<ADDR_NETWORK_NAME>
|
Address Network Object name.
Example: Sales Network |
| |
|---|
| network | IP Helper policy source network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| zone | IP Helper policy source zone. |
|
<NONEMULTICAST_ZONE_NAME>
|
Zone object name.
Example: LAN |
| destination | Specify destination. |
| |
|---|
| group | Destination Address Object group name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Destination Address Object host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Destination Address Object name. |
|
<ADDR_IPH_POLICY_DST_NAME>
|
Ip helper policy destination Address Object name.
Example: Web Server |
| |
|---|
| network | IP Helper policy source network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
policy protocol netBIOS source name "X0 Subnet" destination name "X1 Subnet"
Syntax
no policy protocol <IPH_PROTOCOL> source { group <ADDR_GROUP_NAME> | interface <IF_NAME> | name <ADDR_NETWORK_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | zone <NONEMULTICAST_ZONE_NAME> } destination { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_IPH_POLICY_DST_NAME> | network <ADDR_NETWORK> <ADDR_MASK> }
Mode
IP Helper
Description
Delete IP Helper Policy. Options
| protocol | Specify the IP Helper Relay Protocol. |
|
<IPH_PROTOCOL>
|
IP Helper relay protocol name.
Example: mydns |
| source | Specify source. |
| |
|---|
| group | IP Helper policy source address object group. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| interface | IP Helper policy source interface. |
|
<IF_NAME>
|
Interface name.
Example: X0 |
| |
|---|
| name | IP Helper policy source address object name. |
|
<ADDR_NETWORK_NAME>
|
Address Network Object name.
Example: Sales Network |
| |
|---|
| network | IP Helper policy source network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| zone | IP Helper policy source zone. |
|
<NONEMULTICAST_ZONE_NAME>
|
Zone object name.
Example: LAN |
| destination | Specify destination. |
| |
|---|
| group | Destination Address Object group name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Destination Address Object host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Destination Address Object name. |
|
<ADDR_IPH_POLICY_DST_NAME>
|
Ip helper policy destination Address Object name.
Example: Web Server |
| |
|---|
| network | IP Helper policy source network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
no policy source "Interface X0" destination name "File Server" protocol netBIOS
Syntax
no policies
Mode
IP Helper
Description
Delete all IP Helper Policies. Example
no policies
Syntax
protocol <IPH_PROTOCOL>
Mode
IP Helper
Description
Add/Edit IP Helper protocol. Options
|
<IPH_PROTOCOL>
|
IP Helper relay protocol name.
Example: mydns |
Example
protocol mydns
Syntax
no protocol <IPH_PROTOCOL>
Mode
IP Helper
Description
Delete IP Helper relay protocol. Options
|
<IPH_PROTOCOL>
|
IP Helper relay protocol name.
Example: mydns |
Example
no protocol mydns
Syntax
no protocols
Mode
IP Helper
Description
Delete all IP Helper relay protocols. Example
no protocols
Syntax
enable
Mode
IP Helper Policy
Description
Enable IP Helper policy. Example
enable
Syntax
no enable
Mode
IP Helper Policy
Description
Disable IP Helper policy. Example
no enable
Syntax
protocol <IPH_PROTOCOL>
Mode
IP Helper Policy
Description
Specify IP Helper relay protocol to associated with this policy. Options
|
<IPH_PROTOCOL>
|
IP Helper relay protocol name.
Example: mydns |
Example
protocol mydns
Syntax
source { group <ADDR_GROUP_NAME> | interface <IF_NAME> | name <ADDR_NETWORK_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | zone <NONEMULTICAST_ZONE_NAME> }
Mode
IP Helper Policy
Description
Specify source zone or interface for IP Helper policy. Options
| |
|---|
| group | IP Helper policy source address object group. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| interface | IP Helper policy source interface. |
|
<IF_NAME>
|
Interface name.
Example: X0 |
| |
|---|
| name | IP Helper policy source address object name. |
|
<ADDR_NETWORK_NAME>
|
Address Network Object name.
Example: Sales Network |
| |
|---|
| network | IP Helper policy source network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| zone | IP Helper policy source zone. |
|
<NONEMULTICAST_ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
source InterfaceX0
Syntax
destination { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_IPH_POLICY_DST_NAME> | network <ADDR_NETWORK> <ADDR_MASK> }
Mode
IP Helper Policy
Description
Specify IP Helper Policy destination. Options
| |
|---|
| group | Destination Address Object group name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Destination Address Object host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Destination Address Object name. |
|
<ADDR_IPH_POLICY_DST_NAME>
|
Ip helper policy destination Address Object name.
Example: Web Server |
| |
|---|
| network | IP Helper policy source network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
destination name "mydest"
Syntax
comment <WORD>
Mode
IP Helper Policy
Description
Specify comment for IP Helper Policy. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
comment "Need to allow NetBIOS between clients"
Syntax
no comment
Mode
IP Helper Policy
Description
Clear comment for IP Helper Policy. Example
no comment
Syntax
name <IPH_PROTOCOL>
Mode
IP Helper Protocol
Description
Specify IP Helper relay protocol name. Options
|
<IPH_PROTOCOL>
|
IP Helper relay protocol name.
Example: mydns |
Example
name mydns
Syntax
enable
Mode
IP Helper Protocol
Description
Enable IP Helper relay protocol. Example
enable
Syntax
no enable
Mode
IP Helper Protocol
Description
Disable IP Helper relay protocol. Example
no enable
Syntax
no port1
Mode
IP Helper Protocol
Description
Clear IP Helper relay protocol beginning UDP port. Example
no port1
Syntax
port1 <IPV4_PORT>
Mode
IP Helper Protocol
Description
Specify IP Helper relay protocol beginning UDP port. Options
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
port1 53
Syntax
no port2
Mode
IP Helper Protocol
Description
Clear IP Helper relay protocol ending UDP port. Example
no port2
Syntax
port2 <IPV4_PORT>
Mode
IP Helper Protocol
Description
Specify IP Helper relay protocol ending UDP port. Options
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
port2 54
Syntax
timeout { 10 | 20 | 30 | 40 | 50 | 60 }
Mode
IP Helper Protocol
Description
Specify IP Helper relay protocol timeout. Options
| |
|---|
| 10 | Timeout value (in seconds). |
| |
|---|
| 20 | Timeout value (in seconds). |
| |
|---|
| 30 | Timeout value (in seconds). |
| |
|---|
| 40 | Timeout value (in seconds). |
| |
|---|
| 50 | Timeout value (in seconds). |
| |
|---|
| 60 | Timeout value (in seconds). |
Example
timeout 20
Syntax
source-translation
Mode
IP Helper Protocol
Description
Allow IP source translation for IP helper relay protocol. Example
source-translation
Syntax
no source-translation
Mode
IP Helper Protocol
Description
Enable allowing IP source translation for IP Helper relay protocol. Example
no source-translation
Syntax
raw
Mode
IP Helper Protocol
Description
Enable Raw Mode for IP Helper relay protocol. Example
raw
Syntax
no raw
Mode
IP Helper Protocol
Description
Disable Raw Mode for IP Helper relay protocol. Example
no raw
Syntax
show ip-helper [ dhcp-relay-leases | policies | protocol <IPH_PROTOCOL> | protocols ] [ pending-config ]
Mode
All Modes
Description
Show IP Helper status or configuration. Options
| |
|---|
| dhcp-relay-leases | Show all IP Helper DHCP relay leases. |
| |
|---|
| policies | Show all IP Helper policies. |
| |
|---|
| protocol | Show an IP Helper relay protocol. |
|
<IPH_PROTOCOL>
|
IP Helper relay protocol name.
Example: mydns |
| |
|---|
| protocols | Show all IP Helper relay protocols. |
| pending-config | Show pending configuration changes. |
Example
show ip-helper
Syntax
routing
Mode
Config
Description
Enter Routing Configuration Mode. Example
routing
Syntax
show routing mode [ pending-config ]
Mode
All Modes
Description
Show routing mode. Options
| pending-config | Show pending configuration changes. |
Example
show routing mode
Syntax
show routing policies [ { dynamic | system } ] [ { custom | default } ] [ pending-config ]
Mode
All Modes
Description
Show all route policies. Options
| |
|---|
| dynamic | Show all dynamic route policies. |
| |
|---|
| system | Show all ephemeral system route policies. |
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| pending-config | Show pending configuration changes. |
Example
show routing policies
Syntax
show routing policy interface <IF_NAME> metric <UINT8> [ source { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ destination { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ service { { any | group <SVC_GROUP_NAME> | name <SVC_NAME> | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } } ] [ gateway { { default | host <ADDR_HOST> | name <ADDR_NAME> } } ] [ pending-config ]
Mode
All Modes
Description
Show a route policy. Options
|
<IF_NAME>
|
Interface name.
Example: X0 |
| metric | Route policy metric. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
| source | Route Policy source. |
| |
|---|
| any | Any Host. |
| |
|---|
| group | Address Group name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| destination | Route Policy destination. |
| |
|---|
| any | Any Host. |
| |
|---|
| group | Address Group name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| service | Route Policy service. |
| |
|---|
| any | Any Service. |
| |
|---|
| group | Service Group. |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name. |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| protocol | Service Object protocol. |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
| gateway | Route policy gateway. |
| |
|---|
| default | Default Gateway 0.0.0.0. |
| |
|---|
| host | Gateway IP. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| pending-config | Show pending configuration changes. |
Example
show routing policy interface X4 metric 255 service name "FTP"
Syntax
show routing policy id <UINT16>
Mode
All Modes
Description
Show a route policy by associated ID. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
show routing policy id 3
Syntax
show routing nsm [ database | interface ]
Mode
All Modes
Description
Show routing NSM status or configuration. Options
| |
|---|
| database | Database summary. |
| |
|---|
| interface | Interface status and configuration. |
Example
show routing nsm
Syntax
show routing rip [ database ]
Mode
All Modes
Description
Show routing RIP status or configuration. Options
| database | Database summary. |
Example
show routing rip
Syntax
show routing ospf [ database | neighbor | routes ]
Mode
All Modes
Description
Show routing OSPF status or configuration. Options
| |
|---|
| database | Database summary. |
| |
|---|
| neighbor | Neighbor list. |
| |
|---|
| routes | OSPF routing table. |
Example
show routing ospf
Syntax
show routing bgp [ neighbor | summary | unicast ]
Mode
All Modes
Description
Show routing BGP status or configuration. Options
| |
|---|
| neighbor | Neighbor list. |
| |
|---|
| summary | Summary of BGP neighbor status. |
| |
|---|
| unicast | |
Example
show routing bgp
Syntax
mode { advanced | simple }
Mode
Routing
Description
Routing mode. Options
| |
|---|
| advanced | Advanced Routing. |
| |
|---|
| simple | Simple RIP Advertisement. |
Example
mode simple
mode advanced
Syntax
nsm
Mode
Routing
Description
Configure Network Services Module (NSM) protocol. Example
nsm
Syntax
ospf
Mode
Routing
Description
Configure Open Shortest Path First (OSPF) protocol. Example
ospf
Syntax
rip
Mode
Routing
Description
Configure Routing Information Protocol (RIP). Example
rip
Syntax
no bgp
Mode
Routing
Description
Disable Border Gateway Protocol (BGP). Example
no bgp
Syntax
bgp
Mode
Routing
Description
Enable and configure Border Gateway Protocol (BGP). Example
bgp
Syntax
no policy interface <IF_NAME> metric <UINT8> [ source { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ destination { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ service { { any | group <SVC_GROUP_NAME> | name <SVC_NAME> | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } } ] [ gateway { { default | host <ADDR_HOST> | name <ADDR_NAME> } } ]
Mode
Routing
Description
Delete a route policy. Options
|
<IF_NAME>
|
Interface name.
Example: X0 |
| metric | Route policy metric. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
| source | Route Policy source. |
| |
|---|
| any | Any Host. |
| |
|---|
| group | Address Group name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| destination | Route Policy destination. |
| |
|---|
| any | Any Host. |
| |
|---|
| group | Address Group name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| service | Route Policy service. |
| |
|---|
| any | Any Service. |
| |
|---|
| group | Service Group. |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name. |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| protocol | Service Object protocol. |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
| gateway | Route policy gateway. |
| |
|---|
| default | Default Gateway 0.0.0.0. |
| |
|---|
| host | Gateway IP. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
Example
no policy interface X4 metric 255 service name "FTP" gateway default
Syntax
no policy id <UINT32>
Mode
Routing
Description
Delete a route policy by associated ID. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
no policy id 7
Syntax
no route-policies
Mode
Routing
Description
Delete all route policies. Example
no policies
Syntax
policy interface <IF_NAME> metric <UINT8> [ source { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ destination { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ service { { any | group <SVC_GROUP_NAME> | name <SVC_NAME> | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } } ] [ gateway { { default | host <ADDR_HOST> | name <ADDR_NAME> } } ]
Mode
Routing
Description
Add/edit a route policy. Options
|
<IF_NAME>
|
Interface name.
Example: X0 |
| metric | Route policy metric. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
| source | Route Policy source. |
| |
|---|
| any | Any Host. |
| |
|---|
| group | Address Group name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| destination | Route Policy destination. |
| |
|---|
| any | Any Host. |
| |
|---|
| group | Address Group name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| service | Route Policy service. |
| |
|---|
| any | Any Service. |
| |
|---|
| group | Service Group. |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name. |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| protocol | Service Object protocol. |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
| gateway | Route policy gateway. |
| |
|---|
| default | Default Gateway 0.0.0.0. |
| |
|---|
| host | Gateway IP. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
Example
policy interface X4 metric 255 source any destination any service any gateway default
Syntax
policy id <UINT16>
Mode
Routing
Description
Edit a route policy by associated ID. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
policy id 7
Syntax
id <UINT32>
Mode
Routing Policy
Description
Route Policy ID. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
id 55
Syntax
enable
Mode
Routing Policy
Description
Enable route policy. Example
enable
Syntax
no enable
Mode
Routing Policy
Description
Disable route policy. Example
no enable
Syntax
source { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } }
Mode
Routing Policy
Description
Set route policy source. Options
| |
|---|
| any | Any Host. |
| |
|---|
| group | Address Group name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
source any
Syntax
destination { { any | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } }
Mode
Routing Policy
Description
Set route policy destination. Options
| |
|---|
| any | Any Host. |
| |
|---|
| group | Address Group name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
destination name "Corp LAN2"
Syntax
service { { any | group <SVC_GROUP_NAME> | name <SVC_NAME> | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } }
Mode
Routing Policy
Description
Set route policy service. Options
| |
|---|
| any | Any Service. |
| |
|---|
| group | Service Group. |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name. |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| protocol | Service Object protocol. |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
Example
service name "LAN Service"
Syntax
gateway { { default | host <ADDR_HOST> | name <ADDR_NAME> } }
Mode
Routing Policy
Description
Set route policy gateway. Options
| |
|---|
| default | Default Gateway 0.0.0.0. |
| |
|---|
| host | Gateway IP. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object Name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
Example
gateway name "X0 Default Gateway"
gateway host 192.168.10.1
Syntax
interface <IF_NAME>
Mode
Routing Policy
Description
Set route policy interface. Options
|
<IF_NAME>
|
Interface name.
Example: X0 |
Example
interface X2
Syntax
metric <UINT8>
Mode
Routing Policy
Description
Set route policy metric. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
metric 1
Syntax
no comment
Mode
Routing Policy
Description
Clear route policy comment. Example
no comment
Syntax
comment <WORD>
Mode
Routing Policy
Description
Set route policy comment. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
comment "Route to Corporate Servers"
Syntax
disable-on-interface-down
Mode
Routing Policy
Description
Disable route when the interface is disconnected. Example
disable-on-interface-down
Syntax
no disable-on-interface-down
Mode
Routing Policy
Description
Leave route enabled when the interface is disconnected. Example
no disable-on-interface-down
Syntax
vpn-precedence
Mode
Routing Policy
Description
Allow VPN path to take precedence. Example
vpn-precedence
Syntax
no vpn-precedence
Mode
Routing Policy
Description
Disable allow VPN path to take precedence. Example
no vpn-precedence
Syntax
probe <NETMON_NAME>
Mode
Routing Policy
Description
Set Route Policy probing. Options
|
<NETMON_NAME>
|
Network monitor name.
Example: Web Services Monitor |
Example
probe Web-Servers
Syntax
no probe
Mode
Routing Policy
Description
Disable Route Policy probing. Example
no probe
Syntax
disable-when-probes-succeed
Mode
Routing Policy
Description
Disable route when probe succeeds. Example
disable-when-probes-succeed
Syntax
no disable-when-probes-succeed
Mode
Routing Policy
Description
Do not disable route when probe succeeds. Example
no disable-when-probes-succeed
Syntax
default-probe-state-up
Mode
Routing Policy
Description
Set probe default state to up. Example
default-probe-state-up
Syntax
no default-probe-state-up
Mode
Routing Policy
Description
Set probe default state to down. Example
no default-probe-state-up
Syntax
no arp entry <ARP_IPV4_HOST> <ARP_MAC> <ARP_IF_NAME>
Mode
Config
Description
Deletes an ARP entry. Options
|
<ARP_IPV4_HOST>
|
ARP entry IPV4 in the form: D.D.D.D.
Example: 192.168.168.1 |
|
<ARP_MAC>
|
ARP MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
|
<ARP_IF_NAME>
|
Interface name.
Example: X0 |
Example
no arp entry 10.10.10.10 00:01:02:03:04:05 X0
Syntax
no arp entries
Mode
Config
Description
Deletes all ARP entries. Example
no arp entries
Syntax
arp entry <ARP_IPV4_HOST> <ARP_MAC> <ARP_IF_NAME>
Mode
Config
Description
Add/edit an ARP entry. Options
|
<ARP_IPV4_HOST>
|
ARP entry IPV4 in the form: D.D.D.D.
Example: 192.168.168.1 |
|
<ARP_MAC>
|
ARP MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
|
<ARP_IF_NAME>
|
Interface name.
Example: X0 |
Example
arp entry 10.10.10.10 00:01:02:03:04:05 X0
Syntax
ip <ARP_IPV4_HOST>
Mode
Static ARP
Description
Configure static ARP IP. Options
|
<ARP_IPV4_HOST>
|
ARP entry IPV4 in the form: D.D.D.D.
Example: 192.168.168.1 |
Example
ip 10.10.10.10
Mode
Static ARP
Description
Configure static ARP MAC address. Options
|
<ARP_MAC>
|
ARP MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Example
mac 00:01:02:03:04:05
Syntax
interface <ARP_IF_NAME>
Mode
Static ARP
Description
Configure static ARP interface. Options
|
<ARP_IF_NAME>
|
Interface name.
Example: X0 |
Example
interface X0
Syntax
publish
Mode
Static ARP
Description
Publish ARP entry. Example
publish
Syntax
no publish
Mode
Static ARP
Description
Disable pubishing of ARP entry. Example
no publish
Syntax
bind-mac [ dynamic ]
Mode
Static ARP
Description
Publish ARP entry. Options
| dynamic | Enable automatic update of IP address. |
Example
bind-mac
Syntax
no bind-mac [ dynamic ]
Mode
Static ARP
Description
Disable pubishing of ARP entry. Options
| dynamic | Disable automatic update of IP address. |
Example
no bind-mac
Syntax
show arp entries [ pending-config ]
Mode
All Modes
Description
Show all static ARP entries. Options
| pending-config | Show pending configuration changes. |
Example
show arp entries
Syntax
show arp entry <ARP_IPV4_HOST> <ARP_MAC> <ARP_IF_NAME> [ pending-config ]
Mode
All Modes
Description
Show a static ARP entry. Options
|
<ARP_IPV4_HOST>
|
ARP entry IPV4 in the form: D.D.D.D.
Example: 192.168.168.1 |
|
<ARP_MAC>
|
ARP MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
|
<ARP_IF_NAME>
|
Interface name.
Example: X0 |
| pending-config | Show pending configuration changes. |
Example
show arp entry 10.10.10.10 00:01:02:03:04:05 X0
Syntax
show arp cache
Mode
All Modes
Description
Show ARP cache. Example
show arp cache
Syntax
arp flush { all-cache | cache <ARP_FLUSH_IPV4_HOST> <ARP_FLUSH_IF_NAME> }
Mode
Config
Description
Flush an ARP entry or all non-permanent entries. Options
| |
|---|
| all-cache | Flush all non-permanent ARP cache entries. |
| |
|---|
| cache | Flush an ARP entry. |
|
<ARP_FLUSH_IPV4_HOST>
|
ARP flush entry IPV4 in the form: D.D.D.D.
Example: 192.168.168.1 |
|
<ARP_FLUSH_IF_NAME>
|
ARP flush entry Interface name.
Example: X0 |
Example
arp flush cache 10.10.10.10 X0
Syntax
show arp timeout [ pending-config ]
Mode
All Modes
Description
Show ARP timeout. Options
| pending-config | Show pending configuration changes. |
Example
show arp timeout
Syntax
arp timeout <UINT16>
Mode
Config
Description
Set the ARP Cache entry timeout in minutes. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
arp timeout 10
Syntax
restart [ now | time <UINT8> ]
Mode
Top Level
Description
Restart SonicOS - now or after an interval of time. Options
| |
|---|
| now | Restart immediately. |
| |
|---|
| time | Restart after the specified number of seconds. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
restart now
Syntax
safemode
Mode
Top Level
Description
Restart the device and enter safemode. Example
safemode
Syntax
restore-defaults
Mode
Config
Description
Restore the device to factory default settings. Example
restore-defaults
Syntax
boot { { { current | uploaded } [ backup | factory-default ] } | system-backup }
Mode
Config
Description
Boot current or uploaded firmware image with current or default settings or boot system backup. Options
| |
|---|
| |
|---|
| current | Boot current firmware image. |
| |
|---|
| uploaded | Boot the latest uploaded firmware image. |
| |
|---|
| backup | Boot firmware with backup settings. |
| |
|---|
| factory-default | Boot current firmware with default settings. |
| |
|---|
| system-backup | Boot system backup firmware. |
Example
boot current factory-default
Syntax
user-management
Mode
Top Level
Description
User management. Example
user-management
Syntax
show user status [ all | at <USER_IPV4_ADDR> [ user <UINT32> ] ] [ pending ] [ logged-in ] [ locked-out ]
Mode
All Modes
Description
Show information on current users. Options
| |
|---|
| all | Show detail of all current users. |
| |
|---|
| at | Show detail of a user at a given IP address. |
|
<USER_IPV4_ADDR>
|
A connected user's IPv4 address in the form: a.b.c.d.
Example: 192.168.168.1 |
| user | For Terminal Services users only, select the user at the IP address. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| pending | Include users currently being authenticated. |
| logged-in | Include logged in users. |
| locked-out | Include locked out users. |
Example
show user status
show user status at 192.168.168.1
Syntax
kill-user { at <USER_IPV4_ADDR> [ user <UINT32> ] | name <USER_LOGIN_NAME> }
Mode
User Management
Description
Log out users. Options
| |
|---|
| at | Kill the user logged in from a given IP address. |
|
<USER_IPV4_ADDR>
|
A connected user's IPv4 address in the form: a.b.c.d.
Example: 192.168.168.1 |
| user | For Terminal Services users only, selects the user at the IP address. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| |
|---|
| name | Kill the user (or users) logged in with a given name. |
|
<USER_LOGIN_NAME>
|
A connected user's login name.
Example: jdoe |
Example
kill-user at 192.168.168.1
Syntax
unlock <USER_IPV4_ADDR>
Mode
User Management
Description
Unlock an IP address that has been locked out due to too many failed login attempts. Options
|
<USER_IPV4_ADDR>
|
A connected user's IPv4 address in the form: a.b.c.d.
Example: 192.168.168.1 |
Example
unlock 192.168.168.1
Syntax
user authentication
Mode
Config
Description
Configure user authentication related settings. Example
user authentication
Syntax
show user authentication [ pending-config ]
Mode
All Modes
Description
Show user authentication related settings. Options
| pending-config | Show pending configuration changes. |
Example
show user authentication
Syntax
method { ldap | ldap+local | local | radius | radius+local }
Mode
User Authentication
Description
Set the user authentication method. Options
| |
|---|
| ldap | Use LDAP user authentication. |
| |
|---|
| ldap+local | Use both LDAP and local user authentication. |
| |
|---|
| local | Use local user authentication. |
| |
|---|
| radius | Use RADIUS user authentication. |
| |
|---|
| radius+local | Use both RADIUS and local user authentication. |
Example
method local
Syntax
auth-page-timeout <UINT32>
Mode
User Authentication
Description
Set the timeout for showing the web login page. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
auth-page-timeout 2
Syntax
case-sensitive-names
Mode
User Authentication
Description
Enable treating user names as case-sensitive. Example
case-sensitive-names
Syntax
no case-sensitive-names
Mode
User Authentication
Description
Disable treating user names as case-sensitive. Example
no case-sensitive-names
Syntax
login-uniqueness
Mode
User Authentication
Description
Enable enforcing a single login per user name. Example
login-uniqueness
Syntax
no login-uniqueness
Mode
User Authentication
Description
Disable enforcing a single login per user name. Example
no login-uniqueness
Syntax
http-redirect-after-login
Mode
User Authentication
Description
Enable redirect from HTTPS to HTTP after login. Example
http-redirect-after-login
Syntax
no http-redirect-after-login
Mode
User Authentication
Description
Disable redirect from HTTPS to HTTP after login. Example
no http-redirect-after-login
Syntax
radius-chap-http-login
Mode
User Authentication
Description
Enable allowing HTTP login with RADIUS CHAP mode when that is available rather than redirecting to HTTPS for web login. Example
radius-chap-http-login
Syntax
no radius-chap-http-login
Mode
User Authentication
Description
Disable allowing HTTP login with RADIUS CHAP mode when that is available rather than redirecting to HTTPS for web login. Example
no radius-chap-http-login
Syntax
inactivity-timeout <UINT32>
Mode
User Authentication
Description
Set the user inactivity timeout. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
inactivity-timeout 60
Syntax
web-login-session-limit <UINT32>
Mode
User Authentication
Description
Set the maximum login session time for web users. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
web-login-session-limit 60
Syntax
no web-login-session-limit
Mode
User Authentication
Description
Set unlimited login session time for web users. Example
no web-login-session-limit
Syntax
show-user-status-window
Mode
User Authentication
Description
Enable showing the login status window after web login. Example
show-user-status-window
Syntax
no show-user-status-window
Mode
User Authentication
Description
Disable showing the login status window after web login. Example
no show-user-status-window
Syntax
disconnected-user-detect
Mode
User Authentication
Description
Enable using the login status window heartbeat mechanism for detecting disconnected web users. Example
disconnected-user-detect
Syntax
no disconnected-user-detect
Mode
User Authentication
Description
Disable using the login status window heartbeat mechanism for detecting disconnected web users. Example
no disconnected-user-detect
Syntax
status-window-heartbeat [ period <TEN_SEC_GRANULARITY_PERIOD> ] [ timeout <UINT32> ]
Mode
User Authentication
Description
Configure heartbeats sent from the user login status window. Options
| period | Period in seconds. |
|
<TEN_SEC_GRANULARITY_PERIOD>
|
A number of seconds that must be a multiple of 10.
Example: 20 |
| timeout | Time in minutes. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
status-window-heartbeat period 60
Syntax
rule-auth-bypass-http-url <WORD>
Mode
User Authentication
Description
Add a destination URL to be allowed to bypass user authentication in access rules. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
rule-auth-bypass-http-url *.windowsupdate.com...
Syntax
no rule-auth-bypass-http-url <WORD>
Mode
User Authentication
Description
Delete a destination URL to be allowed to bypass user authentication in access rules. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
no rule-auth-bypass-http-url *.windowsupdate.com...
Syntax
acceptable-use-policy [ window-size <UINT32> <UINT32> ] [ { disable-scroll-bars | enable-scroll-bars } ] [ html <ROL> ]
Mode
User Authentication
Description
Set the acceptable use policy (AUP) displayed to users during login. Options
| window-size | The AUP window width and height. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| |
|---|
| disable-scroll-bars | Disable scroll bars on the AUP window. |
| |
|---|
| enable-scroll-bars | Enable scroll bars on the AUP window. |
| html | The HTML code for the AUP. |
|
<ROL>
|
Remaining command line input. |
Example
acceptable-use-policy window-size 460 310 enable-scroll-bars
Syntax
no acceptable-use-policy
Mode
User Authentication
Description
Clear the acceptable use policy. Example
no acceptable-use-policy
Syntax
aup-on-zones { public | trusted | vpn | wan | wireless }
Mode
User Authentication
Description
Enable the AUP on login from from zones of a given type. Options
| |
|---|
| public | On login from Public zones. |
| |
|---|
| trusted | On login from Trusted zones. |
| |
|---|
| vpn | On login from the VPN zone. |
| |
|---|
| wan | On login from the WAN zone. |
| |
|---|
| wireless | On login from Wireless zones. |
Example
aup-on-zones trusted
Syntax
no aup-on-zones { public | trusted | vpn | wan | wireless }
Mode
User Authentication
Description
Disable the AUP on login from from zones of a given type. Options
| |
|---|
| public | On login from Public zones. |
| |
|---|
| trusted | On login from Trusted zones. |
| |
|---|
| vpn | On login from the VPN zone. |
| |
|---|
| wan | On login from the WAN zone. |
| |
|---|
| wireless | On login from Wireless zones. |
Example
no aup-on-zones trusted
Syntax
user local-users
Mode
Config
Description
Configure settings related to local users. Example
user local-users
Syntax
show user local [ user <LOCAL_USER_NAME> | user-group <LOCAL_USER_GROUP_NAME> | user-groups [ custom | default ] | users [ custom | default ] ] [ pending-config ]
Mode
All Modes
Description
Show settings for local users/groups. Options
| |
|---|
| user | Show a local user. |
|
<LOCAL_USER_NAME>
|
User object name.
Example: user1 |
| |
|---|
| user-group | Show a local user group. |
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
| |
|---|
| user-groups | Show all local user groups. |
| |
|---|
| custom | Show custom configuration only. |
| |
|---|
| default | Show default configuration only. |
| |
|---|
| users | Show all local users. |
| |
|---|
| custom | Show custom configuration only. |
| |
|---|
| default | Show default configuration only. |
| pending-config | Show pending configuration changes. |
Example
show user local
show user local users
show user local user jcool
Syntax
apply-password-constraints
Mode
Local Users
Description
Cause the password constraints (configured in AdministrationMode) to be applied to all local users (including administrative users, but not the built-in admin account). Note that this command is an alternative to the AdministrationMode command: constraints-apply-to full-admins limited-admins local-users. Example
apply-password-constraints
Syntax
no apply-password-constraints
Mode
Local Users
Description
Cause the password constraints (configured in AdministrationMode) to not be applied to local users. Example
no apply-password-constraints
Syntax
prune-on-expiry
Mode
Local Users
Description
Set the default to prune expired local user accounts if a limited lifetime is set. Example
prune-on-expiry
Syntax
no prune-on-expiry
Mode
Local Users
Description
Set the default to not prune expired local user accounts. Example
no prune-on-expiry
Syntax
user <LOCAL_USER_NAME> [ password <ENC_PASSWORD> ] [ member-of <LOCAL_USER_GROUP_NAME> ]
Mode
Local Users
Description
Add or update a local user account. Options
|
<LOCAL_USER_NAME>
|
User object name.
Example: user1 |
| password | Set the user password. |
|
<ENC_PASSWORD>
|
PASSWORD.
Example: secret |
| member-of | Add membership to a user group for this user. |
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
Example
user johndoe
Syntax
no user <LOCAL_USER_NAME>
Mode
Local Users
Description
Delete a local user account. Options
|
<LOCAL_USER_NAME>
|
User object name.
Example: user1 |
Example
no user johndoe
Syntax
group <LOCAL_USER_GROUP_NAME>
Mode
Local Users
Description
Add or update a local user group. Options
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
Example
group "Special Users"
Syntax
no group <LOCAL_USER_GROUP_NAME>
Mode
Local Users
Description
Delete a local user group. Options
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
Example
no group "Special Users"
Syntax
name <WORD>
Mode
Local User
Description
Set the login name of the user account. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name johndoe
Syntax
comment <WORD>
Mode
Local User
Description
Set a comment for the user account. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
comment "Added 7/26/2010"
Syntax
no comment
Mode
Local User
Description
Remove the comment for the user account. Example
no comment
Syntax
password <ENC_PASSWORD>
Mode
Local User
Description
Set the user password. Options
|
<ENC_PASSWORD>
|
PASSWORD.
Example: secret |
Example
password pwd1234
Syntax
force-password-change
Mode
Local User
Description
Force the user to change the password at the next login. Example
force-password-change
Syntax
no force-password-change
Mode
Local User
Description
Cancel making the user change the password at next login. Example
no force-password-change
Syntax
account-lifetime <UINT16> { days | hours | minutes }
Mode
Local User
Description
Set a limited lifetime for the user account. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
| |
|---|
| days | Set the lifetime in days. |
| |
|---|
| hours | Set the lifetime in hours. |
| |
|---|
| minutes | Set the lifetime in minutes. |
Example
account-lifetime 48 hours
Syntax
no account-lifetime
Mode
Local User
Description
Set the user account to never exire. Example
no account-lifetime
Syntax
prune-on-expiry
Mode
Local User
Description
Delete the user account when it expires if a limited lifetime is set. Example
prune-on-expiry
Syntax
no prune-on-expiry
Mode
Local User
Description
Don't delete the user account when it expires. Example
no prune-on-expiry
Syntax
one-time-pwd-required
Mode
Local User
Description
One-time passwords will be required for the user. Example
one-time-pwd-required
Syntax
no one-time-pwd-required
Mode
Local User
Description
One-time passwords will not be required for the user. Example
no one-time-pwd-required
Syntax
email-address <EMAIL>
Mode
Local User
Description
Set the user's email address. Options
|
<EMAIL>
|
Email in the form: aaaaa@bbb.com.
Example: support@sonicwall.com |
Example
email-address me@myplace.org
Syntax
no email-address
Mode
Local User
Description
Remove the user's email address. Example
no email-address
Syntax
vpn-client-access { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> }
Mode
Local User
Description
Add a local network to which the user will be given access when connecting via VPN client. Options
| |
|---|
| group | Select an existing address group by name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Give VPN client access to an IP address. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Select an existing address object by name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Give VPN client access to a network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Give VPN client access to an IP address range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
vpn-client-access name "LAN Subnets"
Syntax
no vpn-client-access <ADDR_OR_GROUP_NAME>
Mode
Local User
Description
Remove a local network from those to which the user gets access when connecting via VPN client. Options
|
<ADDR_OR_GROUP_NAME>
|
Address Object or Address Group name.
Example: Sales Group |
Example
no vpn-client-access name "LAN Subnets"
Syntax
guest-login-uniqueness
Mode
Local User
Description
Enable enforcing a unique guest services login session. Example
guest-login-uniqueness
Syntax
no guest-login-uniqueness
Mode
Local User
Description
Disable enforcing a unique guest services login session. Example
no guest-login-uniqueness
Syntax
guest-idle-timeout <UINT32> { days | hours | minutes }
Mode
Local User
Description
Set the idle timeout for guest services. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| |
|---|
| days | Set the idle timeout in days. |
| |
|---|
| hours | Set the idle timeout in hours. |
| |
|---|
| minutes | Set the idle timeout in minutes. |
Example
guest-idle-timeout 20 minutes
Syntax
no guest-idle-timeout
Mode
Local User
Description
Clear the idle timeout for guest services. Example
no guest-idle-timeout
Syntax
member-of <LOCAL_USER_GROUP_NAME>
Mode
Local User
Description
Add membership to a user group for this user. Options
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
Example
member-of "SonicWALL Administrators"
Syntax
no member-of <LOCAL_USER_GROUP_NAME>
Mode
Local User
Description
Remove a user group membership for this user. Options
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
Example
no member-of "SonicWALL Administrators"
Syntax
name <WORD>
Mode
Local Group
Description
Set the name of the user group. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name "Special Users"
Syntax
comment <WORD>
Mode
Local Group
Description
Set a comment for the user group. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
comment "Added 7/26/2010"
Syntax
no comment
Mode
Local Group
Description
Remove the comment for the user group. Example
no comment
Syntax
one-time-pwd-required
Mode
Local Group
Description
One-time passwords will be required for members of the group. Example
one-time-pwd-required
Syntax
no one-time-pwd-required
Mode
Local Group
Description
One-time passwords will not be required for members of the group. Example
no one-time-pwd-required
Syntax
to-management-on-login
Mode
Local Group
Description
Members of the group with administrative privilege will go straight to the management UI on web login (only applies for user groups that give administrative privilege). Example
to-management-on-login
Syntax
no to-management-on-login
Mode
Local Group
Description
Members of the group will not go straight to the management UI on web login (only applies for user groups that give administrative privilege). Example
no to-management-on-login
Syntax
vpn-client-access { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> }
Mode
Local Group
Description
Add a local network to which members of the group will be given access when connecting via VPN client. Options
| |
|---|
| group | Select an existing address group by name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Give VPN client access to an IP address. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Select an existing address object by name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Give VPN client access to a network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Give VPN client access to an IP address range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
vpn-client-access name "LAN Subnets"
Syntax
no vpn-client-access <ADDR_OR_GROUP_NAME>
Mode
Local Group
Description
Remove a local network from those to which members of the group get access when connecting via VPN client. Options
|
<ADDR_OR_GROUP_NAME>
|
Address Object or Address Group name.
Example: Sales Group |
Example
no vpn-client-access name "LAN Subnets"
Syntax
no cfs-policy
Mode
Local Group
Description
Remove the CFS policy applied to members of the group. Example
no cfs-policy
Syntax
cfs-policy <WEB_CFS_POLICY_NAME>
Mode
Local Group
Description
Select the CFS policy to apply for members of the group. Options
|
<WEB_CFS_POLICY_NAME>
|
CFS policy name. |
Example
cfs-policy Default
Syntax
member <LOCAL_USER_OR_GROUP_NAME>
Mode
Local Group
Description
Add membership to this group for the named user or user group. Options
|
<LOCAL_USER_OR_GROUP_NAME>
|
User or user group object name.
Example: Limited Administrators |
Example
member "All LDAP Users"
Syntax
no member <LOCAL_USER_OR_GROUP_NAME>
Mode
Local Group
Description
Remove membership to this group for the named user or user group. Options
|
<LOCAL_USER_OR_GROUP_NAME>
|
User or user group object name.
Example: Limited Administrators |
Example
no member "All LDAP Users"
Syntax
user radius
Mode
Config
Description
Configure RADIUS settings. Example
user radius
Syntax
show user radius [ server { host <RADIUS_SERVER_HOST_NAME> | primary | secondary } | servers ] [ pending-config ]
Mode
All Modes
Description
Show RADIUS settings. Options
| |
|---|
| server | Show RADIUS server settings. |
| |
|---|
| host | Show a given RADIUS server. |
|
<RADIUS_SERVER_HOST_NAME>
|
A RADIUS server host name or IP address.
Example: RADIUS-Server |
| |
|---|
| primary | Show the primary RADIUS server. |
| |
|---|
| secondary | Show the secondary RADIUS server. |
| |
|---|
| servers | Show settings for all RADIUS servers. |
| pending-config | Show pending configuration changes. |
Example
show user radius
show user radius servers
show user radius server primary
show user radius server host 192.168.168.1
Syntax
local-users-only
Mode
RADIUS
Description
Limit login to only RADIUS users with accounts in the local user database. Example
local-users-only
Syntax
no local-users-only
Mode
RADIUS
Description
Don't limit login to only RADIUS users with accounts in the local user database. Example
no local-users-only
Syntax
local-user-groups-apply
Mode
RADIUS
Description
User group memberships that are set locally for user accounts in the local user database should apply for users authenticated via RADIUS when the user names match. Example
local-user-groups-apply
Syntax
no local-user-groups-apply
Mode
RADIUS
Description
User group memberships that are set locally for user accounts in the local user database should not apply for users authenticated via RADIUS when the user names match. Example
no local-user-groups-apply
Syntax
default-user-group <LOCAL_USER_GROUP_NAME>
Mode
RADIUS
Description
Select a user group to whom all users who are authenticated via RADIUS will be given membership by default (i.e. a group that can be used to set accesses etc. that will apply to all RADIUS users). Options
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
Example
default-user-group "Radius Users"
Syntax
no default-user-group
Mode
RADIUS
Description
RADIUS will not be given membership to any user group by default. Example
no default-user-group
Syntax
timeout <UINT32>
Mode
RADIUS
Description
Set the timeout for the RADIUS servers. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
timeout 10
Syntax
retries <UINT32>
Mode
RADIUS
Description
Set the number of retries for the RADIUS servers. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
retries 10
Syntax
user-group-mechanism { ldap | local-only | radius-attribute { filter-id | vendor-specific } }
Mode
RADIUS
Description
Set the mechanism to use to set user group memberships for users who are authenticated via RADIUS. Options
| |
|---|
| ldap | Read user groups via LDAP. |
| |
|---|
| local-only | Set using local users that duplicate RADIUS users. |
| |
|---|
| radius-attribute | Read user groups via a RADIUS attribute. |
| |
|---|
| filter-id | Use the Standard RADIUS Filter-ID attribute. |
| |
|---|
| vendor-specific | Use the SonicWALL vendor-specific RADIUS attribute. |
Example
user-group-mechanism radius-attribute filter-id
Syntax
server { host <RADIUS_SERVER_HOST_NAME> | primary | secondary }
Mode
RADIUS
Description
Configure a RADIUS server. Options
| |
|---|
| host | Configure a given RADIUS server. |
|
<RADIUS_SERVER_HOST_NAME>
|
A RADIUS server host name or IP address.
Example: RADIUS-Server |
| |
|---|
| primary | Configure the primary RADIUS server. |
| |
|---|
| secondary | Configure the secondary RADIUS server. |
Example
server primary
server host 192.168.168.1
Syntax
no server { host <RADIUS_SERVER_HOST_NAME> | primary | secondary }
Mode
RADIUS
Description
Delete a RADIUS server. Options
| |
|---|
| host | Delete a given RADIUS server. |
|
<RADIUS_SERVER_HOST_NAME>
|
A RADIUS server host name or IP address.
Example: RADIUS-Server |
| |
|---|
| primary | Delete the primary RADIUS server. |
| |
|---|
| secondary | Delete the secondary RADIUS server. |
Example
no server primary
Syntax
host <HOSTNAME>
Mode
RADIUS Server
Description
Set the RADIUS server's host name or IP address. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
host 192.168.168.1
Syntax
no host
Mode
RADIUS Server
Description
Clear the RADIUS server's host name or IP address. Example
no host
Syntax
port <IPV4_PORT>
Mode
RADIUS Server
Description
Set the RADIUS server's UDP port number. Options
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
port 1812
Syntax
secret <ENC_PASSWORD>
Mode
RADIUS Server
Description
Set the RADIUS server's shared secret. Options
|
<ENC_PASSWORD>
|
PASSWORD.
Example: secret |
Example
secret mysecret
Syntax
test <WORD> <WORD> [ { chap | mschap | mschapv2 } ]
Mode
RADIUS
RADIUS Server
Description
Run the RADIUS test with the given user name/password.
Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| chap | Run the test with RADIUS in CHAP mode. |
| |
|---|
| mschap | Run the test with RADIUS in MSCHAP mode. |
| |
|---|
| mschapv2 | Run the test with RADIUS in MSCHAPv2 mode. |
Example
test user1 pwd1234
Syntax
user ldap
Mode
Config
Description
Configure LDAP settings. Example
user ldap
Syntax
show user ldap [ directory | schema | server <LDAP_SERVER_HOST_NAME> ] [ pending-config ]
Mode
All Modes
Description
Show LDAP settings. Options
| |
|---|
| directory | Show the LDAP directory configuration. |
| |
|---|
| schema | Show the LDAP schema. |
| |
|---|
| server | Show LDAP server settings. |
|
<LDAP_SERVER_HOST_NAME>
|
An LDAP server host name or IP address.
Example: LDAP-Server |
| pending-config | Show pending configuration changes. |
Example
show user ldap show user ldap schema
Syntax
local-users-only
Mode
LDAP
Description
Limit login to only LDAP users with accounts in the local user database. Example
local-users-only
Syntax
no local-users-only
Mode
LDAP
Description
Don't limit login to only LDAP users with accounts in the local user database. Example
no local-users-only
Syntax
local-user-groups-apply
Mode
LDAP
Description
User group memberships that are set locally for user accounts in the local user database should apply for users authenticated via LDAP when the user names match. Example
local-user-groups-apply
Syntax
no local-user-groups-apply
Mode
LDAP
Description
User group memberships that are set locally for user accounts in the local user database should not apply for users authenticated via LDAP when the user names match. Example
no local-user-groups-apply
Syntax
default-user-group <LOCAL_USER_GROUP_NAME>
Mode
LDAP
Description
Select a user group to whom all users who are authenticated via LDAP will be given membership by default (i.e. a group that can be used to set accesses etc. that will apply to all LDAP users). Options
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
Example
default-user-group "LDAP Users"
Syntax
no default-user-group
Mode
LDAP
Description
LDAP will not be given membership to any user group by default. Example
no default-user-group
Syntax
operation-timeout <UINT32>
Mode
LDAP
Description
Set the overall timeout on completion of an LDAP operation (including auto-configuration operations that can involve large numbers of requests sent to multiple LDAP servers). Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
operation-timeout 10
Syntax
local-tls-certificate <CERT_NAME>
Mode
LDAP
Description
Select a local certificate to use with LDAP if using TLS. This is not normally required but may be if the LDAP server is configured to require a valid certificate from the client (e.g. on a server that allows reading back passwords from user objects when bound as an administrator). Options
|
<CERT_NAME>
|
Certificate name.
Example: my_cert |
Example
local-tls-certificate my_ldap_server
Syntax
no local-tls-certificate
Mode
LDAP
Description
Select no local certificate to use with LDAP if using TLS. Example
no local-tls-certificate
Syntax
allow-referrals
Mode
LDAP
Description
Allow following referrals to other LDAP servers. Example
allow-referrals
Syntax
no allow-referrals
Mode
LDAP
Description
Ignore referrals to other LDAP servers. Example
no allow-referrals
Syntax
allow-references { auto-configuration | domain-search | other-search | user-authentication }
Mode
LDAP
Description
Allow following continuation references to look for more results on other LDAP servers. Options
| |
|---|
| auto-configuration | Don't follow references during auto-configuration. |
| |
|---|
| domain-search | Don't follow references when searching for domains. |
| |
|---|
| other-search | Don't follow references in other searches. |
| |
|---|
| user-authentication | Don't follow references during user authentication. |
Example
allow-references auto-configuration
Syntax
no allow-references { auto-configuration | domain-search | other-search | user-authentication }
Mode
LDAP
Description
Don't follow continuation references to look for more results on other LDAP servers when doing particular operations. Options
| |
|---|
| auto-configuration | Don't follow references during auto-configuration. |
| |
|---|
| domain-search | Don't follow references when searching for domains. |
| |
|---|
| other-search | Don't follow references in other searches. |
| |
|---|
| user-authentication | Don't follow references during user authentication. |
Example
no allow-references auto-configuration
Syntax
schema { custom | inet-org-person | microsoft-active-directory | network-information-service | novell-edirectory | samba-smb }
Mode
LDAP
Description
Configure the LDAP schema. Options
| |
|---|
| custom | Configure the schema manually. |
| |
|---|
| inet-org-person | Use the pre-configured RFC-2798 InetOrgPerson schema. |
| |
|---|
| microsoft-active-directory | Use the pre-configured Microsoft Active Directory schema. |
| |
|---|
| network-information-service | Use the pre-configured RFC-2307 Network Information Service schema. |
| |
|---|
| novell-edirectory | Use the pre-configured Novell eDirectory schema. |
| |
|---|
| samba-smb | Use the pre-configured Samba SMB schema. |
Example
schema samba-smb
Syntax
directory
Mode
LDAP
Description
Configure the LDAP directory. Example
directory
Syntax
relay
Mode
LDAP
Description
Configure the RADIUS to LDAP relay. Example
relay
Syntax
server <LDAP_SERVER_HOST_NAME>
Mode
LDAP
Description
Configure an LDAP server. Options
|
<LDAP_SERVER_HOST_NAME>
|
An LDAP server host name or IP address.
Example: LDAP-Server |
Example
server 192.168.168.1
Syntax
no server <LDAP_SERVER_HOST_NAME>
Mode
LDAP
Description
Delete an LDAP server. Options
|
<LDAP_SERVER_HOST_NAME>
|
An LDAP server host name or IP address.
Example: LDAP-Server |
Example
no server 192.168.168.1
Syntax
read-from-server auto-configure
Mode
LDAP Schema
Description
Read the schema from the LDAP server and auto-configure the local schema to match. Example
read-from-server auto-configure
Syntax
read-from-server display
Mode
LDAP Schema
Description
Read the schema from the LDAP server and display it. Example
read-from-server display
Syntax
user-class <WORD>
Mode
LDAP Schema
Description
Set the class name of user objects. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
user-class user
Syntax
user-attribute [ logon-name <WORD> ] [ qualified-logon-name <WORD> ] [ group-membership <WORD> ] [ framed-ip-address <WORD> ]
Mode
LDAP Schema
Description
Define attributes of user objects. Options
| logon-name | The name of the user logon name attribute. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| qualified-logon-name | The name of the qualified logon name attribute. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| group-membership | The name of the user group membership attribute. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| framed-ip-address | The name of the Framed IP address attribute. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
user-attribute logon-name uid
Syntax
no user-attribute [ qualified-logon-name ] [ group-membership ] [ framed-ip-address ]
Mode
LDAP Schema
Description
Remove attributes of user objects. Options
| qualified-logon-name | Remove the qualified logon name attribute. |
| group-membership | Remove the user group membership attribute. |
| framed-ip-address | Remove the Framed IP address attribute. |
Example
no user-attribute group-membership
Syntax
user-group-class <WORD>
Mode
LDAP Schema
Description
Set the class name of user group objects. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
user-group-class groupOfNames
Syntax
user-group-attribute member { distinguished-name | user-id } <WORD>
Mode
LDAP Schema
Description
Define attributes of user group objects. Options
| member | Set the name/type of the member attribute. |
| |
|---|
| distinguished-name | The member attribute holds a distinguished name. |
| |
|---|
| user-id | The member attribute holds a user ID (uid). |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
user-group-attribute member user-id memberUid
Syntax
read-trees-from-server [ domain <WORD> ] { append | replace }
Mode
LDAP Directory
Description
Read the directory trees containing users and user groups from the LDAP server. Options
| domain | The domain to search under. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| append | Append to any current directory trees. |
| |
|---|
| replace | Replace any current directory trees. |
Example
read-trees-from-server append
Syntax
primary-domain <WORD>
Mode
LDAP Directory
Description
Set the primary LDAP domain. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
primary-domain mydomain.com
Syntax
users-tree <WORD> [ position <UINT32> ]
Mode
LDAP Directory
Description
Add or re-order a directory tree to search in when searching for user objects. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| position | Position in the search order (1 = the first searched). |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
users-tree mydomain.com/users 1
users-tree ou=users,dc=mydomain,dc=com 1
Syntax
no users-tree <WORD>
Mode
LDAP Directory
Description
Remove a directory tree to search in when searching for user objects. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
no users-tree mydomain.com/users
no users-tree ou=users,dc=mydomain,dc=com
Syntax
user-groups-tree <WORD> [ position <UINT32> ]
Mode
LDAP Directory
Description
Add or re-order a directory tree to search in when searching for user group objects. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| position | Position in the search order (1 = the first searched). |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
user-groups-tree mydomain.com/groups 1
user-groups-tree ou=groups,dc=mydomain,dc=com 1
Syntax
no user-groups-tree <WORD>
Mode
LDAP Directory
Description
Remove a directory tree to search in when searching for user group objects. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
no user-groups-tree mydomain.com/groups
no user-groups-tree ou=groups,dc=mydomain,dc=com
Syntax
host <HOSTNAME>
Mode
LDAP Server
Description
Set the LDAP server's host name or IP address. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
host 192.168.168.1
Syntax
port <IPV4_PORT>
Mode
LDAP Server
Description
Set the LDAP server's UDP port number. Options
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
port 389
Syntax
bind { anonymous | distinguished-name <WORD> | name <WORD> location <WORD> }
Mode
LDAP Server
Description
Set how to bind to the LDAP server, either selecting anonymous bind, giving the full distinguished name to use, or giving the account name to use and its location in the directory tree (the latter can be in either URL or DN format). Options
| |
|---|
| anonymous | Bind anonymously. |
| |
|---|
| distinguished-name | Set the full distinguished name to use . |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| name | Set the account name to use . |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| location | Set the account location in the directory tree. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
bind name administrator location builtin
Syntax
bind-password <ENC_PASSWORD>
Mode
LDAP Server
Description
Set the password for binding to the LDAP server. Options
|
<ENC_PASSWORD>
|
PASSWORD.
Example: secret |
Example
bind-password mypassword
Syntax
test <WORD> <WORD> [ chap ]
Mode
LDAP
LDAP Schema
LDAP Directory
LDAP Relay
LDAP Server
Description
Run the LDAP test with the given user name/password.
Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| chap | Test LDAP in a CHAP-compatibile way. |
Example
test user1 pwd1234
Syntax
user sso
Mode
Config
Description
Configure SSO settings. Example
user sso
Syntax
show user sso [ agent <SSO_AGENT_HOST_NAME> | agents | statistics [ agent <SSO_AGENT_HOST_NAME> | all | terminal-services-agent <SSO_TS_AGENT_HOST_NAME> ] | status | terminal-services-agent <SSO_TS_AGENT_HOST_NAME> | terminal-services-agents ] [ pending-config ]
Mode
All Modes
Description
Show SSO settings, status or statistics. Options
| |
|---|
| agent | Show SSO agent settings. |
|
<SSO_AGENT_HOST_NAME>
|
An SSO agent host name or IP address.
Example: SSO-Agent |
| |
|---|
| agents | Show settings for all SSO agents. |
| |
|---|
| statistics | Show SSO statistics. |
| |
|---|
| agent | Show statistics for an SSO agent. |
|
<SSO_AGENT_HOST_NAME>
|
An SSO agent host name or IP address.
Example: SSO-Agent |
| |
|---|
| all | Show all SSO statistics. |
| |
|---|
| terminal-services-agent | Show statistics for an SSO terminal services agent. |
|
<SSO_TS_AGENT_HOST_NAME>
|
A terminal services agent host name or IP address.
Example: SSO-Terminal-Services-Agent |
| |
|---|
| status | Show SSO agent status. |
| |
|---|
| terminal-services-agent | Show SSO terminal services agent settings. |
|
<SSO_TS_AGENT_HOST_NAME>
|
A terminal services agent host name or IP address.
Example: SSO-Terminal-Services-Agent |
| |
|---|
| terminal-services-agents | Show settings for all SSO terminal services agents. |
| pending-config | Show pending configuration changes. |
Example
show user sso
show user sso agents
show user sso agent 192.168.168.1
Syntax
clear user sso statistics [ agent <SSO_AGENT_HOST_NAME> | global | terminal-services-agent <SSO_TS_AGENT_HOST_NAME> ]
Mode
All Modes
Description
Reset SSO statistics. Options
| |
|---|
| agent | Reset SSO agent statistics. |
|
<SSO_AGENT_HOST_NAME>
|
An SSO agent host name or IP address.
Example: SSO-Agent |
| |
|---|
| global | Reset global (non-agent) SSO statistics. |
| |
|---|
| terminal-services-agent | Reset SSO terminal services agent statistics. |
|
<SSO_TS_AGENT_HOST_NAME>
|
A terminal services agent host name or IP address.
Example: SSO-Terminal-Services-Agent |
Example
clear user sso statistics
Syntax
local-users-only
Mode
SSO
Description
Limit login to only SSO users with accounts in the local user database. Example
local-users-only
Syntax
no local-users-only
Mode
SSO
Description
Don't limit login to only SSO users with accounts in the local user database. Example
no local-users-only
Syntax
local-user-groups-apply
Mode
SSO
Description
User group memberships that are set locally for user accounts in the local user database should apply for users authenticated via SSO when the user names match. Example
local-user-groups-apply
Syntax
no local-user-groups-apply
Mode
SSO
Description
User group memberships that are set locally for user accounts in the local user database should not apply for users authenticated via SSO when the user names match. Example
no local-user-groups-apply
Syntax
default-user-group <LOCAL_USER_GROUP_NAME>
Mode
SSO
Description
Select a user group to whom all users who are authenticated via SSO will be given membership by default (i.e. a group that can be used to set accesses etc. that will apply to all SSO users). Options
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
Example
default-user-group "SSO Users"
Syntax
no default-user-group
Mode
SSO
Description
SSO will not be given membership to any user group by default. Example
no default-user-group
Syntax
method { none | sonicwall-agent }
Mode
SSO
Description
Select the Single-Sign-On mechanism, or disables SSO if none is given. Options
| |
|---|
| none | Disable SSO. |
| |
|---|
| sonicwall-agent | Use the external SonicWALL SSO agent. |
Example
method sonicwall-agent
Syntax
user-group-mechanism { ldap | local-only }
Mode
SSO
Description
Set the mechanism to use to set user group memberships for users who are authenticated via SSO. Options
| |
|---|
| ldap | Read user groups via LDAP. |
| |
|---|
| local-only | Set using local users that duplicate SSO users. |
Example
user-group-mechanism ldap
Syntax
hold-time-after-failure <UINT32>
Mode
SSO
Description
Set the time to hold off from trying again to identify the user at an IP address following an SSO failure for it. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
hold-time-after-failure 10
Syntax
poll-rate <UINT32>
Mode
SSO
Description
Set the polling rate for checking if logged in users who were identified via SSO are still logged in. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
poll-rate 10
Syntax
simple-local-user-names
Mode
SSO
Description
Use just the simple user name versus the full user name with domain when looking up SSO users in the local user database. Example
simple-local-user-names
Syntax
no simple-local-user-names
Mode
SSO
Description
Use the full user name with domain when looking up SSO users in the local user database. Example
no simple-local-user-names
Syntax
non-domain-ltd-access
Mode
SSO
Description
Allow limited access for users who are identified by SSO but reported by the agent as not logged into the domain. These users will not be given membership to the Trusted Users user group (even when set locally). Example
non-domain-ltd-access
Syntax
no non-domain-ltd-access
Mode
SSO
Description
Don't allow any access for users who are reported by the agent as not logged into the domain. Example
no non-domain-ltd-access
Syntax
probe { netapi | wmi }
Mode
SSO
Description
Probe IP addresses to check if they respond to NetAPI or WMI before making an SSO attempt. Options
| |
|---|
| netapi | Probe for NetAPI. |
| |
|---|
| wmi | Probe for WMI. |
Example
probe netapi
Syntax
no probe
Mode
SSO
Description
Don't probe IP addresses to check if they respond to NetAPI or WMI before making an SSO attempt. Example
no probe
Syntax
windows-svc-user-name <WORD>
Mode
SSO
Description
Add a name to the list of user names known to be used by Windows services (and so to be ignored by the SSO agent). Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
windows-svc-user-name someservice
Syntax
no windows-svc-user-name <WORD>
Mode
SSO
Description
Remove a name from the list of user names known to be used by Windows services (and so to be ignored by the SSO agent). Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
no windows-svc-user-name someservice
Syntax
security-svc-bypass-ip <ADDR_OR_GROUP_NAME>
Mode
SSO
Description
Select an address object giving IP addresses from which traffic will not initiate SSO to identify users for the security services. Options
|
<ADDR_OR_GROUP_NAME>
|
Address Object or Address Group name.
Example: Sales Group |
Example
security-svc-bypass-ip "Non-User Addresses"
Syntax
no security-svc-bypass-ip
Mode
SSO
Description
De-select the address object giving IP addresses from which traffic will not initiate SSO to identify users for the security services. Example
no security-svc-bypass-ip
Syntax
security-svc-bypass-svc <SVC_OR_GROUP_NAME>
Mode
SSO
Description
Select a service object giving services that will not initiate SSO to identify users for the security services. Options
|
<SVC_OR_GROUP_NAME>
|
Service or service group object name.
Example: VOIP |
Example
security-svc-bypass-svc "POP3"
Syntax
no security-svc-bypass-svc
Mode
SSO
Description
De-select the service object giving services that will not initiate SSO to identify users for the security services. Example
no security-svc-bypass-svc
Syntax
tsa-services-bypass
Mode
SSO
Description
Allow traffic from services on a terminal server running the TS agent to bypass user authentication in access rules. Example
tsa-services-bypass
Syntax
no tsa-services-bypass
Mode
SSO
Description
Don't Allow traffic from services on a terminal server running the TS agent to bypass user authentication in access rules. Example
no tsa-services-bypass
Syntax
enforce-on-zone <SSO_ZONE_NAME>
Mode
SSO
Description
Select to always enforce SSO on a zone. Options
|
<SSO_ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
enforce-on-zone lan
Syntax
no enforce-on-zone <SSO_ZONE_NAME>
Mode
SSO
Description
Select to not always enforce SSO on a zone. Options
|
<SSO_ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
no enforce-on-zone lan
Syntax
agent <SSO_AGENT_HOST_NAME>
Mode
SSO
Description
Configure an SSO agent. Options
|
<SSO_AGENT_HOST_NAME>
|
An SSO agent host name or IP address.
Example: SSO-Agent |
Example
agent 192.168.168.1
Syntax
no agent <SSO_AGENT_HOST_NAME>
Mode
SSO
Description
Delete an SSO agent. Options
|
<SSO_AGENT_HOST_NAME>
|
An SSO agent host name or IP address.
Example: SSO-Agent |
Example
no agent 192.168.168.1
Syntax
terminal-services-agent <SSO_TS_AGENT_HOST_NAME>
Mode
SSO
Description
Configure a Terminal Services agent. Options
|
<SSO_TS_AGENT_HOST_NAME>
|
A terminal services agent host name or IP address.
Example: SSO-Terminal-Services-Agent |
Example
terminal-services-agent 192.168.168.1
Syntax
no terminal-services-agent <SSO_TS_AGENT_HOST_NAME>
Mode
SSO
Description
Delete a Terminal Services agent. Options
|
<SSO_TS_AGENT_HOST_NAME>
|
A terminal services agent host name or IP address.
Example: SSO-Terminal-Services-Agent |
Example
no terminal-services-agent 192.168.168.1
Syntax
host <HOSTNAME>
Mode
SSO Agent
Description
Set the SSO agent's host name or IP address. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
host 192.168.168.1
Syntax
port <IPV4_PORT>
Mode
SSO Agent
Description
Set the SSO agent's UDP port number. Options
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
port 389
Syntax
enable
Mode
SSO Agent
Description
Enable the agent. Example
enable
Syntax
no enable
Mode
SSO Agent
Description
Disable the agent. Example
no enable
Syntax
timeout <UINT32>
Mode
SSO Agent
Description
Set the timeout on replies from the agent. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
timeout 10
Syntax
retries <UINT32>
Mode
SSO Agent
Description
Set the maximum number of retries to make after timeouts waiting for replies from the agent. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
retries 10
Syntax
no shared-key
Mode
SSO Agent
Description
Clear the shared key for encrypting messages to/from the agent. Example
no shared-key
Syntax
shared-key <ENC_HEX_STRING>
Mode
SSO Agent
Description
Set the hexadecimal value of the shared key for encrypting messages to/from the agent. Options
|
<ENC_HEX_STRING>
|
String of hexadecimal digits.
Example: 0123456989abcdef |
Example
shared-key 1234abcd
Syntax
max-requests <UINT32>
Mode
SSO Agent
Description
Set the maximum number of requests to send to the agent at any time. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
max-requests 10
Syntax
host <HOSTNAME>
Mode
SSO Agent
Description
Set the agent's host name or IP address. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
host 192.168.168.1
Syntax
port <IPV4_PORT>
Mode
SSO Agent
Description
Set the agent's UDP port number. Options
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
port 389
Syntax
enable
Mode
SSO Agent
Description
Enable the agent. Example
enable
Syntax
no enable
Mode
SSO Agent
Description
Disable the agent. Example
no enable
Syntax
shared-key <ENC_HEX_STRING>
Mode
SSO Agent
Description
Set the hexadecimal value of the shared key for encrypting messages to/from the agent. Options
|
<ENC_HEX_STRING>
|
String of hexadecimal digits.
Example: 0123456989abcdef |
Example
shared-key 1234abcd
Syntax
test [ [ agent <SSO_AGENT_HOST_NAME> ] [ user-ip <IPV4_HOST> ] | terminal-services-agent <SSO_TS_AGENT_HOST_NAME> ]
Mode
SSO
SSO Agent
SSO Agent
Description
Run the SSO test with the given user name/password.
Options
| |
|---|
| agent | Specify an agent to test. |
|
<SSO_AGENT_HOST_NAME>
|
An SSO agent host name or IP address.
Example: SSO-Agent |
| user-ip | The IP address of a user to test. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| terminal-services-agent | Specify a terminal services agent to test. |
|
<SSO_TS_AGENT_HOST_NAME>
|
A terminal services agent host name or IP address.
Example: SSO-Terminal-Services-Agent |
Example
test agent 192.168.168.1 user-ip 192.168.168.99
Syntax
show address-objects [ fqdn | ipv4 [ { host | network | range } ] | mac ] [ { custom | default } ] [ pending-config ] [ json | validate | xml ]
Mode
All Modes
Description
Show all Address Objects. Options
| |
|---|
| fqdn | Show FQDN Address Objects. |
| |
|---|
| ipv4 | Show only IPV4 Address Objects. |
| |
|---|
| host | Show Host Address Objects. |
| |
|---|
| network | Show Network Address Objects. |
| |
|---|
| range | Show Range Address Objects. |
| |
|---|
| mac | Show MAC Address Objects. |
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| pending-config | Show pending configuration changes. |
| |
|---|
| json | Format output as JSON. |
| |
|---|
| validate | Validate configuration settings. |
| |
|---|
| xml | Format output as XML. |
Example
show address-objects
Syntax
show address-object ipv4 <ADDR_HOST_NETWORK_RANGE_NAME> [ pending-config ] [ json | validate | xml ]
Mode
All Modes
Description
Show an IPV4 Address Object. Options
|
<ADDR_HOST_NETWORK_RANGE_NAME>
|
Address Object name.
Example: Web Server |
| pending-config | Show pending configuration changes. |
| |
|---|
| json | Format output as JSON. |
| |
|---|
| validate | Validate configuration settings. |
| |
|---|
| xml | Format output as XML. |
Example
show address-object ipv4 "X0 IP"
Syntax
show address-object mac <ADDR_MAC_NAME> [ pending-config ] [ json | validate | xml ]
Mode
All Modes
Description
Show a MAC Address Object. Options
|
<ADDR_MAC_NAME>
|
Address MAC Object name.
Example: Sales Network Access Point |
| pending-config | Show pending configuration changes. |
| |
|---|
| json | Format output as JSON. |
| |
|---|
| validate | Validate configuration settings. |
| |
|---|
| xml | Format output as XML. |
Example
show address-object mac "Web Server MAC"
Syntax
show address-object fqdn <ADDR_FQDN_NAME> [ pending-config ] [ json | validate | xml ]
Mode
All Modes
Description
Show a FQDN Address Object. Options
|
<ADDR_FQDN_NAME>
|
Address FQDN Object name.
Example: *.example.com |
| pending-config | Show pending configuration changes. |
| |
|---|
| json | Format output as JSON. |
| |
|---|
| validate | Validate configuration settings. |
| |
|---|
| xml | Format output as XML. |
Example
show address-object fqdn "Web Server FQDN"
Syntax
show address-groups [ ipv4 ] [ { custom | default } ] [ pending-config ] [ json | validate | xml ]
Mode
All Modes
Description
Show all Address Groups. Options
| ipv4 | Show only IPV4 Address Groups. |
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| pending-config | Show pending configuration changes. |
| |
|---|
| json | Format output as JSON. |
| |
|---|
| validate | Validate configuration settings. |
| |
|---|
| xml | Format output as XML. |
Example
show address-groups
Syntax
show address-group ipv4 <ADDR_GROUP_NAME> [ pending-config ] [ json | validate | xml ]
Mode
All Modes
Description
Show an Address Group. Options
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| pending-config | Show pending configuration changes. |
| |
|---|
| json | Format output as JSON. |
| |
|---|
| validate | Validate configuration settings. |
| |
|---|
| xml | Format output as XML. |
Example
show address-group ipv4 "LAN Subnets"
Syntax
no address-object ipv4 <ADDR_HOST_NETWORK_RANGE_NAME>
Mode
Config
Description
Delete an Address Object. Options
|
<ADDR_HOST_NETWORK_RANGE_NAME>
|
Address Object name.
Example: Web Server |
Syntax
no address-object mac <ADDR_MAC_NAME>
Mode
Config
Description
Delete an Address Object. Options
|
<ADDR_MAC_NAME>
|
Address MAC Object name.
Example: Sales Network Access Point |
Syntax
no address-object fqdn <ADDR_FQDN_NAME>
Mode
Config
Description
Delete an Address Object. Options
|
<ADDR_FQDN_NAME>
|
Address FQDN Object name.
Example: *.example.com |
Syntax
no address-objects [ fqdn | host | mac | network | range ]
Mode
Config
Description
Delete all custom Address Objects. Options
| |
|---|
| fqdn | Delete all custom FQDN Address Objects. |
| |
|---|
| host | Delete all custom Host Address Objects. |
| |
|---|
| mac | Delete all custom MAC Address Objects. |
| |
|---|
| network | Delete all custom NETWORK Address Objects. |
| |
|---|
| range | Delete all custom RANGE Address Objects. |
Syntax
address-object ipv4 <ADDR_HOST_NETWORK_RANGE_NAME> [ host <ADDR_HOST> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> ] [ zone <ZONE_NAME> ]
Mode
Config
Description
Add/Edit IPV4 Address Object. Options
|
<ADDR_HOST_NETWORK_RANGE_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| zone | Address Object Zone. |
|
<ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
address-object ipv4 "Mail Server" host 192.168.168.33 zone DMZ
address-object ipv4 "Web Servers" range 192.168.100.50 192.168.100.60
address-object ipv4 "HR Network" network 192.168.100.0 /24
address-object ipv4 "HR Network" network 192.168.100.0 255.255.255.0
Syntax
address-object mac <ADDR_MAC_NAME> [ address <ADDR_MAC> ] [ zone <ZONE_NAME> ]
Mode
Config
Description
Add/Edit MAC Address Object. Options
|
<ADDR_MAC_NAME>
|
Address MAC Object name.
Example: Sales Network Access Point |
| address | MAC Address. |
|
<ADDR_MAC>
|
Address Object MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
| zone | Address Object Zone. |
|
<ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
address-object mac "WAP MAC" address 00:09:5B:BD:93:DB
Syntax
address-object fqdn <ADDR_FQDN_NAME> [ domain <ADDR_FQDN> ] [ zone <ZONE_NAME> ]
Mode
Config
Description
Add/Edit FQDN Address Object. Options
|
<ADDR_FQDN_NAME>
|
Address FQDN Object name.
Example: *.example.com |
| domain | Address Object Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| zone | Address Object Zone. |
|
<ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
address-object fqdn Whitelist domain *.google.com
Syntax
no address-group ipv4 <ADDR_GROUP_NAME>
Mode
Config
Description
Delete an IPV4 Address Group. Options
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
Syntax
no address-groups [ ipv4 ]
Mode
Config
Description
Delete all custom Address Groups. Options
| ipv4 | Delete all IPV4 Address Groups. |
Syntax
address-group ipv4 <ADDR_GROUP_NAME>
Mode
Config
Description
Add/Edit IPV4 Address Group. Options
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
Syntax
name <WORD>
Mode
Address Object
Description
Set Address Object name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name "Corp Email Server "
Mode
Address Object
Description
Set Address Object Host. Options
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
Example
host 10.10.10.10
Syntax
range <ADDR_BEGIN> <ADDR_END>
Mode
Address Object
Description
Set Address Object Range. Options
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
range 10.10.10.1 10.10.10.10
Syntax
network <ADDR_NETWORK> <ADDR_MASK>
Mode
Address Object
Description
Set Address Object Network. Options
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
network 10.10.10.0 255.255.255.0
Syntax
zone <ZONE_NAME>
Mode
Address Object
Description
Set Address Object Zone. Options
|
<ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
zone WAN
Syntax
name <WORD>
Mode
MAC Address Object
Description
Set Address Object name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name "Corp Email Server "
Syntax
address <ADDR_MAC>
Mode
MAC Address Object
Description
Set Address Object MAC. Options
|
<ADDR_MAC>
|
Address Object MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Example
address 00:D0:68:09:4B:2A
Syntax
zone <ZONE_NAME>
Mode
MAC Address Object
Description
Set Address Object Zone. Options
|
<ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
zone WAN
Syntax
name <WORD>
Mode
FQDN Address Object
Description
Set Address Object name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name "Corp Email Server"
Syntax
domain <ADDR_FQDN>
Mode
FQDN Address Object
Description
Set Address Object Fully Qualified Domain Name (FQDN). Options
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
Example
domain www.sonicwall.com
Syntax
zone <ZONE_NAME>
Mode
FQDN Address Object
Description
Set Address Object Zone. Options
|
<ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
zone WAN
Syntax
name <WORD>
Mode
IPV4 Address Group
Description
Set Address Group name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name "Corporate Servers "
Syntax
no address-object ipv4 <ADDR_HOST_NETWORK_RANGE_NAME>
Mode
IPV4 Address Group
Description
Remove an IPV4 Address Object from Group. Options
|
<ADDR_HOST_NETWORK_RANGE_NAME>
|
Address Object name.
Example: Web Server |
Example
no address-object ipv4 "Corp Email Server"
Syntax
address-object ipv4 <ADDR_HOST_NETWORK_RANGE_NAME>
Mode
IPV4 Address Group
Description
Assign an IPV4 Address Object to Group. Options
|
<ADDR_HOST_NETWORK_RANGE_NAME>
|
Address Object name.
Example: Web Server |
Example
address-object ipv4 "Corp Email Server"
Syntax
no address-object mac <ADDR_MAC_NAME>
Mode
IPV4 Address Group
Description
Remove a MAC Address Object from Group. Options
|
<ADDR_MAC_NAME>
|
Address MAC Object name.
Example: Sales Network Access Point |
Example
no address-object mac "Corp Email Server"
Syntax
address-object mac <ADDR_MAC_NAME>
Mode
IPV4 Address Group
Description
Assign an MAC Address Object to Group. Options
|
<ADDR_MAC_NAME>
|
Address MAC Object name.
Example: Sales Network Access Point |
Example
address-object mac "Corp Email Server"
Syntax
no address-object fqdn <ADDR_FQDN_NAME>
Mode
IPV4 Address Group
Description
Remove a FQDN Address Object from Group. Options
|
<ADDR_FQDN_NAME>
|
Address FQDN Object name.
Example: *.example.com |
Example
no address-object fqdn "Corp Email Server"
Syntax
address-object fqdn <ADDR_FQDN_NAME>
Mode
IPV4 Address Group
Description
Assign an FQDN Address Object to Group. Options
|
<ADDR_FQDN_NAME>
|
Address FQDN Object name.
Example: *.example.com |
Example
address-object fqdn "Corp Email Server"
Syntax
no address-group ipv4 <ADDR_GROUP_NAME>
Mode
IPV4 Address Group
Description
Remove an IPV4 Address Group from Group. Options
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
Example
no address-group ipv4 "Corp Web Servers"
Syntax
address-group ipv4 <ADDR_GROUP_NAME>
Mode
IPV4 Address Group
Description
Assign an IPV4 Address Group to Group. Options
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
Example
address-group ipv4 "Corp Web Servers"
Syntax
show zones [ { custom | default } ] [ pending-config ]
Mode
All Modes
Description
Show all Zone Objects. Options
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| pending-config | Show pending configuration changes. |
Example
show zones
Syntax
show zone <ZONE_NAME> [ pending-config ]
Mode
All Modes
Description
Show a Zone Object. Options
|
<ZONE_NAME>
|
Zone object name.
Example: LAN |
| pending-config | Show pending configuration changes. |
Example
show zone "LAN"
Syntax
zone <ZONE_NAME>
Mode
Config
Description
Add/Edit a Zone. Options
|
<ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
zone "Office Servers"
Syntax
no zone <ZONE_NAME>
Mode
Config
Description
Delete a custom zone. Options
|
<ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
no zone "Office Servers"
Syntax
no zones
Mode
Config
Description
Delete all custom zones. Example
no zones
Syntax
guest-services
Mode
Zone
Description
Enable Zone Guest Services and enter Configuration Mode. Example
guest-services
Syntax
no guest-services
Mode
Zone
Description
Disable Zone Guest Services. Example
no guest-services
Syntax
wireless
Mode
Zone
Description
Enter Wireless Zone Configuration Mode. Example
wireless
Syntax
name <ZONE_NAME>
Mode
Zone
Description
Set Zone Name. Options
|
<ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
name guest
Syntax
security-type { public | trusted | wireless }
Mode
Zone
Description
Set Zone security type. Options
| |
|---|
| public | Public zone. |
| |
|---|
| trusted | Trusted zone. |
| |
|---|
| wireless | Wireless zone. |
Example
security-type public
Syntax
interface-trust
Mode
Zone
Description
Enable Allow Interface Trust. Example
interface-trust
Syntax
no interface-trust
Mode
Zone
Description
Disable Allow Interface Trust. Example
no interface-trust
Syntax
content-filtering [ policy <WEB_CFS_POLICY_NAME> ]
Mode
Zone
Description
Enable Enforce Content Filtering Services and Set the Policy. Options
| policy | Specify a Content Filtering Services policy. |
|
<WEB_CFS_POLICY_NAME>
|
CFS policy name. |
Example
content-filtering policy "Restricted Access"
Syntax
no content-filtering
Mode
Zone
Description
Disable Enforce Content Filtering Services. Example
no content-filtering
Syntax
client-anti-virus
Mode
Zone
Description
Enable Client Anti-Virus Enforcement Service. Example
client-anti-virus
Syntax
no client-anti-virus
Mode
Zone
Description
Disable Client Anti-Virus Enforcement Service. Example
no client-anti-virus
Syntax
gateway-anti-virus
Mode
Zone
Description
Enable Gateway Anti-Virus Service. Example
gateway-anti-virus
Syntax
no gateway-anti-virus
Mode
Zone
Description
Disable Gateway Anti-Virus Service. Example
no gateway-anti-virus
Syntax
intrusion-prevention
Mode
Zone
Description
Enable Intrusion Prevention Service. Example
intrusion-prevention
Syntax
no intrusion-prevention
Mode
Zone
Description
Disable Intrusion Prevention Service. Example
no intrusion-prevention
Syntax
app-control
Mode
Zone
Description
Enable App Control Service. Example
app-control
Syntax
no app-control
Mode
Zone
Description
Disable App Control Service. Example
no app-control
Syntax
anti-spyware
Mode
Zone
Description
Enable Anti-Spyware Service. Example
anti-spyware
Syntax
no anti-spyware
Mode
Zone
Description
Disable Anti-Spyware Service. Example
no anti-spyware
Syntax
global-security-clients
Mode
Zone
Description
Enable Enforce Global Security Clients. Example
global-security-clients
Syntax
no global-security-clients
Mode
Zone
Description
Disable Enforce Global Security Clients. Example
no global-security-clients
Syntax
create-group-vpn
Mode
Zone
Description
Enable automatic creation of Group VPN for this zone. Example
create-group-vpn
Syntax
no create-group-vpn
Mode
Zone
Description
Disable automatic creation of Group VPN for this zone. Example
no create-group-vpn
Syntax
ssl-control
Mode
Zone
Description
Enable SSL-Control on this zone. Example
ssl-control
Syntax
no ssl-control
Mode
Zone
Description
Disable SSL-Control on this zone. Example
no ssl-control
Syntax
sslvpn-access
Mode
Zone
Description
Enable SSL-VPN Access for this zone. Example
sslvpn-access
Syntax
no sslvpn-access
Mode
Zone
Description
Disable SSL-VPN Access for this zone. Example
no sslvpn-access
Syntax
inter-guest
Mode
Guest Services
Description
Enable Inter-Guest Communication. Example
inter-guest
Syntax
no inter-guest
Mode
Guest Services
Description
Disable Inter-Guest Communication. Example
no inter-guest
Syntax
bypass-anti-virus
Mode
Guest Services
Description
Enable Bypass Anti-Virus Check for Guests. Example
bypass-anti-virus
Syntax
no bypass-anti-virus
Mode
Guest Services
Description
Disable Bypass Anti-Virus Check for Guests. Example
no bypass-anti-virus
Syntax
external-auth
Mode
Guest Services
Description
Enable External Guest Authentication and enter its configuration mode. Example
external-auth
Syntax
no external-auth
Mode
Guest Services
Description
Disable External Guest Authentication. Example
no external-auth
Syntax
client-redirect { http | https }
Mode
External Guest Authentication
Description
Set Local Web Server Settings for Client Redirect. Options
| |
|---|
| http | Set protocol HTTP. |
| |
|---|
| https | Set protocol HTTPS. |
Example
client-redirect https
Syntax
web-server protocol { http | https } { fqdn <ADDR_FQDN> | host <ADDR_FQDNHOST_ADDR> | name <ADDR_FQDNHOST_ADDR> } [ port <IPV4_PORT> ]
Mode
External Guest Authentication
Description
Set the External Web Server Protocol. Options
| |
|---|
| http | Set protocol HTTP. |
| |
|---|
| https | Set protocol HTTPS. |
| |
|---|
| fqdn | Address Object Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| host | Configure the External Web Server IP addresses or hostname. |
|
<ADDR_FQDNHOST_ADDR>
|
Address FQDN/Host Object name.
Example: Web Server |
| |
|---|
| name | Configure webserver to named address object. |
|
<ADDR_FQDNHOST_ADDR>
|
Address FQDN/Host Object name.
Example: Web Server |
| port | Configure the External Web Server Port. |
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
web-server protocol https host 192.168.168.152 port 443
Syntax
web-server timeout <UINT8>
Mode
External Guest Authentication
Description
Set the External Web Server Connection Timeout. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
web-server timeout 10
Syntax
message-auth [ method { md5 | sha1 } ] [ shared-secret <WORD> ]
Mode
External Guest Authentication
Description
Enable External Message Authentication. Options
| method | Set External Message Authentication Method. |
| |
|---|
| md5 | Use HMAC - MD5 Authentication. |
| |
|---|
| sha1 | Use HMAC - SHA1 Authentication. |
| shared-secret | Set External Message Authentication Shared Secret. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
message-auth method md5 shared-secret donttell
Syntax
no message-auth
Mode
External Guest Authentication
Description
Disable Bypass Anti-Virus Check for Guests. Example
no message-auth
Syntax
auth-pages login <WORD>
Mode
External Guest Authentication
Description
Configure the External Authentication Login Page. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
auth-pages login login.html
Syntax
no auth-pages login
Mode
External Guest Authentication
Description
Disable the External Authentication Login Page. Example
no auth-pages login
Syntax
auth-pages expiration <WORD>
Mode
External Guest Authentication
Description
Configure the External Authentication Session Expiration Page. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
auth-pages expiration exp.html
Syntax
no auth-pages expiration
Mode
External Guest Authentication
Description
Disable the External Authentication Session Expiration Page. Example
no auth-pages expiration
Syntax
auth-pages timeout <WORD>
Mode
External Guest Authentication
Description
Configure the External Authentication Idle Timeout Page. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
auth-pages timeout idle.html
Syntax
no auth-pages timeout
Mode
External Guest Authentication
Description
Disable the External Authentication Idle Timeout Page. Example
no auth-pages timeout
Syntax
auth-pages max-sessions <WORD>
Mode
External Guest Authentication
Description
Configure the External Authentication Max Sessions Page. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
auth-pages max-sessions max.html
Syntax
no auth-pages max-sessions
Mode
External Guest Authentication
Description
Disable the External Authentication Max Sessions Page. Example
no auth-pages max-sessions
Syntax
web-content redirect { custom <WORD> | use-default }
Mode
External Guest Authentication
Description
Configure the Web Content Redirect Message. Options
| |
|---|
| custom | Set a custom Web Content Redirect Message. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| use-default | Use the default Web Content Redirect Message. |
Example
web-content redirect custom "My custom redirect message"
Syntax
web-content server-down { custom <WORD> | use-default }
Mode
External Guest Authentication
Description
Configure the Web Content Redirect Message. Options
| |
|---|
| custom | Set a custom Web Content Server Down Message. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| use-default | Use the default Web Content Server Down Message. |
Example
web-content server-down custom "My custom server down message"
Syntax
logout-expired every <UINT8> cgi <WORD>
Mode
External Guest Authentication
Description
Enable Auto-Session Logout. Options
| every | Set Auto-Logout Expired Session Every (Minutes). |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
| cgi | Set Logout CGI. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
logout-expired every 20 cgi expired.cgi
Syntax
no logout-expired
Mode
External Guest Authentication
Description
Disable Auto-Session Logout. Example
no logout-expired
Syntax
status-check every <UINT8> cgi <WORD>
Mode
External Guest Authentication
Description
Enable Server Status Check. Options
| every | Set Check Server Status Every (Minutes). |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
| cgi | Set Server Status CGI. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
status-check every 20 cgi status.cgi
Syntax
no status-check
Mode
External Guest Authentication
Description
Disable Server Status Check. Example
no status-check
Syntax
session-sync every <UINT8> cgi <WORD>
Mode
External Guest Authentication
Description
Enable Session Sychronization. Options
| every | Set Synchronize Every (Minutes). |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
| cgi | Set Session Sync CGI. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
session-sync every 20 cgi sync.cgi
Syntax
no session-sync
Mode
External Guest Authentication
Description
Disable Session Synchronization. Example
no session-sync
Syntax
auth-page
Mode
Guest Services
Description
Enable Custom Authentication Page and enter its configuration mode. Example
auth-page
Syntax
no auth-page
Mode
Guest Services
Description
Disable Custom Authentication Page. Example
no auth-page
Syntax
post-auth <WEB_URL>
Mode
Guest Services
Description
Enable page to direct users to after successful authentication. Options
|
<WEB_URL>
|
URL in the form: http://host/file.
Example: http://www.example.com/products/ |
Example
post-auth http://192.168.168.1/postauth.html
Syntax
no post-auth
Mode
Guest Services
Description
Disable page to direct users to after successful authentication. Example
no post-auth
Syntax
bypass-guest-auth { all | group <ADDR_MAC_GROUP> | mac <ADDR_MAC> | name <ADDR_MAC_NAME> }
Mode
Guest Services
Description
Enable Bypass Guest Authentication. Options
| |
|---|
| all | All MAC Addresses. |
| |
|---|
| group | Address Group Name. |
|
<ADDR_MAC_GROUP>
|
Address MAC Group name.
Example: Sales & Marketing Network Access Point |
| |
|---|
| mac | MAC Address. |
|
<ADDR_MAC>
|
Address Object MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
| |
|---|
| name | MAC Address Object Name. |
|
<ADDR_MAC_NAME>
|
Address MAC Object name.
Example: Sales Network Access Point |
Example
bypass-guest-auth mac 020102030405
Syntax
no bypass-guest-auth
Mode
Guest Services
Description
Disable Bypass Guest Authentication. Example
no bypass-guest-auth
Syntax
smtp-redirect { host <ADDR_HOST> | name <ADDR_HOST_NAME> }
Mode
Guest Services
Description
Enable redirect SMTP traffic to specified server. Options
| |
|---|
| host | Set the SMTP server to host address. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Set the SMTP server as named Address Object. |
|
<ADDR_HOST_NAME>
|
Address Host Object name.
Example: Web Server |
Example
smtp-redirect host 192.168.168.152
Syntax
no smtp-redirect
Mode
Guest Services
Description
Disable redirect SMTP traffic. Example
no smtp-redirect
Syntax
deny-networks { fqdn <ADDR_FQDN> | group <ADDR_FHNR_GROUP> | host <ADDR_HOST> | name <ADDR_FHNR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> }
Mode
Guest Services
Description
Enable blocking of traffic to the named network. Options
| |
|---|
| fqdn | Address Object Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| group | Set the denied networks as named Address Group. |
|
<ADDR_FHNR_GROUP>
|
Address FQDN/Host/Network/Range Group name.
Example: Web Server Group |
| |
|---|
| host | Set the denied networks to host address. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Set the denied networks as named Address Object. |
|
<ADDR_FHNR_NAME>
|
Address FQDN/Host/Network/Range Object name.
Example: Web Server |
| |
|---|
| network | Set the denied networks to network address. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Set the denied networks to range of addresses. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
deny-networks network 192.168.168.0 255.255.255.0
Syntax
no deny-networks
Mode
Guest Services
Description
Disable blocking of traffic to the named network. Example
no deny-networks
Syntax
pass-networks { fqdn <ADDR_FQDN> | group <ADDR_FHNR_GROUP> | host <ADDR_HOST> | name <ADDR_FHNR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> }
Mode
Guest Services
Description
Enable allowing of traffic to the named network. Options
| |
|---|
| fqdn | Address Object Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| group | Set the pass networks as named Address Group. |
|
<ADDR_FHNR_GROUP>
|
Address FQDN/Host/Network/Range Group name.
Example: Web Server Group |
| |
|---|
| host | Set the pass networks to host address. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Set the pass networks as named Address Object. |
|
<ADDR_FHNR_NAME>
|
Address FQDN/Host/Network/Range Object name.
Example: Web Server |
| |
|---|
| network | Set the pass networks to network address. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Set the pass networks to range of addresses. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
pass-networks network 192.168.168.0 255.255.255.0
Syntax
no pass-networks
Mode
Guest Services
Description
Disable allowing of traffic to the named network. Example
no pass-networks
Syntax
max-guests <UINT8>
Mode
Guest Services
Description
Specify the maximum number of guest users allowed to connect to the WLAN zone. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
max-guests 10
Syntax
dynamic-address-translation
Mode
Guest Services
Description
Enable Dynamic Address Translation. Example
dynamic-address-translation
Syntax
no dynamic-address-translation
Mode
Guest Services
Description
Disable Dynamic Address Translation. Example
no dynamic-address-translation
Syntax
footer { text <WORD> | url <WEB_URL> }
Mode
Custom Authentication Page
Description
Configure Custom Login Page Footer. Options
| |
|---|
| text | Use configured text for Custom Page Footer. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| url | Use configured url location for Custom Page Footer. |
|
<WEB_URL>
|
URL in the form: http://host/file.
Example: http://www.example.com/products/ |
Example
footer url http://192.168.168.1/footer.html
Syntax
header { text <WORD> | url <WEB_URL> }
Mode
Custom Authentication Page
Description
Configure Custom Login Page Header. Options
| |
|---|
| text | Use configured text for Custom Login Page Header. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| url | Use configured url location for Custom Login Page Header. |
|
<WEB_URL>
|
URL in the form: http://host/file.
Example: http://www.example.com/products/ |
Example
header url http://192.168.168.1/header.html
Syntax
sslvpn-enforcement server { host <ADDR_HOST> | name <ADDR_HOST_NAME> } service { name <SVC_NAME> | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> }
Mode
Wireless
Description
Enable SSLVPN Enforcement. Options
| server | Set the SSLVPN Server as a named Address Object. |
| |
|---|
| host | Set the SSLVPN Server to host address. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Set the SSLVPN Server as named Address Object. |
|
<ADDR_HOST_NAME>
|
Address Host Object name.
Example: Web Server |
| service | Set the SSLVPN Service as a named Service Object. |
| |
|---|
| name | Set the SSLVPN Service as named Service Object. |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| protocol | Set the SSLVPN Service as a protocol. |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
Example
sslvpn-enforcement server name "SSLVPN Server" service name "SSLVPN Service"
Syntax
no sslvpn-enforcement
Mode
Wireless
Description
Disable SSLVPN Enforcement. Example
no sslvpn-enforcement
Syntax
sonicpoint-provisioning <SONICPOINT_PROFILE_NAME>
Mode
Wireless
Description
Set the SonicPoint Provisioning Profile. Options
|
<SONICPOINT_PROFILE_NAME>
|
SonicPoint provisioning profile name.
Example: mySonicpointProfile |
Example
sonicpoint-provisioning "Public SonicPoints"
Syntax
sonicpointn-provisioning <SONICPOINTN_PROFILE_NAME>
Mode
Wireless
Description
Set the SonicPoint N Provisioning Profile. Options
|
<SONICPOINTN_PROFILE_NAME>
|
SonicPointN provisioning profile name.
Example: mySonicpointnProfile |
Example
sonicpointn-provisioning "Public SonicPointNs"
Syntax
only-sonicpoint-traffic
Mode
Wireless
Description
Enable only allow traffic generated by a SonicPoint/SonicPointN. Example
only-sonicpoint-traffic
Syntax
no only-sonicpoint-traffic
Mode
Wireless
Description
Disable only allow traffic generated by a SonicPoint/SonicPointN. Example
no only-sonicpoint-traffic
Syntax
show ssl-control [ pending-config ]
Mode
All Modes
Description
Show SSL Control configuration. Options
| pending-config | Show pending configuration changes. |
Example
show ssl-control
Syntax
ssl-control
Mode
Config
Description
Enable and configure SSL Control settings. Example
ssl-control
Syntax
no ssl-control
Mode
Config
Description
Disable SSL Control. Example
no ssl-control
Syntax
action { block | log }
Mode
SSL Control
Description
Action if an SSL policy violation is detected. Options
| |
|---|
| block | Block the connection and log the event. |
| |
|---|
| log | Log the event. |
Example
action block
Syntax
blacklist
Mode
SSL Control
Description
Enable Blacklist. Example
blacklist
Syntax
no blacklist
Mode
SSL Control
Description
Disable Blacklist. Example
no blacklist
Syntax
detect-sslv2
Mode
SSL Control
Description
Enable detection of SSLv2. Example
detect-sslv2
Syntax
no detect-sslv2
Mode
SSL Control
Description
Disable detection of SSLv2. Example
no detect-sslv2
Syntax
detect-weak-ciphers
Mode
SSL Control
Description
Enable detection of weak ciphers. Example
detect-weak-ciphers
Syntax
no detect-weak-ciphers
Mode
SSL Control
Description
Disable detection of weak ciphers. Example
no detect-weak-ciphers
Syntax
whitelist
Mode
SSL Control
Description
Enable Whitelist. Example
whitelist
Syntax
no whitelist
Mode
SSL Control
Description
Disable Whitelist. Example
no whitelist
Syntax
detect-self-signed
Mode
SSL Control
Description
Enable detection of Self-Signed Certificates. Example
detect-self-signed
Syntax
no detect-self-signed
Mode
SSL Control
Description
Disable detection of Self-Signed Certificates. Example
no detect-self-signed
Syntax
detect-md5-digest
Mode
SSL Control
Description
Enable detection of MD5 digest. Example
detect-md5-digest
Syntax
no detect-md5-digest
Mode
SSL Control
Description
Disable detection of MD5 digest. Example
no detect-md5-digest
Syntax
detect-expired
Mode
SSL Control
Description
Enable detection of Expired Certificates. Example
detect-expired
Syntax
no detect-expired
Mode
SSL Control
Description
Disable detection of Expired Certificates. Example
no detect-expired
Syntax
untrusted-ca
Mode
SSL Control
Description
Enable detection of Certificate signed by an Untrusted CA. Example
untrusted-ca
Syntax
no untrusted-ca
Mode
SSL Control
Description
Disable detection of Certificate signed by an Untrusted CA. Example
no untrusted-ca
Syntax
blacklist-certificate <BLACKLIST_CERTIFICATE>
Mode
SSL Control
Description
Add entry to blacklist. Options
|
<BLACKLIST_CERTIFICATE>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: certificateName |
Example
blacklist-certificate www.badguys.com
Syntax
no blacklist-certificate <BLACKLIST_CERTIFICATE>
Mode
SSL Control
Description
Delete an entry from blacklist. Options
|
<BLACKLIST_CERTIFICATE>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: certificateName |
Example
no blacklist-certificate www.badguys.com
Syntax
no blacklist-certificates
Mode
SSL Control
Description
Delete all entries from blacklist. Example
no blacklist-certificates
Syntax
whitelist-certificate <WHITELIST_CERTIFICATE>
Mode
SSL Control
Description
Add entry to whitelist. Options
|
<WHITELIST_CERTIFICATE>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: certificateName |
Example
whitelist-certificate www.badguys.com
Syntax
no whitelist-certificate <WHITELIST_CERTIFICATE>
Mode
SSL Control
Description
Delete an entry from whitelist. Options
|
<WHITELIST_CERTIFICATE>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: certificateName |
Example
no whitelist-certificate www.goodguys.com
Syntax
no whitelist-certificates
Mode
SSL Control
Description
Delete all entries from whitelist. Example
no whitelist-certificates
Syntax
show network-monitor policies [ { custom | default } ] [ pending-config ]
Mode
All Modes
Description
Show all Network Monitor Policies. Options
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| pending-config | Show pending configuration changes. |
Example
show network-monitor policies
Syntax
show network-monitor policy <NETMON_NAME> [ pending-config ]
Mode
All Modes
Description
Show Network Monitor Policy. Options
|
<NETMON_NAME>
|
Network monitor name.
Example: Web Services Monitor |
| pending-config | Show pending configuration changes. |
Example
show network-monitor policy "Remote Servers"
Syntax
no network-monitor policy <NETMON_NAME>
Mode
Config
Description
Delete Network Monitor Policy. Options
|
<NETMON_NAME>
|
Network monitor name.
Example: Web Services Monitor |
Example
no network-monitor policy "Remote Servers"
Syntax
no network-monitor policies
Mode
Config
Description
Delete all Network Monitor Policies. Example
no network-monitor policies
Syntax
network-monitor policy <NETMON_NAME>
Mode
Config
Description
Add/Edit a Network Monitor Policy. Options
|
<NETMON_NAME>
|
Network monitor name.
Example: Web Services Monitor |
Example
network-monitor policy "Remote Servers"
Syntax
no probe-target
Mode
Network Monitor Policy
Description
Clear the Probe Targets. Example
no probe-target
Syntax
probe-target { fqdn <ADDR_FQDN> | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_NAME> | range <ADDR_BEGIN> <ADDR_END> }
Mode
Network Monitor Policy
Description
Set the Probe Target(s). Options
| |
|---|
| fqdn | Set the Probe Target to FQDN address. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| group | Set the Probe Target to groupd address object. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Set the Probe Target to host address. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Set the Probe Target to named address object. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| range | Set the Probe Target to range of addresses. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
probe-target name "Remote Target"
Syntax
next-hop { host <ADDR_HOST> | name <ADDR_NAME> }
Mode
Network Monitor Policy
Description
Set the Next Hop Gateway. Options
| |
|---|
| host | Set the Next Hop to host address. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Set the Next Hop to named address object. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
Example
next-hop name "X1 Default Gateway"
Syntax
no next-hop
Mode
Network Monitor Policy
Description
Clear the Next Hop Gateway. Example
no next-hop
Syntax
local-ip { host <ADDR_NETMON_HOST> | name <ADDR_NAME> }
Mode
Network Monitor Policy
Description
Set the Local IP address. Options
| |
|---|
| host | Set the Local IP to host address. |
|
<ADDR_NETMON_HOST>
|
Address Object IPV4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Set the Local IP to named address object. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
Example
local-ip name "X1 IP"
Syntax
no local-ip
Mode
Network Monitor Policy
Description
Clear the Local IP address. Example
no local-ip
Syntax
outbound-interface <IF_NETMON_NAME>
Mode
Network Monitor Policy
Description
Set Outbound Interface. Options
|
<IF_NETMON_NAME>
|
Netmonitor Outbound Interface Name.
Example: X0 |
Example
outbound-interface X2
Syntax
probe-type { ping | ping-explicit | tcp <IPV4_PORT> | tcp-explicit <IPV4_PORT> }
Mode
Network Monitor Policy
Description
Set probe type and probe type for TCP. Options
| |
|---|
| ping | Ping probe. |
| |
|---|
| ping-explicit | Ping probe using explicit route. |
| |
|---|
| tcp | TCP probe |
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
| |
|---|
| tcp-explicit | TCP probe using explicit route. |
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
probe-type tcp-explicit 80
Syntax
probe-interval <UINT16>
Mode
Network Monitor Policy
Description
Set Probe Host Interval. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
probe-interval 5
Syntax
reply-timeout <UINT16>
Mode
Network Monitor Policy
Description
Set Probing Reply Timeout. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
reply-timeout 2
Syntax
missed-intervals <UINT16>
Mode
Network Monitor Policy
Description
Probe state is set to DOWN after specified number of missed intervals. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
missed-intervals 3
Syntax
successful-intervals <UINT16>
Mode
Network Monitor Policy
Description
Probe state is set to UP after specified number of successful intervals. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
successful-intervals 3
Syntax
must-respond
Mode
Network Monitor Policy
Description
Enable All Hosts Must Respond. Example
must-respond
Syntax
no must-respond
Mode
Network Monitor Policy
Description
Disable All Hosts Must Respond. Example
no must-respond
Syntax
comment <WORD>
Mode
Network Monitor Policy
Description
Set Network Monitor Policy Comment. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
comment "Remote Servers"
Syntax
no comment
Mode
Network Monitor Policy
Description
Clear Network Monitor Policy Comment. Example
no comment
Syntax
show time [ pending-config ]
Mode
All Modes
Description
Show Time settings or NTP setttings. Options
| pending-config | Show pending configuration changes. |
Example
show time
Syntax
time
Mode
Config
Description
Enter Time Configuration Mode. Example
time
Syntax
time <TIME_HHMMSS>
Mode
Time
Description
Specify time. Options
|
<TIME_HHMMSS>
|
Time in the form: DD:DD:DD.
Example: 12:00:00 |
Example
time 12:30:59
Syntax
date <DATE_YYYYMMDD>
Mode
Time
Description
Specify date. Options
|
<DATE_YYYYMMDD>
|
Date in the form: YYYY:MM:DD.
Example: 2010:06:31 |
Example
date 2010:06:31
Syntax
time-zone <TIME_ZONE>
Mode
Time
Description
Specify timezone. Options
|
<TIME_ZONE>
|
Time Zone.
Example: pacific-time |
Example
timezone UTC+7:00
Syntax
use-ntp
Mode
Time
Description
Enable use of NTP Servers to obtain time. Example
use-ntp
Syntax
no use-ntp
Mode
Time
Description
Disable use of NTP Servers to obtain time. Example
no use-ntp
Syntax
daylight-savings
Mode
Time
Description
Enable automatic adjustment of clock for daylight saving time. Example
daylight-savings
Syntax
no daylight-savings
Mode
Time
Description
Disable automatic adjustment of clock for daylight saving time. Example
no daylight-savings
Syntax
universal
Mode
Time
Description
Enable display of UTC in logs (instead of local time). Example
universal
Syntax
no universal
Mode
Time
Description
Disable display of UTC in logs (instead of local time). Example
no universal
Syntax
international-format
Mode
Time
Description
Enable display of date in International format. Example
international-format
Syntax
no international-format
Mode
Time
Description
Disable display of date in International format. Example
no international-format
Syntax
only-custom-ntp
Mode
Time
Description
Enable only use custom NTP servers. Example
only-custom-ntp
Syntax
no only-custom-ntp
Mode
Time
Description
Disable only use custom NTP servers. Example
no only-custom-ntp
Syntax
ntp-server <NTP_SERVER> [ md5 trust-key-no <UINT16> key-number <UINT16> password <WORD> | no-auth ]
Mode
Time
Description
Add a server to the NTP server list. Options
|
<NTP_SERVER>
|
NTP Custom Server in the form: hostname OR a.b.c.d.
Example: example.com |
| |
|---|
| md5 | NTP server uses MD5 authentication. |
| trust-key-no | Trust key. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
| key-number | Key number. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
| password | Password |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| no-auth | NTP server doesn't require authentication. |
Example
ntp-server 192.168.168.160 no-auth
Syntax
no ntp-server <NTP_SERVER>
Mode
Time
Description
Remove a server from the NTP server list. Options
|
<NTP_SERVER>
|
NTP Custom Server in the form: hostname OR a.b.c.d.
Example: example.com |
Example
no ntp-server 192.168.168.160
Syntax
no ntp-servers
Mode
Time
Description
Remove all servers from the NTP server list. Example
no ntp-servers
Syntax
ntp-update-interval <UINT16>
Mode
Time
Description
Set the NTP Update Interval. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
ntp-update-interval 123
Syntax
schedule <SCHED_NAME>
Mode
Config
Description
Add/Edit a Schedule. Options
|
<SCHED_NAME>
|
Schedule object name.
Example: Work Hours |
Example
schedule "Contract Schedule"
Syntax
no schedule <SCHED_NAME>
Mode
Config
Description
Delete a schedule. Options
|
<SCHED_NAME>
|
Schedule object name.
Example: Work Hours |
Example
no schedule "Maintenance Schedule"
Syntax
no schedules
Mode
Config
Description
Delete all custom schedules. Example
no schedules
Syntax
name <WORD>
Mode
Schedule
Description
Schedule Object name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name "Contract Schedule"
Syntax
occurs { mixed | once | recurring }
Mode
Schedule
Description
Set Schedule occurance. Options
| |
|---|
| mixed | Set for both recurring schedule and single occurrence. |
| |
|---|
| once | Set for single occurance. |
| |
|---|
| recurring | Set for recurring schedule. |
Example
occurs recurring
Syntax
event <TIME_YYYYMMDDHHMMSS> <TIME_YYYYMMDDHHMMSS>
Mode
One Time Schedule
Mixed Schedule
Description
Enter the start and end date and time of a one time event.
Options
|
<TIME_YYYYMMDDHHMMSS>
|
Timestamp in the form: YYYY:MM:DD:HH:MM:SS.
Example: 2010:06:31:23:30:59 |
|
<TIME_YYYYMMDDHHMMSS>
|
Timestamp in the form: YYYY:MM:DD:HH:MM:SS.
Example: 2010:06:31:23:30:59 |
Example
event 2010:06:01:00:00:00 2010:06:02:00:00:00
Syntax
recurring <TIME_HHMM> <TIME_HHMM> { { [ sun ] [ mon ] [ tue ] [ wed ] [ thu ] [ fri ] [ sat ] } | all }
Mode
Mixed Schedule
Recurring Schedule
Description
Add to the list of applicable days and start and stop time of the schedule.
Options
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
| |
|---|
| sun | Day of the week. |
| mon | Day of the week. |
| tue | Day of the week. |
| wed | Day of the week. |
| thu | Day of the week. |
| fri | Day of the week. |
| sat | Day of the week. |
| |
|---|
| all | Everyday. |
Example
recurring 12:00 18:00 mon tue wed thu fri
Syntax
no recurring <TIME_HHMM> <TIME_HHMM> { { [ sun ] [ mon ] [ tue ] [ wed ] [ thu ] [ fri ] [ sat ] } | all }
Mode
Mixed Schedule
Recurring Schedule
Description
Remove from the schedule an entry by specifying applicable days and start and stop time.
Options
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
| |
|---|
| sun | Day of the week. |
| mon | Day of the week. |
| tue | Day of the week. |
| wed | Day of the week. |
| thu | Day of the week. |
| fri | Day of the week. |
| sat | Day of the week. |
| |
|---|
| all | Everyday. |
Example
no recurring 12:00 18:00 mon tue wed thu fri
Syntax
show schedules [ all | mixed | once | recurring ] [ { custom | default } ] [ pending-config ]
Mode
All Modes
Description
Show all Schedule Objects. Options
| |
|---|
| all | Show all Schedule Objects. |
| |
|---|
| mixed | Show all Schedule Objects set for both recurring schedule and single occurrence. |
| |
|---|
| once | Show all Schedule Objects set for single occurance. |
| |
|---|
| recurring | Show all Schedule Objects set for recurring. |
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| pending-config | Show pending configuration changes. |
Example
show schedules
Syntax
show schedule <SCHED_NAME> [ pending-config ]
Mode
All Modes
Description
Show a Schedule Object. Options
|
<SCHED_NAME>
|
Schedule object name.
Example: Work Hours |
| pending-config | Show pending configuration changes. |
Example
show schedule "Work Hours"
Syntax
show voip [ call-status | pending-config ]
Mode
All Modes
Description
Show VoIP status or configuration. Options
| |
|---|
| call-status | Show VoIP Call Status. |
| |
|---|
| pending-config | Show pending configuration changes. |
Example
show voip
Syntax
voip
Mode
Config
Description
Enter VoIP Configuration Mode. Example
voip
Syntax
flush-all
Mode
VOIP
Description
Flush all VoIP Call Entry. Example
flush-all
Syntax
consistent-nat
Mode
VOIP
Description
Enable Consistent Nat. Example
consistent-nat
Syntax
no consistent-nat
Mode
VOIP
Description
Disable Consistent Nat. Example
no consistent-nat
Syntax
sip
Mode
VOIP
Description
Enable SIP Transformations and enter its Configuration Mode. Example
sip
Syntax
no sip
Mode
VOIP
Description
Disable SIP Transformations. Example
no sip
Syntax
h323
Mode
VOIP
Description
Enable H323 Transformations and enter its Configuration Mode. Example
h323
Syntax
no h323
Mode
VOIP
Description
Disable H323 Transformations. Example
no h323
Syntax
non-sip-packets
Mode
SIP
Description
Enable Permit non-SIP packets on signaling port. Example
non-sip-packets
Syntax
no non-sip-packets
Mode
SIP
Description
Disable Permit non-SIP packets on signaling port. Example
no non-sip-packets
Syntax
b2bua-support
Mode
SIP
Description
Enable SIP Back-to-Back User Agent (B2BUA) support. Example
b2bua-support
Syntax
no b2bua-support
Mode
SIP
Description
Disable SIP Back-to-Back User Agent (B2BUA) support. Example
no b2bua-support
Syntax
signaling-timeout <UINT32>
Mode
SIP
Description
Set SIP Signaling inactivity time out (seconds). Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
signaling-timeout 1800
Syntax
media-timeout <UINT16>
Mode
SIP
Description
Set SIP Media inactivity time out (seconds). Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
media-timeout 120
Syntax
no signaling-port
Mode
SIP
Description
Clear Additional SIP signaling port (UDP) for transformations. Example
no signaling-port
Syntax
signaling-port <UINT16>
Mode
SIP
Description
Set Additional SIP signaling port (UDP) for transformations. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
signaling-port 45060
Syntax
only-gatekeeper-calls
Mode
H323
Description
Enable only accept incoming calls from Gatekeeper. Example
only-gatekeeper-calls
Syntax
no only-gatekeeper-calls
Mode
H323
Description
Disable only accept incoming calls from Gatekeeper. Example
no only-gatekeeper-calls
Syntax
inactivity-timeout <UINT32>
Mode
H323
Description
Set H.323 Signaling/Media inactivity time out (seconds). Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
inactivity-timeout 300
Syntax
no gatekeeper-ip
Mode
H323
Description
Clear Default WAN/DMZ Gatekeeper IP address. Example
no gatekeeper-ip
Syntax
gatekeeper-ip <IPV4_HOST>
Mode
H323
Description
Set Default WAN/DMZ Gatekeeper IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
gatekeeper-ip 172.16.10.10
Syntax
show service-objects [ ah | all | eigrp | esp | gre | icmp | igmp | l2tp | ospf | pimsm | tcp | udp ] [ { custom | default } ] [ pending-config ]
Mode
All Modes
Description
Show all Service Objects. Options
| |
|---|
| ah | Show AH Service Objects. |
| |
|---|
| all | Show all Service Objects. |
| |
|---|
| eigrp | Show EIGRP Service Objects. |
| |
|---|
| esp | Show ESP Service Objects. |
| |
|---|
| gre | Show GRE Service Objects. |
| |
|---|
| icmp | Show ICMP Service Objects. |
| |
|---|
| igmp | Show IGMP Service Objects. |
| |
|---|
| l2tp | Show L2TP Service Objects. |
| |
|---|
| ospf | Show OSPF Service Objects. |
| |
|---|
| pimsm | Show PIMSM Service Objects. |
| |
|---|
| tcp | Show TCP Service Objects. |
| |
|---|
| udp | Show UDP Service Objects. |
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| pending-config | Show pending configuration changes. |
Example
show service-objects
Syntax
show service-object <SVC_NAME> [ pending-config ]
Mode
All Modes
Description
Show Service Object. Options
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| pending-config | Show pending configuration changes. |
Example
show service-object "Corp Servers"
Syntax
show service-groups [ pending-config ]
Mode
All Modes
Description
Show all Service Groups. Options
| pending-config | Show pending configuration changes. |
Example
show service-groups
Syntax
show service-group <SVC_GROUP_NAME> [ pending-config ]
Mode
All Modes
Description
Show Service Group. Options
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| pending-config | Show pending configuration changes. |
Example
show service-group "Citrix"
Syntax
no service-object <SVC_NAME>
Mode
Config
Description
Delete a Service Object. Options
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
Example
no service-object "Corp Email Server"
Syntax
no service-objects
Mode
Config
Description
Delete all custom Service Objects. Example
no service-objects
Syntax
service-object <SVC_NAME> [ 6over4 | ah | custom <UINT32> | eigrp | esp | gre | icmp { { { address-mask-reply | address-mask-request | datagram-error | destination-unreachable | domain-name | domain-name-reply | echo-reply | echo-request | info-reply | info-request | none | parameter-problem | redirect | router-advertise | router-solicit | source-quench | time-exceeded | timestamp | timestamp-reply | traceroute } } } | igmp { { { leave-group | member-query | none | v1-member-report | v2-member-report | v3-member-report } } } | l2tp | ospf { { { database-description | hello | link-state-acknowledge | link-state-request | link-state-update | none } } } | pimsm { { { assert | bootstrap | candidate-rp | hello | join-prune | none | register | register-stop } } } | tcp <SVC_PORT_BEGIN> <SVC_PORT_END> | udp <SVC_PORT_BEGIN> <SVC_PORT_END> ]
Mode
Config
Description
Add/Edit Firewall and Service Object and Enter Configuration Mode. Options
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| 6over4 | Service Object 6OVER4. |
| |
|---|
| ah | Service Object AH. |
| |
|---|
| custom | Custom Service Object. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| |
|---|
| eigrp | Service Object EIGRP. |
| |
|---|
| esp | Service Object ESP. |
| |
|---|
| gre | Service Object GRE. |
| |
|---|
| icmp | Service Object ICMP. |
| |
|---|
| address-mask-reply | ICMP with sub-type of address mask reply. |
| |
|---|
| address-mask-request | ICMP with sub-type of address mask request. |
| |
|---|
| datagram-error | ICMP with sub-type of datagram error. |
| |
|---|
| destination-unreachable | ICMP with sub-type of destination unreachable. |
| |
|---|
| domain-name | ICMP with sub-type of domain name. |
| |
|---|
| domain-name-reply | ICMP with sub-type of domain name reply. |
| |
|---|
| echo-reply | ICMP with sub-type of echo reply. |
| |
|---|
| echo-request | ICMP with sub-type of echo request. |
| |
|---|
| info-reply | ICMP with sub-type of info reply. |
| |
|---|
| info-request | ICMP with sub-type of info request. |
| |
|---|
| none | ICMP with sub-type of none. |
| |
|---|
| parameter-problem | ICMP with sub-type of parameter problem. |
| |
|---|
| redirect | ICMP with sub-type of redirect. |
| |
|---|
| router-advertise | ICMP with sub-type of router advertise. |
| |
|---|
| router-solicit | ICMP with sub-type of router solicit. |
| |
|---|
| source-quench | ICMP with sub-type of source quench. |
| |
|---|
| time-exceeded | ICMP with sub-type of time exceeded. |
| |
|---|
| timestamp | ICMP with sub-type of timestamp. |
| |
|---|
| timestamp-reply | ICMP with sub-type of timestamp reply. |
| |
|---|
| traceroute | ICMP with sub-type of traceroute. |
| |
|---|
| igmp | Service Object IGMP. |
| |
|---|
| leave-group | IGMP with sub-type of leave group. |
| |
|---|
| member-query | IGMP with sub-type of member query. |
| |
|---|
| none | IGMP with sub-type of none. |
| |
|---|
| v1-member-report | IGMP with sub-type of v1 member report. |
| |
|---|
| v2-member-report | IGMP with sub-type of v2 member report. |
| |
|---|
| v3-member-report | IGMP with sub-type of v3 member report. |
| |
|---|
| l2tp | Service Object L2TP. |
| |
|---|
| ospf | Service Object OSPF. |
| |
|---|
| database-description | OSPF with sub-type of database description. |
| |
|---|
| hello | OSPF with sub-type of hello. |
| |
|---|
| link-state-acknowledge | OSPF with sub-type of link state acknowledge. |
| |
|---|
| link-state-request | OSPF with sub-type of link state request. |
| |
|---|
| link-state-update | OSPF with sub-type of link state update. |
| |
|---|
| none | OSPF with sub-type of none. |
| |
|---|
| pimsm | Service Object PIMSM. |
| |
|---|
| assert | PIMSM with sub-type of assert. |
| |
|---|
| bootstrap | PIMSM with sub-type of bootstrap. |
| |
|---|
| candidate-rp | PIMSM with sub-type of candidate rp. |
| |
|---|
| hello | PIMSM with sub-type of hello. |
| |
|---|
| join-prune | PIMSM with sub-type of join/prune. |
| |
|---|
| none | PIMSM with sub-type of none. |
| |
|---|
| register | PIMSM with sub-type of register. |
| |
|---|
| register-stop | PIMSM with sub-type of register stop. |
| |
|---|
| tcp | Service Object TCP. |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
| |
|---|
| udp | Service Object UDP. |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
Example
service-object "Web Server" TCP 80 80
Syntax
no service-group <SVC_GROUP_NAME>
Mode
Config
Description
Delete a Service Group. Options
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
Example
no service-group "Corporate Servers"
Syntax
no service-groups
Mode
Config
Description
Delete all custom Service Groups. Example
no service-groups
Syntax
service-group <SVC_GROUP_NAME>
Mode
Config
Description
Add/Edit Service Group and Enter Configuration Mode. Options
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
Example
service-group "Corporate Servers"
Syntax
name <WORD>
Mode
Service Object
Description
Set Service Object name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name "Corp Email Server "
Syntax
custom <UINT32>
Mode
Service Object
Description
Set Service Object as Custom and specify. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
custom ipx
Syntax
icmp { { { address-mask-reply | address-mask-request | datagram-error | destination-unreachable | domain-name | domain-name-reply | echo-reply | echo-request | info-reply | info-request | none | parameter-problem | redirect | router-advertise | router-solicit | source-quench | time-exceeded | timestamp | timestamp-reply | traceroute } } }
Mode
Service Object
Description
Set Service Object as ICMP and specify sub type. Options
| |
|---|
| address-mask-reply | ICMP with sub-type of address mask reply. |
| |
|---|
| address-mask-request | ICMP with sub-type of address mask request. |
| |
|---|
| datagram-error | ICMP with sub-type of datagram error. |
| |
|---|
| destination-unreachable | ICMP with sub-type of destination unreachable. |
| |
|---|
| domain-name | ICMP with sub-type of domain name. |
| |
|---|
| domain-name-reply | ICMP with sub-type of domain name reply. |
| |
|---|
| echo-reply | ICMP with sub-type of echo reply. |
| |
|---|
| echo-request | ICMP with sub-type of echo request. |
| |
|---|
| info-reply | ICMP with sub-type of info reply. |
| |
|---|
| info-request | ICMP with sub-type of info request. |
| |
|---|
| none | ICMP with sub-type of none. |
| |
|---|
| parameter-problem | ICMP with sub-type of parameter problem. |
| |
|---|
| redirect | ICMP with sub-type of redirect. |
| |
|---|
| router-advertise | ICMP with sub-type of router advertise. |
| |
|---|
| router-solicit | ICMP with sub-type of router solicit. |
| |
|---|
| source-quench | ICMP with sub-type of source quench. |
| |
|---|
| time-exceeded | ICMP with sub-type of time exceeded. |
| |
|---|
| timestamp | ICMP with sub-type of timestamp. |
| |
|---|
| timestamp-reply | ICMP with sub-type of timestamp reply. |
| |
|---|
| traceroute | ICMP with sub-type of traceroute. |
Example
icmp echo-reply
Syntax
igmp { { { leave-group | member-query | none | v1-member-report | v2-member-report | v3-member-report } } }
Mode
Service Object
Description
Set Service Object as IGMP and specify sub type. Options
| |
|---|
| leave-group | IGMP with sub-type of leave group. |
| |
|---|
| member-query | IGMP with sub-type of member query. |
| |
|---|
| none | IGMP with sub-type of none. |
| |
|---|
| v1-member-report | IGMP with sub-type of v1 member report. |
| |
|---|
| v2-member-report | IGMP with sub-type of v2 member report. |
| |
|---|
| v3-member-report | IGMP with sub-type of v3 member report. |
Example
igmp member-query
Syntax
tcp <SVC_PORT_BEGIN> <SVC_PORT_END>
Mode
Service Object
Description
Set Service Object as TCP. Options
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
Example
tcp 1 80
Syntax
udp <SVC_PORT_BEGIN> <SVC_PORT_END>
Mode
Service Object
Description
Set Service Object as UDP. Options
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
Example
udp 1 80
Syntax
6over4
Mode
Service Object
Description
Set Service Object as 6OVER4. Example
6over4
Syntax
gre
Mode
Service Object
Description
Set Service Object as GRE. Example
gre
Syntax
esp
Mode
Service Object
Description
Set Service Object as ESP. Example
esp
Syntax
ah
Mode
Service Object
Description
Set Service Object as AH. Example
ah
Syntax
eigrp
Mode
Service Object
Description
Set Service Object as EIGRP. Example
eigrp
Syntax
ospf { { { database-description | hello | link-state-acknowledge | link-state-request | link-state-update | none } } }
Mode
Service Object
Description
Set Service Object as OSPF and specify sub type. Options
| |
|---|
| database-description | OSPF with sub-type of database description. |
| |
|---|
| hello | OSPF with sub-type of hello. |
| |
|---|
| link-state-acknowledge | OSPF with sub-type of link state acknowledge. |
| |
|---|
| link-state-request | OSPF with sub-type of link state request. |
| |
|---|
| link-state-update | OSPF with sub-type of link state update. |
| |
|---|
| none | OSPF with sub-type of none. |
Example
ospf hello
Syntax
pimsm { { { assert | bootstrap | candidate-rp | hello | join-prune | none | register | register-stop } } }
Mode
Service Object
Description
Set Service Object as PIMSM and specify sub type. Options
| |
|---|
| assert | PIMSM with sub-type of assert. |
| |
|---|
| bootstrap | PIMSM with sub-type of bootstrap. |
| |
|---|
| candidate-rp | PIMSM with sub-type of candidate rp. |
| |
|---|
| hello | PIMSM with sub-type of hello. |
| |
|---|
| join-prune | PIMSM with sub-type of join/prune. |
| |
|---|
| none | PIMSM with sub-type of none. |
| |
|---|
| register | PIMSM with sub-type of register. |
| |
|---|
| register-stop | PIMSM with sub-type of register stop. |
Example
pimsm none
Syntax
l2tp
Mode
Service Object
Description
Set Service Object as L2TP. Example
l2tp
Syntax
name <WORD>
Mode
Service Group
Description
Set Service Group name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name "Corporate Servers "
Syntax
no service-object <SVC_NAME>
Mode
Service Group
Description
Remove Service Object from Group. Options
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
Example
no service-object "Corp Email Server"
Syntax
service-object <SVC_NAME>
Mode
Service Group
Description
Assign Service Object to Group. Options
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
Example
service-object "Corp Email Server"
Syntax
no service-group <SVC_GROUP_NAME>
Mode
Service Group
Description
Remove Service Group from Group. Options
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
Example
no service-group "Corp Web Servers"
Syntax
service-group <SVC_GROUP_NAME>
Mode
Service Group
Description
Assign Service Group to Group. Options
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
Example
service-group "Corp Web Servers"
Syntax
show access-rule from <ACCESS_RULE_ZONE_NAME> to <ACCESS_RULE_ZONE_NAME> action { { allow | deny | discard } } [ source { { any | fqdn <ADDR_FQDN> | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | mac <ADDR_MAC> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ destination { { any | fqdn <ADDR_FQDN> | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | mac <ADDR_MAC> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ service { { any | group <SVC_GROUP_NAME> | name <SVC_NAME> | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } } ] [ schedule { { always-on | days <SCHED_DAYS> time <SCHED_TIME_BEGIN> <SCHED_TIME_END> | name <SCHED_NAME> } } ] [ pending-config ]
Mode
All Modes
Description
Show an access rule. Options
|
<ACCESS_RULE_ZONE_NAME>
|
Zone object name.
Example: LAN |
| to | Destination Zone. |
|
<ACCESS_RULE_ZONE_NAME>
|
Zone object name.
Example: LAN |
| action | Set the action for this access rule. |
| |
|---|
| allow | Allow traffic matching the criteria. |
| |
|---|
| deny | Deny traffic matching the criteria. |
| |
|---|
| discard | Discard traffic matching the criteria. |
| source | Source. |
| |
|---|
| any | Any address. |
| |
|---|
| fqdn | Address Object Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| group | Address Group Name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| mac | Address Object Mac. |
|
<ADDR_MAC>
|
Address Object MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
| |
|---|
| name | Address Object Name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| destination | Destination. |
| |
|---|
| any | Any address. |
| |
|---|
| fqdn | Address Object Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| group | Address Group Name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| mac | Address Object Mac. |
|
<ADDR_MAC>
|
Address Object MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
| |
|---|
| name | Address Object Name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| service | Service. |
| |
|---|
| any | Any service. |
| |
|---|
| group | Service Group name. |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name. |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| protocol | Service Object protocol. |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
| schedule | Schedule. |
| |
|---|
| always-on | Always on. |
| |
|---|
| days | Schedule Object days. |
|
<SCHED_DAYS>
|
Days of the week in the form: SU-M-T-W-TH-F-SA.
Example: SU-M-TH-SA |
| time | Schedule Object beginning/ending time. |
|
<SCHED_TIME_BEGIN>
|
Time in the form: hh:mm.
Example: 23:59 |
|
<SCHED_TIME_END>
|
Time in the form: hh:mm.
Example: 23:59 |
| |
|---|
| name | Schedule Object name. |
|
<SCHED_NAME>
|
Schedule object name.
Example: Work Hours |
| pending-config | Show pending configuration changes. |
Syntax
show access-rule id <UINT32>
Mode
All Modes
Description
Show an access rule for associated id. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
show access-rule id 3
Syntax
show access-rules [ from <ACCESS_RULE_ZONE_NAME> to <ACCESS_RULE_ZONE_NAME> ] [ { custom | default } ] [ pending-config ]
Mode
All Modes
Description
Show all access rules. Options
| from | Source Zone. |
|
<ACCESS_RULE_ZONE_NAME>
|
Zone object name.
Example: LAN |
| to | Destination Zone. |
|
<ACCESS_RULE_ZONE_NAME>
|
Zone object name.
Example: LAN |
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| pending-config | Show pending configuration changes. |
Example
show access-rules
show access-rules from * to WAN
show access-rules from DMZ to WAN
Syntax
no access-rule from <ACCESS_RULE_ZONE_NAME> to <ACCESS_RULE_ZONE_NAME> action { { allow | deny | discard } } [ source { { any | fqdn <ADDR_FQDN> | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | mac <ADDR_MAC> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ destination { { any | fqdn <ADDR_FQDN> | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | mac <ADDR_MAC> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ service { { any | group <SVC_GROUP_NAME> | name <SVC_NAME> | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } } ] [ schedule { { always-on | days <SCHED_DAYS> time <SCHED_TIME_BEGIN> <SCHED_TIME_END> | name <SCHED_NAME> } } ]
Mode
Config
Description
Delete Firewall Access Rule Policy. Options
|
<ACCESS_RULE_ZONE_NAME>
|
Zone object name.
Example: LAN |
| to | Destination Zone. |
|
<ACCESS_RULE_ZONE_NAME>
|
Zone object name.
Example: LAN |
| action | Set the action for this access rule. |
| |
|---|
| allow | Allow traffic matching the criteria. |
| |
|---|
| deny | Deny traffic matching the criteria. |
| |
|---|
| discard | Discard traffic matching the criteria. |
| source | Source. |
| |
|---|
| any | Any address. |
| |
|---|
| fqdn | Address Object Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| group | Address Group Name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| mac | Address Object Mac. |
|
<ADDR_MAC>
|
Address Object MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
| |
|---|
| name | Address Object Name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| destination | Destination. |
| |
|---|
| any | Any address. |
| |
|---|
| fqdn | Address Object Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| group | Address Group Name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| mac | Address Object Mac. |
|
<ADDR_MAC>
|
Address Object MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
| |
|---|
| name | Address Object Name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| service | Service. |
| |
|---|
| any | Any service. |
| |
|---|
| group | Service Group name. |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name. |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| protocol | Service Object protocol. |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
| schedule | Schedule. |
| |
|---|
| always-on | Always on. |
| |
|---|
| days | Schedule Object days. |
|
<SCHED_DAYS>
|
Days of the week in the form: SU-M-T-W-TH-F-SA.
Example: SU-M-TH-SA |
| time | Schedule Object beginning/ending time. |
|
<SCHED_TIME_BEGIN>
|
Time in the form: hh:mm.
Example: 23:59 |
|
<SCHED_TIME_END>
|
Time in the form: hh:mm.
Example: 23:59 |
| |
|---|
| name | Schedule Object name. |
|
<SCHED_NAME>
|
Schedule object name.
Example: Work Hours |
Syntax
no access-rule id <UINT32>
Mode
Config
Description
Delete firewall access rule policy by id. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
no access-rule id 25
Syntax
no access-rule statistics
Mode
Config
Description
Clear Firewall Access Rule statistics.
Syntax
access-rule from <ACCESS_RULE_ZONE_NAME> to <ACCESS_RULE_ZONE_NAME> action { { allow | deny | discard } } [ source { { any | fqdn <ADDR_FQDN> | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | mac <ADDR_MAC> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ destination { { any | fqdn <ADDR_FQDN> | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | mac <ADDR_MAC> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } } ] [ service { { any | group <SVC_GROUP_NAME> | name <SVC_NAME> | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } } ] [ schedule { { always-on | days <SCHED_DAYS> time <SCHED_TIME_BEGIN> <SCHED_TIME_END> | name <SCHED_NAME> } } ]
Mode
Config
Description
Add/Edit firewall access rule and enter configuration mode. Options
|
<ACCESS_RULE_ZONE_NAME>
|
Zone object name.
Example: LAN |
| to | Destination Zone. |
|
<ACCESS_RULE_ZONE_NAME>
|
Zone object name.
Example: LAN |
| action | Set the action for this access rule. |
| |
|---|
| allow | Allow traffic matching the criteria. |
| |
|---|
| deny | Deny traffic matching the criteria. |
| |
|---|
| discard | Discard traffic matching the criteria. |
| source | Source. |
| |
|---|
| any | Any address. |
| |
|---|
| fqdn | Address Object Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| group | Address Group Name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| mac | Address Object Mac. |
|
<ADDR_MAC>
|
Address Object MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
| |
|---|
| name | Address Object Name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| destination | Destination. |
| |
|---|
| any | Any address. |
| |
|---|
| fqdn | Address Object Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| group | Address Group Name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| mac | Address Object Mac. |
|
<ADDR_MAC>
|
Address Object MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
| |
|---|
| name | Address Object Name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| service | Service. |
| |
|---|
| any | Any service. |
| |
|---|
| group | Service Group name. |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name. |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| protocol | Service Object protocol. |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
| schedule | Schedule. |
| |
|---|
| always-on | Always on. |
| |
|---|
| days | Schedule Object days. |
|
<SCHED_DAYS>
|
Days of the week in the form: SU-M-T-W-TH-F-SA.
Example: SU-M-TH-SA |
| time | Schedule Object beginning/ending time. |
|
<SCHED_TIME_BEGIN>
|
Time in the form: hh:mm.
Example: 23:59 |
|
<SCHED_TIME_END>
|
Time in the form: hh:mm.
Example: 23:59 |
| |
|---|
| name | Schedule Object name. |
|
<SCHED_NAME>
|
Schedule object name.
Example: Work Hours |
Syntax
access-rule id <UINT32>
Mode
Config
Description
Edit firewall access rule by id and enter configuration mode. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
access-rule id 3
Syntax
access-rule restore-defaults [ from <ACCESS_RULE_ZONE_NAME> to <ACCESS_RULE_ZONE_NAME> ]
Mode
Config
Description
Restore Firewall Access Rules to default settings. Options
| from | From zone. |
|
<ACCESS_RULE_ZONE_NAME>
|
Zone object name.
Example: LAN |
| to | To zone. |
|
<ACCESS_RULE_ZONE_NAME>
|
Zone object name.
Example: LAN |
Syntax
id <UINT32>
Mode
Access Rule
Description
Access Policy table id. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
id 57
Syntax
from <ACCESS_RULE_ZONE_NAME>
Mode
Access Rule
Description
Specify a source Zone for this Access Policy. Options
|
<ACCESS_RULE_ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
from LAN
Syntax
to <ACCESS_RULE_ZONE_NAME>
Mode
Access Rule
Description
Specify a destination Zone for this Access Policy. Options
|
<ACCESS_RULE_ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
to LAN
Syntax
action { { allow | deny | discard } }
Mode
Access Rule
Description
Set the action for this access rule. Options
| |
|---|
| allow | Allow traffic matching the criteria. |
| |
|---|
| deny | Deny traffic matching the criteria. |
| |
|---|
| discard | Discard traffic matching the criteria. |
Example
action allow
Syntax
max-connections <UINT8>
Mode
Access Rule
Description
Set the number of connections allowed (% maxiumum connections). Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
max-connections 50
Syntax
tcp timeout <UINT32>
Mode
Access Rule
Description
Set the TCP Connection Inactivity Timeout (seconds). Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
tcp timeout 15
Syntax
udp timeout <UINT32>
Mode
Access Rule
Description
Set the UPD Connection Inactivity Timeout (seconds). Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
udp timeout 30
Syntax
allow-fragments
Mode
Access Rule
Description
Enable fragmented packets on this access rule. Example
allow-fragments
Syntax
no allow-fragments
Mode
Access Rule
Description
Disable fragmented packets on this access rule. Example
no allow-fragments
Syntax
comment <WORD>
Mode
Access Rule
Description
Specify a comment for this Access Policy. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
comment "Access Rule to allow IT to access servers"
Syntax
no comment
Mode
Access Rule
Description
Clear a comment for this Access Policy. Example
no comment
Syntax
connection-limit destination [ threshold <UINT16> ]
Mode
Access Rule
Description
Enable connection limit for each destination IP address. Options
| threshold | Set the destination IP address connection limit threshold. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
connection-limit destination threshold 128
Syntax
no connection-limit destination
Mode
Access Rule
Description
Disable connection limit for each destination IP address. Example
no connection-limit destination
Syntax
connection-limit source [ threshold <UINT16> ]
Mode
Access Rule
Description
Enable connection limit for each source IP address. Options
| threshold | Set the source IP address connection limit threshold. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
connection-limit source threshold 128
Syntax
no connection-limit source
Mode
Access Rule
Description
Disable connection limit for each source IP address. Example
no connection-limit source
Syntax
destination { { any | fqdn <ADDR_FQDN> | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | mac <ADDR_MAC> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } }
Mode
Access Rule
Description
Specify a destination for this Access Policy. Options
| |
|---|
| any | Any address. |
| |
|---|
| fqdn | Address Object Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| group | Address Group Name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| mac | Address Object Mac. |
|
<ADDR_MAC>
|
Address Object MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
| |
|---|
| name | Address Object Name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
destination name "Corporate Servers"
Syntax
enable
Mode
Access Rule
Description
Enable this access rule. Example
enable
Syntax
no enable
Mode
Access Rule
Description
Disable this access rule. Example
no enable
Syntax
logging
Mode
Access Rule
Description
Enable logging when this access rule is used. Example
logging
Syntax
no logging
Mode
Access Rule
Description
Disable logging when this access rule is used. Example
no logging
Syntax
allow-management
Mode
Access Rule
Description
Enable allow management traffic. Example
allow-management
Syntax
no allow-management
Mode
Access Rule
Description
Disable allow management traffic. Example
no allow-management
Syntax
single-sign-on
Mode
Access Rule
Description
Invoke Single Sign On to authenticate users. Example
single-sign-on
Syntax
no single-sign-on
Mode
Access Rule
Description
Don't invoke Single Sign On to authenticate users. Example
no single-sign-on
Syntax
quality-of-service class-of-service { explicit { { background | best-effort | controlled-load | excellent-effort | network-control | spare | video | voice } } | map | none | preserve }
Mode
Access Rule
Description
Set 802.1p marking action. Options
| |
|---|
| explicit | Set explicit marking. |
| |
|---|
| background | Background. |
| |
|---|
| best-effort | Best effort. |
| |
|---|
| controlled-load | Controlled load. |
| |
|---|
| excellent-effort | Excellent effort. |
| |
|---|
| network-control | Network control. |
| |
|---|
| spare | Spare. |
| |
|---|
| video | Video (<100ms latency). |
| |
|---|
| voice | Voice (<100ms latency). |
| |
|---|
| map | Map marking. |
| |
|---|
| none | No marking. |
| |
|---|
| preserve | Preserve marking. |
Example
quality-of-service class-of-service preserve
Syntax
quality-of-service dscp { explicit <UINT8> | map [ { cos-override | disable-cos-override } ] | none | preserve }
Mode
Access Rule
Description
Set DSCP marking action. Options
| |
|---|
| explicit | Set explicit marking. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
| |
|---|
| map | Map marking. |
| |
|---|
| cos-override | Allow 802.1p marking to override DSCP values. |
| |
|---|
| disable-cos-override | Disable allowing of 802.1p marking to override DSCP values.. |
| |
|---|
| none | No marking. |
| |
|---|
| preserve | Preserve marking. |
Example
quality-of-service dscp preserve
Syntax
reflexive
Mode
Access Rule
Description
Configure a reflexive rule. Example
reflexive
Syntax
no reflexive
Mode
Access Rule
Description
Disable configuration of a reflexive rule. Example
no reflexive
Syntax
schedule { { always-on | days <SCHED_DAYS> time <SCHED_TIME_BEGIN> <SCHED_TIME_END> | name <SCHED_NAME> } }
Mode
Access Rule
Description
Specify a schedule for this Access Policy. Options
| |
|---|
| always-on | Always on. |
| |
|---|
| days | Schedule Object days. |
|
<SCHED_DAYS>
|
Days of the week in the form: SU-M-T-W-TH-F-SA.
Example: SU-M-TH-SA |
| time | Schedule Object beginning/ending time. |
|
<SCHED_TIME_BEGIN>
|
Time in the form: hh:mm.
Example: 23:59 |
|
<SCHED_TIME_END>
|
Time in the form: hh:mm.
Example: 23:59 |
| |
|---|
| name | Schedule Object name. |
|
<SCHED_NAME>
|
Schedule object name.
Example: Work Hours |
Example
schedule name "IT Maintenance"
Syntax
service { { any | group <SVC_GROUP_NAME> | name <SVC_NAME> | protocol <SVC_PROTOCOL> <SVC_PORT_BEGIN> <SVC_PORT_END> } }
Mode
Access Rule
Description
Specify a service for this Access Policy. Options
| |
|---|
| any | Any service. |
| |
|---|
| group | Service Group name. |
|
<SVC_GROUP_NAME>
|
Service object group name.
Example: VOIP |
| |
|---|
| name | Service Object name. |
|
<SVC_NAME>
|
Service object name.
Example: HTTPS |
| |
|---|
| protocol | Service Object protocol. |
|
<SVC_PROTOCOL>
|
Service protocol.
Example: TCP |
|
<SVC_PORT_BEGIN>
|
Service port begin.
Example: 443 |
|
<SVC_PORT_END>
|
Service port end.
Example: 443 |
Example
service name "IT Maintenance"
Syntax
source { { any | fqdn <ADDR_FQDN> | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | mac <ADDR_MAC> | name <ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } }
Mode
Access Rule
Description
Specify a source for this Access Policy. Options
| |
|---|
| any | Any address. |
| |
|---|
| fqdn | Address Object Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| group | Address Group Name. |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| mac | Address Object Mac. |
|
<ADDR_MAC>
|
Address Object MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
| |
|---|
| name | Address Object Name. |
|
<ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Address Object Network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
source name "Corporate IT Administration"
Syntax
users included { { administrator | all | group <LOCAL_USER_GROUP_NAME> | guests | name <LOCAL_USER_NAME> } }
Mode
Access Rule
Description
Specify users that apply to this Access Policy. Options
| |
|---|
| administrator | Administrator. |
| |
|---|
| all | All users. |
| |
|---|
| group | Group Object name. |
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
| |
|---|
| guests | Guest users. |
| |
|---|
| name | User Object name. |
|
<LOCAL_USER_NAME>
|
User object name.
Example: user1 |
Example
users included name "Corporate IT Administrators"
Syntax
users excluded { { administrator | group <LOCAL_USER_GROUP_NAME> | guests | name <LOCAL_USER_NAME> | none } }
Mode
Access Rule
Description
Specify users that are excluded from this Access Policy. Options
| |
|---|
| administrator | Administrator. |
| |
|---|
| group | Group Object name. |
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
| |
|---|
| guests | Guest users. |
| |
|---|
| name | User Object name. |
|
<LOCAL_USER_NAME>
|
User object name.
Example: user1 |
| |
|---|
| none | No users. |
Example
users excluded name "Corporate Users"
Syntax
bandwidth-management
Mode
Access Rule
Description
Enter Ethernet Bandwidth Management Configuration Mode. Example
bandwidth-management
Syntax
outbound [ guaranteed { kbps <BWMGMT_KBS> | percent <BWMGMT_PERC> } ] [ maximum { kbps <BWMGMT_KBS> | percent <BWMGMT_PERC> } ] [ priority <UINT8> ]
Mode
Bandwidth Management
Description
Enable outbound Bandwidth Management and configure. Options
| guaranteed | Outbound guaranteed bandwidth. |
| |
|---|
| kbps | Througput in Kbps. |
|
<BWMGMT_KBS>
|
Decimal in the form: n+.n+.
Example: 184.0 |
| |
|---|
| percent | Througput as a percentage. |
|
<BWMGMT_PERC>
|
Decimal in the form: n+.n+.
Example: 0.999 |
| maximum | Outbound maximum bandwidth. |
| |
|---|
| kbps | Througput in Kbps. |
|
<BWMGMT_KBS>
|
Decimal in the form: n+.n+.
Example: 184.0 |
| |
|---|
| percent | Througput as a percentage. |
|
<BWMGMT_PERC>
|
Decimal in the form: n+.n+.
Example: 0.999 |
| priority | Outbound traffic priority. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
outbound
Syntax
no outbound
Mode
Bandwidth Management
Description
Disable outbound Bandwidth Management. Example
no outbound
Syntax
inbound [ guaranteed { kbps <IBWMGMT_KBS> | percent <IBWMGMT_PERC> } ] [ maximum { kbps <IBWMGMT_KBS> | percent <IBWMGMT_PERC> } ] [ priority <UINT8> ]
Mode
Bandwidth Management
Description
Enable inbound Bandwidth Management and configure. Options
| guaranteed | Inbound guaranteed bandwidth. |
| |
|---|
| kbps | Througput in Kbps. |
|
<IBWMGMT_KBS>
|
Decimal in the form: n+.n+.
Example: 184.0 |
| |
|---|
| percent | Througput as a percentage. |
|
<IBWMGMT_PERC>
|
Decimal in the form: n+.n+.
Example: 10.0 |
| maximum | Inbound maximum bandwidth. |
| |
|---|
| kbps | Througput in Kbps. |
|
<IBWMGMT_KBS>
|
Decimal in the form: n+.n+.
Example: 184.0 |
| |
|---|
| percent | Througput as a percentage. |
|
<IBWMGMT_PERC>
|
Decimal in the form: n+.n+.
Example: 10.0 |
| priority | Inbound traffic priority. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
inbound
Syntax
no inbound
Mode
Bandwidth Management
Description
Disable inbound Bandwidth Management. Example
no inbound
Syntax
usage-tracking
Mode
Bandwidth Management
Description
Enable Tracking Bandwidth Usage. Example
usage-tracking
Syntax
no usage-tracking
Mode
Bandwidth Management
Description
Disable Tracking Bandwidth Usage. Example
no usage-tracking
Syntax
show interfaces [ physical | vlan ] [ { custom | default } ] [ { ip | pending-config | statistics } ]
Mode
All Modes
Description
Show all interfaces. Options
| |
|---|
| physical | Show physical interfaces. |
| |
|---|
| vlan | Show VLAN interfaces. |
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| |
|---|
| ip | Show interface IP. |
| |
|---|
| pending-config | Show pending configuration changes. |
| |
|---|
| statistics | Show interface statistics. |
Example
show interfaces
Syntax
show interface <IF_CONFIGURABLE_NAME> [ vlan <IF_VLAN_TAG> ] [ { dialup { data-usage | session-details <WORD> | sessions | status } | ip | pending-config | statistics } ]
Mode
All Modes
Description
Show interface configuration. Options
|
<IF_CONFIGURABLE_NAME>
|
Interface name.
Example: X0 |
| vlan | Sub-Interface VLAN. |
|
<IF_VLAN_TAG>
|
VLAN Tag.
Example: 23 |
| |
|---|
| dialup | Show 3G/Modem status, sessions, or usage. |
| |
|---|
| data-usage | Show 3G data usage. |
| |
|---|
| session-details | Show 3G session details for specified session. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| sessions | Show 3G sessions. |
| |
|---|
| status | Show 3G/Modem status. |
| |
|---|
| ip | Show interface IP. |
| |
|---|
| pending-config | Show pending configuration changes. |
| |
|---|
| statistics | Show interface statistics. |
Example
show interface X0
Syntax
interface <IF_CONFIGURABLE_NAME> [ vlan <IF_VLAN_TAG> ]
Mode
Config
Description
Configure Interface or Add/Edit Sub-Interface. Options
|
<IF_CONFIGURABLE_NAME>
|
Interface name.
Example: X0 |
| vlan | Configure Sub-Interface VLAN. |
|
<IF_VLAN_TAG>
|
VLAN Tag.
Example: 23 |
Example
interface X1
Syntax
no interface <IF_CONFIGURABLE_NAME> vlan <IF_VLAN_TAG>
Mode
Config
Description
Delete Sub-Interface. Options
|
<IF_CONFIGURABLE_NAME>
|
Interface name.
Example: X0 |
| vlan | Configure Sub-Interface VLAN. |
|
<IF_VLAN_TAG>
|
VLAN Tag.
Example: 23 |
Example
no interface X1 vlan 101
Syntax
renew <IF_DHCP_NAME>
Mode
Config
Description
Renew interface DHCP lease. Options
|
<IF_DHCP_NAME>
|
Interface name.
Example: X0 |
Example
renew X5
Syntax
release <IF_DHCP_NAME>
Mode
Config
Description
Release designated interface DHCP lease. Options
|
<IF_DHCP_NAME>
|
Interface name.
Example: X0 |
Example
release X5
Syntax
connect <IF_CONNECT_NAME> [ async ]
Mode
Config
Description
Connect designated interface to PPTP/L2TP/PPPoE server. Options
|
<IF_CONNECT_NAME>
|
Interface name.
Example: X0 |
| async | Connect designated interface to PPTP/L2TP/PPPoE server in the background. |
Example
connect X5
Syntax
disconnect <IF_CONNECT_NAME> [ async ]
Mode
Config
Description
Disconnect designated interface from PPTP/L2TP/PPPoE server. Options
|
<IF_CONNECT_NAME>
|
Interface name.
Example: X0 |
| async | Disconnect designated interface from PPTP/L2TP/PPPoE server in the background. |
Example
disconnect X5
Syntax
link-speed { auto-negotiate | full { { 10 | 100 | 1000 | 10000 } } | half { { 10 | 100 } } }
Mode
Interface
Description
Set interface link speed. Options
| |
|---|
| auto-negotiate | Set interface link speed to auto-negotiate. |
| |
|---|
| full | Full duplex. |
| |
|---|
| 10 | Set interface link speed to 10 Mbps-Full Duplex. |
| |
|---|
| 100 | Set interface link speed to 100 Mbps-Full Duplex. |
| |
|---|
| 1000 | Set interface link speed to 1000 Mbps-Full Duplex. |
| |
|---|
| 10000 | Set interface link speed to 10 Gbps(10000 Mbps)-Full Duplex. |
| |
|---|
| half | Half duplex. |
| |
|---|
| 10 | Set interface link speed to 10 Mbps-Half Duplex. |
| |
|---|
| 100 | Set interface link speed to 100 Mbps-Half Duplex. |
Example
link-speed half 100
Syntax
comment <WORD>
Mode
Interface
Description
Set interface comment. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
comment "Interface X0"
Syntax
no comment
Mode
Interface
Description
Clear interface comment. Example
no comment
Syntax
egress-bandwidth-management <DECIMAL>
Mode
Interface
Description
Enable and Set Egress Bandwidth Management in Kbps. Options
|
<DECIMAL>
|
Decimal in the form: n+.n+.
Example: 0.999 |
Example
egress-bandwidth-management 1000
Syntax
no egress-bandwidth-management
Mode
Interface
Description
Disable Egress Bandwidth Management. Example
no egress-bandwidth-management
Syntax
ingress-bandwidth-management <DECIMAL>
Mode
Interface
Description
Enable and Set Ingress Bandwidth Management in Kbps. Options
|
<DECIMAL>
|
Decimal in the form: n+.n+.
Example: 0.999 |
Example
ingress-bandwidth-management 1000
Syntax
no ingress-bandwidth-management
Mode
Interface
Description
Disable Ingress Bandwidth Management. Example
no ingress-bandwidth-management
Syntax
send-icmp-fragmentation
Mode
Interface
Description
Send ICMP Fragmentation Needed for outbound packets over the Interface MTU. Example
send-icmp-fragmentation
Syntax
no send-icmp-fragmentation
Mode
Interface
Description
Do not send ICMP Fragmentation Needed for outbound packets over the Interface MTU. Example
no send-icmp-fragmentation
Syntax
fragment-packets
Mode
Interface
Description
Enable Fragment non-VPN outbound packets larger than this Interface's MTU. Example
fragment-packets
Syntax
no fragment-packets
Mode
Interface
Description
Disable Fragment non-VPN outbound packets larger than this Interface's MTU. Example
no fragment-packets
Syntax
ignore-df-bit
Mode
Interface
Description
Enable Ignore Don't Fragment (DF) Bit. Example
ignore-df-bit
Syntax
no ignore-df-bit
Mode
Interface
Description
Disable Ignore Don't Fragment (DF) Bit. Example
no ignore-df-bit
Syntax
mtu <IF_ETH_MTU>
Mode
Interface
Description
Set interface MTU. Options
|
<IF_ETH_MTU>
|
Ethernet MTU.
Min: 580
Max: 1500
Example: 1492 |
Example
mtu 1500
Syntax
https-redirect
Mode
Interface
Description
Enable redirection from HTTP to HTTPS. Example
https-redirect
Syntax
no https-redirect
Mode
Interface
Description
Disable redirection from HTTP to HTTPS. Example
no https-redirect
Syntax
management { http | https | ping | snmp | ssh }
Mode
Interface
Description
Enable management for the specified protocols. Options
| |
|---|
| http | HTTP. |
| |
|---|
| https | HTTPS. |
| |
|---|
| ping | Ping. |
| |
|---|
| snmp | SNMP. |
| |
|---|
| ssh | SSH. |
Example
management https
Syntax
no management { http | https | ping | snmp | ssh }
Mode
Interface
Description
Disable management for the specified protocols. Options
| |
|---|
| http | HTTP. |
| |
|---|
| https | HTTPS. |
| |
|---|
| ping | Ping. |
| |
|---|
| snmp | SNMP. |
| |
|---|
| ssh | SSH. |
Example
no management https
Syntax
mac { default | override <MAC> }
Mode
Interface
Description
Set MAC Address used for this interface. Options
| |
|---|
| default | Factory configured MAC. |
| |
|---|
| override | Override factory configured MAC. |
|
<MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Example
mac override 00:17:C5:0F:73:F4
Syntax
flow-reporting
Mode
Interface
Description
Enable flow reporting on the interface. Example
flow-reporting
Syntax
no flow-reporting
Mode
Interface
Description
Disable flow reporting on the interface. Example
no flow-reporting
Syntax
multicast
Mode
Interface
Description
Enable multicast support. Example
multicast
Syntax
no multicast
Mode
Interface
Description
Disable multicast support. Example
no multicast
Syntax
cos-8021p
Mode
Interface
Description
Enable 802.1p support. Example
cos-8021p
Syntax
no cos-8021p
Mode
Interface
Description
Disable 802.1p support. Example
no cos-8021p
Syntax
default-8021p-cos { background | best-effort | controlled-load | excellent-effort | network-control | spare | vedio | voice }
Mode
Interface
Description
Enable default 802.1p CoS. Options
| |
|---|
| background | 1-Background. |
| |
|---|
| best-effort | 0-Best effort. |
| |
|---|
| controlled-load | 4-Controlled load. |
| |
|---|
| excellent-effort | 3-Excellent effort. |
| |
|---|
| network-control | 7-Network control. |
| |
|---|
| spare | 2-Spare. |
| |
|---|
| vedio | 5-Vedio(<100ms latency). |
| |
|---|
| voice | 6-Voice(<10ms latency). |
Example
default-8021p-cos best-effort
Syntax
no default-8021p-cos
Mode
Interface
Description
Disable default 802.1p CoS. Example
no default-8021p-cos
Syntax
port { aggregation [ aggregate1 <IF_GROUPING_NAME> [ aggregate2 <IF_GROUPING_NAME> [ aggregate3 <IF_GROUPING_NAME> ] ] ] | redundancy <IF_GROUPING_NAME> }
Mode
Interface
Description
Enable port redundancy or link aggregation. Options
| |
|---|
| aggregation | Enable link aggregation. |
| aggregate1 | Aggregate 1. |
|
<IF_GROUPING_NAME>
|
Interface name.
Example: X0 |
| aggregate2 | Aggregate 2. |
|
<IF_GROUPING_NAME>
|
Interface name.
Example: X0 |
| aggregate3 | Aggregate 3. |
|
<IF_GROUPING_NAME>
|
Interface name.
Example: X0 |
| |
|---|
| redundancy | Enable port redundancy. |
|
<IF_GROUPING_NAME>
|
Interface name.
Example: X0 |
Example
port redundancy interface X3
port aggregation X3 X4 X5
Syntax
no port redundancy-aggregation
Mode
Interface
Description
Disable port redundancy or link aggregation. Example
no port redundancy-aggregation
Syntax
no port aggregation { aggregate1 | aggregate2 | aggregate3 }
Mode
Interface
Description
Disable link aggregation port. Options
| |
|---|
| aggregate1 | Aggregate 1. |
| |
|---|
| aggregate2 | Aggregate 2. |
| |
|---|
| aggregate3 | Aggregate 3. |
Example
no port aggregation aggregate1
Syntax
load-balancing-vip <IPV4_HOST>
Mode
Interface
Description
Set the LAN load balancing virtual IP address for Active-Active cluster. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
load-balancing-vip 10.10.10.15
Syntax
no load-balancing-vip
Mode
Interface
Description
Remove the LAN load balancing virtual IP address for Active-Active cluster. Example
no load-balancing-vip
Syntax
routed-mode { any | interface <IF_PHYS_WAN_NAME> }
Mode
Interface
Description
Enable routed mode and set the associated interface - Add NAT policy to prevent inbound / outbound translation. Options
| |
|---|
| any | Use any interface. |
| |
|---|
| interface | Specify interface. |
|
<IF_PHYS_WAN_NAME>
|
WAN interface name.
Example: X1 |
Example
routed-mode interface X1
Syntax
no routed-mode
Mode
Interface
Description
Disable routed mode. Example
no routed-mode
Syntax
sonicpoint-limit <IF_SP_LIMIT>
Mode
Interface
Description
Set SonicPoint Limit. Options
|
<IF_SP_LIMIT>
|
SonicPoint Limit Per Interface.
Example: 8 |
Example
sonicpoint-limit 64
Syntax
user-login [ http ] [ https ]
Mode
Interface
Description
Enable user login for the specified protocols. Options
| http | HTTP. |
| https | HTTPS. |
Example
user-login http
Syntax
no user-login [ http ] [ https ]
Mode
Interface
Description
Disable user login for the specified protocols. Options
| http | HTTP. |
| https | HTTPS. |
Example
no user-login http
Syntax
ip-assignment <INTERFACE_ZONE_NAME> { dhcp | l2bridge | l2tp | pppoe | pptp | static | tap-mode | transparent | wire-mode }
Mode
Interface
Description
Set interface zone and IP assignment. Options
|
<INTERFACE_ZONE_NAME>
|
Zone object name.
Example: LAN |
| |
|---|
| dhcp | IP address obtained by DHCP. |
| |
|---|
| l2bridge | Interface uses layer two bridging. |
| |
|---|
| l2tp | Interface uses Layer2 Tunneling Protocol. |
| |
|---|
| pppoe | Interface uses Point to Point Protocol over Ethernet. |
| |
|---|
| pptp | Interface uses Point to Point Tunneling Protocol. |
| |
|---|
| static | Static IP address assignment. |
| |
|---|
| tap-mode | Interface in Tap Mode. |
| |
|---|
| transparent | Interface uses transparent bridging. |
| |
|---|
| wire-mode | Interfaces paired in Wire Mode. |
Example
ip-assignment WAN dhcp
ip-assignment WLAN static
ip-assignment LAN l2bridge
ip-assignment LAN wire-mode
Syntax
no ip-assignment
Mode
Interface
Description
Clear interface Zone and IP assignment. Example
no ip-assignment
Syntax
type { bypass | inspect | secure }
Mode
Wire Mode
Description
Set the type for wiremode. Options
| |
|---|
| bypass | Bypass (via internal switch / relay). |
| |
|---|
| inspect | Inspect (passive Deep Packet Inspection of traffic). |
| |
|---|
| secure | Secure (active Deep Packet Inspection of traffic). |
Example
type secure
Syntax
paired-interface <IF_GROUPING_NAME>
Mode
Wire Mode
Description
Set the paired interface for wiremode. Options
|
<IF_GROUPING_NAME>
|
Interface name.
Example: X0 |
Example
paired-interface X3
Syntax
no paired-interface
Mode
Wire Mode
Description
Clear the paired interface for wiremode. Example
no paired-interface
Syntax
paired-interface-zone <INTERFACE_WIRE_ZONE_NAME>
Mode
Wire Mode
Description
Set the paired interface zone for wiremode. Options
|
<INTERFACE_WIRE_ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
paired-interface-zone LAN
Syntax
stateful-inspection
Mode
Wire Mode
Tap Mode
Description
Enable Stateful Inspection.
Example
stateful-inspection
Syntax
no stateful-inspection
Mode
Wire Mode
Tap Mode
Description
Disable Stateful Inspection.
Example
no stateful-inspection
Syntax
linkstate-propagation
Mode
Wire Mode
Description
Enable Link State Propagation. Example
linkstate-propagation
Syntax
no linkstate-propagation
Mode
Wire Mode
Description
Disable Link State Propagation. Example
no linkstate-propagation
Syntax
restrict-analysis
Mode
Wire Mode
Description
Enable Restrict analysis at resource limit. Example
restrict-analysis
Syntax
no restrict-analysis
Mode
Wire Mode
Description
Disable Restrict analysis at resource limit. Example
no restrict-analysis
Syntax
ip <IPV4_HOST> [ netmask <IPV4_MASK> ]
Mode
Static IP Assignment
Description
Set interface IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| netmask | Set interface netmask. |
|
<IPV4_MASK>
|
IPV4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
ip 10.10.10.10 netmask 255.255.255.0
Syntax
no ip
Mode
Static IP Assignment
Description
Clear interface IP address. Example
no ip
Syntax
virtual-group { 1 | 2 | 3 | 4 } ip <IPV4_HOST>
Mode
Static IP Assignment
Description
Set interface Virtual Group IP address. Options
| |
|---|
| 1 | Node Id. |
| |
|---|
| 2 | Node Id. |
| |
|---|
| 3 | Node Id. |
| |
|---|
| 4 | Node Id. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
virtual-group 2 ip 10.10.10.12
Syntax
netmask <IPV4_MASK>
Mode
Static IP Assignment
Description
Set MGMT interface subnet mask. Options
|
<IPV4_MASK>
|
IPV4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
netmask 255.255.255.0
Syntax
backup-ip <IPV4_HOST>
Mode
Static IP Assignment
Description
Set MGMT interface IP address(Secondary). Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
backup-ip 10.10.10.10
Syntax
no backup-ip
Mode
Static IP Assignment
Description
Clear MGMT interface IP address(Secondary). Example
no backup-ip
Syntax
dns primary <IPV4_HOST>
Mode
Static IP Assignment
Description
Set the primary DNS server IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
dns primary 192.168.168.169
Syntax
dns secondary <IPV4_HOST>
Mode
Static IP Assignment
Description
Set the secondary DNS server IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
dns secondary 192.168.168.170
Syntax
dns tertiary <IPV4_HOST>
Mode
Static IP Assignment
Description
Set the tertiary DNS server IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
dns tertiary 192.168.168.171
Syntax
no dns primary
Mode
Static IP Assignment
Description
Clear the primary DNS server IP address. Example
no dns primary
Syntax
no dns secondary
Mode
Static IP Assignment
Description
Clear the secondary DNS server IP address. Example
no dns secondary
Syntax
no dns tertiary
Mode
Static IP Assignment
Description
Clear the tertiary DNS server IP address. Example
no dns tertiary
Syntax
gateway <IPV4_HOST>
Mode
Static IP Assignment
Description
Set interface gateway. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
gateway 10.10.10.1
Syntax
no gateway
Mode
Static IP Assignment
Description
Clear interface gateway. Example
no gateway
Syntax
hostname <WORD>
Mode
DHCP IP Assignment
Description
Set DHCP hostname. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
hostname mydhcpclient
Syntax
no hostname
Mode
DHCP IP Assignment
Description
Clear DHCP hostname. Example
no hostname
Syntax
release
Mode
DHCP IP Assignment
Description
Release designated interface DHCP lease. Example
release
Syntax
renew
Mode
DHCP IP Assignment
Description
Renew interface DHCP lease. Example
renew
Syntax
renew-on-startup
Mode
DHCP IP Assignment
Description
Enable request renew of previous IP on startup. Example
renew-on-startup
Syntax
no renew-on-startup
Mode
DHCP IP Assignment
Description
Disable request renew of previous IP on startup. Example
no renew-on-startup
Syntax
schedule { always-on | days <SCHED_DAYS> time <SCHED_TIME_BEGIN> <SCHED_TIME_END> | name <SCHED_NAME> }
Mode
PPTP IP Assignment
Description
Set the wan pptp reconnect schedule. Options
| |
|---|
| always-on | Always on. |
| |
|---|
| days | Schedule Object days. |
|
<SCHED_DAYS>
|
Days of the week in the form: SU-M-T-W-TH-F-SA.
Example: SU-M-TH-SA |
| time | Schedule Object beginning/ending time. |
|
<SCHED_TIME_BEGIN>
|
Time in the form: hh:mm.
Example: 23:59 |
|
<SCHED_TIME_END>
|
Time in the form: hh:mm.
Example: 23:59 |
| |
|---|
| name | Schedule Object name. |
|
<SCHED_NAME>
|
Schedule object name.
Example: Work Hours |
Example
schedule name "Work Hours"
Syntax
dynamic
Mode
PPTP IP Assignment
Description
Enable dynamic acquisition of IP configuration data. Example
dynamic
Syntax
no dynamic
Mode
PPTP IP Assignment
Description
Disable dynamic acquisition of IP configuration data. Example
no dynamic
Syntax
gateway <IPV4_HOST>
Mode
PPTP IP Assignment
Description
Set interface gateway. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
gateway 10.10.10.1
Syntax
no gateway
Mode
PPTP IP Assignment
Description
Clear interface gateway. Example
no gateway
Syntax
hostname <WORD>
Mode
PPTP IP Assignment
Description
Set PPTP hostname. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
hostname mypptpclient
Syntax
no hostname
Mode
PPTP IP Assignment
Description
Clear PPTP hostname. Example
no hostname
Syntax
inactivity <UINT16>
Mode
PPTP IP Assignment
Description
Enable the PPTP inactivity timer. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
inactivity 10
Syntax
no inactivity
Mode
PPTP IP Assignment
Description
Disable the PPTP inactivity timer. Example
no inactivity
Syntax
ip <IPV4_HOST> [ netmask <IPV4_MASK> ]
Mode
PPTP IP Assignment
Description
Set PPTP IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| netmask | Set interface netmask. |
|
<IPV4_MASK>
|
IPV4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
ip 10.10.10.10 netmask 255.255.255.0
Syntax
no ip
Mode
PPTP IP Assignment
Description
Clear PPTP IP address. Example
no ip
Syntax
password <ENC_PASSWORD>
Mode
PPTP IP Assignment
Description
Set PPTP user password. Options
|
<ENC_PASSWORD>
|
PASSWORD.
Example: secret |
Example
password mysecret
Syntax
no password
Mode
PPTP IP Assignment
Description
Clear PPTP user password. Example
no password
Syntax
release
Mode
PPTP IP Assignment
Description
Release designated interface DHCP lease. Example
release
Syntax
renew
Mode
PPTP IP Assignment
Description
Renew interface DHCP lease. Example
renew
Syntax
server <IPV4_HOST>
Mode
PPTP IP Assignment
Description
Set PPTP Server IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
server 10.10.10.10
Syntax
no server
Mode
PPTP IP Assignment
Description
Clear PPTP Server IP address. Example
no server
Syntax
username <WORD>
Mode
PPTP IP Assignment
Description
Set PPTP user name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
username pptpuser
Syntax
no username
Mode
PPTP IP Assignment
Description
Clear PPTP user name. Example
no username
Syntax
schedule { always-on | days <SCHED_DAYS> time <SCHED_TIME_BEGIN> <SCHED_TIME_END> | name <SCHED_NAME> }
Mode
L2TP IP Assignment
Description
Set the wan l2tp reconnect schedule. Options
| |
|---|
| always-on | Always on. |
| |
|---|
| days | Schedule Object days. |
|
<SCHED_DAYS>
|
Days of the week in the form: SU-M-T-W-TH-F-SA.
Example: SU-M-TH-SA |
| time | Schedule Object beginning/ending time. |
|
<SCHED_TIME_BEGIN>
|
Time in the form: hh:mm.
Example: 23:59 |
|
<SCHED_TIME_END>
|
Time in the form: hh:mm.
Example: 23:59 |
| |
|---|
| name | Schedule Object name. |
|
<SCHED_NAME>
|
Schedule object name.
Example: Work Hours |
Example
schedule name "Work Hours"
Syntax
dynamic
Mode
L2TP IP Assignment
Description
Enable dynamic acquisition of IP configuration data. Example
dynamic
Syntax
no dynamic
Mode
L2TP IP Assignment
Description
Disable dynamic acquisition of IP configuration data. Example
no dynamic
Syntax
gateway <IPV4_HOST>
Mode
L2TP IP Assignment
Description
Set interface gateway. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
gateway 10.10.10.1
Syntax
no gateway
Mode
L2TP IP Assignment
Description
Clear interface gateway. Example
no gateway
Syntax
hostname <WORD>
Mode
L2TP IP Assignment
Description
Set L2TP hostname. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
hostname myl2tpclient
Syntax
no hostname
Mode
L2TP IP Assignment
Description
Clear L2TP hostname. Example
no hostname
Syntax
inactivity <UINT16>
Mode
L2TP IP Assignment
Description
Enable the L2TP inactivity timer. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
inactivity 10
Syntax
no inactivity
Mode
L2TP IP Assignment
Description
Disable the L2TP inactivity timer. Example
no inactivity
Syntax
ip <IPV4_HOST> [ netmask <IPV4_MASK> ]
Mode
L2TP IP Assignment
Description
Set L2TP IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| netmask | Set interface netmask. |
|
<IPV4_MASK>
|
IPV4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
ip 10.10.10.10 netmask 255.255.255.0
Syntax
no ip
Mode
L2TP IP Assignment
Description
Clear L2TP IP address. Example
no ip
Syntax
password <ENC_PASSWORD>
Mode
L2TP IP Assignment
Description
Set L2TP user password. Options
|
<ENC_PASSWORD>
|
PASSWORD.
Example: secret |
Example
password mysecret
Syntax
no password
Mode
L2TP IP Assignment
Description
Clear L2TP password. Example
no password
Syntax
release
Mode
L2TP IP Assignment
Description
Release designated interface DHCP lease. Example
release
Syntax
renew
Mode
L2TP IP Assignment
Description
Renew interface DHCP lease. Example
renew
Syntax
server <IPV4_HOST>
Mode
L2TP IP Assignment
Description
Set L2TP Server IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
server 10.10.10.10
Syntax
no server
Mode
L2TP IP Assignment
Description
Clear L2TP Server IP address. Example
no server
Syntax
shared-secret <ENC_PASSWORD>
Mode
L2TP IP Assignment
Description
Set L2TP password. Options
|
<ENC_PASSWORD>
|
PASSWORD.
Example: secret |
Example
shared-secret myl2tpsecret
Syntax
no shared-secret
Mode
L2TP IP Assignment
Description
Clear L2TP shared secret. Example
no shared-secret
Syntax
username <WORD>
Mode
L2TP IP Assignment
Description
Set L2TP user name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
username l2tpuser
Syntax
no username
Mode
L2TP IP Assignment
Description
Clear L2TP user name. Example
no username
Syntax
dynamic
Mode
PPPoE IP Assignment
Description
Enable dynamic acquisition of IP configuration data. Example
dynamic
Syntax
no dynamic
Mode
PPPoE IP Assignment
Description
Disable dynamic acquisition of IP configuration data. Example
no dynamic
Syntax
inactivity <UINT16>
Mode
PPPoE IP Assignment
Description
Enable the PPPoE inactivity timer. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
inactivity 10
Syntax
no inactivity
Mode
PPPoE IP Assignment
Description
Disable the PPPoE inactivity timer. Example
no inactivity
Syntax
ip <IPV4_HOST>
Mode
PPPoE IP Assignment
Description
Set PPPoE IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
ip 10.10.10.10
Syntax
no ip
Mode
PPPoE IP Assignment
Description
Clear PPPoE IP address. Example
no ip
Syntax
lcp-echo-packets
Mode
PPPoE IP Assignment
Description
Enable Strictly use LCP echo packets for server keep-alive. Example
lcp-echo-packets
Syntax
no lcp-echo-packets
Mode
PPPoE IP Assignment
Description
Disable Strictly use LCP echo packets for server keep-alive. Example
no lcp-echo-packets
Syntax
password <ENC_PASSWORD>
Mode
PPPoE IP Assignment
Description
Set PPPoE user password. Options
|
<ENC_PASSWORD>
|
PASSWORD.
Example: secret |
Example
password mysecret
Syntax
no password
Mode
PPPoE IP Assignment
Description
Clear PPPoE password. Example
no password
Syntax
service-name <WORD>
Mode
PPPoE IP Assignment
Description
Set PPPoE Service Name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
service-name mypppoeservice
Syntax
no service-name
Mode
PPPoE IP Assignment
Description
Clear PPPoE Service Name. Example
no service-name
Syntax
reconnect <UINT16>
Mode
PPPoE IP Assignment
Description
Enable and Set Reconnect the PPPoE client if the server does not send traffic for specified minutes. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
reconnect 5
Syntax
no reconnect
Mode
PPPoE IP Assignment
Description
Disable Reconnect the PPPoE client if the server does not send traffic. Example
no reconnect
Syntax
username <WORD>
Mode
PPPoE IP Assignment
Description
Set PPPoE user name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
username pppoeuser
Syntax
no username
Mode
PPPoE IP Assignment
Description
Clear PPPoE user name. Example
no username
Syntax
schedule { always-on | days <SCHED_DAYS> time <SCHED_TIME_BEGIN> <SCHED_TIME_END> | name <SCHED_NAME> }
Mode
PPPoE IP Assignment
Description
Set the wan pppoe reconnect schedule. Options
| |
|---|
| always-on | Always on. |
| |
|---|
| days | Schedule Object days. |
|
<SCHED_DAYS>
|
Days of the week in the form: SU-M-T-W-TH-F-SA.
Example: SU-M-TH-SA |
| time | Schedule Object beginning/ending time. |
|
<SCHED_TIME_BEGIN>
|
Time in the form: hh:mm.
Example: 23:59 |
|
<SCHED_TIME_END>
|
Time in the form: hh:mm.
Example: 23:59 |
| |
|---|
| name | Schedule Object name. |
|
<SCHED_NAME>
|
Schedule object name.
Example: Work Hours |
Example
schedule name "Work Hours"
Syntax
bridge-to <IF_L2BRIDGE_NAME>
Mode
L2 Bridge
Description
Configure interface to which this interface is bridged to. Options
|
<IF_L2BRIDGE_NAME>
|
Interface name.
Example: X0 |
Example
bridge-to X1
Syntax
block-non-ipv4
Mode
L2 Bridge
Description
Set Block all non-IPv4 traffic. Example
block-non-ipv4
Syntax
no block-non-ipv4
Mode
L2 Bridge
Description
Clear Block all non-IPv4 traffic. Example
no block-non-ipv4
Syntax
route-on-bridge-pair
Mode
L2 Bridge
Description
Route traffic on this bridge-pair. Example
route-on-bridge-pair
Syntax
no route-on-bridge-pair
Mode
L2 Bridge
Description
Never route traffic on this bridge-pair. Example
no route-on-bridge-pair
Syntax
only-sniff
Mode
L2 Bridge
Description
Enable Only sniff traffic on this bridge-pair . Example
only-sniff
Syntax
no only-sniff
Mode
L2 Bridge
Description
Disable Only sniff traffic on this bridge-pair . Example
no only-sniff
Syntax
stateful-inspection
Mode
L2 Bridge
Description
Enable stateful-inspection on this bridge-pair. Example
stateful-inspection
Syntax
no stateful-inspection
Mode
L2 Bridge
Description
Disable stateful-inspection on this bridge-pair. Example
no stateful-inspection
Syntax
bypass-on-malfunction
Mode
L2 Bridge
Description
Set engage physical bypass on malfunction. Example
bypass-on-malfunction
Syntax
no bypass-on-malfunction
Mode
L2 Bridge
Description
Clear engage physical bypass on malfunction. Example
no bypass-on-malfunction
Syntax
vlan-filtering-mode { allow | block }
Mode
L2 Bridge
Description
Set VLAN Filtering Mode. Options
| |
|---|
| allow | Allow. |
| |
|---|
| block | Block. |
Example
vlan-filtering-mode block
Syntax
filtered-vlan <IF_VLAN_FILTER_TAG>
Mode
L2 Bridge
Description
Add specified VLAN to filter. Options
|
<IF_VLAN_FILTER_TAG>
|
Filtered Vlan Id list.
Example: 23 |
Example
filtered-vlan 100
Syntax
no filtered-vlan <IF_VLAN_FILTER_TAG>
Mode
L2 Bridge
Description
Remove specified VLAN from filter. Options
|
<IF_VLAN_FILTER_TAG>
|
Filtered Vlan Id list.
Example: 23 |
Example
no filtered-vlan 100
Syntax
no filtered-vlans
Mode
L2 Bridge
Description
Remove specified VLAN from filter. Example
no filtered-vlans
Syntax
no transparent-range
Mode
Transparent
Description
Clear the WAN addresses that are connected to this interface. Example
no transparent-range
Syntax
transparent-range { fqdn <ADDR_FQDN> | group <WAN_ADDR_GROUP_NAME> | host <ADDR_HOST> | name <WAN_ADDR_NAME> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> }
Mode
Transparent
Description
Set the WAN addresses that are connected to this interface. Options
| |
|---|
| fqdn | Set transparent address as fqdn address. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| group | Set transparent addresses to named address group. |
|
<WAN_ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Set transparent address as host address. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Set transparent addresses to named address object. |
|
<WAN_ADDR_NAME>
|
WAN Address Object name.
Example: Web Server |
| |
|---|
| network | Set transparent addresses to network address. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Set transparent addresses to range of addresses. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
transparent-range name "WAN Transparent Range"
Syntax
gratuitous-arp-wan-forwarding
Mode
Transparent
Description
Enable Gratuitous ARP Forwarding Towards WAN. Example
gratuitous-arp-wan-forwarding
Syntax
no gratuitous-arp-wan-forwarding
Mode
Transparent
Description
Disable Gratuitous ARP Forwarding Towards WAN. Example
no gratuitous-arp-wan-forwarding
Syntax
gratuitous-arp-wan-generation
Mode
Transparent
Description
Enable Automatic Gratuitous ARP Generation Towards WAN. Example
gratuitous-arp-wan-generation
Syntax
no gratuitous-arp-wan-generation
Mode
Transparent
Description
Disable Automatic Gratuitous ARP Generation Towards WAN. Example
no gratuitous-arp-wan-generation
Syntax
type { auto-detect | modem | wwan }
Mode
Dialup
WWAN
Modem
Description
Set dialup type and enter configuration mode.
Options
| |
|---|
| auto-detect | Auto-Detect. |
| |
|---|
| modem | Analog Modem. |
| |
|---|
| wwan | WWAN/Mobile. |
Example
type wwan
Syntax
clear dialup data-usage { all | billing-cycle | month | week | year }
Mode
All Modes
Description
Clear dialup information. Options
| data-usage | Data Usage. |
| |
|---|
| all | Specify period to clear. |
| |
|---|
| billing-cycle | Specify period to clear. |
| |
|---|
| month | Specify period to clear. |
| |
|---|
| week | Specify period to clear. |
| |
|---|
| year | Specify period to clear. |
Example
clear dialup data-usage all
Syntax
clear dialup session-history
Mode
All Modes
Description
Clear dialup session history. Options
| session-history | WWAN Session History. |
Example
clear dialup session-history
Syntax
connect
Mode
WWAN
Modem
Description
Connect WWAN interface.
Example
connect
Syntax
disconnect
Mode
WWAN
Modem
Description
Disconnect WWAN interface.
Example
disconnect
Syntax
speaker-volume
Mode
Modem
Description
Turn on speaker volume. Example
speaker-volume
Syntax
no speaker-volume
Mode
Modem
Description
Turn off speaker volume. Example
no speaker-volume
Syntax
initialize { at-commands <WORD> | use-in <WORD> }
Mode
Modem
Description
Set modem initialization for connection. Options
| |
|---|
| at-commands | Initialize Modem Connection Using AT Commands. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| use-in | Initialize mode connections for use in specified country. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
initialize use-in USA
Syntax
connect-on-data [ ntp-packets ] [ gms-heartbeats ] [ system-log-emails ] [ av-profile-updates ] [ snmp-traps ] [ licensed-updates ] [ firmware-update-requests ] [ syslog-traffic ]
Mode
WWAN
Modem
Description
Enable Connect on Data categories.
Options
| ntp-packets | NTP Packets. |
| gms-heartbeats | GMS Heartbeats. |
| system-log-emails | System Log Emails. |
| av-profile-updates | AV Profile Updates. |
| snmp-traps | SNMP Traps. |
| licensed-updates | Licensed Updates. |
| firmware-update-requests | Firmware Update Requests. |
| syslog-traffic | Syslog Traffic. |
Example
connect-on-data ntp-packets gms-heartbeats
Syntax
no connect-on-data [ ntp-packets ] [ gms-heartbeats ] [ system-log-emails ] [ av-profile-updates ] [ snmp-traps ] [ licensed-updates ] [ firmware-update-requests ] [ syslog-traffic ]
Mode
WWAN
Modem
Description
Disable Connect on Data categories.
Options
| ntp-packets | NTP Packets. |
| gms-heartbeats | GMS Heartbeats. |
| system-log-emails | System Log Emails. |
| av-profile-updates | AV Profile Updates. |
| snmp-traps | SNMP Traps. |
| licensed-updates | Licensed Updates. |
| firmware-update-requests | Firmware Update Requests. |
| syslog-traffic | Syslog Traffic. |
Example
no connect-on-data ntp-packets gms-heartbeats
Syntax
management [ http ] [ https ] [ ping ] [ ssh ] [ snmp ]
Mode
WWAN
Modem
Description
Enable management for the specified protocols.
Options
| http | HTTP. |
| https | HTTPS. |
| ping | Ping. |
| ssh | SSH. |
| snmp | SNMP. |
Example
management https ssh
Syntax
no management [ http ] [ https ] [ ping ] [ ssh ] [ snmp ]
Mode
WWAN
Modem
Description
Disable management for the specified protocols.
Options
| http | HTTP. |
| https | HTTPS. |
| ping | Ping. |
| ssh | SSH. |
| snmp | SNMP. |
Example
no management https
Syntax
user-login [ http ] [ https ]
Mode
WWAN
Modem
Description
Enable user login for the specified protocols.
Options
| http | HTTP. |
| https | HTTPS. |
Example
user-login http https
Syntax
no user-login [ http ] [ https ]
Mode
WWAN
Modem
Description
Disable user login for the specified protocols.
Options
| http | HTTP. |
| https | HTTPS. |
Example
no user-login http enable
Syntax
https-redirect
Mode
WWAN
Modem
Description
Enable redirection from HTTP to HTTPS.
Example
https-redirect
Syntax
no https-redirect
Mode
WWAN
Modem
Description
Disable redirection from HTTP to HTTPS.
Example
no https-redirect
Syntax
remote-trigger-dialout [ authentication <WORD> | no-authentication ]
Mode
WWAN
Modem
Description
Enable remotely triggered dial-out.
Options
| |
|---|
| authentication | Authentication required. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| no-authentication | No authentication required. |
Example
remote-trigger-dialout
Syntax
no remote-trigger-dialout
Mode
WWAN
Modem
Description
Disable remotely triggered dial-out.
Example
no remote-trigger-dialout
Syntax
max-hosts <UINT16>
Mode
WWAN
Modem
Description
Set maximum number of host connections.
Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
max-hosts 100
Syntax
egress-bandwidth-management
Mode
WWAN
Modem
Description
Enable Egress Bandwidth Management.
Example
egress-bandwidth-management
Syntax
no egress-bandwidth-management
Mode
WWAN
Modem
Description
Disable Egress Bandwidth Management.
Example
no egress-bandwidth-management
Syntax
ingress-bandwidth-management
Mode
WWAN
Modem
Description
Enable Ingress Bandwidth Management.
Example
ingress-bandwidth-management
Syntax
no ingress-bandwidth-management
Mode
WWAN
Modem
Description
Disable Ingress Bandwidth Management.
Example
no ingress-bandwidth-management
Syntax
compression-multiplier { 1_0x | 1_5x | 2_0x | 2_5x | 3_0x | 3_5x | 4_0x }
Mode
WWAN
Modem
Description
Set the Bandwidth Management Compression Multiplier.
Options
| |
|---|
| 1_0x | Specify mulitple |
| |
|---|
| 1_5x | Specify mulitple |
| |
|---|
| 2_0x | Specify mulitple |
| |
|---|
| 2_5x | Specify mulitple |
| |
|---|
| 3_0x | Specify mulitple |
| |
|---|
| 3_5x | Specify mulitple |
| |
|---|
| 4_0x | Specify mulitple |
Example
compression-multiplier 3.0x
Syntax
flow-reporting
Mode
WWAN
Modem
Description
Enable flow reporting on the interface.
Example
flow-reporting
Syntax
no flow-reporting
Mode
WWAN
Modem
Description
Disable flow reporting on the interface.
Example
no flow-reporting
Syntax
preferred-profile { [ primary <WORD> ] [ secondary <WORD> ] [ tertiary <WORD> ] }
Mode
WWAN
Modem
Description
Set preferred connection profiles.
Options
| primary | Primary Connection Profile. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| secondary | Alternate 1 Connection Profile. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| tertiary | Alternate 2 Connection Profile. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
preferred-profile primary "Corp Primary Dialup" tertiary "Corp Alternate Dialup"
Syntax
no preferred-profile { [ primary ] [ secondary ] [ tertiary ] }
Mode
WWAN
Modem
Description
Set preferred connection profiles to None.
Options
| primary | Primary Connection Profile. |
| secondary | Alternate 1 Connection Profile. |
| tertiary | Alternate 2 Connection Profile. |
Example
preferred-profile primary alternate3
Syntax
connection-profile <WORD>
Mode
Modem
Description
Add/Edit Connection Profile and enter its configuration mode. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
connection-profile "Corp Primary Dialup"
Syntax
connection-profile <WORD>
Mode
WWAN
Description
Add/Edit Connection Profile and enter its configuration mode. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
connection-profile "Corp Primary Dialup"
Syntax
no connection-profile <WORD>
Mode
WWAN
Modem
Description
Delete Connection Profile.
Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
no connection-profile "Corp Primary Dialup"
Syntax
country <WORD>
Mode
WWAN Profile
Description
Set connection profile country. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
country USA
Syntax
provider <WORD>
Mode
WWAN Profile
Description
Set connection profile provider. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
provider AT&T
Syntax
plan-type <WORD>
Mode
WWAN Profile
Description
Set connection profile Plan Type. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
plan-type standard
Syntax
name <WORD>
Mode
WWAN Profile
Modem Profile
Description
Set connection profile name.
Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name "Corp Connection Profile"
Syntax
service-type { cdma-edvo | gprs-edge-hspa }
Mode
WWAN Profile
Description
Set connection profile service type. Options
| |
|---|
| cdma-edvo | CDMA/EDVO. |
| |
|---|
| gprs-edge-hspa | GPRS/EDGE/HSPA. |
Example
service-type cdma-edvo
Syntax
dialed-number <WORD>
Mode
WWAN Profile
Description
Set connection profile dialed number. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
dialed-number *99#
Syntax
primary-dialed-number <WORD>
Mode
Modem Profile
Description
Set connection profile primary dialed number. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
primary-dialed-number 555-555-5555
Syntax
secondary-dialed-number <WORD>
Mode
Modem Profile
Description
Set connection profile secondary dialed number. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
secondary-dialed-number 777-777-7777
Syntax
user-name <WORD>
Mode
WWAN Profile
Modem Profile
Description
Set connection profile user name.
Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
user-name ISPDA@CINGULARGPRS.COM
Syntax
user-password <WORD>
Mode
WWAN Profile
Modem Profile
Description
Set connection profile user password.
Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
user-password thisismypassword
Syntax
access-point-name <WORD>
Mode
WWAN Profile
Description
Set connection profile Access Point Name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
access-point-name ISP.CINGULAR
Syntax
connect-type { connect-on-data | manual | persistent }
Mode
WWAN Profile
Modem Profile
Description
Set connection profile connect type.
Options
| |
|---|
| connect-on-data | Connect on Data. |
| |
|---|
| manual | Manual Connection. |
| |
|---|
| persistent | Persistent Connection. |
Example
connect-type persistent
Syntax
inactivity-disconnect <UINT16>
Mode
WWAN Profile
Modem Profile
Description
Enable and set connection profile inactivity disconnect time in minutes.
Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
inactivity-disconnect 10
Syntax
no inactivity-disconnect
Mode
WWAN Profile
Modem Profile
Description
Disable connection profile inactivity disconnect time.
Example
no inactivity-disconnect
Syntax
baud-rate { 14400 | 19200 | 2400 | 38400 | 4800 | 57600 | 9600 | auto }
Mode
Modem Profile
Description
Set connection baud rate. Options
| |
|---|
| 14400 | Baud Rate. |
| |
|---|
| 19200 | Baud Rate. |
| |
|---|
| 2400 | Baud Rate. |
| |
|---|
| 38400 | Baud Rate. |
| |
|---|
| 4800 | Baud Rate. |
| |
|---|
| 57600 | Baud Rate. |
| |
|---|
| 9600 | Baud Rate. |
| |
|---|
| auto | Baud Rate. |
Example
baud-rate 3600
Syntax
max-connection-time <UINT16>
Mode
WWAN Profile
Modem Profile
Description
Enable and set connection profile maximum connection time in minutes.
Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
max-connection-time 30
Syntax
no max-connection-time
Mode
WWAN Profile
Modem Profile
Description
Disable connection profile maximum connection time.
Example
no max-connection-time
Syntax
delay-before-reconnect <UINT16>
Mode
WWAN Profile
Modem Profile
Description
Enable and set connection profile delay before reconnect in minutes.
Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
delay-before-reconnect 2
Syntax
call-waiting
Mode
Modem Profile
Description
Enable call waiting. Example
call-waiting
Syntax
no call-waiting
Mode
Modem Profile
Description
Disable call waiting. Example
no call-waiting
Syntax
call-wait-string { *70 | 1170 | 70 | other <WORD> }
Mode
Modem Profile
Description
Set call waiting string. Options
| |
|---|
| *70 | Call wait string. |
| |
|---|
| 1170 | Call wait string. |
| |
|---|
| 70 | Call wait string. |
| |
|---|
| other | Custom call waiting string. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
call-wait-string "*70"
Syntax
dial-retries <UINT16>
Mode
WWAN Profile
Modem Profile
Description
Enable and set connection profile dial retries per phone number.
Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
dial-retries 3
Syntax
no dial-retries
Mode
WWAN Profile
Modem Profile
Description
Disable connection profile dial retries per phone number.
Example
no dial-retries
Syntax
delay-between-retries <UINT32>
Mode
WWAN Profile
Modem Profile
Description
Enable and set connection profile delay between retries in minutes.
Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
delay-between-retries 5
Syntax
no delay-between-retries
Mode
WWAN Profile
Modem Profile
Description
Disable connection profile delay-between-retries.
Example
no delay-between-retries
Syntax
vpn-when-dialed
Mode
WWAN Profile
Modem Profile
Description
VPN remains enabled when dialed.
Example
vpn-when-dialed
Syntax
no vpn-when-dialed
Mode
WWAN Profile
Modem Profile
Description
Disable VPN when dialed.
Example
no vpn-when-dialed
Syntax
force-pap
Mode
WWAN Profile
Description
Enable force PAP authentication. Example
force-pap
Syntax
no force-pap
Mode
WWAN Profile
Description
Disable force PAP authentication. Example
no force-pap
Syntax
ip-assignment { automatic | static <IPV4_HOST> }
Mode
WWAN Profile
Modem Profile
Description
Set IP address manually or if obtained automatically.
Options
| |
|---|
| automatic | Obtain an IP addresses Automatically. |
| |
|---|
| static | Specify IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
ip-assignment static 204.16.16.1
Syntax
dns-assignment { { [ primary <IPV4_HOST> ] [ secondary <IPV4_HOST> ] } | automatic }
Mode
WWAN Profile
Modem Profile
Description
Set whether DNS obtained automatically or set manually with the associated DNS server IP addresses.
Options
| |
|---|
| primary | Specify primary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| secondary | Specify secondary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| automatic | Obtain an IP addresses of DNS Servers Automatically. |
Example
dns-assignment primary 4.2.2.1 secondary 4.2.2.2
Syntax
schedule [ sun <TIME_HHMM> <TIME_HHMM> ] [ mon <TIME_HHMM> <TIME_HHMM> ] [ tue <TIME_HHMM> <TIME_HHMM> ] [ wed <TIME_HHMM> <TIME_HHMM> ] [ thu <TIME_HHMM> <TIME_HHMM> ] [ fri <TIME_HHMM> <TIME_HHMM> ] [ sat <TIME_HHMM> <TIME_HHMM> ]
Mode
WWAN Profile
Modem Profile
Description
Enable and set the schedule when the modem can connect during.
Options
| sun | Day of the week. |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
| mon | Day of the week. |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
| tue | Day of the week. |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
| wed | Day of the week. |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
| thu | Day of the week. |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
| fri | Day of the week. |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
| sat | Day of the week. |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
|
<TIME_HHMM>
|
Time in the form: DD:DD.
Example: 12:00 |
Example
schedule mon 8:00 18:00 wed 9:00 17:00
Syntax
no schedule
Mode
WWAN Profile
Description
Disable the schedule when the modem can connect during. Example
no schedule
Syntax
data-usage-limiting [ billing-start <UINT8> ] [ limit <UINT32> ] [ units { gb | kb | mb | minutes } ]
Mode
WWAN Profile
Description
Enable and set data usage limiting. Options
| billing-start | Set billing start date. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
| limit | Set data usage limit. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| units | Set units for data usage limit. |
| |
|---|
| gb | Gigbytes. |
| |
|---|
| kb | Kilobytes. |
| |
|---|
| mb | Megabytes. |
| |
|---|
| minutes | Minutes. |
Example
data-usage-limiting
Syntax
no data-usage-limiting
Mode
WWAN Profile
Description
Disable data usage limiting. Example
no data-usage-limiting
Syntax
chat-script <WORD>
Mode
WWAN Profile
Modem Profile
Description
Set chat script.
Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
chat-script ???
Syntax
no chat-script
Mode
WWAN Profile
Modem Profile
Description
Clear chat script.
Example
no chat-script
Syntax
show multicast [ pending-config ]
Mode
All Modes
Description
Show Multicast configuration. Options
| pending-config | Show pending configuration changes. |
Example
show multicast
Syntax
no multicast
Mode
Config
Description
Disable Multicast. Example
multicast
Syntax
multicast
Mode
Config
Description
Configure Multicast. Example
multicast
Syntax
require-igmp-membership [ timeout <UINT8> ]
Mode
Multicast
Description
Enable require IGMP Membership reports for multicast data forwarding. Options
| timeout | Set the Multicast state table entry timeout in minutes. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
require-igmp-membership
Syntax
no require-igmp-membership
Mode
Multicast
Description
Disable require IGMP Membership reports for multicast data forwarding. Example
no require-igmp-membership
Syntax
reception { all | group <MULTICAST_ADDR_GROUP_NAME> | host <MULTICAST_ADDR_HOST> | name <MULTICAST_ADDR_NAME> | network <MULTICAST_ADDR_NETWORK> <MULTICAST_ADDR_MASK> | range <MULTICAST_ADDR_BEGIN> <MULTICAST_ADDR_END> }
Mode
Multicast
Description
Enable reception for the specified multicast addresses. Options
| |
|---|
| all | All Multicast Host. |
| |
|---|
| group | Multicast Address Object Group. |
|
<MULTICAST_ADDR_GROUP_NAME>
|
Multicast Address Group name.
Example: Multicast Group |
| |
|---|
| host | Multicast Address Object Host. |
|
<MULTICAST_ADDR_HOST>
|
Multicast Address Object IPv4 host address in the form: D.D.D.D.
Example: 224.0.0.1 |
| |
|---|
| name | Multicast Address Object Name. |
|
<MULTICAST_ADDR_NAME>
|
Multicast Address Object name.
Example: Multicast Address |
| |
|---|
| network | Multicast Address Object Network. |
|
<MULTICAST_ADDR_NETWORK>
|
Multicast Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<MULTICAST_ADDR_MASK>
|
Multicast Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Multicast Address Object Range. |
|
<MULTICAST_ADDR_BEGIN>
|
Multicast Address Object IPv4 starting range in the form: D.D.D.D.
Example: 224.0.0.1 |
|
<MULTICAST_ADDR_END>
|
Multicast Address Object IPv4 ending range in the form: D.D.D.D.
Example: 224.0.0.1 |
Example
reception host 224.0.0.12
Syntax
flush-state-table { address <MULTICAST_GROUP_IPV4_HOST> interface <IF_MULTICAST_NAME> | all }
Mode
Multicast
Description
Flush the specified multicast group address. Options
| |
|---|
| address | Flush the specified multicast group address. |
|
<MULTICAST_GROUP_IPV4_HOST>
|
Multicast Address Object IPV4 host address in the form: D.D.D.D.
Example: 224.0.0.1 |
| interface | Flush the specified multicast group address. |
|
<IF_MULTICAST_NAME>
|
Multicast Interface Name.
Example: X0 |
| |
|---|
| all | Flush all entries |
Example
flush-state-table all
Syntax
show failover-lb [ group <FLB_GROUP_NAME> ] [ pending-config ]
Mode
All Modes
Description
Show Failover and Load Balancing status or configuration. Options
| group | Show Failover and Load Balancing Group configuration. |
|
<FLB_GROUP_NAME>
|
Failover & LB group name.
Example: myFLBGroup |
| pending-config | Show pending configuration changes. |
Example
show failover-lb
Syntax
failover-lb
Mode
Config
Description
Enter Failover and Load Balancing configuration mode. Example
failover-lb
Syntax
enable
Mode
Failover & LB
Description
Enable Failover and Load Balancing. Example
enable
Syntax
no enable
Mode
Failover & LB
Description
Disable Failover and Load Balancing. Example
no enable
Syntax
respond-to-probes [ any-tcp-syn port <IPV4_PORT> | disable-any-tcp-syn ]
Mode
Failover & LB
Description
Enable Respond to Probes. Options
| |
|---|
| any-tcp-syn | Enable responding to Any TCP SYN. |
| port | TCP port. |
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
| |
|---|
| disable-any-tcp-syn | Disable responding to Any TCP SYN. |
Example
respond-to-probes any-tcp-syn port 8080
Syntax
no respond-to-probes
Mode
Failover & LB
Description
Disable Respond to Probes. Example
no respond-to-probes
Syntax
group <FLB_GROUP_NAME>
Mode
Failover & LB
Description
Add/Edit Load Balancing Group. Options
|
<FLB_GROUP_NAME>
|
Failover & LB group name.
Example: myFLBGroup |
Example
failover-and-lb
Syntax
type { basic | ratio | round-robin | spillover }
Mode
LB Group
Description
Configure Failover and Load Balancing type. Options
| |
|---|
| basic | Connection use primary member unless failover occurs. |
| |
|---|
| ratio | Connections use members according to the set percentages. |
| |
|---|
| round-robin | Connections cycle through members in Round Robin fashion. |
| |
|---|
| spillover | Connections use primary member until bandwidth is exceeded. |
Example
type round-robin
Syntax
preempt
Mode
LB Group
Description
Enable Preempt and failback to preferred member when possible. Example
preempt
Syntax
no preempt
Mode
LB Group
Description
Disable Preempt and failback to preferred member when possible. Example
preempt
Syntax
spillover-bandwidth <UINT32>
Mode
LB Group
Description
Set the bandwidth at which Spill-over occurs in Kbps. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
spillover-bandwidth 1000
Syntax
address-binding
Mode
LB Group
Description
Enable Use Source and Destination IP address binding. Example
address-binding
Syntax
no address-binding
Mode
LB Group
Description
Disable Use Source and Destination IP address binding. Example
address-binding
Syntax
auto-adjust-ratio
Mode
LB Group
Description
Automatically adjust all member ratios so total is 100%. Example
auto-adjust-ratio
Syntax
interface <FLB_GROUP_MEMBER>
Mode
LB Group
Description
Edit interface Load Balancing Group member. Options
|
<FLB_GROUP_MEMBER>
|
WAN interface name.
Example: X1 |
Example
interface X2
Syntax
no interface <FLB_CURRENT_GROUP_MEMBER>
Mode
LB Group
Description
Remove interface Load Balancing Group member. Options
|
<FLB_CURRENT_GROUP_MEMBER>
|
Group member name.
Example: X1 |
Example
no interface X2
Syntax
final-backup <FLB_FINAL_BACKUP>
Mode
LB Group
Description
Add/Replace Final Backup Interface in Load Balancing Group. Options
|
<FLB_FINAL_BACKUP>
|
WAN interface name.
Example: X1 |
Example
final-backup X4
Syntax
no final-backup
Mode
LB Group
Description
Remove Final Backup Interface in Load Balancing Group. Example
no final-backup
Syntax
probing
Mode
LB Group
Description
Enter probing configuration mode. Example
probing
Syntax
health-check <UINT16>
Mode
Probing
Description
Set the interval to perform health check of member (logical probing, physical link-check) in seconds. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
health-check 5
Syntax
missed-intervals <UINT16>
Mode
Probing
Description
Set the number of intervals to deactivate the member after. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
missed-intervals 6
Syntax
successful-intervals <UINT16>
Mode
Probing
Description
Set the number of intervals to reactivate the member after. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
successful-intervals 3
Syntax
global-responder
Mode
Probing
Description
Enable probing on all members using SonicWALL's Global Responder. Example
global-responder
Syntax
no global-responder
Mode
Probing
Description
Disable probing on all members using SonicWALL's Global Responder and set to physical monitoring only. Example
no global-responder
Syntax
rank <UINT32>
Mode
LB Group Member
Description
Interface rank. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
rank 2
Syntax
percent <FLB_CURRENT_GROUP_MEMBER> <UINT8>
Mode
LB Group
Description
Set the member usage percent for the interface. Options
|
<FLB_CURRENT_GROUP_MEMBER>
|
Group member name.
Example: X1 |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
percent X1 55
Syntax
probe-type { logical | physical }
Mode
LB Group Member
Description
Configure probing type. Options
| |
|---|
| logical | Use logical/probe monitoring. |
| |
|---|
| physical | Use only physical checking of member status, no probing. |
Example
probe-type logical
Syntax
probe-condition { always | both | either | main }
Mode
LB Group Member
Description
Configure under what condition probes succeed. Options
| |
|---|
| always | Always succeeds (no probing). |
| |
|---|
| both | Probes succeed when both Main Target and Alternate Target respond. |
| |
|---|
| either | Probes succeed when either Main Target or Alternate Target responds. |
| |
|---|
| main | Probes succeed when Main Target responds. |
Example
probe-condition either
Syntax
main-target [ protocol { ping | tcp <IPV4_PORT> } ] [ host <HOSTNAME> ]
Mode
LB Group Member
Description
Configure Main Target probe settings. Options
| protocol | Set the probe protocol. |
| |
|---|
| ping | Ping probes. |
| |
|---|
| tcp | TCP SYN probes. |
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
| host | Target Name or IP address. |
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
main-target tcp 8080 host 192.168.168.254
Syntax
alternate-target [ protocol { ping | tcp <IPV4_PORT> } ] [ host <HOSTNAME> ]
Mode
LB Group Member
Description
Configure Alternate Target probe settings. Options
| protocol | Set the probe protocol. |
| |
|---|
| ping | Ping probes. |
| |
|---|
| tcp | TCP SYN probes. |
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
| host | Target Name or IP address. |
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
alternate-target tcp 8080 host 192.168.168.253
Syntax
default-target <IPV4_HOST>
Mode
LB Group Member
Description
Configure the Default Target. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
default-target 192.168.168.254
Syntax
no default-target
Mode
LB Group Member
Description
Clear the Default Target. Example
no default-target
Syntax
show ssl-vpn [ bookmark <SSLVPN_BOOKMARK> | bookmarks | client | portal | routes | server | sessions | statistics <SSLVPN_LOGOUT_IPV4_HOST> ] [ pending-config ]
Mode
All Modes
Description
Show SSL VPN status or configuration. Options
| |
|---|
| bookmark | Show a virtual office bookmark. |
|
<SSLVPN_BOOKMARK>
|
SSL VPN bookmark name in the form: WORD or \"QUOTED STRING\".
Example: lan |
| |
|---|
| bookmarks | Show all virtual office bookmarks. |
| |
|---|
| client | Show client configuration. |
| |
|---|
| portal | Show portal configuration. |
| |
|---|
| routes | Show client route configuration. |
| |
|---|
| server | Show server configuration. |
| |
|---|
| sessions | Show all active sessions. |
| |
|---|
| statistics | Show statistics for the session associated with the specified NetExtender Virtual IP. |
|
<SSLVPN_LOGOUT_IPV4_HOST>
|
SSL VPN Logout Address Object IPV4 host address in the form: D.D.D.D.
Example: 1.1.1.1 |
| pending-config | Show pending configuration changes. |
Example
show sslvpn
Syntax
ssl-vpn server
Mode
Config
Description
Configure server settings. Example
ssl-vpn server
Syntax
ssl-vpn client
Mode
Config
Description
Configure client settings. Example
ssl-vpn client
Syntax
ssl-vpn routes
Mode
Config
Description
Configure client routes. Example
ssl-vpn routes
Syntax
ssl-vpn portal
Mode
Config
Description
Configure portal settings. Example
ssl-vpn portal
Syntax
ssl-vpn virtual-office
Mode
Config
Description
Configure virtual office settings. Example
ssl-vpn virtual-office
Syntax
ssl-vpn logout <SSLVPN_LOGOUT_IPV4_HOST>
Mode
Config
Description
Logout Specified NetExtender Virtual IP. Options
|
<SSLVPN_LOGOUT_IPV4_HOST>
|
SSL VPN Logout Address Object IPV4 host address in the form: D.D.D.D.
Example: 1.1.1.1 |
Example
ssl-vpn logout 1.1.1.1
Syntax
logout <SSLVPN_LOGOUT_IPV4_HOST>
Mode
SSL VPN Server
Description
Logout Specified NetExtender Virtual IP. Options
|
<SSLVPN_LOGOUT_IPV4_HOST>
|
SSL VPN Logout Address Object IPV4 host address in the form: D.D.D.D.
Example: 1.1.1.1 |
Example
logout 1.1.1.1
Syntax
sslvpn-access <SSLVPN_ZONE_NAME>
Mode
SSL VPN Server
Description
Enable SSL VPN access on specified zone. Options
|
<SSLVPN_ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
sslvpn-access WAN
Syntax
no sslvpn-access <SSLVPN_ZONE_NAME>
Mode
SSL VPN Server
Description
Disable SSL VPN access on specified zone. Options
|
<SSLVPN_ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
no sslvpn-access WAN
Syntax
port <INT16>
Mode
SSL VPN Server
Description
Set SSL VPN server port. Options
|
<INT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
port 4433
Syntax
certificate { name <CERT_NAME> | use-self-signed }
Mode
SSL VPN Server
Description
Select SSL Certificate to use for SSL VPN. Options
| |
|---|
| name | Specify Certificate. |
|
<CERT_NAME>
|
Certificate name.
Example: my_cert |
| |
|---|
| use-self-signed | Use Self Signed Certificate. |
Example
certificate name CorpSSLVPNCert
Syntax
cipher { aes256-sha1 | rc4-md5 | triple-des-sha1 }
Mode
SSL VPN Server
Description
Enable Cipher Preference and Specify. Options
| |
|---|
| aes256-sha1 | AES256-SHA1. |
| |
|---|
| rc4-md5 | RC4-MD5. |
| |
|---|
| triple-des-sha1 | 3DES-SHA1. |
Example
cipher aes256-sha1
Syntax
no cipher
Mode
SSL VPN Server
Description
Disable Cipher Preference. Example
no cipher
Syntax
use-radius { mschap | mschapv2 }
Mode
SSL VPN Server
Description
Enable use RADIUS in specified mode for XAUTH. Options
| |
|---|
| mschap | Use MSCHAP for RADIUS. |
| |
|---|
| mschapv2 | Use MSCHAPv2 for RADIUS. |
Example
use-radius mschapv2
Syntax
no use-radius
Mode
SSL VPN Server
Description
Disable use RADIUS for XAUTH. Example
no use-radius
Syntax
site-title <WORD>
Mode
SSL VPN Portal
Description
Set SSL VPN Portal Site Title. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
site-title "Corp - Virtual Office"
Syntax
banner-title <WORD>
Mode
SSL VPN Portal
Description
Set SSL VPN Portal Banner Title. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
banner-title "Virtual Office"
Syntax
home-page-message { custom <ROL> | default }
Mode
SSL VPN Portal
Description
Set SSL VPN Portal Home Page Message. Options
| |
|---|
| custom | Use customed home page message. |
|
<ROL>
|
Remaining command line input. |
| |
|---|
| default | Use default home page message example template. |
Example
home-page-message custom "TBD"
Syntax
login-message { custom <ROL> | default }
Mode
SSL VPN Portal
Description
Set SSL VPN Portal Login Message. Options
| |
|---|
| custom | Use customed login message. |
|
<ROL>
|
Remaining command line input. |
| |
|---|
| default | Use default login message example template. |
Example
login-message custom "TBD"
Syntax
auto-launch
Mode
SSL VPN Portal
Description
Enable Launch NetExtender after login. Example
auto-launch
Syntax
no auto-launch
Mode
SSL VPN Portal
Description
Disable Launch NetExtender after login. Example
no auto-launch
Syntax
display-cert
Mode
SSL VPN Portal
Description
Enable Display Import Certificate Button. Example
display-cert
Syntax
no display-cert
Mode
SSL VPN Portal
Description
Disable Display Import Certificate Button. Example
no display-cert
Syntax
cache-control
Mode
SSL VPN Portal
Description
Enable HTTP meta tags for cache control (recommended). Example
cache-control
Syntax
no cache-control
Mode
SSL VPN Portal
Description
Disable HTTP meta tags for cache control (recommended). Example
no cache-control
Syntax
logo { custom <WORD> | default }
Mode
SSL VPN Portal
Description
Set SSL VPN Portal Logo. Options
| |
|---|
| custom | Enable Use Custom SonicWALL Logo. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| default | Enable Use Default SonicWALL Logo. |
Example
logo default
Syntax
address-pool <IPV4_HOST> <IPV4_HOST> <IF_SSLVPN_NAME>
Mode
Client
Description
Set NetExtender Client Pool Address Range and Interface. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
|
<IF_SSLVPN_NAME>
|
Interface name.
Example: X0 |
Example
address-pool 192.168.168.100 192.168.168.110 X0
Syntax
no address-pool
Mode
Client
Description
Clear NetExtender Client Pool Address Range. Example
no address-pool
Syntax
no netextender-start-ip
Mode
Client
Description
Clear NetExtender Start IP.
Syntax
no netextender-end-ip
Mode
Client
Description
Clear NetExtender End IP.
Syntax
dns { [ primary <IPV4_HOST> ] [ secondary <IPV4_HOST> ] | inherit }
Mode
Client
Description
Set the primary and secondary DNS server IP address for NetExtender client. Options
| |
|---|
| primary | Primary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| secondary | Secondary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| inherit | Use the Default Global DNS settings. |
Example
dns primary 192.168.168.169 secondary 192.168.168.170
Syntax
dns-domain <HOSTNAME>
Mode
Client
Description
Set DNS Domain suffix. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
dns-domain sonicwall.com
Syntax
no dns-domain
Mode
Client
Description
Clear DNS Domain suffix. Example
no dns-domain
Syntax
user-domain <WORD>
Mode
Client
Description
Set User Domain. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
user-domain CorpSSLVPNDomain
Syntax
no user-domain
Mode
Client
Description
Clear User Domain. Example
no user-domain
Syntax
wins { [ primary <IPV4_HOST> ] [ secondary <IPV4_HOST> ] }
Mode
Client
Description
Set the primary and secondary WINS server IP address for NetExtender clients. Options
| primary | Primary WINS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| secondary | Secondary WINS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
wins primary 192.168.168.169 secondary 192.168.168.170
Syntax
session-timeout <UINT32>
Mode
Client
Description
Set the Default Session Timeout in minutes. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
session-timeout 10
Syntax
no session-timeout
Mode
Client
Description
Clear the Default Session Timeout. Example
no session-timeout
Syntax
netbios-over-sslvpn
Mode
Client
Description
Enable NetBIOS Over SSL VPN. Example
netbios-over-sslvpn
Syntax
no netbios-over-sslvpn
Mode
Client
Description
Disable NetBIOS Over SSL VPN. Example
no netbios-over-sslvpn
Syntax
auto-update
Mode
Client
Description
Enable Client Auto Update. Example
auto-update
Syntax
no auto-update
Mode
Client
Description
Disable Client Auto Update. Example
no auto-update
Syntax
exit-after-disconnect
Mode
Client
Description
Enable Exit Client After Disconnect. Example
exit-after-disconnect
Syntax
no exit-after-disconnect
Mode
Client
Description
Disable Exit Client After Disconnect. Example
no exit-after-disconnect
Syntax
uninstall-after-exit
Mode
Client
Description
Enable Uninstall Client After Exit. Example
uninstall-after-exit
Syntax
no uninstall-after-exit
Mode
Client
Description
Disable Uninstall Client After Exit. Example
no uninstall-after-exit
Syntax
create-connection-profile
Mode
Client
Description
Enable Create Client Connection Profile. Example
create-connection-profile
Syntax
no create-connection-profile
Mode
Client
Description
Disable Create Client Connection Profile. Example
no create-connection-profile
Syntax
client-communicate
Mode
Client
Description
Enable Communication Between Clients. Example
client-communicate
Syntax
no client-communicate
Mode
Client
Description
Disable Communication Between Clients. Example
no client-communicate
Syntax
cache-username-password { password-username | prohibit | username-only }
Mode
Client
Description
Set User Name and Password Caching. Options
| |
|---|
| password-username | Allow saving of user name and password. |
| |
|---|
| prohibit | Prohibit saving of user name and password. |
| |
|---|
| username-only | Allow saving of user name only. |
Example
cache-username-password prohibit
Syntax
tunnel-all
Mode
Client Routes
Description
Enable Tunnel All. Example
tunnel-all
Syntax
no tunnel-all
Mode
Client Routes
Description
Disable Tunnel All. Example
no tunnel-all
Syntax
route { host <ADDR_HOST> | name <ADDR_HOST_NETWORK_NAME> | network <ADDR_NETWORK> <ADDR_MASK> }
Mode
Client Routes
Description
Add a Client Route. Options
| |
|---|
| host | Add Client Route of host address. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Add Client Route of named address object. |
|
<ADDR_HOST_NETWORK_NAME>
|
Address HOST Or Network Object name.
Example: Sales Network |
| |
|---|
| network | Add Client Route of network address. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
route name "Corp SSL-VPN Servers"
Syntax
no route { host <ADDR_HOST> | name <ADDR_HOST_NETWORK_NAME> | network <ADDR_NETWORK> <ADDR_MASK> }
Mode
Client Routes
Description
Delete a Client Route. Options
| |
|---|
| host | Add Client Route of host address. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Add Client Route of named address object. |
|
<ADDR_HOST_NETWORK_NAME>
|
Address HOST Or Network Object name.
Example: Sales Network |
| |
|---|
| network | Add Client Route of network address. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
no route name "Corp SSL-VPN Servers"
Syntax
no routes
Mode
Client Routes
Description
Delete all Client Routes. Example
no routes
Syntax
bookmark <SSLVPN_BOOKMARK>
Mode
Virtual Office
Description
Add/Edit Bookmark and Enter configuration mode. Options
|
<SSLVPN_BOOKMARK>
|
SSL VPN bookmark name in the form: WORD or \"QUOTED STRING\".
Example: lan |
Example
bookmark "Admin Desktop"
Syntax
no bookmark <SSLVPN_BOOKMARK>
Mode
Virtual Office
Description
Delete Bookmark. Options
|
<SSLVPN_BOOKMARK>
|
SSL VPN bookmark name in the form: WORD or \"QUOTED STRING\".
Example: lan |
Example
no bookmark "Admin Work Desktop"
Syntax
no bookmarks
Mode
Virtual Office
Description
Delete all bookmarks. Example
no bookmarks
Syntax
name <SSLVPN_BOOKMARK>
Mode
Bookmark
Description
Set Bookmark Name. Options
|
<SSLVPN_BOOKMARK>
|
SSL VPN bookmark name in the form: WORD or \"QUOTED STRING\".
Example: lan |
Example
name "Admin Work Desktop"
Syntax
host <WORD>
Mode
Bookmark
Description
Set Host Name or IP address. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
host 192.168.168.57
Syntax
no host
Mode
Bookmark
Description
Clear Host Name or IP address. Example
no host
Syntax
service { rdp-activex | rdp-java | sshv1 | sshv2 | telnet | vnc }
Mode
Bookmark
Options
| |
|---|
| rdp-activex | Terminal Services (RDP5-ActiveX). |
| |
|---|
| rdp-java | Terminal Services (RDP5-JAVA). |
| |
|---|
| sshv1 | Secure Shell Version 1 (SSHv1). |
| |
|---|
| sshv2 | Secure Shell Version 12 (SSHv2). |
| |
|---|
| telnet | Telnet. |
| |
|---|
| vnc | Virtual Network Computing (VNC). |
Syntax
screen-size { 1024x768 | 1280x1024 | 640x480 | 800x600 | full-screen }
Mode
ActiveX
Java
Description
Set Screen Size.
Options
| |
|---|
| 1024x768 | 1024x768. |
| |
|---|
| 1280x1024 | 1280x1024. |
| |
|---|
| 640x480 | 640x480. |
| |
|---|
| 800x600 | 800x600. |
| |
|---|
| full-screen | Full Screen. |
Example
screen-size 1024x768
Syntax
colors { 15bit | 16bit | 24bit | 256 | 32bit }
Mode
ActiveX
Java
Description
Set Screen Colors.
Options
| |
|---|
| 15bit | 15 bit - High Color. |
| |
|---|
| 16bit | 16 bit - High Color. |
| |
|---|
| 24bit | 24 bit - High Color. |
| |
|---|
| 256 | 256 bit. |
| |
|---|
| 32bit | 32 bit - Highest Quality. |
Example
colors 24bit
Syntax
application-path <WORD>
Mode
ActiveX
Java
Description
Set application and path to launch.
Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
application-path "C:\\Remote Applications\\myapp.exe\\"
Syntax
no application-path
Mode
ActiveX
Java
Description
Remove application and path to launch.
Example
no application-path
Syntax
start-in-folder <WORD>
Mode
ActiveX
Java
Description
Set folder to start in.
Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
start-in-folder "C:\\Work\\"
Syntax
no start-in-folder
Mode
ActiveX
Java
Description
Remove folder to start in.
Example
no start-in-folder
Syntax
redirect-printers
Mode
ActiveX
Java
Description
Enable Redirect Printers.
Example
redirect-printers
Syntax
no redirect-printers
Mode
ActiveX
Java
Description
Disable Redirect Printers.
Example
no redirect-printers
Syntax
redirect-drives
Mode
ActiveX
Java
Description
Enable Redirect Drives.
Example
redirect-drives
Syntax
no redirect-drives
Mode
ActiveX
Java
Description
Disable Redirect Drives.
Example
no redirect-drives
Syntax
redirect-ports
Mode
ActiveX
Java
Description
Enable Redirect Ports.
Example
redirect-ports
Syntax
no redirect-ports
Mode
ActiveX
Java
Description
Disable Redirect Ports.
Example
no redirect-ports
Syntax
redirect-smartcards
Mode
ActiveX
Java
Description
Enable Redirect Smartcards.
Example
redirect-smartcards
Syntax
no redirect-smartcards
Mode
ActiveX
Java
Description
Disable Redirect Smartcards.
Example
no redirect-smartcards
Syntax
console-session-login
Mode
ActiveX
Java
Description
Enable Login to Console Session.
Example
console-session-login
Syntax
no console-session-login
Mode
ActiveX
Java
Description
Disable Login to Console Session.
Example
no console-session-login
Syntax
automatic-login { custom [ name <WORD> ] [ password <ENC_PASSWORD> ] [ domain <WORD> ] | ssl-vpn }
Mode
ActiveX
Java
Description
Enable Automatically Log in.
Options
| |
|---|
| custom | Use custom account credentials. |
| name | Enter login name. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| password | Enter login password. |
|
<ENC_PASSWORD>
|
PASSWORD.
Example: secret |
| domain | Enter login domain. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| ssl-vpn | Use SSL-VPN account credentials. |
Example
automatic-login custom name myuser password mypassword domain mydomain
Syntax
no automatic-login
Mode
ActiveX
Java
Description
Disable Automatically Log in.
Example
no automatic-login
Syntax
plugin-dlls <WORD>
Mode
ActiveX
Description
Enable Plugin DLLs. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
plugin-dlls x.dll
Syntax
no plugin-dlls
Mode
ActiveX
Description
Disable Plugin DLLs. Example
no plugin-dlls
Syntax
display-connection-bar
Mode
Java
Description
Enable Display Connection Bar. Example
display-connection-bar
Syntax
no display-connection-bar
Mode
Java
Description
Disable Display Connection Bar. Example
no display-connection-bar
Syntax
dual-monitors
Mode
Java
Description
Enable Dual Monitors. Example
dual-monitors
Syntax
no dual-monitors
Mode
Java
Description
Disable Dual Monitors. Example
no dual-monitors
Syntax
redirect-clipboard
Mode
Java
Description
Enable Redirect Clipboard. Example
redirect-clipboard
Syntax
no redirect-clipboard
Mode
Java
Description
Disable Redirect Clipboard. Example
no redirect-clipboard
Syntax
redirect-plug-and-play
Mode
Java
Description
Enable Redirect Plug and Play Devices. Example
redirect-plug-and-play
Syntax
no redirect-plug-and-play
Mode
Java
Description
Disable Redirect Plug and Play Devices. Example
no redirect-plug-and-play
Syntax
auto-reconnection
Mode
Java
Description
Enable Automatic Reconnection. Example
auto-reconnection
Syntax
no auto-reconnection
Mode
Java
Description
Disable Automatic Reconnections. Example
no auto-reconnection
Syntax
desktop-background
Mode
Java
Description
Enable Desktop Background. Example
desktop-background
Syntax
no desktop-background
Mode
Java
Description
Disable Desktop Background. Example
no desktop-background
Syntax
font-smoothing
Mode
Java
Description
Enable Font Smoothing. Example
font-smoothing
Syntax
no font-smoothing
Mode
Java
Description
Disable Font Smoothing. Example
no font-smoothing
Syntax
desktop-composition
Mode
Java
Description
Enable Desktop Composition. Example
desktop-composition
Syntax
no desktop-composition
Mode
Java
Description
Disable Desktop Composition. Example
no desktop-composition
Syntax
window-drag
Mode
Java
Description
Enable Window Drag. Example
window-drag
Syntax
no window-drag
Mode
Java
Description
Disable Window Drag. Example
no window-drag
Syntax
animation
Mode
Java
Description
Enable Menu / Window Animation. Example
animation
Syntax
no animation
Mode
Java
Description
Disable Menu / Window Animation. Example
no animation
Syntax
themes
Mode
Java
Description
Enable Themes. Example
themes
Syntax
no themes
Mode
Java
Description
Disable Themes. Example
no themes
Syntax
bitmap-caching
Mode
Java
Description
Enable Bitmap Caching. Example
bitmap-caching
Syntax
no bitmap-caching
Mode
Java
Description
Disable Bitmap Caching. Example
no bitmap-caching
Syntax
encoding { corre | hextile | raw | rre | zlib }
Mode
VNC
Description
Set Encoding type. Options
| |
|---|
| corre | Set CoRRE Encoding type. |
| |
|---|
| hextile | Set Hextile Encoding type. |
| |
|---|
| raw | Set Raw Encoding type. |
| |
|---|
| rre | Set RRE Encoding type. |
| |
|---|
| zlib | Set ZLIB Encoding type. |
Example
encoding raw
Syntax
compression-level <UINT8>
Mode
VNC
Description
Set Compression Level. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
compression-level 5
Syntax
jpeg-image-quality { level <UINT8> | off }
Mode
VNC
Description
Set JPEG Image Quality. Options
| |
|---|
| level | Set JPEG Image Quality Level. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
| |
|---|
| off | Turn Off JPEG Image Quality. |
Example
jpeg-image-quality level 5
Syntax
cursor-shape-updates { disable | enable | ignore }
Mode
VNC
Description
Set Cursor Shape Updates. Options
| |
|---|
| disable | Disable Cursor Shape Updates. |
| |
|---|
| enable | Enable Cursor Shape Updates. |
| |
|---|
| ignore | Ignore Cursor Shape Updates. |
Example
cursor-shape-updates ignore
Syntax
use-copyrect
Mode
VNC
Description
Enable Use CopyRect. Example
use-copyrect
Syntax
no use-copyrect
Mode
VNC
Description
Disable Use CopyRect. Example
no use-copyrect
Syntax
restricted-colors
Mode
VNC
Description
Enable Restricted Colors (256). Example
restricted-colors
Syntax
no restricted-colors
Mode
VNC
Description
Disable Restricted Colors (256). Example
no restricted-colors
Syntax
reverse-mouse-buttons
Mode
VNC
Description
Enable Reverse Mouse Buttons 2 and 3. Example
reverse-mouse-buttons
Syntax
no reverse-mouse-buttons
Mode
VNC
Description
Disable Reverse Mouse Buttons 2 and 3. Example
no reverse-mouse-buttons
Syntax
view-only
Mode
VNC
Description
Enable View Only. Example
view-only
Syntax
no view-only
Mode
VNC
Description
Disable View Only. Example
no view-only
Syntax
share-desktop
Mode
VNC
Description
Enable Share Desktop. Example
share-desktop
Syntax
no share-desktop
Mode
VNC
Description
Disable Share Desktop. Example
no share-desktop
Syntax
automatic-accept-host-key
Mode
SSHV2
Description
Enable Automatically Accept Host Key. Example
automatic-accept-host-key
Syntax
no automatic-accept-host-key
Mode
SSHV2
Description
Disable Automatically Accept Host Key. Example
no automatic-accept-host-key
Syntax
bypass-username
Mode
SSHV2
Description
Enable Bypass Username. Example
bypass-username
Syntax
no bypass-username
Mode
SSHV2
Description
Disable Bypass Username. Example
no bypass-username
Syntax
dhcp-over-vpn { central | remote }
Mode
VPN
Description
Configure DHCP over VPN. Options
| |
|---|
| central | Configure DHCP over VPN for Central Gateway. |
| |
|---|
| remote | Configure DHCP over VPN for Remote Gateway. |
Example
dhcp-over-vpn central
Syntax
internal-dhcp [ gvc-disable | gvc-enable ] [ remote-disable | remote-enable ]
Mode
Central
Description
Use internal DHCP server. Options
| |
|---|
| gvc-disable | Disable DHCP for GVC client. |
| |
|---|
| gvc-enable | Enable DHCP for GVC client. |
| |
|---|
| remote-disable | Disable DHCP for Remote Firewall. |
| |
|---|
| remote-enable | Enable DHCP for Remote Firewall. |
Example
internal-dhcp
Syntax
no internal-dhcp
Mode
Central
Description
Don't use internal DHCP Server. Example
no internal-dhcp
Syntax
send-requests
Mode
Central
Description
Enable send DHCP requests to the server addresses in the server list. Example
send-requests
Syntax
no send-requests
Mode
Central
Description
Disable send DHCP requests to the server addresses in the server list. Example
no send-requests
Syntax
dhcp-server <DHCP_SERVER_IPV4_HOST>
Mode
Central
Description
Add a DHCP server to the server list. Options
|
<DHCP_SERVER_IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
dhcp-server 192.168.168.170
Syntax
no dhcp-server <DHCP_SERVER_IPV4_HOST>
Mode
Central
Description
Remove a DHCP server from the server list. Options
|
<DHCP_SERVER_IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
no dhcp-server 192.168.168.170
Syntax
no dhcp-servers
Mode
Central
Description
Remove all DHCP servers from the server list. Example
no dhcp-servers
Syntax
no relay-ip
Mode
Central
Description
Clear DHCP relay IP address. Example
no relay-ip
Syntax
relay-ip <IPV4_HOST>
Mode
Central
Description
Configure DHCP relay IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
relay-ip 192.168.168.170
Syntax
bound-to <IF_DHCP_OVER_VPN>
Mode
Remote
Description
DHCP lease bound to. Options
|
<IF_DHCP_OVER_VPN>
|
Interface name.
Example: X0 |
Example
bound-to X2
Syntax
no relay-ip
Mode
Remote
Description
Clear DHCP Relay IP address. Example
no relay-ip
Syntax
relay-ip <IPV4_HOST>
Mode
Remote
Description
Configure DHCP Relay IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
relay-ip 192.168.168.170
Syntax
no management-ip
Mode
Remote
Description
Clear Remote Management IP address. Example
no management-ip
Syntax
management-ip <IPV4_HOST>
Mode
Remote
Description
Configure Remote Management IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
management-ip 192.168.168.170
Syntax
block-spoof
Mode
Remote
Description
Enable block traffic through tunnel when IP spoof detected. Example
block-spoof
Syntax
no block-spoof
Mode
Remote
Description
Disable block traffic through tunnel when IP spoof detected. Example
no block-spoof
Syntax
temp-lease
Mode
Remote
Description
Enable obtain temporary lease from local DHCP server if tunnel is down. Example
temp-lease
Syntax
no temp-lease
Mode
Remote
Description
Disable obtain temporary lease from local DHCP server if tunnel is down. Example
no temp-lease
Syntax
lease-time <UINT8>
Mode
Remote
Description
Set the Temporary Lease Time (minutes). Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
lease-time 10
Syntax
static-device <STATIC_DEVICE_IPV4_HOST> <STATIC_DEVICE_MAC>
Mode
Remote
Description
Add a Static Devices on LAN. Options
|
<STATIC_DEVICE_IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
|
<STATIC_DEVICE_MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Example
static-device 192.168.168.170 01:02:03:04:05:06
Syntax
no static-device <STATIC_DEVICE_IPV4_HOST>
Mode
Remote
Description
Remove a Static Device on LAN. Options
|
<STATIC_DEVICE_IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
no static-device 192.168.168.170
Syntax
no static-devices
Mode
Remote
Description
Remove all Static Devices on LAN. Example
no static-devices
Syntax
excluded-device <EXCLUDE_DEVICE_MAC>
Mode
Remote
Description
Add an Excluded LAN Device. Options
|
<EXCLUDE_DEVICE_MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Example
excluded-device 01:02:03:04:05:06
Syntax
no excluded-device <EXCLUDE_DEVICE_MAC>
Mode
Remote
Description
Remove an Excluded LAN Device. Options
|
<EXCLUDE_DEVICE_MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Example
no excluded-device 01:02:03:04:05:06
Syntax
no excluded-devices
Mode
Remote
Description
Remove all Excluded LAN Devices. Example
no excluded-devices
Syntax
l2tp-server
Mode
VPN
Description
Enable/Configure L2TP Server. Example
l2tp-server
Syntax
no l2tp-server
Mode
VPN
Description
Disable l2tp-server. Example
no l2tp-server
Syntax
keep-alive <UINT32>
Mode
L2TP Server
Description
Set the Keep alive time (seconds). Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
keep-alive 10
Syntax
dns { primary <IPV4_HOST> | secondary <IPV4_HOST> }
Mode
L2TP Server
Description
Set the primary and secondary DNS server IP address. Options
| |
|---|
| primary | Primary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| secondary | Secondary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
dns primary 192.168.168.169
Syntax
no dns { primary | secondary }
Mode
L2TP Server
Description
Manually Clear DNS server IP address. Options
| |
|---|
| primary | Clear primary DNS server IP address. |
| |
|---|
| secondary | Clear secondary DNS server IP address. |
Example
no dns primary
Syntax
wins { [ primary <IPV4_HOST> ] [ secondary <IPV4_HOST> ] }
Mode
L2TP Server
Description
Set the primary and secondary WINS server IP address. Options
| primary | Primary WINS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| secondary | Secondary WINS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
wins primary 192.168.168.169 secondary 192.168.168.170
Syntax
ip-pool { local <IPV4_HOST> <IPV4_HOST> | provided }
Mode
L2TP Server
Description
Set the IP address pool. Options
| |
|---|
| local | Use local L2TP IP pool. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| provided | IP address provided by RADIUS/LDAP Server. |
Example
ip-pool local 192.168.168.10 192.168.168.20
Syntax
no user-group
Mode
L2TP Server
Description
No L2TP user group. Example
no user-group
Syntax
user-group <LOCAL_USER_GROUP_NAME>
Mode
L2TP Server
Description
Set user group for L2TP users. Options
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
Example
user-group l2tpUsers
Syntax
show tcp [ pending-config | statistics ]
Mode
All Modes
Description
Show TCP settings or traffic statistics. Options
| |
|---|
| pending-config | Show pending configuration changes. |
| |
|---|
| statistics | Show TCP statistics |
Example
show tcp
Syntax
tcp
Mode
Config
Description
Configure TCP settings. Example
tcp
Syntax
enforce-strict-compliance
Mode
TCP
Description
Enable enforcement of strict TCP compliance with RFC 793 and RFC 1122. Example
enforce-strict-compliance
Syntax
no enforce-strict-compliance
Mode
TCP
Description
Disable enforcement of strict TCP compliance with RFC 793 and RFC 1122. Example
no enforce-strict-compliance
Syntax
handshake-enforcement
Mode
TCP
Description
Enable TCP handshake enforcement. Example
handshake-enforcement
Syntax
no handshake-enforcement
Mode
TCP
Description
Disable TCP handshake enforcement. Example
no handshake-enforcement
Syntax
checksum-enforcement
Mode
TCP
Description
Enable TCP checksum enforcement. Example
checksum-enforcement
Syntax
no checksum-enforcement
Mode
TCP
Description
Disable TCP checksum enforcement. Example
no checksum-enforcement
Syntax
handshake-timeout <UINT32>
Mode
TCP
Description
Set the TCP handshake timeout in seconds. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
handshake-timeout 4
Syntax
no handshake-timeout
Mode
TCP
Description
Disable the TCP handshake timeout. Example
no handshake-timeout
Syntax
default-connection-timeout <UINT32>
Mode
TCP
Description
Set default TCP connection timeout in minutes. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
default-connection-timeout 15
Syntax
maximum-segment-lifetime <UINT8>
Mode
TCP
Description
Set Maximum Segment Lifetime in seconds. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
maximum-segment-lifetime 8
Syntax
syn-flood-protection-mode { always-proxy | proxy-suspect-attack | watch-and-report }
Mode
TCP
Description
Set TCP SYN Flood Protection Mode. Options
| |
|---|
| always-proxy | Always Proxy WAN client connections. |
| |
|---|
| proxy-suspect-attack | Proxy WAN client connections when attack is suspected. |
| |
|---|
| watch-and-report | Watch and report possible SYN floods |
Example
syn-flood-protection-mode watch-and-report
Syntax
syn-attack-threshold <UINT32>
Mode
TCP
Description
Set Attack threshold (incomplete connection attempts / second). Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
syn-attack-threshold 300
Syntax
support-tcp-sack
Mode
TCP
Description
Enable all LAN/DMZ servers support the TCP SACK option. Example
support-tcp-sack
Syntax
no support-tcp-sack
Mode
TCP
Description
Disable all LAN/DMZ servers support the TCP SACK option. Example
no support-tcp-sack
Syntax
limit-mss [ max <UINT16> ]
Mode
TCP
Description
Enable limit MSS sent to WAN clients (when connections are proxied). Options
| max | Set Maximum TCP MSS sent to WAN clients. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
limit-mss max 1460
Syntax
no limit-mss
Mode
TCP
Description
Disable limit MSS sent to WAN clients (when connections are proxied). Example
no limit-mss
Syntax
always-log-syn-packets
Mode
TCP
Description
Enable always log SYN packets received. Example
always-log-syn-packets
Syntax
no always-log-syn-packets
Mode
TCP
Description
Disable always log SYN packets received. Example
no always-log-syn-packets
Syntax
syn-flood-blacklisting
Mode
TCP
Description
Enable SYN/RST/FIN flood blacklisting on all interfaces. Example
syn-flood-blacklisting
Syntax
no syn-flood-blacklisting
Mode
TCP
Description
Disable SYN/RST/FIN flood blacklisting on all interfaces. Example
no syn-flood-blacklisting
Syntax
blacklist-threshold <UINT32>
Mode
TCP
Description
Set Threshold for SYN/RST/FIN flood blacklisting (Packets / Sec). Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
blacklist-threshold 1000
Syntax
never-blacklist-wan
Mode
TCP
Description
Enable never blacklist WAN machines. Example
never-blacklist-wan
Syntax
no never-blacklist-wan
Mode
TCP
Description
Disable never blacklist WAN machines. Example
no never-blacklist-wan
Syntax
always-allow-management
Mode
TCP
Description
Enable always allow SonicWALL management traffic. Example
always-allow-management
Syntax
no always-allow-management
Mode
TCP
Description
Disable always allow SonicWALL management traffic. Example
no always-allow-management
Syntax
show mac-ip-anti-spoof [ cache { { entries | entry <IPV4_HOST> <MAC> <IF_NAME> } } | detected-list | interface <IF_NAME> | interfaces | lookup-statistics ] [ pending-config ]
Mode
All Modes
Description
Show MAC-IP Anti-Spoof Configuration and Information. Options
| |
|---|
| cache | Show MAC-IP Anti-Spoof cache. |
| |
|---|
| entries | Show all MAC Anti-Spoof Cache entries. |
| |
|---|
| entry | Show an MAC Anti-Spoof Cache entry. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
|
<MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
|
<IF_NAME>
|
Interface name.
Example: X0 |
| |
|---|
| detected-list | Show MAC-IP Anti-Spoof Spoof Detected list. |
| |
|---|
| interface | Show MAC-IP Anti-Spoof interface configuration. |
|
<IF_NAME>
|
Interface name.
Example: X0 |
| |
|---|
| interfaces | Show MAC-IP Anti-Spoof configuration for all interfaces. |
| |
|---|
| lookup-statistics | Show MAC-IP Anti-Spoof lookup statistics. |
| pending-config | Show pending configuration changes. |
Example
show mac-ip-anti-spoof
Syntax
mac-ip-anti-spoof
Mode
Config
Description
Configure MAC-IP Anti-Spoof settings. Example
mac-ip-anti-spoof
Syntax
interface <IF_NAME>
Mode
MAC Anti-Spoof
Description
Configure MAC-IP Anti-Spoof for the specified interface. Options
|
<IF_NAME>
|
Interface name.
Example: X0 |
Example
interface X1
Syntax
cache entry <IPV4_HOST> <MAC> <IF_NAME>
Mode
MAC Anti-Spoof
Description
Add/edit an MAC-IP Anti-Spoof Cache entry. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
|
<MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
|
<IF_NAME>
|
Interface name.
Example: X0 |
Example
cache entry 10.10.10.10 00:01:02:03:04:05 X0
Syntax
no cache entry <IPV4_HOST> <MAC> <IF_NAME>
Mode
MAC Anti-Spoof
Description
Deletes an MAC-IP Anti-Spoof Cache entry. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
|
<MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
|
<IF_NAME>
|
Interface name.
Example: X0 |
Example
no cache entry 10.10.10.10 00:01:02:03:04:05 X0
Syntax
no cache entries
Mode
MAC Anti-Spoof
Description
Deletes all MAC-IP Anti-Spoof Cache entries. Example
no cache entries
Syntax
router
Mode
MAC Anti-Spoof Cache
Description
Device is a Router (A network exist behind this device). Example
router
Syntax
no router
Mode
MAC Anti-Spoof Cache
Description
Device is not a Router. Example
no router
Syntax
blacklisted
Mode
MAC Anti-Spoof Cache
Description
Device is blacklisted. Example
blacklisted
Syntax
no blacklisted
Mode
MAC Anti-Spoof Cache
Description
Device is not blacklisted. Example
no blacklisted
Syntax
ip <IPV4_HOST>
Mode
MAC Anti-Spoof Cache
Description
IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Syntax
mac <MAC>
Mode
MAC Anti-Spoof Cache
Description
MAC address. Options
|
<MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Syntax
interface <IF_NAME>
Mode
MAC Anti-Spoof Cache
Description
Interface. Options
|
<IF_NAME>
|
Interface name.
Example: X0 |
Syntax
no cache statistics
Mode
MAC Anti-Spoof
Description
Clear statistics for MAC-IP Anti-Spoof Cache. Example
no cache statistics
Syntax
flush { all }
Mode
MAC Anti-Spoof
Description
Flush all or specified spoof. Options
| all | Flush all spoofs detected. |
Example
flush all
Syntax
resolve { all }
Mode
MAC Anti-Spoof
Description
Resolve name for all or specified spoof. Options
| all | Resolve all spoofs detected. |
Example
resolve all
Syntax
enable
Mode
MAC Anti-Spoof IF
Description
Enable MAC-IP based anti-spoofing on this interface. Example
enable
Syntax
no enable
Mode
MAC Anti-Spoof IF
Description
Disable MAC-IP based anti-spoofing on this interface. Example
no enable
Syntax
static-arp
Mode
MAC Anti-Spoof IF
Description
Enable popluation of MAC-IP anti-spoof from static ARP entries. Example
static-arp
Syntax
no static-arp
Mode
MAC Anti-Spoof IF
Description
Disable popluation of MAC-IP anti-spoof from static ARP entries. Example
no static-arp
Syntax
dhcp-server
Mode
MAC Anti-Spoof IF
Description
Enable popluation of MAC-IP anti-spoof entry from DHCP Lease (SonicWALL's DHCP server). Example
dhcp-server
Syntax
no dhcp-server
Mode
MAC Anti-Spoof IF
Description
Disable popluation of MAC-IP anti-spoof entry from DHCP Lease (SonicWALL's DHCP server). Example
no dhcp-server
Syntax
dhcp-relay
Mode
MAC Anti-Spoof IF
Description
Enable popluation of MAC-IP anti-spoof entry from DHCP Lease (DHCP relay - IP helper). Example
dhcp-relay
Syntax
no dhcp-relay
Mode
MAC Anti-Spoof IF
Description
Disable popluation of MAC-IP anti-spoof entry from DHCP Lease (DHCP relay - IP helper). Example
no dhcp-relay
Syntax
arp-lock
Mode
MAC Anti-Spoof IF
Description
Enable locking of MAC-IP binding in ARP cache to prevent ARP poisoning from others. Example
arp-lock
Syntax
no arp-lock
Mode
MAC Anti-Spoof IF
Description
Disable locking of MAC-IP binding in ARP cache. Example
no arp-lock
Syntax
arp-watch
Mode
MAC Anti-Spoof IF
Description
Enable prevention of ARP poisoning of connected machines. Example
arp-watch
Syntax
no arp-watch
Mode
MAC Anti-Spoof IF
Description
Disable prevention of ARP poisoning of connected machines. Example
no arp-watch
Syntax
enforce-ingress
Mode
MAC Anti-Spoof IF
Description
Enable enforcement of ingress anti-spoof - Drop packets not matching MAC-IP anti-spoof cache. Example
enforce-ingress
Syntax
no enforce-ingress
Mode
MAC Anti-Spoof IF
Description
Disable enforcement of ingress anti-spoof. Example
no enforce-ingress
Syntax
spoof-detection
Mode
MAC Anti-Spoof IF
Description
Enable creation of MAC-IP spoof detected list for packets failing to match anti-spoof cache. Example
spoof-detection
Syntax
no spoof-detection
Mode
MAC Anti-Spoof IF
Description
Disable creation of MAC-IP spoof detected list for packets failing to match anti-spoof cache. Example
no spoof-detection
Syntax
allow-management
Mode
MAC Anti-Spoof IF
Description
Enable all traffic destined to the box to be allowed without a valid MAC-IP Anti-spoof cache. Example
allow-management
Syntax
no allow-management
Mode
MAC Anti-Spoof IF
Description
Disable all traffic destined to the box to be allowed without a valid MAC-IP Anti-spoof cache. Example
no allow-management
Syntax
show administration [ advanced-setting | setting ] [ pending-config ]
Mode
All Modes
Description
Show Administration Configuration and Information. Options
| |
|---|
| advanced-setting | Show Advanced Administration Configuration and Information. |
| |
|---|
| setting | Show Basic Administration Configuration and Information. |
| pending-config | Show pending configuration changes. |
Example
show administation
Syntax
administration
Mode
Config
Description
Administration settings. Example
administration
Syntax
firewall-name <WORD>
Mode
Administration
Description
Set the name for the firewall. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
firewall-name "ACME Corporate Firewall"
Syntax
admin-name <WORD>
Mode
Administration
Description
Set the name for the built in administrator. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
admin-name headhoncho
Syntax
admin-password old-password <WORD> new-password <WORD> confirm-password <WORD>
Mode
Administration
Description
Set the password for the built in administrator. Options
| old-password | Enter the old password. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| new-password | Enter the new password. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| confirm-password | Confirm the new password. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
admin-password smorgasbord
Syntax
password aging [ duration <UINT16> ]
Mode
Administration
Description
Enable that password must be changed every set number of days and configure duration. Options
| duration | Set the number of days before the password must be changed. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
password aging duration 90
Syntax
no password aging
Mode
Administration
Description
Disable that password must be changed every set number of days. Example
no password aging
Syntax
password uniqueness [ count <UINT8> ]
Mode
Administration
Description
Enable barring of repeated passwords and configure. Options
| count | Set the number of password changes before repeated password are allowed. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
password uniqueness count 5
Syntax
no password uniqueness
Mode
Administration
Description
Disable barring of repeated passwords. Example
no password uniqueness
Syntax
password minimum-length <UINT8>
Mode
Administration
Description
Set the a minimum password length to enforce. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
password minimum-length 8
Syntax
password complexity { alpha-and-numeric | alpha-and-numeric-and-symbols }
Mode
Administration
Description
Set the allowed complexity of the password. Options
| |
|---|
| alpha-and-numeric | Must contain both numbers and letters. |
| |
|---|
| alpha-and-numeric-and-symbols | Must contain numbers, letters, and symbols. |
Example
password complexity alpha-and-numeric
Syntax
no password complexity
Mode
Administration
Description
Set no complexity of the password. Example
no password complexity
Syntax
password constraints-apply-to [ builtin-admin ] [ full-admins ] [ limited-admins ] [ local-users ]
Mode
Administration
Description
Set whom to apply the password contraints to. Options
| builtin-admin | Built in administrator. |
| full-admins | Other full administrators. |
| limited-admins | Limited administrators. |
| local-users | Other local users. |
Example
password constraints-apply-to builtin-admin full-admins
Syntax
no password constraints-apply-to [ builtin-admin ] [ full-admins ] [ limited-admins ] [ local-users ]
Mode
Administration
Description
Remove setting of whom to apply the password contraints to. Options
| builtin-admin | Built in administrator. |
| full-admins | Other full administrators. |
| limited-admins | Limited administrators. |
| local-users | Other local users. |
Example
no password constraints-apply-to builtin-admin full-admins
Syntax
idle-logout-time <UINT16>
Mode
Administration
Description
Set the allowed period of inactivity before administrators are logged out of the management interface. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
idle-logout-time 60
Syntax
user-lockout [ failures-per-minute <UINT8> ] [ lockout-duration <UINT8> ]
Mode
Administration
Description
Enable administrator / user lockout and set conditions. Options
| failures-per-minute | Set the failed login attempts per minute before lockout. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
| lockout-duration | Set number of minutes a user should be locked out. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
user-lockout failures-per-minute 5 lockout-duration 10
Syntax
no user-lockout
Mode
Administration
Description
Disable administrator / user lockout for set conditions. Example
no user-lockout
Syntax
admin-preempt-action { goto-non-config | logout }
Mode
Administration
Description
Set action to do upon preemption by another administrator. Options
| |
|---|
| goto-non-config | Drop to non-config mode. |
| |
|---|
| logout | Logout. |
Example
admin-preempt-action alpha-and-numeric
Syntax
admin-preempt-inactivity-timeout <UINT16>
Mode
Administration
Description
Allow preemption by a lower priority administrator after inactivity of (minutes). Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
admin-preempt-inactivity-timeout 10
Syntax
inter-admin-messaging <UINT8>
Mode
Administration
Description
Enable inter administrator messaging and set the messaging polling interval. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
inter-admin-messaging 10
Syntax
no inter-admin-messaging
Mode
Administration
Description
Disable inter-administrator messaging. Example
no inter-admin-messaging
Syntax
web-management allow-http
Mode
Administration
Description
Allow HTTP management (it is less secure than using HTTPS). Example
web-management allow-http
Syntax
no web-management allow-http
Mode
Administration
Description
Do not allow HTTP management (it is less secure than using HTTPS). Example
no web-management allow-http
Syntax
web-management http-port <IPV4_PORT>
Mode
Administration
Description
Set the HTTP management port. Options
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
web-management http-port 8080
Syntax
web-management https-port <IPV4_PORT>
Mode
Administration
Description
Set the HTTPS management port. Options
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
web-management https-port 4433
Syntax
web-management certificate <CERT_NAME>
Mode
Administration
Description
Set the HTTPS management server certificate to use. Options
|
<CERT_NAME>
|
Certificate name.
Example: my_cert |
Example
web-management certificate "ACME Inc."
Syntax
web-management cert-common-name <WORD>
Mode
Administration
Description
Set the Self Signed Certificate common name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
web-management cert-common-name www.acme.com
Syntax
web-management default-table-size <UINT16>
Mode
Administration
Description
Set default size of tables within the Web Management User Interface. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
web-management default-table-size 50
Syntax
web-management refresh-interval <UINT16>
Mode
Administration
Description
Set auto-update refresh interval of tables within the Web Management User Interface. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
web-management refresh-interval 15
Syntax
dashboard-as-starting-page
Mode
Administration
Description
Use dashboard as starting page. Example
dashboard-as-starting-apge
Syntax
no dashboard-as-starting-page
Mode
Administration
Description
Disable to use dashboard as starting page. Example
no dashboard-as-starting-page
Syntax
web-management tooltip [ form-delay <UINT16> ] [ button-delay <UINT16> ] [ text-delay <UINT16> ]
Mode
Administration
Description
Enable tooltips in Web Management UI and configure. Options
| form-delay | Set Form Tooltip Delay. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
| button-delay | Set Button Tooltip Delay. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
| text-delay | Set Text Tooltip Delay. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
web-management tooltip form-delay 2000 button-delay 3000 text-delay 500
Syntax
no web-management tooltip
Mode
Administration
Description
Disable tooltips in Web Management UI and configure. Example
no web-management tooltip
Syntax
ssh port <IPV4_PORT>
Mode
Administration
Description
Set the SSH management port. Options
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
ssh port 4022
Syntax
override-sonicpointn-download url <WORD>
Mode
Administration
Description
Manually specify SonicPoint-N image URL (http://). Options
| url | Specify URL. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
override-sonicpointn-download url my.webserver.local/applications/sonicpointn.img.bin
Syntax
no override-sonicpointn-download
Mode
Administration
Description
Disable manually specifying SonicPoint-N image URL. Example
no override-sonicpointn-download
Syntax
override-sonicpointnv-download url <WORD>
Mode
Administration
Description
Manually specify SonicPoint-Nv image URL (http://). Options
| url | Specify URL. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
override-sonicpointnv-download url my.webserver.local/applications/sonicpointnv.img.bin
Syntax
no override-sonicpointnv-download
Mode
Administration
Description
Disable manually specifying SonicPoint-Nv image URL. Example
no override-sonicpointnv-download
Syntax
snmp
Mode
Administration
Description
Enable SNMP and Enter SNMP configuration Mode. Example
snmp
Syntax
no snmp
Mode
Administration
Description
Disable SNMP. Example
no snmp
Syntax
system-name <WORD>
Mode
SNMP
Description
Set the SNMP System Name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
system-name "Corporate Gateway"
Syntax
no system-name
Mode
SNMP
Description
Remove the SNMP System Name. Example
no system-name
Syntax
system-contact <WORD>
Mode
SNMP
Description
Set the SNMP System Contact. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
system-contact "John Doe"
Syntax
no system-contact
Mode
SNMP
Description
Remove the SNMP System Contact. Example
no system-contact
Syntax
system-location <WORD>
Mode
SNMP
Description
Set the SNMP System Location. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
system-location "Corporate Site"
Syntax
no system-location
Mode
SNMP
Description
Remove the SNMP System Location. Example
no system-location
Syntax
asset-number <WORD>
Mode
SNMP
Description
Set the SNMP Asset-Number. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
asset-name Unit001
Syntax
no asset-number
Mode
SNMP
Description
Remove the SNMP Asset Number. Example
no asset-number
Syntax
get-community-name <WORD>
Mode
SNMP
Description
Set the SNMP Get Community Name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
get-community-name public
Syntax
no get-community-name
Mode
SNMP
Description
Remove the SNMP Get Community Name. Example
no get-community-name
Syntax
trap-community-name <WORD>
Mode
SNMP
Description
Set the SNMP Trap Community Name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
trap-community-name public
Syntax
no trap-community-name
Mode
SNMP
Description
Remove the SNMP Trap Community Name. Example
no trap-community-name
Syntax
host1 <HOSTNAME>
Mode
SNMP
Description
Set SNMP Trap Host1. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
host1 192.168.168.201
Syntax
no host1
Mode
SNMP
Description
Remove SNMP Trap Host1. Example
no host1
Syntax
host2 <HOSTNAME>
Mode
SNMP
Description
Set SNMP Trap Host2. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
host2 192.168.168.202
Syntax
no host2
Mode
SNMP
Description
Remove SNMP Trap Host2. Example
no host2
Syntax
host3 <HOSTNAME>
Mode
SNMP
Description
Set SNMP Trap Host3. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
host3 192.168.168.203
Syntax
no host3
Mode
SNMP
Description
Remove SNMP Trap Host3. Example
no host3
Syntax
host4 <HOSTNAME>
Mode
SNMP
Description
Set SNMP Trap Host4. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
host4 192.168.168.204
Syntax
no host4
Mode
SNMP
Description
Remove SNMP Trap Host4. Example
no host4
Syntax
gms-management { existing-tunnel | https | ipsec-tunnel }
Mode
Administration
Description
Enable GMS management and set the type of tunnel to use. Options
| |
|---|
| existing-tunnel | Use Existing tunnel. |
| |
|---|
| https | Use HTTPS. |
| |
|---|
| ipsec-tunnel | Use IPSEC tunnel. |
Example
gms-management https
Syntax
no gms-management
Mode
Administration
Description
Disable GMS Management. Example
no gms-management
Syntax
host-name <HOSTNAME>
Mode
GMS IPSEC
GMS Existing Tunnel
GMS HTTPS
Description
Set the GMS server IP or hostname.
Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
host-name 10.10.10.10
Syntax
syslog-server-port <IPV4_PORT>
Mode
GMS IPSEC
GMS Existing Tunnel
GMS HTTPS
Description
Set the syslog server port of the GMS server.
Options
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
syslog-server-port 514
Syntax
heartbeat-status-only
Mode
GMS IPSEC
GMS Existing Tunnel
GMS HTTPS
Description
Enable Send Heartbeat Status Messages Only.
Example
heartbeat-status-only
Syntax
no heartbeat-status-only
Mode
GMS IPSEC
GMS Existing Tunnel
GMS HTTPS
Description
Disable Send Heartbeat Status Messages Only.
Example
no heartbeat-status-only
Syntax
behind-nat-device ip <IPV4_HOST>
Mode
GMS IPSEC
GMS Existing Tunnel
GMS HTTPS
Description
Enable Behind NAT Device indicator and configure IP.
Options
| ip | Set IP of NAT device. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
behind-nat-device
Syntax
no behind-nat-device
Mode
GMS IPSEC
GMS Existing Tunnel
GMS HTTPS
Description
Disable Behind NAT Device indicator.
Example
no behind-nat-devicey
Syntax
ipsec-spi <WORD>
Mode
GMS IPSEC
Description
Set Incoming / Outgoing IPSEC SPI. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
ipsec-spi C50F73F4
Syntax
ipsec-encryption-type des-md5
Mode
GMS IPSEC
Description
Set IPSEC Encryption Type. Options
| des-md5 | DES-MD5. |
Example
ipsec-encryption-type des-md5
Syntax
ipsec-encryption-key <WORD>
Mode
GMS IPSEC
Description
Set IPSEC Encryption Key. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
ipsec-encryption-key 9f8c6ae4fb897002
Syntax
ipsec-authentication-key <WORD>
Mode
GMS IPSEC
Description
Set IPSEC Authentication Key. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
ipsec-authentication-key bd5a1354f5a5a8e198974d4d997fac5e
Syntax
reporting-server [ ip <HOSTNAME> ] [ port <IPV4_PORT> ]
Mode
GMS HTTPS
Description
Enable Send Syslog Messages to a Distributed GMS Reporting Server and configure. Options
| ip | Set Distributed GMS Reporting Server IP address. |
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
| port | Set Distributed GMS Reporting Server port. |
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
reporting-server ip 10.10.10.11 port 514
Syntax
no reporting-server
Mode
GMS HTTPS
Description
Disable Send Syslog Messages to a Distributed GMS Reporting Server. Example
no reporting-server
Syntax
show virtual-assist [ sessions ] [ pending-config ]
Mode
All Modes
Description
Show Virtual Assist Settings information. Options
| sessions | Show Virtual Assist Active Customer Sessions. |
| pending-config | Show pending configuration changes. |
Example
show virtual-assist
Syntax
virtual-assist
Mode
Config
Description
Enter Virtual Assist Configuration Mode. Example
virtual-assist
Syntax
logout <CUSTOMER_ID>
Mode
Virtual Assist
Description
Logout Specified Virtual Assist Customer. Options
|
<CUSTOMER_ID>
|
Virtual Assist Customer in the form: WORD or \"QUOTED STRING\".
Example: lan |
Example
logout myuser@acme.com
Syntax
assistance-code <WORD>
Mode
Virtual Assist
Description
Set Virtual Assist Assistance Code. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
assistance-code keyin0123
Syntax
no assistance-code
Mode
Virtual Assist
Description
Clear Virtual Assist Assistance Code. Example
no assistance-code
Syntax
support-without-invitation
Mode
Virtual Assist
Description
Enable Support Without Invitation. Example
support-without-invitation
Syntax
no support-without-invitation
Mode
Virtual Assist
Description
Disable Support Without Invitation. Example
no support-without-invitation
Syntax
disclaimer <ROL>
Mode
Virtual Assist
Description
Set Virtual Assist Disclaimer. Options
|
<ROL>
|
Remaining command line input. |
Example
dislaimer TODO:
Syntax
no disclaimer
Mode
Virtual Assist
Description
Clear Virtual Assist Disclaimer. Example
no dislaimer
Syntax
customer-access-link <HOSTNAME>
Mode
Virtual Assist
Description
Set Virtual Assist Customer Access Link. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
customer-access-link www.virtualassistaccess.com
Syntax
no customer-access-link
Mode
Virtual Assist
Description
Clear Virtual Assist Customer Access Link. Example
no customer-access-link
Syntax
link-on-portal-login
Mode
Virtual Assist
Description
Enable Display Virtual Assist Link from Portal Login. Example
link-on-portal-login
Syntax
no link-on-portal-login
Mode
Virtual Assist
Description
Disable Display Virtual Assist Link from Portal Login. Example
no link-on-portal-login
Syntax
technichian-email-list <ROL>
Mode
Virtual Assist
Description
Set Technichian Email List. Options
|
<ROL>
|
Remaining command line input. |
Example
technichian-email-list TODO:
Syntax
no technichian-email-list
Mode
Virtual Assist
Description
Clear Technichian Email List. Example
no technichian-email-list
Syntax
invitation-subject <WORD>
Mode
Virtual Assist
Description
Set Technichian Subject of Invitation. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
invitation-subject TODO:
Syntax
no invitation-subject
Mode
Virtual Assist
Description
Clear Technichian Subject of Invitation. Example
no invitation-subject
Syntax
invitation-message <ROL>
Mode
Virtual Assist
Description
Set Technichian Invitation Message. Options
|
<ROL>
|
Remaining command line input. |
Example
invitation-message TODO:
Syntax
no invitation-message
Mode
Virtual Assist
Description
Clear Technichian Invitation Message. Example
no invitation-message
Syntax
max-requests <UINT8>
Mode
Virtual Assist
Description
Set Maximum Requests. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
max-requests 10
Syntax
limit-message <WORD>
Mode
Virtual Assist
Description
Set Technichian Limit Message. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
limit-message TODO:
Syntax
no limit-message
Mode
Virtual Assist
Description
Clear Technichian Limit Message. Example
no limit-message
Syntax
max-requests-one-ip <UINT16>
Mode
Virtual Assist
Description
Set Maximum Requests allowed from one IP. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
max-requests-one-ip 5
Syntax
pending-request-expiration <UINT16>
Mode
Virtual Assist
Description
Set time (in minutes) customers are allowed to remain in queue before being removed without being assisted by technician. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
pending-request-expiration 10
Syntax
deny-requests { host <IPV4_HOST> | network <IPV4_HOST> <IPV4_MASK> }
Mode
Virtual Assist
Description
Add address from which to deny requests from. Options
| |
|---|
| host | IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| network | Network Address and Subnet Mask. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
|
<IPV4_MASK>
|
IPV4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
deny-requests host 10.10.10.1
Syntax
no deny-requests { host <IPV4_HOST> | network <IPV4_HOST> <IPV4_MASK> }
Mode
Virtual Assist
Description
Delete address from which to deny requests from. Options
| |
|---|
| host | IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| network | Network Address and Subnet Mask. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
|
<IPV4_MASK>
|
IPV4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
no deny-requests host 10.10.10.1
Syntax
show firewall
Mode
All Modes
Description
Show Firewall settings. Example
show firewall
Syntax
firewall
Mode
Config
Description
Configure Firewall settings. Example
firewall
Syntax
stealth-mode
Mode
All Modes
Description
Enable Stealth Mode. Example
stealth-mode
Syntax
no stealth-mode
Mode
All Modes
Description
Disable Stealth Mode. Example
no stealth-mode
Syntax
randomize-id
Mode
All Modes
Description
Enable Randomize IP ID. Example
randomize-id
Syntax
no randomize-id
Mode
All Modes
Description
Disable Randomize IP ID. Example
no randomize-id
Syntax
decrement-ttl
Mode
All Modes
Description
Enable Decrement IP TTL for forwarded traffic. Example
decrement-ttl
Syntax
no decrement-ttl
Mode
All Modes
Description
Disable Decrement IP TTL for forwarded traffic. Example
no decrement-ttl
Syntax
icmp-time-exceeded-packets
Mode
All Modes
Description
Never generate ICMP Time-Exceeded packets. Example
icmp-time-exceeded-packets
Syntax
no icmp-time-exceeded-packets
Mode
All Modes
Description
Generate ICMP Time-Exceeded packets. Example
no icmp-time-exceeded-packets
Syntax
ftp-transforms-in-service-object <SVC_OR_GROUP_NAME>
Mode
All Modes
Description
Enable FTP Transformations for TCP port(s) in Service Object. Options
|
<SVC_OR_GROUP_NAME>
|
Service or service group object name.
Example: VOIP |
Example
ftp-transforms-in-service-object Ping
Syntax
rtsp-transformations
Mode
All Modes
Description
Enable RTSP Transformations. Example
rtsp-transformations
Syntax
no rtsp-transformations
Mode
All Modes
Description
Disable RTSP Transformations. Example
no rtsp-transformations
Syntax
drop-source-routed
Mode
All Modes
Description
Enable drop source routed IP packets. Example
drop-source-routed
Syntax
no drop-source-routed
Mode
All Modes
Description
Disable drop source routed IP packets. Example
no drop-source-routed
Syntax
connections { highest | optimized | recommended }
Mode
All Modes
Description
Set the type of connections. Options
| |
|---|
| highest | UTM services (Application Firewall, Anti-Spyware, Gateway AV, and IPS Engine) disabled for highest number of SPI connections. |
| |
|---|
| optimized | Optimized for deployments requiring more UTM connections but less performance critical. |
| |
|---|
| recommended | Recommended for normal deployments with UTM services enabled. |
Example
drop-source-routed
Syntax
force-ftp-data-20
Mode
All Modes
Description
Force inbound and outbound FTP data connections to use the default port: 20. Example
force-ftp-data-20
Syntax
no force-ftp-data-20
Mode
All Modes
Description
Disable force inbound and outbound FTP data connections to use the default port: 20. Example
no force-ftp-data-20
Syntax
apply-rules-for-intra-lan
Mode
All Modes
Description
Enable apply firewall rules for intra-LAN traffic to/from the same interface. Example
apply-rules-for-intra-lan
Syntax
no apply-rules-for-intra-lan
Mode
All Modes
Description
Disable apply firewall rules for intra-LAN traffic to/from the same interface. Example
no apply-rules-for-intra-lan
Syntax
ip-header-checksum-enforcement
Mode
All Modes
Description
Enable IP header checksum enforcement. Example
ip-header-checksum-enforcement
Syntax
no ip-header-checksum-enforcement
Mode
All Modes
Description
Disable IP header checksum enforcement. Example
no ip-header-checksum-enforcement
Syntax
udp-checksum-enforcement
Mode
All Modes
Description
Enable UDP checksum enforcement. Example
udp-checksum-enforcement
Syntax
no udp-checksum-enforcement
Mode
All Modes
Description
Disable UDP checksum enforcement. Example
no udp-checksum-enforcement
Syntax
default-udp-connection-timeout <UINT32>
Mode
All Modes
Description
Set default UDP connection timeout in seconds. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
default-udp-connection-timeout 30
Syntax
show firmware [ pending-config ]
Mode
All Modes
Description
Show Firmware configuration. Options
| pending-config | Show pending configuration changes. |
Example
show firmware
Syntax
firmware auto-update [ auto-download | disable-auto-download ]
Mode
Config
Description
Enable periodic checking of SonicWALL site for firmware update. Options
| |
|---|
| auto-download | Enable automatic downloading of firmware from SonicWALL software site. |
| |
|---|
| disable-auto-download | Disable automatic downloading of firmware from SonicWALL software site. |
Example
firmware auto-update auto-download
Syntax
no firmware auto-update
Mode
Config
Description
Disable periodic checking of SonicWALL site for firmware update. Example
no firmware auto-update
Syntax
firmware diagnostics
Mode
Config
Description
Enable booting of firmware with diagnostics mode enabled (if available). Example
firmware diagnostics
Syntax
no firmware diagnostics
Mode
Config
Description
Disable booting of firmware with diagnostics. Example
no firmware diagnostics
Syntax
show fips [ pending-config ]
Mode
All Modes
Description
Show FIPS configuration. Options
| pending-config | Show pending configuration changes. |
Example
show fips
Syntax
fips
Mode
Config
Description
Enable FIPS mode. Example
fips
Syntax
no fips
Mode
Config
Description
Disable FIPS mode. Example
no fips
Syntax
firmware backup
Mode
Config
Description
Create Backup Settings.
Syntax
tsr vpn-keys
Mode
Config
Description
Enable display of VPN keys in Tech Support Report. Example
tsr vpn-keys
Syntax
no tsr vpn-keys
Mode
Config
Description
Disable display of VPN keys in Tech Support Report. Example
no tsr vpn-keys
Syntax
tsr arp-cache
Mode
Config
Description
Enable display of ARP Cache in Tech Support Report. Example
tsr arp-cache
Syntax
no tsr arp-cache
Mode
Config
Description
Disable display of ARP Cache in Tech Support Report. Example
no tsr arp-cache
Syntax
tsr dhcp-bindings
Mode
Config
Description
Enable display of DHCP bindings in Tech Support Report. Example
tsr dhcp-bindings
Syntax
no tsr dhcp-bindings
Mode
Config
Description
Disable display of DHCP bindings in Tech Support Report. Example
no tsr dhcp-bindings
Syntax
tsr ike-info
Mode
Config
Description
Enable display of IKE information in Tech Support Report. Example
tsr ike-info
Syntax
no tsr ike-info
Mode
Config
Description
Disable display of IKE information in Tech Support Report. Example
no tsr ike-info
Syntax
tsr sonicpointn diagnostics
Mode
Config
Description
Enable display of SonicPointN diagnostics in Tech Support Report. Example
tsr sonicpointn diagnostics
Syntax
no tsr sonicpointn diagnostics
Mode
Config
Description
Disable display of SonicPointN diagnostics in Tech Support Report. Example
no tsr sonicpointn diagnostics
Syntax
tsr current-users
Mode
Config
Description
Enable display of List of current users in Tech Support Report. Example
tsr current-users
Syntax
no tsr current-users
Mode
Config
Description
Disable display of List of current users in Tech Support Report. Example
no tsr current-users
Syntax
tsr users-detail
Mode
Config
Description
Enable display of Detail of users in Tech Support Report. Example
tsr users-detail
Syntax
no tsr users-detail
Mode
Config
Description
Disable display of Detail of users in Tech Support Report. Example
no tsr users-detail
Syntax
tsr secure-backup [ interval <UINT32> ]
Mode
Config
Description
Enable Periodic Secure Backup of Diagnostics Report to MySonicwall. Options
| interval | Specify backup interval. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
tsr secure-backup
Syntax
no tsr secure-backup
Mode
Config
Description
Disable Periodic Secure Backup of Diagnostics Report to MySonicwall. Example
no tsr secure-backup
Syntax
tsr send-raw-flow-data
Mode
Config
Description
Enable include raw flow table data entries when sending diagnostic report. Example
tsr send-raw-flow-data
Syntax
no tsr send-raw-flow-data
Mode
Config
Description
Disable include raw flow table data entries when sending diagnostic report. Example
no tsr send-raw-flow-data
Syntax
tsr send
Mode
Config
Description
Send Secure Backup of Diagnostics Report to MySonicwall. Example
tsr send
Syntax
show tech-support-report [ access-rules | active-utm | address-objects | anti-spam | anti-virus | arp-cache | bandwidth-management | cache-check | content-filtering | data-plane-task-jobs | db-trace | dhcp-client | dhcp-network-disc | dhcp-persistence | dhcp-relay | dhcp-server | dhcp-serverstat | diag | dynamic-dns | ethernet | flight-data-recorder | gateway-anti-virus | guest-profile-objects | h323 | high-availability | hypervisor | interfaces | intrusion-detection-prevention | ip-helper | ip-reassembly | ipsec | l2tp-client | l2tp-server | ldap | license | management | mirror-state | msn | multicast | nat-policies | network | objects | options | pki | port-remap-stats | pppoe-client | pptp-client | pref-stats | product | qos | radius | route-policies | routes | rtsp | schedule-objects | service-objects | single-sign-on | sip | snmp | sonicpoint | ssl-control | stateful-stats | stateful-sync | status | svrrp | time | timers | update | user-objects | users | vx-net-stats | wan-load-balancing | wire-mode | wlan-zone | zone-objects ]
Mode
All Modes
Description
Display basic system status and information. Options
| |
|---|
| access-rules | Access Rules Technical Support Report. |
| |
|---|
| active-utm | Active-Active UTM Technical Support Report. |
| |
|---|
| address-objects | Address Object Table Technical Support Report. |
| |
|---|
| anti-spam | Anti-Spam Technical Support Report. |
| |
|---|
| anti-virus | AV Technical Support Report. |
| |
|---|
| arp-cache | ARP Cache Technical Support Report. |
| |
|---|
| bandwidth-management | BWM Rules Technical Support Report. |
| |
|---|
| cache-check | Cache Check Technical Support Report. |
| |
|---|
| content-filtering | CFL Technical Support Report. |
| |
|---|
| data-plane-task-jobs | Data Plane Task Jobs Technical Support Report. |
| |
|---|
| db-trace | DB Trace Dump Technical Support Report. |
| |
|---|
| dhcp-client | DHCP Client Technical Support Report. |
| |
|---|
| dhcp-network-disc | DHCP Network Discovery Technical Support Report. |
| |
|---|
| dhcp-persistence | DHCP Persistence Technical Support Report. |
| |
|---|
| dhcp-relay | DHCP Relay Technical Support Report. |
| |
|---|
| dhcp-server | DHCP Server Technical Support Report. |
| |
|---|
| dhcp-serverstat | DHCP Server Stats Technical Support Report. |
| |
|---|
| diag | Diagnostics Technical Support Report. |
| |
|---|
| dynamic-dns | Dynamic Dns Technical Support Report. |
| |
|---|
| ethernet | Ethernet Technical Support Report. |
| |
|---|
| flight-data-recorder | Flight Data Recorder Technical Support Report. |
| |
|---|
| gateway-anti-virus | Global Anti-Virus Technical Support Report. |
| |
|---|
| guest-profile-objects | Guest Profile Objects Technical Support Report. |
| |
|---|
| h323 | H.323 Technical Support Report. |
| |
|---|
| high-availability | HA Technical Support Report. |
| |
|---|
| hypervisor | Hypervisor Technical Support Report. |
| |
|---|
| interfaces | Interfaces Technical Support Report. |
| |
|---|
| intrusion-detection-prevention | IDP Technical Support Report. |
| |
|---|
| ip-helper | IP Helper Technical Support Report. |
| |
|---|
| ip-reassembly | IP Fragment Reassembly Technical Support Report. |
| |
|---|
| ipsec | IPSec Technical Support Report. |
| |
|---|
| l2tp-client | L2TP Client Technical Support Report. |
| |
|---|
| l2tp-server | L2TP Server Technical Support Report. |
| |
|---|
| ldap | LDAP Technical Support Report. |
| |
|---|
| license | License Technical Support Report. |
| |
|---|
| management | Management Technical Support Report. |
| |
|---|
| mirror-state | Flash Prefs Mirror State Technical Support Report. |
| |
|---|
| msn | MSN Technical Support Report. |
| |
|---|
| multicast | Mcast Igmp Config Technical Support Report. |
| |
|---|
| nat-policies | NAT Policies Technical Support Report. |
| |
|---|
| network | Network Technical Support Report. |
| |
|---|
| objects | Network Objects Technical Support Report. |
| |
|---|
| options | Options of Technical Support Report. |
| |
|---|
| pki | PKI Technical Support Report. |
| |
|---|
| port-remap-stats | Port Remap Technical Support Report. |
| |
|---|
| pppoe-client | PPPoE Client Technical Support Report. |
| |
|---|
| pptp-client | PPTP Client Technical Support Report. |
| |
|---|
| pref-stats | Flash Prefs Load/Save Technical Support Report. |
| |
|---|
| product | Product Technical Support Report. |
| |
|---|
| qos | QOS Technical Support Report. |
| |
|---|
| radius | Radius Technical Support Report. |
| |
|---|
| route-policies | Detailed Route Policy Table Technical Support Report. |
| |
|---|
| routes | Routing table. |
| |
|---|
| rtsp | RTSP Technical Support Report. |
| |
|---|
| schedule-objects | Service Object Table Technical Support Report. |
| |
|---|
| service-objects | Service Object Table Technical Support Report. |
| |
|---|
| single-sign-on | Single Sign On Technical Support Report. |
| |
|---|
| sip | SIP Technical Support Report. |
| |
|---|
| snmp | Snmp Technical Support Report. |
| |
|---|
| sonicpoint | SonicPoint Technical Support Report. |
| |
|---|
| ssl-control | SSL Control Technical Support Report. |
| |
|---|
| stateful-stats | Stateful Stats Technical Support Report. |
| |
|---|
| stateful-sync | Stateful Sync Technical Support Report. |
| |
|---|
| status | Status Technical Support Report. |
| |
|---|
| svrrp | SVRRP Technical Support Report. |
| |
|---|
| time | Time Technical Support Report. |
| |
|---|
| timers | Timers Technical Support Report. |
| |
|---|
| update | Update Technical Support Report. |
| |
|---|
| user-objects | User Object Table Technical Support Report. |
| |
|---|
| users | Users Technical Support Report. |
| |
|---|
| vx-net-stats | vxWorks Network Status Technical Support Report. |
| |
|---|
| wan-load-balancing | WLB Technical Support Report. |
| |
|---|
| wire-mode | Wire Mode Technical Support Report. |
| |
|---|
| wlan-zone | Wlan Zone Technical Support Report. |
| |
|---|
| zone-objects | Zone Object Table Technical Support Report. |
Example
show tech-support-report
Syntax
show rbl [ blacklist | service <RBL_SERVICE_NAME> | services | statistics | whitelist ] [ pending-config ]
Mode
All Modes
Description
Show Real-Time Blacklist configuration. Options
| |
|---|
| blacklist | Show RBL blacklist. |
| |
|---|
| service | Show Real-Time Blacklist service. |
|
<RBL_SERVICE_NAME>
|
RBL service name in the form: WORD or \"QUOTED STRING\".
Example: lan |
| |
|---|
| services | Show Real-Time Blacklist services. |
| |
|---|
| statistics | Show Real-Time Blacklist service statistics. |
| |
|---|
| whitelist | Show RBL whitelist. |
| pending-config | Show pending configuration changes. |
Example
show rbl
Syntax
rbl
Mode
Config
Description
Enter Real-Time Blacklist Configuration Mode. Example
rbl
Syntax
enable
Mode
RBL
Description
Enable Real-Time Blacklist Blocking. Example
enable
Syntax
no enable
Mode
RBL
Description
Disable Real-Time Blacklist Blocking. Example
no enable
Syntax
dns { inherit | primary <IPV4_HOST> | secondary <IPV4_HOST> | tertiary <IPV4_HOST> }
Mode
RBL
Description
Set whether RBL DNS is inherited from WAN Zone or set manually with the associated DNS server IP addresses. Options
| |
|---|
| inherit | Inherit DNS servers. |
| |
|---|
| primary | Specify primary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| secondary | Specify secondary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| tertiary | Specify tertiary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
dns primary 192.168.168.165
Syntax
no dns { primary | secondary | tertiary }
Mode
RBL
Description
Manually Clear DNS server IP address. Options
| |
|---|
| primary | Clear primary DNS server IP address. |
| |
|---|
| secondary | Clear secondary DNS server IP address. |
| |
|---|
| tertiary | Clear tertiary DNS server IP address. |
Example
no dns primary
Syntax
service { enable <RBL_SERVICE_NAME> | name <RBL_SERVICE_NAME> }
Mode
RBL
Description
Enable/Add/Edit Real-Time Blacklist Service. Options
| |
|---|
| enable | Enable specified parameter. |
|
<RBL_SERVICE_NAME>
|
RBL service name in the form: WORD or \"QUOTED STRING\".
Example: lan |
| |
|---|
| name | Real-Time Blacklist Service Name. |
|
<RBL_SERVICE_NAME>
|
RBL service name in the form: WORD or \"QUOTED STRING\".
Example: lan |
Example
service name avidspamsender.local
Syntax
no service { enable <RBL_SERVICE_NAME> | name <RBL_SERVICE_NAME> }
Mode
RBL
Description
Delete Real-Time Blacklist Service. Options
| |
|---|
| enable | Enable specified parameter. |
|
<RBL_SERVICE_NAME>
|
RBL service name in the form: WORD or \"QUOTED STRING\".
Example: lan |
| |
|---|
| name | Real-Time Blacklist Service Name. |
|
<RBL_SERVICE_NAME>
|
RBL service name in the form: WORD or \"QUOTED STRING\".
Example: lan |
Example
no service enable xxx.org
Syntax
no statistics <RBL_SERVICE_NAME>
Mode
RBL
Description
Clear Specified RBL service statistics. Options
|
<RBL_SERVICE_NAME>
|
RBL service name in the form: WORD or \"QUOTED STRING\".
Example: lan |
Example
no statistics "dnsbl.sorbs.net"
Syntax
blacklist { fqdn <ADDR_FQDN> | host <ADDR_HOST> | name <ADDR_HOST_NAME> | range <ADDR_BEGIN> <ADDR_END> }
Mode
RBL
Description
Add SMTP server to blacklist. Options
| |
|---|
| fqdn | SMTP server Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| host | SMTP server host address. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | SMTP server named host address object. |
|
<ADDR_HOST_NAME>
|
Address Host Object name.
Example: Web Server |
| |
|---|
| range | SMTP server Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
blacklist host 168.226.49.15
Syntax
no blacklist { fqdn <RBL_ADDR_FQDN> | host <RBL_ADDR_HOST> | name <RBL_ADDR_NAME> | range <RBL_ADDR_BEGIN> <RBL_ADDR_END> }
Mode
RBL
Description
Remove SMTP server from blacklist. Options
| |
|---|
| fqdn | SMTP server Full Qualified Domain Name. |
|
<RBL_ADDR_FQDN>
|
RBL Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| host | SMTP server host address. |
|
<RBL_ADDR_HOST>
|
RBL Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | SMTP server named host address object. |
|
<RBL_ADDR_NAME>
|
RBL Address Object name.
Example: Web Server |
| |
|---|
| range | SMTP server Range. |
|
<RBL_ADDR_BEGIN>
|
RBL Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<RBL_ADDR_END>
|
RBL Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
no blacklist host 168.226.49.15
Syntax
whitelist { fqdn <ADDR_FQDN> | host <ADDR_HOST> | name <ADDR_HOST_NAME> | range <ADDR_BEGIN> <ADDR_END> }
Mode
RBL
Description
Add SMTP server to whitelist. Options
| |
|---|
| fqdn | SMTP server Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| host | SMTP server host address. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | SMTP server named host address object. |
|
<ADDR_HOST_NAME>
|
Address Host Object name.
Example: Web Server |
| |
|---|
| range | SMTP server Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
whitelist host 168.226.49.15
Syntax
no whitelist { fqdn <ADDR_FQDN> | host <RBL_ADDR_HOST> | name <RBL_ADDR_NAME> | range <ADDR_BEGIN> <ADDR_END> }
Mode
RBL
Description
Remove SMTP server from whitelist. Options
| |
|---|
| fqdn | SMTP server Full Qualified Domain Name. |
|
<ADDR_FQDN>
|
Address Object FQDN in the form: example.com OR *.example.com.
Example: example.com |
| |
|---|
| host | SMTP server host address. |
|
<RBL_ADDR_HOST>
|
RBL Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | SMTP server named host address object. |
|
<RBL_ADDR_NAME>
|
RBL Address Object name.
Example: Web Server |
| |
|---|
| range | SMTP server Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
no whitelist host 168.226.49.15
Syntax
enable
Mode
RBL Service
Description
Enable Real-Time Blacklist Domain. Example
enable
Syntax
no enable
Mode
RBL Service
Description
Disable Real-Time Blacklist Domain. Example
no enable
Syntax
domain <HOSTNAME>
Mode
RBL Service
Description
Set Real-Time Blacklist Service Domain Name. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
domain avidspamsender.local
Syntax
blocked-responses [ open-relay ] [ dialup-spam-source ] [ spam-source ] [ smart-host ] [ spamware-site ] [ bad-list-server ] [ insecure-script ] [ open-proxy-server ] [ block-all ]
Mode
RBL Service
Description
Enable specified RBL Blocked Responses. Options
| open-relay | 127.0.0.2 - Open Relay. |
| dialup-spam-source | 127.0.0.3 - Dialup Spam Source. |
| spam-source | 127.0.0.4 - Spam Source. |
| smart-host | 127.0.0.5 - Smart Host. |
| spamware-site | 127.0.0.6 - Spamware Site. |
| bad-list-server | 127.0.0.7 - Bad List Server. |
| insecure-script | 127.0.0.8 - Insecure Script. |
| open-proxy-server | 127.0.0.9 - Open Proxy Server. |
| block-all | Block All Responses. |
Example
blocked-responses open-relay spamware-site
Syntax
no blocked-responses [ open-relay ] [ dialup-spam-source ] [ spam-source ] [ smart-host ] [ spamware-site ] [ bad-list-server ] [ insecure-script ] [ open-proxy-server ] [ block-all ]
Mode
RBL Service
Description
Disable specified RBL Blocked Responses. Options
| open-relay | 127.0.0.2 - Open Relay. |
| dialup-spam-source | 127.0.0.3 - Dialup Spam Source. |
| spam-source | 127.0.0.4 - Spam Source. |
| smart-host | 127.0.0.5 - Smart Host. |
| spamware-site | 127.0.0.6 - Spamware Site. |
| bad-list-server | 127.0.0.7 - Bad List Server. |
| insecure-script | 127.0.0.8 - Insecure Script. |
| open-proxy-server | 127.0.0.9 - Open Proxy Server. |
| block-all | Block All Responses. |
Example
no blocked-responses open-relay spamware-site
Syntax
show dhcp-server [ dynamic-scope <SCOPE_START_IPV4_HOST> <SCOPE_END_IPV4_HOST> | dynamic-scopes | leases | option-group <DHCP_OPTION_GROUP> | option-groups | option-object <DHCP_OPTION_OBJECT> | option-objects | settings | static-entries | static-entry <STATIC_ENTRY_IPV4_HOST> <STATIC_ENTRY_MAC> ] [ pending-config ]
Mode
All Modes
Description
Show DHCP Server Configuration. Options
| |
|---|
| dynamic-scope | Specify dynamic lease. |
|
<SCOPE_START_IPV4_HOST>
|
DHCP dynamic scope begin IPV4 in the form: D.D.D.D.
Example: 192.168.168.1 |
|
<SCOPE_END_IPV4_HOST>
|
DHCP dynamic scope end IPV4 in the form: D.D.D.D.
Example: 192.168.168.167 |
| |
|---|
| dynamic-scopes | All dynamic leases. |
| |
|---|
| leases | Show DHCP Server leases. |
| |
|---|
| option-group | Show DHCP Server option group configuration. |
|
<DHCP_OPTION_GROUP>
|
DHCP Server Option Group Name.
Example: lan |
| |
|---|
| option-groups | All option groups. |
| |
|---|
| option-object | Show DHCP Server option object configuration. |
|
<DHCP_OPTION_OBJECT>
|
DHCP Server Option Object Name.
Example: lan |
| |
|---|
| option-objects | All option objects. |
| |
|---|
| settings | Show DHCP Server configuration. |
| |
|---|
| static-entries | All static leases. |
| |
|---|
| static-entry | Specify static lease. |
|
<STATIC_ENTRY_IPV4_HOST>
|
DHCP static entry IPV4 in the form: D.D.D.D.
Example: 192.168.168.167 |
|
<STATIC_ENTRY_MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
| pending-config | Show pending configuration changes. |
Example
show dhcp-server
Syntax
dhcp-server
Mode
Config
Description
Enter DHCP Server Configuration Mode. Example
dhcp-server
Syntax
enable
Mode
DHCP Server
Description
Enable DHCP Server. Example
enable
Syntax
no enable
Mode
DHCP Server
Description
Disable DHCP Server. Example
no enable
Syntax
conflict-detection
Mode
DHCP Server
Description
Enable DHCP conflict-detection . Example
conflict-detection
Syntax
no conflict-detection
Mode
DHCP Server
Description
Disable DHCP Server. Example
no conflict-detection
Syntax
persistence [ monitoring-interval <UINT16> ]
Mode
DHCP Server
Description
Enable/Configure DHCP Server Persistence. Options
| monitoring-interval | Set DHCP Server Persistence Monitoring Interval in minutes. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
persistence
Syntax
no persistence
Mode
DHCP Server
Description
Disable DHCP Server Persistence. Example
no persistence
Syntax
dynamic-scope <SCOPE_START_IPV4_HOST> <SCOPE_END_IPV4_HOST>
Mode
DHCP Server
Description
Add/Edit DHCP Server Dynamic Scope and enter its Configuration Mode. Options
|
<SCOPE_START_IPV4_HOST>
|
DHCP dynamic scope begin IPV4 in the form: D.D.D.D.
Example: 192.168.168.1 |
|
<SCOPE_END_IPV4_HOST>
|
DHCP dynamic scope end IPV4 in the form: D.D.D.D.
Example: 192.168.168.167 |
Example
dynamic-scope 192.168.168.100 192.168.168.200
Syntax
no dynamic-scope <SCOPE_START_IPV4_HOST> <SCOPE_END_IPV4_HOST>
Mode
DHCP Server
Description
Delete DHCP Server Dynamic Scope. Options
|
<SCOPE_START_IPV4_HOST>
|
DHCP dynamic scope begin IPV4 in the form: D.D.D.D.
Example: 192.168.168.1 |
|
<SCOPE_END_IPV4_HOST>
|
DHCP dynamic scope end IPV4 in the form: D.D.D.D.
Example: 192.168.168.167 |
Example
no dynamic-scope 192.168.168.100 192.168.168.200
Syntax
static-entry <STATIC_ENTRY_IPV4_HOST> <STATIC_ENTRY_MAC>
Mode
DHCP Server
Description
Add/Edit DHCP Server Static entry and enter its Configuration Mode. Options
|
<STATIC_ENTRY_IPV4_HOST>
|
DHCP static entry IPV4 in the form: D.D.D.D.
Example: 192.168.168.167 |
|
<STATIC_ENTRY_MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Example
static-entry 192.168.168.101 00:01:02:03:04:05
Syntax
no static-entry <STATIC_ENTRY_IPV4_HOST> <STATIC_ENTRY_MAC>
Mode
DHCP Server
Description
Delete DHCP Server Static Scope. Options
|
<STATIC_ENTRY_IPV4_HOST>
|
DHCP static entry IPV4 in the form: D.D.D.D.
Example: 192.168.168.167 |
|
<STATIC_ENTRY_MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Example
no static-entry 192.168.168.101 00:01:02:03:04:05
Syntax
no dynamic-scopes
Mode
DHCP Server
Description
Delete all Dynamic DHCP Server Scopes. Example
no dynamic-scopes
Syntax
no static-entries
Mode
DHCP Server
Description
Delete all Static DHCP Server Scopes. Example
no static-entries
Syntax
no dhcp-entries
Mode
DHCP Server
Description
Delete all DHCP Server entries. Example
no dhcp-entries
Syntax
enable-scope <SCOPE_START_IPV4_HOST> <SCOPE_END_IPV4_HOST>
Mode
DHCP Server
Description
Enable DHCP Server Scope. Options
|
<SCOPE_START_IPV4_HOST>
|
DHCP dynamic scope begin IPV4 in the form: D.D.D.D.
Example: 192.168.168.1 |
|
<SCOPE_END_IPV4_HOST>
|
DHCP dynamic scope end IPV4 in the form: D.D.D.D.
Example: 192.168.168.167 |
Example
enable-scope 192.168.168.1 192.168.168.167
Syntax
no enable-scope <SCOPE_START_IPV4_HOST> <SCOPE_END_IPV4_HOST>
Mode
DHCP Server
Description
Disable DHCP Server Scope. Options
|
<SCOPE_START_IPV4_HOST>
|
DHCP dynamic scope begin IPV4 in the form: D.D.D.D.
Example: 192.168.168.1 |
|
<SCOPE_END_IPV4_HOST>
|
DHCP dynamic scope end IPV4 in the form: D.D.D.D.
Example: 192.168.168.167 |
Example
no scope enable 1
Syntax
enable-entry <STATIC_ENTRY_IPV4_HOST> <STATIC_ENTRY_MAC>
Mode
DHCP Server
Description
Enable DHCP Server Entry. Options
|
<STATIC_ENTRY_IPV4_HOST>
|
DHCP static entry IPV4 in the form: D.D.D.D.
Example: 192.168.168.167 |
|
<STATIC_ENTRY_MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Example
enable-entry 1.1.1.1 01:02:03:04:05:06
Syntax
no enable-entry <STATIC_ENTRY_IPV4_HOST> <STATIC_ENTRY_MAC>
Mode
DHCP Server
Description
Disable DHCP Server Entry. Options
|
<STATIC_ENTRY_IPV4_HOST>
|
DHCP static entry IPV4 in the form: D.D.D.D.
Example: 192.168.168.167 |
|
<STATIC_ENTRY_MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Example
no enable-entry 1.1.1.1 01:02:03:04:05:06
Syntax
no lease <DHCP_LEASE_IPV4_HOST>
Mode
DHCP Server
Description
Delete DHCP Server Lease. Options
|
<DHCP_LEASE_IPV4_HOST>
|
DHCP Server Lease IPV4 host address in the form: D.D.D.D.
Example: 192.168.168.100 |
Example
no lease 1.1.1.1
Syntax
no leases
Mode
DHCP Server
Description
Delete DHCP Server Leases. Example
no leases
Syntax
option-object <DHCP_OPTION_OBJECT>
Mode
DHCP Server
Description
Add/Edit DHCP Server Option Object and enter its Configuration Mode. Options
|
<DHCP_OPTION_OBJECT>
|
DHCP Server Option Object Name.
Example: lan |
Example
option-object "LAN Specific DHCP Option"
Syntax
no option-object <DHCP_OPTION_OBJECT>
Mode
DHCP Server
Description
Delete DHCP Server Option Object. Options
|
<DHCP_OPTION_OBJECT>
|
DHCP Server Option Object Name.
Example: lan |
Example
no option-object "LAN Specific DHCP Option"
Syntax
no option-objects
Mode
DHCP Server
Description
Delete all DHCP Server Option Objects. Example
no option-objects
Syntax
option-group <DHCP_OPTION_GROUP>
Mode
DHCP Server
Description
Add/Edit DHCP Server Option Group and enter its Configuration Mode. Options
|
<DHCP_OPTION_GROUP>
|
DHCP Server Option Group Name.
Example: lan |
Example
option-group "LAN Specific DHCP Options"
Syntax
no option-group <DHCP_OPTION_GROUP>
Mode
DHCP Server
Description
Delete DHCP Server Option Group. Options
|
<DHCP_OPTION_GROUP>
|
DHCP Server Option Group Name.
Example: lan |
Example
option-group "LAN Specific DHCP Options"
Syntax
no option-groups
Mode
DHCP Server
Description
Delete all DHCP Server Option Groups. Example
no option-groups
Syntax
trusted-relay-agents <ADDR_DHCP_TRUSTED_RELAY_AGENT_GROUP>
Mode
DHCP Server
Description
Enable and Set Trusted DHCP Relay Agent List. Options
|
<ADDR_DHCP_TRUSTED_RELAY_AGENT_GROUP>
|
DHCP Trusted Relay Agent List Address Group Name.
Example: Default Trusted Relay Agent List |
Example
trusted-relay-agents "Trusted Relay Agents"
Syntax
no trusted-relay-agents
Mode
DHCP Server
Description
Disable Trusted DHCP Relay Agent List. Example
no trusted-relay-agents
Syntax
enable
Mode
Dynamic Scope
Description
Enable Dynamic DHCP server scope. Example
enable
Syntax
no enable
Mode
Dynamic Scope
Description
Disable DHCP server scope. Example
no enable
Syntax
range <IPV4_HOST> <IPV4_HOST>
Mode
Dynamic Scope
Description
Set DHCP dynamic scope range. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
range 192.168.168.100 192.168.168.200
Syntax
lease-time <UINT16>
Mode
Dynamic Scope
Description
Set Dynamic DHCP scope lease time. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
lease-time 1440
Syntax
default-gateway <IPV4_HOST>
Mode
Dynamic Scope
Description
Set DHCP scope default gateway. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
default gateway 192.168.168.254
Syntax
netmask <IPV4_MASK>
Mode
Dynamic Scope
Description
Set DHCP scope subnet mask. Options
|
<IPV4_MASK>
|
IPV4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
netmask 255.255.255.0
Syntax
allow-bootp
Mode
Dynamic Scope
Description
Enable Allow BOOTP Clients to use Range. Example
allow-bootp
Syntax
no allow-bootp
Mode
Dynamic Scope
Description
Disable Allow BOOTP Clients to use Range. Example
no allow-bootp
Syntax
domain-name <HOSTNAME>
Mode
Dynamic Scope
Description
Set DHCP Domain Name. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
domain-name
Syntax
no domain-name
Mode
Dynamic Scope
Description
Clear DHCP Domain Name. Example
domain-name
Syntax
dns server { inherit | primary <IPV4_HOST> | secondary <IPV4_HOST> | tertiary <IPV4_HOST> }
Mode
Dynamic Scope
Description
Manally Set DNS Settings or Inherit DNS Settings Dynamically from the SonicWALL's DNS settings. Options
| |
|---|
| inherit | Inherit DNS servers. |
| |
|---|
| primary | Specify primary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| secondary | Specify secondary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| tertiary | Specify tertiary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
dns manual primary 192.168.168.165
Syntax
no dns server { primary | secondary | tertiary }
Mode
Dynamic Scope
Description
Manually Clear DNS server IP address. Options
| |
|---|
| primary | Clear primary DNS server IP address. |
| |
|---|
| secondary | Clear secondary DNS server IP address. |
| |
|---|
| tertiary | Clear tertiary DNS server IP address. |
Example
no dns server primary
Syntax
wins { [ primary <IPV4_HOST> ] [ secondary <IPV4_HOST> ] }
Mode
Dynamic Scope
Description
Set the primary and secondary WINS server IP address. Options
| primary | Primary WINS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| secondary | Secondary WINS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
wins primary 192.168.168.169 secondary 192.168.168.170
Syntax
call-manager { [ primary <WORD> ] [ secondary <WORD> ] [ tertiary <WORD> ] }
Mode
Dynamic Scope
Description
Set VOIP Call Managers. Options
| primary | Specify primary VOIP Call Manager IP address. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| secondary | Specify secondary VOIP Call Manager IP address. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| tertiary | Specify tertiary VOIP Call Manager address. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
call-manager manual primary 192.168.168.161 secondary 192.168.168.162 tertiary 192.168.168.163
Syntax
no call-manager [ primary ] [ secondary ] [ tertiary ]
Mode
Dynamic Scope
Description
Clear VOIP Call Managers. Options
| primary | Clear primary VOIP Call Manager IP address. |
| secondary | Clear secondary VOIP Call Manager IP address. |
| tertiary | Clear tertiary VOIP Call Manager address. |
Example
no call-manager primary secondary
Syntax
network-boot { [ next-server <IPV4_HOST> ] [ boot-file <WORD> ] [ server-name <WORD> ] }
Mode
Dynamic Scope
Description
Set Network Boot Next Server. Options
| next-server | Specify Next Server. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| boot-file | Specify Boot File. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| server-name | Specify Server Name. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
network-boot next-server 192.168.168.161
Syntax
no network-boot [ next-server ] [ boot-file ] [ server-name ]
Mode
Dynamic Scope
Description
Clear Network Boot Next Server. Options
| next-server | Clear Next Server. |
| boot-file | Clear Boot File. |
| server-name | Clear Server Name. |
Example
no network-boot next-server
Syntax
no generic-option
Mode
Dynamic Scope
Description
Set DHCP Generic Option Group. Example
no generic-option
Syntax
generic-option { group <DHCP_OPTION_GROUP> | object <DHCP_OPTION_OBJECT> }
Mode
Dynamic Scope
Description
Set DHCP Generic Option Group. Options
| |
|---|
| group | Specify Generic Option Group. |
|
<DHCP_OPTION_GROUP>
|
DHCP Server Option Group Name.
Example: lan |
| |
|---|
| object | Specify Generic Option Object. |
|
<DHCP_OPTION_OBJECT>
|
DHCP Server Option Object Name.
Example: lan |
Example
generic-option object NetServers
Syntax
always-send-option
Mode
Dynamic Scope
Description
Enable send Generic options always. Example
always-send-option
Syntax
no always-send-option
Mode
Dynamic Scope
Description
Disable send Generic options always. Example
no always-send-option
Syntax
enable
Mode
Static Entry
Description
Enable Static DHCP server scope. Example
enable
Syntax
no enable
Mode
Static Entry
Description
Disable DHCP server scope. Example
no enable
Syntax
name <WORD>
Mode
Static Entry
Description
Set DHCP static entry name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name "My Domain Server"
Syntax
no name
Mode
Static Entry
Description
Clear DHCP static entry name. Example
no name
Syntax
ip <IPV4_HOST>
Mode
Static Entry
Description
Set DHCP static entry IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
ip 10.10.10.10
Syntax
mac <MAC>
Mode
Static Entry
Description
Set DHCP static entry Ethernet address. Options
|
<MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Example
mac 00:01:02:03:04:05
Syntax
lease-time <UINT16>
Mode
Static Entry
Description
Set Static DHCP scope lease time. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
lease-time 1440
Syntax
default-gateway <IPV4_HOST>
Mode
Static Entry
Description
Set DHCP scope default gateway. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
default gateway 192.168.168.254
Syntax
netmask <IPV4_MASK>
Mode
Static Entry
Description
Set DHCP scope subnet mask. Options
|
<IPV4_MASK>
|
IPV4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
netmask 255.255.255.0
Syntax
domain-name <HOSTNAME>
Mode
Static Entry
Description
Set DHCP Domain Name. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
domain-name
Syntax
no domain-name
Mode
Static Entry
Description
Set DHCP Domain Name. Example
domain-name
Syntax
dns server { inherit | primary <IPV4_HOST> | secondary <IPV4_HOST> | tertiary <IPV4_HOST> }
Mode
Static Entry
Description
Manally Set DNS Settings or Inherit DNS Settings Dynamically from the SonicWALL's DNS settings. Options
| |
|---|
| inherit | Inherit DNS servers. |
| |
|---|
| primary | Specify primary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| secondary | Specify secondary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| tertiary | Specify tertiary DNS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
dns server primary 192.168.168.165
Syntax
no dns server { primary | secondary | tertiary }
Mode
Static Entry
Description
Manually Clear DNS server IP address. Options
| |
|---|
| primary | Clear primary DNS server IP address. |
| |
|---|
| secondary | Clear secondary DNS server IP address. |
| |
|---|
| tertiary | Clear tertiary DNS server IP address. |
Example
no dns server primary
Syntax
wins { [ primary <IPV4_HOST> ] [ secondary <IPV4_HOST> ] }
Mode
Static Entry
Description
Set the primary and secondary WINS server IP address. Options
| primary | Primary WINS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| secondary | Secondary WINS server IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
wins primary 192.168.168.169 secondary 192.168.168.170
Syntax
call-manager { [ primary <HOSTNAME> ] [ secondary <WORD> ] [ tertiary <WORD> ] }
Mode
Static Entry
Description
Set VOIP Call Managers. Options
| primary | Specify primary VOIP Call Manager IP address. |
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
| secondary | Specify secondary VOIP Call Manager IP address. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| tertiary | Specify tertiary VOIP Call Manager address. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
call-manager manual primary 192.168.168.161 secondary 192.168.168.162 tertiary 192.168.168.163
Syntax
no call-manager [ primary ] [ secondary ] [ tertiary ]
Mode
Static Entry
Description
Clear VOIP Call Managers. Options
| primary | Clear primary VOIP Call Manager IP address. |
| secondary | Clear secondary VOIP Call Manager IP address. |
| tertiary | Clear tertiary VOIP Call Manager address. |
Example
no call-manager primary secondary tertiary
Syntax
network-boot [ next-server <IPV4_HOST> ] [ boot-file <WORD> ] [ server-name <WORD> ]
Mode
Static Entry
Description
Set Network Boot Next Server. Options
| next-server | Specify Next Server. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| boot-file | Specify Boot File. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| server-name | Specify Server Name. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
network-boot next-server 192.168.168.161
Syntax
no network-boot { [ next-server ] [ boot-file ] [ server-name ] }
Mode
Static Entry
Description
Clear Network Boot Next Server. Options
| next-server | Clear Next Server. |
| boot-file | Clear Boot File. |
| server-name | Clear Server Name. |
Example
no network-boot next-server
Syntax
no generic-option
Mode
Static Entry
Description
Clear DHCP Generic Option Group. Example
no generic-option
Syntax
generic-option { group <DHCP_OPTION_GROUP> | object <DHCP_OPTION_OBJECT> }
Mode
Static Entry
Description
Set DHCP Generic Option Group. Options
| |
|---|
| group | Specify Generic Option Group. |
|
<DHCP_OPTION_GROUP>
|
DHCP Server Option Group Name.
Example: lan |
| |
|---|
| object | Specify Generic Option Object. |
|
<DHCP_OPTION_OBJECT>
|
DHCP Server Option Object Name.
Example: lan |
Example
generic-option object NetServers
Syntax
always-send-option
Mode
Static Entry
Description
Enable send Generic options always. Example
always-send-option
Syntax
no always-send-option
Mode
Static Entry
Description
Disable send Generic options always. Example
no always-send-option
Syntax
name <DHCP_OPTION_OBJECT>
Mode
DHCP Option
Description
Set DHCP Server Option Object name. Options
|
<DHCP_OPTION_OBJECT>
|
DHCP Server Option Object Name.
Example: lan |
Example
name "LAN Specific DHCP Option"
Syntax
number <UINT8>
Mode
DHCP Option
Description
Set DHCP Server Option Object number. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
number 53
Syntax
array
Mode
DHCP Option
Description
Enable DHCP Server Option array. Example
array
Syntax
no array
Mode
DHCP Option
Description
Disable DHCP Server Option array. Example
no array
Syntax
no value
Mode
DHCP Option
Description
Clear DHCP Server Option Object value. Example
no value
Syntax
value { boolean <INT8> | domain-name <HOSTNAME> | four-byte <UINT32> | ip <IPV4_HOST> | one-byte <UINT8> | string <WORD> | two-byte <UINT16> }
Mode
DHCP Option
Description
Set DHCP Server Option Object value. Options
| |
|---|
| boolean | Option Object type: Boolean. |
|
<INT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
| |
|---|
| domain-name | Option Object type: Domain Name. |
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
| |
|---|
| four-byte | Option Object type: Four Byte. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| |
|---|
| ip | Option Object type: IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| one-byte | Option Object type: One Byte. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
| |
|---|
| string | Option Object type: String. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| two-byte | Option Object type: Two Byte. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
value ip 192.168.168.168
Syntax
name <DHCP_OPTION_GROUP>
Mode
DHCP Option Group
Description
Set DHCP Server Option Group name. Options
|
<DHCP_OPTION_GROUP>
|
DHCP Server Option Group Name.
Example: lan |
Example
name "LAN Specific DHCP Option"
Syntax
option-object <DHCP_OPTION_OBJECT>
Mode
DHCP Option Group
Description
Add DHCP Server Option Object to group. Options
|
<DHCP_OPTION_OBJECT>
|
DHCP Server Option Object Name.
Example: lan |
Example
option-object "LAN Specific DHCP Option"
Syntax
no option-object <DHCP_OPTION_GROUP_OBJECT>
Mode
DHCP Option Group
Description
Remove DHCP Server Option Object from group. Options
|
<DHCP_OPTION_GROUP_OBJECT>
|
DHCP Server Option Object Name In Specify Option Group.
Example: lan |
Example
no option-object "LAN Specific DHCP Option"
Syntax
option-group <DHCP_OPTION_GROUP>
Mode
DHCP Option Group
Description
Add DHCP Server Option Group to group. Options
|
<DHCP_OPTION_GROUP>
|
DHCP Server Option Group Name.
Example: lan |
Example
option-object group1
Syntax
no option-group <DHCP_OPTION_GROUP_GROUP>
Mode
DHCP Option Group
Description
Remove DHCP Server Option Object from group. Options
|
<DHCP_OPTION_GROUP_GROUP>
|
DHCP Server Option Group Name In Specify Option Group.
Example: lan |
Example
no option-group group1
Syntax
diag show advanced [ anti-spam | arp | backend | control-plane | dhcp | diagnostics | dpi-ssl | firewall | flow-reporting | high-availability | management | network | pppoe | preference | security-service | ssl-vpn | user-authentication | visualization-proxy | voip | vpn | watchdog | wireless ] [ pending-config ]
Mode
All Modes
Description
Show advanced diag configuration. Options
| |
|---|
| anti-spam | Anti-Spam settings. |
| |
|---|
| arp | ARP settings. |
| |
|---|
| backend | Backend Server settings. |
| |
|---|
| control-plane | Control Plane Master/Slaves Monitoring and Diagnostics settings. |
| |
|---|
| dhcp | DHCP settings. |
| |
|---|
| diagnostics | Diagnostics settings. |
| |
|---|
| dpi-ssl | DPI-SSL settings. |
| |
|---|
| firewall | Firewall settings. |
| |
|---|
| flow-reporting | Flow Reporting settings. |
| |
|---|
| high-availability | High Availability settings. |
| |
|---|
| management | Management settings. |
| |
|---|
| network | Network settings. |
| |
|---|
| pppoe | PPPoE settings. |
| |
|---|
| preference | Preference Conversion settings. |
| |
|---|
| security-service | Security Services settings. |
| |
|---|
| ssl-vpn | SSL-VPN settings. |
| |
|---|
| user-authentication | User Authentication settings. |
| |
|---|
| visualization-proxy | Visualization Proxy to Remote Server settings. |
| |
|---|
| voip | VoIP settings. |
| |
|---|
| vpn | VPN settings. |
| |
|---|
| watchdog | Watchdog settings. |
| |
|---|
| wireless | Wireless settings. |
| pending-config | Show pending configuration changes. |
Example
diag show advanced arp
Syntax
diag advanced tracelog { all | current | last }
Mode
Config
Description
Set tracelog. Options
| |
|---|
| all | All. |
| |
|---|
| current | Current. |
| |
|---|
| last | Last. |
Example
tracelog current
Syntax
diag advanced arp
Mode
Config
Description
Configure advanced diag ARP settings. Example
diag advanced arp
Syntax
bridging
Mode
Diag Advanced ARP Settings
Description
Enable ARP bridging. Example
bridging
Syntax
no bridging
Mode
Diag Advanced ARP Settings
Description
Disable ARP bridging. Example
no bridging
Syntax
open-arp-behavior
Mode
Diag Advanced ARP Settings
Description
Enable open ARP behavior (WARNING: Insecure!!). Example
open-arp-behavior
Syntax
no open-arp-behavior
Mode
Diag Advanced ARP Settings
Description
Disable open ARP behavior (WARNING: Insecure!!). Example
no open-arp-behavior
Syntax
source-ip-validation
Mode
Diag Advanced ARP Settings
Description
Enable source IP Address validation for being directly connected. Example
source-ip-validation
Syntax
no source-ip-validation
Mode
Diag Advanced ARP Settings
Description
Disable source IP Address validation for being directly connected. Example
no source-ip-validation
Syntax
only-unicast
Mode
Diag Advanced ARP Settings
Description
Enable only allowing ARP entries with unicast addresses. Example
only-unicast
Syntax
no only-unicast
Mode
Diag Advanced ARP Settings
Description
Disable only allowing ARP entries with unicast addresses. Example
no only-unicast
Syntax
limit-nonresponsive
Mode
Diag Advanced ARP Settings
Description
Enable limiting ARPS of non-responsive IPs. Example
limit-nonresponsive
Syntax
no limit-nonresponsive
Mode
Diag Advanced ARP Settings
Description
Disable limiting ARPS of non-responsive IPs. Example
no limit-nonresponsive
Syntax
bypass-for-l2bridge
Mode
Diag Advanced ARP Settings
Description
Enable bypassing ARP processing on L2 bridge interfaces. Example
bypass-for-l2bridge
Syntax
no bypass-for-l2bridge
Mode
Diag Advanced ARP Settings
Description
Disable bypassing ARP processing on L2 bridge interfaces. Example
no bypass-for-l2bridge
Syntax
gratuitous-arp-compatibility
Mode
Diag Advanced ARP Settings
Description
Enable Gratuitous ARP Compatibility Mode. Example
gratuitous-arp-compatibility
Syntax
no gratuitous-arp-compatibility
Mode
Diag Advanced ARP Settings
Description
Disable Gratuitous ARP Compatibility Mode. Example
no gratuitous-arp-compatibility
Syntax
gratuitous-arp-limit [ amount <UINT32> ]
Mode
Diag Advanced ARP Settings
Description
Enable Gratuitous ARP limiting and never broadcast more than set number Gratuitous ARPs in any 60 second period. Options
| amount | Set limit of Gratuitous ARPs in any 60 second period |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
gratuitous-arp-limit amount 100
Syntax
no gratuitous-arp-limit
Mode
Diag Advanced ARP Settings
Description
Disable Gratuitous ARP limiting. Example
no gratuitous-arp-limit
Syntax
system-broadcast [ interval <UINT32> ]
Mode
Diag Advanced ARP Settings
Description
Enable periodically broadcast system ARPs and set the interval. Options
| interval | Set the interval for periodically broadcast system ARPs in minutes. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
system-broadcast interval 60
Syntax
no system-broadcast
Mode
Diag Advanced ARP Settings
Description
Disable periodically broadcast system ARPs. Example
no system-broadcast
Syntax
display-mac-tracking
Mode
Diag Advanced ARP Settings
Description
Enable displaying of MAC tracking. Example
display-mac-tracking
Syntax
no display-mac-tracking
Mode
Diag Advanced ARP Settings
Description
Disable displaying of MAC tracking. Example
no display-mac-tracking
Syntax
send-system-arps
Mode
Diag Advanced ARP Settings
Description
Send system ARPs. Example
send-system-arps
Syntax
diag advanced network
Mode
Config
Description
Configure advanced diag Network and Routing settings. Example
diag advanced network
Syntax
flush-alternate-path-flows
Mode
Diag Advanced Network Settings
Description
Enable flushing flows on alternate path when normal route path is enabled (affects existing connections). Example
flush-alternate-path-flows
Syntax
no flush-alternate-path-flows
Mode
Diag Advanced Network Settings
Description
Disable flushing flows on alternate path when normal route path is enabled (affects existing connections). Example
no flush-alternate-path-flows
Syntax
update-route-version
Mode
Diag Advanced Network Settings
Description
Enable updating route version when route is enabled/disabled (affects existing connections). Example
update-route-version
Syntax
no update-route-version
Mode
Diag Advanced Network Settings
Description
Disable updating route version when route is enabled/disabled (affects existing connections). Example
no update-route-version
Syntax
tcp-packet-option-tagging
Mode
Diag Advanced Network Settings
Description
Enable TCP packet option tagging. Example
tcp-packet-option-tagging
Syntax
no tcp-packet-option-tagging
Mode
Diag Advanced Network Settings
Description
Disable TCP packet option tagging. Example
no tcp-packet-option-tagging
Syntax
fix-malformed-tcp-headers
Mode
Diag Advanced Network Settings
Description
Enable fix/ignore malformed TCP headers. Example
fix-malformed-tcp-headers
Syntax
no fix-malformed-tcp-headers
Mode
Diag Advanced Network Settings
Description
Disable fix/ignore malformed TCP headers. Example
no fix-malformed-tcp-headers
Syntax
sequence-number-randomization
Mode
Diag Advanced Network Settings
Description
Enable TCP sequence number randomization. Example
sequence-number-randomization
Syntax
no sequence-number-randomization
Mode
Diag Advanced Network Settings
Description
Disable TCP sequence number randomization. Example
no sequence-number-randomization
Syntax
syn-validation
Mode
Diag Advanced Network Settings
Description
Enable performing SYN validation when not operating in strict TCP compliance mode. Example
syn-validation
Syntax
no syn-validation
Mode
Diag Advanced Network Settings
Description
Disable performing SYN validation when not operating in strict TCP compliance mode. Example
no syn-validation
Syntax
clear ospf
Mode
Diag Advanced Network Settings
Description
Clear OSPF process. Example
clear ospf
Syntax
clear dont-fragment-bit
Mode
Diag Advanced Network Settings
Description
Enable Clear DF (Don't Fragment) Bit. Example
clear dont-fragment-bit
Syntax
no clear dont-fragment-bit
Mode
Diag Advanced Network Settings
Description
Disable Clear DF (Don't Fragment) Bit. Example
no clear dont-fragment-bit
Syntax
diag advanced dhcp
Mode
Config
Description
Configure advanced diag DHCP settings. Example
diag advanced dhcp
Syntax
network-pre-discovery
Mode
Diag Advanced DHCP Settings
Description
Enable DHCP Server Network Pre-Discovery. Example
network-pre-discovery
Syntax
no network-pre-discovery
Mode
Diag Advanced DHCP Settings
Description
Disable DHCP Server Network Pre-Discovery. Example
no network-pre-discovery
Syntax
conflict-detect-period <UINT16>
Mode
Diag Advanced DHCP Settings
Description
Set the DHCP Server Conflict Detect Period in seconds. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
conflict-detect-period 300
Syntax
resources-to-discover <UINT8>
Mode
Diag Advanced DHCP Settings
Description
Set number of DHCP resources to discover. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
resources-to-discover 10
Syntax
conflicted-resource-timeout <UINT16>
Mode
Diag Advanced DHCP Settings
Description
Set the timeout for conflicted resource to be rechecked in seconds. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
conflicted-resource-timeout 1800
Syntax
available-resource-timeout <UINT16>
Mode
Diag Advanced DHCP Settings
Description
Set the timeout for available resource to be rechecked in seconds. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
available-resource-timeout 600
Syntax
leases-to-flash
Mode
Diag Advanced DHCP Settings
Description
Save DHCP leases to flash. Example
leases-to-flash
Syntax
dhcpnak
Mode
Diag Advanced DHCP Settings
Description
Enable sending DHCPNAK if the 'requested IP address' is on the wrong network. Example
dhcpnak
Syntax
no dhcpnak
Mode
Diag Advanced DHCP Settings
Description
Disable sending DHCPNAK if the 'requested IP address' is on the wrong network. Example
no dhcpnak
Syntax
diag advanced voip
Mode
Config
Description
Configure advanced diag VoIP settings. Example
diag advanced voip
Syntax
max-endpoints <UINT16>
Mode
Diag Advanced VoIP Settings
Description
Set the maximum 'public' VoIP Endpoints. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
max-endpoints 2048
Syntax
no max-endpoints
Mode
Diag Advanced VoIP Settings
Description
Clear the maximum 'public' VoIP Endpoints. Example
no max-endpoints
Syntax
auto-add-sip
Mode
Diag Advanced VoIP Settings
Description
Enable auto-add SIP endpoints. Example
auto-add-sip
Syntax
no auto-add-sip
Mode
Diag Advanced VoIP Settings
Description
Disable auto-add SIP endpoints. Example
no auto-add-sip
Syntax
sip-transforms
Mode
Diag Advanced VoIP Settings
Description
Enable transforming SIP URIs to have an explicit port. Example
sip-transforms
Syntax
no sip-transforms
Mode
Diag Advanced VoIP Settings
Description
Disable transforming SIP URIs to have an explicit port. Example
no sip-transforms
Syntax
reset-sip-database
Mode
Diag Advanced VoIP Settings
Description
Reset sip database. Example
reset-sip-database
Syntax
diag advanced vpn
Mode
Config
Description
Configure advanced diag VPN settings. Example
diag advanced vpn
Syntax
adjust-tcp-mss
Mode
Diag Advanced VPN Settings
Description
Enable adjusting TCP MSS option for VPN traffic. Example
adjust-tcp-mss
Syntax
no adjust-tcp-mss
Mode
Diag Advanced VPN Settings
Description
Do not adjusting TCP MSS option for VPN traffic. Example
no adjust-tcp-mss
Syntax
interoperable-ike-dh-exchange
Mode
Diag Advanced VPN Settings
Description
Enable using interoperable IKE DH exchange . Example
interoperable-ike-dh-exchange
Syntax
no interoperable-ike-dh-exchange
Mode
Diag Advanced VPN Settings
Description
Disable using interoperable IKE DH exchange . Example
no interoperable-ike-dh-exchange
Syntax
fragment-after-esp
Mode
Diag Advanced VPN Settings
Description
Enable fragmenting VPN packets after applying ESP. Example
fragment-after-esp
Syntax
no fragment-after-esp
Mode
Diag Advanced VPN Settings
Description
Disable fragmenting VPN packets after applying ESP. Example
no fragment-after-esp
Syntax
spi-cpi-parameter-index
Mode
Diag Advanced VPN Settings
Description
Enable using SPI/CPI parameter index for IPsec/IPcomp passthru connections. Example
spi-cpi-parameter-index
Syntax
no spi-cpi-parameter-index
Mode
Diag Advanced VPN Settings
Description
Disable using SPI/CPI parameter index for IPsec/IPcomp passthru connections. Example
no spi-cpi-parameter-index
Syntax
trust-built-in-ca
Mode
Diag Advanced VPN Settings
Description
Enable trust Built-in CA certificates for IKE authentication and Local certificate import. Example
trust-built-in-ca
Syntax
no trust-built-in-ca
Mode
Diag Advanced VPN Settings
Description
Disable trust Built-in CA certificates for IKE authentication and Local certificate import. Example
no trust-built-in-ca
Syntax
diag advanced hardware-encryption
Mode
Config
Description
Enable Hardware Encryption. Example
diag advanced hardware-encryption
Syntax
diag no advanced hardware-encryption
Mode
Config
Description
Disable Hardware Encryption. Example
diag no advanced hardware-encryption
Syntax
diag advanced firewall
Mode
Config
Description
Configure advanced diag firewall settings. Example
diag advanced firewall
Syntax
ftp-bounce-attack-protection
Mode
All Modes
Description
Enable FTP bounce attack protection. Example
ftp-bounce-attack-protection
Syntax
no ftp-bounce-attack-protection
Mode
All Modes
Description
Disable FTP bounce attack protection. Example
no ftp-bounce-attack-protection
Syntax
ftp-protocol-anomaly-attack-protection
Mode
All Modes
Description
Enable FTP protocol anomaly attack protection. Example
ftp-protocol-anomaly-attack-protection
Syntax
no ftp-protocol-anomaly-attack-protection
Mode
All Modes
Description
Disable FTP protocol anomaly attack protection. Example
no ftp-protocol-anomaly-attack-protection
Syntax
ip-spoof-checking
Mode
All Modes
Description
Enable IP Spoof checking. Example
ip-spoof-checking
Syntax
no ip-spoof-checking
Mode
All Modes
Description
Disable IP Spoof checking. Example
no ip-spoof-checking
Syntax
port-scan-detection
Mode
All Modes
Description
Enable Port Scan Detection. Example
port-scan-detection
Syntax
no port-scan-detection
Mode
All Modes
Description
Disable Port Scan Detection. Example
no port-scan-detection
Syntax
anticipated-connection-timeout <UINT32>
Mode
All Modes
Description
Set timeout for anticipated TCP/UPD connections (seconds). Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
anticipated-connection-timeout 10
Syntax
no anticipated-connection-timeout
Mode
All Modes
Description
Clear timeout for anticipated TCP/UPD connections (seconds). Example
no anticipated-connection-timeout
Syntax
anticipated-connection-parent-termination
Mode
All Modes
Description
Enable terminatation of parent on timeout of anticipated TCP/UDP connections. Example
anticipated-connection-parent-termination
Syntax
no anticipated-connection-parent-termination
Mode
All Modes
Description
Disable terminatation of parent on timeout of anticipated TCP/UDP connections. Example
no anticipated-connection-parent-termination
Syntax
anticipated-media-timeout <UINT32>
Mode
All Modes
Description
Set timeout for anticipated media connections(seconds). Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
anticipated-media-timeout 60
Syntax
no anticipated-media-timeout
Mode
All Modes
Description
Clear timeout for anticipated media connections(seconds). Example
no anticipated-media-timeout
Syntax
anticipated-media-parent-termination
Mode
All Modes
Description
Enable terminatation of parent on timeout of anticipated media connections. Example
anticipated-media-parent-termination
Syntax
no anticipated-media-parent-termination
Mode
All Modes
Description
Disable terminatation of parent on timeout of anticipated media connections. Example
no anticipated-media-parent-termination
Syntax
trace-connections-port <IPV4_PORT>
Mode
All Modes
Description
Set TCP port to trace connections to. Options
|
<IPV4_PORT>
|
IPV4 port in the form: D OR 0xHHHH.
Example: 80 |
Example
trace-connections-port 8080
Syntax
no trace-connections-port
Mode
All Modes
Description
Clear TCP port to trace connections to. Example
no trace-connections-port
Syntax
track-bandwidth-usage
Mode
All Modes
Description
Enable tracking Bandwidth Usage for default traffic. Example
track-bandwidth-usage
Syntax
no track-bandwidth-usage
Mode
All Modes
Description
Disable tracking Bandwidth Usage for default traffic. Example
no track-bandwidth-usage
Syntax
decrease-connection-count-after-close
Mode
All Modes
Description
Enable decreasing connection count immediately after TCP connection close. Example
decrease-connection-count-after-close
Syntax
no decrease-connection-count-after-close
Mode
All Modes
Description
Disable decreasing connection count immediately after TCP connection close. Example
no decrease-connection-count-after-close
Syntax
tcp-state-manipulation-dos-protection
Mode
All Modes
Description
Enable protection against TCP State Manipulation DoS. Example
tcp-state-manipulation-dos-protection
Syntax
no tcp-state-manipulation-dos-protection
Mode
All Modes
Description
Disable protection against TCP State Manipulation DoS. Example
no tcp-state-manipulation-dos-protection
Syntax
sequential-addresses
Mode
All Modes
Description
Enable allocation of sequential addresses when performing many-to-few NAT. Example
sequential-addresses
Syntax
no sequential-addresses
Mode
All Modes
Description
Disable allocation of sequential addresses when performing many-to-few NAT. Example
no sequential-addresses
Syntax
flush-connections
Mode
All Modes
Description
Flush connections. Example
flush-connections
Syntax
diag advanced security-services
Mode
Config
Description
Configure advanced diag security services settings. Example
diag advanced security-services
Syntax
bidirectional-ips
Mode
Diag Advanced Security Services Settings
Description
Enable applying IPS Signatures Bidirectionally. Example
bidirectional-ips
Syntax
no bidirectional-ips
Mode
Diag Advanced Security Services Settings
Description
Disable applying IPS Signatures Bidirectionally. Example
no bidirectional-ips
Syntax
dpi-ip-fragment-reassembly
Mode
Diag Advanced Security Services Settings
Description
Enable IP fragment reassembly in DPI. Example
dpi-ip-fragment-reassembly
Syntax
no dpi-ip-fragment-reassembly
Mode
Diag Advanced Security Services Settings
Description
Disable IP fragment reassembly in DPI. Example
no dpi-ip-fragment-reassembly
Syntax
dev-debug
Mode
Diag Advanced Security Services Settings
Description
Enable extra dev debug info. Example
dev-debug
Syntax
no dev-debug
Mode
Diag Advanced Security Services Settings
Description
Disable extra dev debug info. Example
no dev-debug
Syntax
smtp-chunking-modification
Mode
Diag Advanced Security Services Settings
Description
Enable App-Firewall SMTP CHUNKING modification. Example
smtp-chunking-modification
Syntax
no smtp-chunking-modification
Mode
Diag Advanced Security Services Settings
Description
Disable App-Firewall SMTP CHUNKING modification. Example
no smtp-chunking-modification
Syntax
pop3-auto-deletion
Mode
Diag Advanced Security Services Settings
Description
Enable Gateway AV POP3 Auto Deletion. Example
pop3-auto-deletion
Syntax
no pop3-auto-deletion
Mode
Diag Advanced Security Services Settings
Description
Disable Gateway AV POP3 Auto Deletion. Example
no pop3-auto-deletion
Syntax
pop3-uidl-rewriting
Mode
Diag Advanced Security Services Settings
Description
Enable Gateway AV POP3 UIDL Rewriting. Example
pop3-uidl-rewriting
Syntax
no pop3-uidl-rewriting
Mode
Diag Advanced Security Services Settings
Description
Disable Gateway AV POP3 UIDL Rewriting. Example
no pop3-uidl-rewriting
Syntax
smb-read-write-enforcement
Mode
Diag Advanced Security Services Settings
Description
Enable Gateway AV SMB read/write ordering enforcement. Example
smb-read-write-enforcement
Syntax
no smb-read-write-enforcement
Mode
Diag Advanced Security Services Settings
Description
Disable Gateway AV SMB read/write ordering enforcement. Example
no smb-read-write-enforcement
Syntax
minimum-http-header-length <UINT16>
Mode
Diag Advanced Security Services Settings
Description
Set Minimum HTTP header length (0 to disable). Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
minimum-http-header-length 0
Syntax
no minimum-http-header-length
Mode
Diag Advanced Security Services Settings
Description
Clear Minimum HTTP header length (0 to disable). Example
no minimum-http-header-length
Syntax
incremental-signature-updates
Mode
Diag Advanced Security Services Settings
Description
Enable incremental updates to IDP, GAV and SPY signature databases. Example
incremental-signature-updates
Syntax
no incremental-signature-updates
Mode
Diag Advanced Security Services Settings
Description
Disable incremental updates to IDP, GAV and SPY signature databases. Example
no incremental-signature-updates
Syntax
force-utm-offload
Mode
Diag Advanced Security Services Settings
Description
Enable Force UTM offload. Example
force-utm-offload
Syntax
no force-utm-offload
Mode
Diag Advanced Security Services Settings
Description
Disable Force UTM offload. Example
no force-utm-offload
Syntax
utm-traffic-offload <UINT8>
Mode
Diag Advanced Security Services Settings
Description
Set Active/Active UTM Traffic Offload %. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
utm-traffic-offload 60
Syntax
no utm-traffic-offload
Mode
Diag Advanced Security Services Settings
Description
Clear Active/Active UTM Traffic Offload %. Example
no utm-traffic-offload
Syntax
limit-dpi-tcp-window-advertisement [ maximum <UINT16> ]
Mode
Diag Advanced Security Services Settings
Description
Enable enforcement of a limit on maximum allowed advertised TCP window with any DPI-based service enabled and set the maximum allowed. Options
| maximum | Set the maximum allowed advertised TCP window with any DPI-based service enabled. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
limit-dpi-tcp-window-advertisement maximum 256
Syntax
no limit-dpi-tcp-window-advertisement
Mode
Diag Advanced Security Services Settings
Description
Disable enforcement of a limit on maximum allowed advertised TCP window with any DPI-based service enabled. Example
no limit-dpi-tcp-window-advertisement
Syntax
signature-database-reload
Mode
Diag Advanced Security Services Settings
Description
Enable signature database reload. Example
signature-database-reload
Syntax
no signature-database-reload
Mode
Diag Advanced Security Services Settings
Description
Disable signature database reload. Example
no signature-database-reload
Syntax
process-ips-signatures
Mode
Diag Advanced Security Services Settings
Description
Enable processing of IPS signatures. Example
process-ips-signatures
Syntax
no process-ips-signatures
Mode
Diag Advanced Security Services Settings
Description
Disable processing of IPS signatures. Example
no process-ips-signatures
Syntax
process-gav-signatures
Mode
Diag Advanced Security Services Settings
Description
Enable processing of GAV signatures. Example
process-gav-signatures
Syntax
no process-gav-signatures
Mode
Diag Advanced Security Services Settings
Description
Disable processing of GAV signatures. Example
no process-gav-signatures
Syntax
process-anti-spyware-signatures
Mode
Diag Advanced Security Services Settings
Description
Enable processing of Anti-Spyware signatures. Example
process-anti-spyware-signatures
Syntax
no process-anti-spyware-signatures
Mode
Diag Advanced Security Services Settings
Description
Disable processing of Anti-Spyware signatures. Example
no process-anti-spyware-signatures
Syntax
process-app-signatures
Mode
Diag Advanced Security Services Settings
Description
Enable processing of App signatures. Example
process-app-signatures
Syntax
no process-app-signatures
Mode
Diag Advanced Security Services Settings
Description
Disable processing of App signatures. Example
no process-app-signatures
Syntax
optimal-value [ val <UINT32> ]
Mode
Diag Advanced Security Services Settings
Description
Enable optimal value and set the value. Options
| val | Set the optimal value. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
optimal-value 10240
Syntax
no optimal-value
Mode
Diag Advanced Security Services Settings
Description
Disable optimal value and set the value. Example
no optimal-value
Syntax
enforce-cfs-host-tag-search
Mode
Diag Advanced Security Services Settings
Description
Enable enforcement of Host Tag Search for CFS. Example
enforce-cfs-host-tag-search
Syntax
no enforce-cfs-host-tag-search
Mode
Diag Advanced Security Services Settings
Description
Disable enforcement of Host Tag Search for CFS. Example
no enforce-cfs-host-tag-search
Syntax
local-cfs-server [ primary <IPV4_HOST> [ secondary <IPV4_HOST> ] ]
Mode
Diag Advanced Security Services Settings
Description
Enable local CFS server and set the IP addresses. Options
| primary | Primary local CFS server. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| secondary | Secondary local CFS server. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
local-cfs-server
local-cfs-server primary 10.10.10.10
local-cfs-server secondary 10.10.10.11
Syntax
no local-cfs-server
Mode
Diag Advanced Security Services Settings
Description
Disable local CFS server. Example
no local-cfs-server
Syntax
reset av-info
Mode
Diag Advanced Security Services Settings
Description
Reset AV info. Example
reset av-info
Syntax
reset licenses
Mode
Diag Advanced Security Services Settings
Description
Reset Licenses and Security Services info. Example
reset licenses
Syntax
reset http-clientless-notification-cache
Mode
Diag Advanced Security Services Settings
Description
Reset HTTP Clientless Notification Cache. Example
reset http-clientless-notification-cache
Syntax
reset cloud-av-cache
Mode
Diag Advanced Security Services Settings
Description
Reset Cloud AV Cache. Example
reset cloud-av-cache
Syntax
cloud-av-server [ host <HOSTNAME> ]
Mode
Diag Advanced Security Services Settings
Description
Enable private cloud AV server and set the IP address. Options
| host | Private Cloud AV Server IP or name. |
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
cloud-av-server
cloud-av-server host 10.10.10.12
Syntax
no cloud-av-server
Mode
Diag Advanced Security Services Settings
Description
Disable private cloud AV server. Example
no cloud-av-server
Syntax
diag advanced dpi-ssl
Mode
Config
Description
Configure advanced diag DPI-SSL settings. Example
diag advanced dpi-ssl
Syntax
rewritten-certificate-sn-modifier <UINT16>
Mode
Diag Advanced DPI-SSL Settings
Description
Set rewritten certificate SN modifier. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
rewritten-certificate-sn-modifier 1
Syntax
client-spoofed-certificate-caching
Mode
Diag Advanced DPI-SSL Settings
Description
Enable client spoofed certificate caching. Example
client-spoofed-certificate-caching
Syntax
no client-spoofed-certificate-caching
Mode
Diag Advanced DPI-SSL Settings
Description
Disable client spoofed certificate caching. Example
no client-spoofed-certificate-caching
Syntax
remove-tcp-timestamp-option
Mode
Diag Advanced DPI-SSL Settings
Description
Enable removing TCP timestamp option. Example
remove-tcp-timestamp-option
Syntax
no remove-tcp-timestamp-option
Mode
Diag Advanced DPI-SSL Settings
Description
Disable removing TCP timestamp option. Example
no remove-tcp-timestamp-option
Syntax
drop-ssl-on-low-memory
Mode
Diag Advanced DPI-SSL Settings
Description
Enable dropping SSL packets when memory low. Example
drop-ssl-on-low-memory
Syntax
no drop-ssl-on-low-memory
Mode
Diag Advanced DPI-SSL Settings
Description
Disable dropping SSL packets when memory low. Example
no drop-ssl-on-low-memory
Syntax
proxyless-ssl-when-limit-exceeded
Mode
Diag Advanced DPI-SSL Settings
Description
Enable allowing SSL without proxy when connection limit exceeded. Example
proxyless-ssl-when-limit-exceeded
Syntax
no proxyless-ssl-when-limit-exceeded
Mode
Diag Advanced DPI-SSL Settings
Description
Disable allowing SSL without proxy when connection limit exceeded. Example
no proxyless-ssl-when-limit-exceeded
Syntax
block-untrusted-certificate-connections
Mode
Diag Advanced DPI-SSL Settings
Description
Enable blocking connections to sites with untrusted certificates. Example
block-untrusted-certificate-connections
Syntax
no block-untrusted-certificate-connections
Mode
Diag Advanced DPI-SSL Settings
Description
Disable blocking connections to sites with untrusted certificates. Example
no block-untrusted-certificate-connections
Syntax
max-stream-offset <UINT16>
Mode
Diag Advanced DPI-SSL Settings
Description
Set max stream offset to check for SSL client-hello resemblance. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
max-stream-offset 512
Syntax
no max-stream-offset
Mode
Diag Advanced DPI-SSL Settings
Description
Clear max stream offset to check for SSL client-hello resemblance. Example
no max-stream-offset
Syntax
tcp-window-multiplier <UINT8>
Mode
Diag Advanced DPI-SSL Settings
Description
Set TCP window multiplier (N * 64k). Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
tcp-window-multiplier 8
Syntax
max-proxied-connections <UINT16>
Mode
Diag Advanced DPI-SSL Settings
Description
Set the override for max proxied SSL connections. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
max-proxied-connections 0
Syntax
no max-proxied-connections
Mode
Diag Advanced DPI-SSL Settings
Description
Clear the override for max proxied SSL connections. Example
no max-proxied-connections
Syntax
diag advanced high-availability
Mode
Config
Description
Configure advanced diag High Availability settings. Example
diag advanced high-availability
Syntax
suppress-active-transition-alarm
Mode
Diag Advanced High Availability Settings
Description
Enable suppressing Alarm on HA Transition to Active. Example
suppress-active-transition-alarm
Syntax
no suppress-active-transition-alarm
Mode
Diag Advanced High Availability Settings
Description
Disable suppressing Alarm on HA Transition to Active. Example
no suppress-active-transition-alarm
Syntax
restart-backup-on-watchdog
Mode
Diag Advanced High Availability Settings
Description
Enable always restarting HA backup for watchdog task. Example
restart-backup-on-watchdog
Syntax
no restart-backup-on-watchdog
Mode
Diag Advanced High Availability Settings
Description
Disable always restarting HA backup for watchdog task . Example
no restart-backup-on-watchdog
Syntax
interleave-cache
Mode
Diag Advanced High Availability Settings
Description
Enable Interleave Connection Cache state synchronization messages. Example
interleave-cache
Syntax
no interleave-cache
Mode
Diag Advanced High Availability Settings
Description
Disable Interleave Connection Cache state synchronization messages. Example
no interleave-cache
Syntax
transparent-mode-gratuitous-arp
Mode
Diag Advanced High Availability Settings
Description
Enable sending gratuitous ARP to DMZ or LAN on transparent mode while HA failover. Example
transparent-mode-gratuitous-arp
Syntax
no transparent-mode-gratuitous-arp
Mode
Diag Advanced High Availability Settings
Description
Disable sending gratuitous ARP to DMZ or LAN on transparent mode while HA failover. Example
no transparent-mode-gratuitous-arp
Syntax
max-transparent-mode-gratuitous-arps <UINT16>
Mode
Diag Advanced High Availability Settings
Description
Set maximum number of gratuitous ARP of transparent mode per interface while HA failover. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
max-transparent-mode-gratuitous-arps 256
Syntax
diag advanced pppoe
Mode
Config
Description
Configure advanced diag PPPoE settings. Example
diag advanced pppoe
Syntax
lcp-requests
Mode
Diag Advanced PPPoE Settings
Description
Enable allowing LCP requests to PPPoE server. Example
lcp-requests
Syntax
no lcp-requests
Mode
Diag Advanced PPPoE Settings
Description
Disable allowing LCP requests to PPPoE server. Example
no lcp-requests
Syntax
log-lcp-echo
Mode
Diag Advanced PPPoE Settings
Description
Enable logging LCP Echo Requests and Replies between client and server. Example
log-lcp-echo
Syntax
no log-lcp-echo
Mode
Diag Advanced PPPoE Settings
Description
Disable logging LCP Echo Requests and Replies between client and server. Example
no log-lcp-echo
Syntax
end-of-list-tag
Mode
Diag Advanced PPPoE Settings
Description
Enable PPPoE End-Of-List Tag. Example
end-of-list-tag
Syntax
no end-of-list-tag
Mode
Diag Advanced PPPoE Settings
Description
Disable PPPoE End-Of-List Tag. Example
no end-of-list-tag
Syntax
netmask <IPV4_MASK>
Mode
Diag Advanced PPPoE Settings
Description
Set PPPoE netmask. Options
|
<IPV4_MASK>
|
IPV4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
Example
netmask 255.255.255.252
Syntax
no netmask
Mode
Diag Advanced PPPoE Settings
Description
Clear PPPoE netmask. Example
no netmask
Syntax
diag advanced management
Mode
Config
Description
Configure advanced diag management settings. Example
diag advanced management
Syntax
standby-management-sa
Mode
Diag Advanced Management Settings
Description
Enable using Standby Management SA. Example
standby-management-sa
Syntax
no standby-management-sa
Mode
Diag Advanced Management Settings
Description
Disable using Standby Management SA. Example
no standby-management-sa
Syntax
gms-preempts-admin
Mode
Diag Advanced Management Settings
Description
Enable allowing SGMS to preempt a logged in administrator. Example
gms-preempts-admin
Syntax
no gms-preempts-admin
Mode
Diag Advanced Management Settings
Description
Disable allowing SGMS to preempt a logged in administrator. Example
no gms-preempts-admin
Syntax
online-help-url { default | override [ url <WORD> ] }
Mode
Diag Advanced Management Settings
Description
Set the Online Help URL. Options
| |
|---|
| default | Use the default Global Help System URL. |
| |
|---|
| override | Override the default using the configured value. |
| url | Set URL. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
online-help-url url "help.mysonicwall.com/help.asp"
Syntax
diag advanced user-authentication
Mode
Config
Description
Configure advanced diag user authentication settings. Example
diag advanced user-authentication
Syntax
post-authentication-redirect-url <URL>
Mode
Diag Advanced User Authentication Settings
Description
Set Post authentication user redirect URL. Options
|
<URL>
|
URL in the form: http://host/file.
Example: http://www.example.com/products/ |
Example
post-authentication-redirect-url "10.10.10.10/welcome.asp"
Syntax
no post-authentication-redirect-url
Mode
Diag Advanced User Authentication Settings
Description
Clear Post authentication user redirect URL. Example
no post-authentication-redirect-url
Syntax
logout-users
Mode
Diag Advanced User Authentication Settings
Description
Logout all users. Example
logout-users
Syntax
log-all-sso-attempts [ no-sso-polling | sso-polling ]
Mode
Diag Advanced User Authentication Settings
Description
Enable logging an audit trail of all SSO attempts in the event log. Options
| |
|---|
| no-sso-polling | Disable including SSO polling. |
| |
|---|
| sso-polling | Enable including SSO polling. |
Example
log-all-sso-attempts
Syntax
no log-all-sso-attempts
Mode
Diag Advanced User Authentication Settings
Description
Disable logging and audit trail of all SSO attempts in the event log. Example
no log-all-sso-attempts
Syntax
diag advanced diagnostics
Mode
Config
Description
Configure advanced diag diagnostics settings. Example
diag advanced diagnostics
Syntax
setup-tool-server
Mode
Diag Advanced Diagnostics Settings
Description
Enable SonicSetup/Setuptool Server. Example
setup-tool-server
Syntax
no setup-tool-server
Mode
Diag Advanced Diagnostics Settings
Description
Disable SonicSetup/Setuptool Server. Example
no setup-tool-server
Syntax
trace-message-level { error | fatal | info | verbose | warning }
Mode
Diag Advanced Diagnostics Settings
Description
Set the trace message level. Options
| |
|---|
| error | Error. |
| |
|---|
| fatal | Fatal. |
| |
|---|
| info | Info. |
| |
|---|
| verbose | Verbose. |
| |
|---|
| warning | Warning. |
Example
trace-message-level
Syntax
auto-restart [ every <UINT32> ]
Mode
Diag Advanced Diagnostics Settings
Description
Enable (for diagnostic testing purposes) auto-restarting system every set amount of minutes. Options
| every | Set number of minutes to auto-restart system. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
auto-restart every 60
Syntax
no auto-restart
Mode
Diag Advanced Diagnostics Settings
Description
Disable (for diagnostic testing purposes) auto-restarting system every set amount of minutes. Example
no auto-restart
Syntax
secured-crash-analysis
Mode
Diag Advanced Diagnostics Settings
Description
Enable secured www.mysonicwall.com crash analysis. Example
secured-crash-analysis
Syntax
no secured-crash-analysis
Mode
Diag Advanced Diagnostics Settings
Description
Disable secured www.mysonicwall.com crash analysis. Example
no secured-crash-analysis
Syntax
dp-jobs-tracked <UINT8>
Mode
Diag Advanced Diagnostics Settings
Description
Set number of jobs executed by Data Plane Task to be tracked. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
dp-jobs-tracked 10
Syntax
diag advanced watchdog
Mode
Config
Description
Configure advanced diag watchdog settings. Example
diag advanced watchdog
Syntax
cpu-watchdog
Mode
Diag Advanced Watchdog Settings
Description
Enable CPU watchdog. Example
cpu-watchdog
Syntax
no cpu-watchdog
Mode
Diag Advanced Watchdog Settings
Description
Disable CPU watchdog. Example
no cpu-watchdog
Syntax
restart-for
Mode
Diag Advanced Watchdog Settings
Description
Enable restarting for watchdog task. Example
restart-for
Syntax
no restart-for
Mode
Diag Advanced Watchdog Settings
Description
Disable restarting for watchdog task. Example
no restart-for
Syntax
quick-restart
Mode
Diag Advanced Watchdog Settings
Description
Enable restarting quickly after an exception. Example
quick-restart
Syntax
no quick-restart
Mode
Diag Advanced Watchdog Settings
Description
Disable restarting quickly after an exception. Example
no quick-restart
Syntax
diag advanced wireless
Mode
Config
Description
Configure advanced diag wireless settings. Example
diag advanced wireless
Syntax
sonicpoint update-firmare
Mode
Diag Advanced Wireless Settings
Description
Update all SonicPoint firmware. Example
sonicpoint update-firmare
Syntax
sonicpoint keepalive-enforcement
Mode
Diag Advanced Wireless Settings
Description
Enable SonicPoint Keepalive enforcement. Example
sonicpoint keepalive-enforcement
Syntax
no sonicpoint keepalive-enforcement
Mode
Diag Advanced Wireless Settings
Description
Disable SonicPoint Keepalive enforcement. Example
no sonicpoint keepalive-enforcement
Syntax
sonicpoint profile-tcp-window-size <UINT16>
Mode
Diag Advanced Wireless Settings
Description
Set SonicPoint Provisioning Profile TCP Window Size. Options
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
sonicpoint profile-tcp-window-size 1400
Syntax
no sonicpoint profile-tcp-window-size
Mode
Diag Advanced Wireless Settings
Description
Clear SonicPoint Provisioning Profile TCP Window Size. Example
sonicpoint profile-tcp-window-size 1400
Syntax
guest-services-redirect-interval <UINT8>
Mode
Diag Advanced Wireless Settings
Description
Set Wireless Guest Services Redirect Interval in seconds. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
guest-services-redirect-interval 15
Syntax
wifisec-enforcement
Mode
Diag Advanced Wireless Settings
Description
Enable legacy WiFiSec Enforcement support. Example
wifisec-enforcement
Syntax
no wifisec-enforcement
Mode
Diag Advanced Wireless Settings
Description
Disable legacy WiFiSec Enforcement support. Example
no wifisec-enforcement
Syntax
wlan reply-wifisec-enforcement
Mode
Diag Advanced Wireless Settings
Description
Enable applying WiFi security enforcement on reply traffic from WLAN to any other zone. Example
wlan reply-wifisec-enforcement
Syntax
no wlan reply-wifisec-enforcement
Mode
Diag Advanced Wireless Settings
Description
Disable applying WiFi security enforcement on reply traffic from WLAN to any other zone. Example
no wlan reply-wifisec-enforcement
Syntax
wlan dp-core-processing
Mode
Diag Advanced Wireless Settings
Description
Enable WLAN traffic DP core processing capability. Example
wlan dp-core-processing
Syntax
no wlan dp-core-processing
Mode
Diag Advanced Wireless Settings
Description
Disable WLAN traffic DP core processing capability. Example
no wlan dp-core-processing
Syntax
wlan broadcast-communication
Mode
Diag Advanced Wireless Settings
Description
Enable intra-WLAN Zone communication for broadcast packet. Example
wlan broadcast-communication
Syntax
no wlan broadcast-communication
Mode
Diag Advanced Wireless Settings
Description
Disable intra-WLAN Zone communication for broadcast packet. Example
no wlan broadcast-communication
Syntax
wlan bypass-gateway-firewalling
Mode
Diag Advanced Wireless Settings
Description
Enable local wireless zone traffic to bypass gateway firewalling. Example
wlan bypass-gateway-firewalling
Syntax
no wlan bypass-gateway-firewalling
Mode
Diag Advanced Wireless Settings
Description
Disable local wireless zone traffic to bypass gateway firewalling. Example
no wlan bypass-gateway-firewalling
Syntax
sonicpoint ip-address-retaining
Mode
Diag Advanced Wireless Settings
Description
Enable SonicPoint (N) IP address retaining. Example
sonicpoint ip-address-retaining
Syntax
no sonicpoint ip-address-retaining
Mode
Diag Advanced Wireless Settings
Description
Disable SonicPoint (N) IP address retaining. Example
no sonicpoint ip-address-retaining
Syntax
diag advanced tooltip-no-description
Mode
Config
Description
Enable tooltip with no descriptions. Example
diag advanced tooltip-no-description
Syntax
diag no advanced tooltip-no-description
Mode
Config
Description
Disable tooltip with no descriptions. Example
diag no advanced tooltip-no-description
Syntax
diag advanced preference
Mode
Config
Description
Configure advanced diag preference conversion. Example
diag advanced preference
Syntax
launching-conversion-control
Mode
Diag Advanced Preference Conversion
Description
Enable showing control for launching preference conversion window. Example
launching-conversion-control
Syntax
no launching-conversion-control
Mode
Diag Advanced Preference Conversion
Description
Disable showing control for launching preference conversion window. Example
no launching-conversion-control
Syntax
processor-server <HOSTNAME>
Mode
Diag Advanced Preference Conversion
Description
Set Preference Processor server. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
processor-server convert.global.sonicwall.com
Syntax
no processor-server
Mode
Diag Advanced Preference Conversion
Description
Clear Preference Processor server. Example
processor-server convert.global.sonicwall.com
Syntax
secure-http-to-processor
Mode
Diag Advanced Preference Conversion
Description
Enable using Secure HTTP to connect to Preference Processor Server. Example
secure-http-to-processor
Syntax
no secure-http-to-processor
Mode
Diag Advanced Preference Conversion
Description
Disable using Secure HTTP to connect to Preference Processor Server. Example
no secure-http-to-processor
Syntax
site-relative-directory <WORD>
Mode
Diag Advanced Preference Conversion
Description
Set Site Relative Directory. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
site-relative-directory "/popup"
Syntax
no site-relative-directory
Mode
Diag Advanced Preference Conversion
Description
Clear Site Relative Directory. Example
no site-relative-directory
Syntax
check-when-importing
Mode
Diag Advanced Preference Conversion
Description
Enable checking when importing settings. Example
check-when-importing
Syntax
no check-when-importing
Mode
Diag Advanced Preference Conversion
Description
Disable checking when importing settings. Example
no check-when-importing
Syntax
diag advanced anti-spam
Mode
Config
Description
Configure advanced diag Anti-Spam. Example
diag advanced anti-spam
Syntax
syn-flood-protection
Mode
Diag Advanced Anti-Spam
Description
Enable SYN Flood Protection for Anti-Spam-related connections. Example
syn-flood-protection
Syntax
no syn-flood-protection
Mode
Diag Advanced Anti-Spam
Description
Disable SYN Flood Protection for Anti-Spam-related connections. Example
no syn-flood-protection
Syntax
outbound-smtp-grid-ip
Mode
Diag Advanced Anti-Spam
Description
Enable GRID IP reputation checking for Outbound SMTP connections. Example
outbound-smtp-grid-ip
Syntax
no outbound-smtp-grid-ip
Mode
Diag Advanced Anti-Spam
Description
Disable GRID IP reputation checking for Outbound SMTP connections. Example
no outbound-smtp-grid-ip
Syntax
disabling-custom-email
Mode
Diag Advanced Anti-Spam
Description
Enable disabling of custom user email policies when Anti-spam is enabled. Example
disabling-custom-email
Syntax
no disabling-custom-email
Mode
Diag Advanced Anti-Spam
Description
Disable disabling of custom user email policies when Anti-spam is enabled. Example
no disabling-custom-email
Syntax
limited-admin-configuration
Mode
Diag Advanced Anti-Spam
Description
Enable allowing Limited Admin users to configure Anti-Spam Service. Example
limited-admin-configuration
Syntax
no limited-admin-configuration
Mode
Diag Advanced Anti-Spam
Description
Disable allowing Limited Admin users to configure Anti-Spam Service. Example
no limited-admin-configuration
Syntax
shlo-check
Mode
Diag Advanced Anti-Spam
Description
Enable SHLO Check when Junk Store is unavailable (while Email Security is operational). Example
shlo-check
Syntax
no shlo-check
Mode
Diag Advanced Anti-Spam
Description
Disable SHLO Check when Junk Store is unavailable (while Email Security is operational). Example
no shlo-check
Syntax
clear statistics
Mode
Diag Advanced Anti-Spam
Description
Clear statistics. Example
clear statistics
Syntax
reset grid-name-cache
Mode
Diag Advanced Anti-Spam
Description
Reset GRID Name Cache. Example
reset grid-name-cache
Syntax
no policies-and-objects
Mode
Diag Advanced Anti-Spam
Description
Deletes Policies and Objects. Example
no policies-and-objects
Syntax
diag advanced email-detection
Mode
Config
Description
Enable Email System Detection. Example
diag advanced email-detection
Syntax
diag no advanced email-detection
Mode
Config
Description
Disable Email System Detection. Example
diag no advanced email-detection
Syntax
diag advanced remote-assistance
Mode
Config
Description
Enable Remote Assistance. Example
diag advanced remote-assistance
Syntax
diag no advanced remote-assistance
Mode
Config
Description
Disable Remote Assistance. Example
diag no advanced remote-assistance
Syntax
diag advanced sslvpn
Mode
Config
Description
Configure advanced diag SSL-VPN settings. Example
diag advanced sslvpn
Syntax
netextender-version <WORD>
Mode
Diag Advanced SSL-VPN Settings
Description
Set NetExtender(for Windows) Version. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
netextender-version TBD
Syntax
no netextender-version
Mode
Diag Advanced SSL-VPN Settings
Description
Clear NetExtender(for Windows) Version. Example
no netextender-version TBD
Syntax
diag advanced branding
Mode
Config
Description
Enable branding. Example
diag advanced branding
Syntax
diag no advanced branding
Mode
Config
Description
Disable branding. Example
diag no advanced branding
Syntax
diag advanced backend-server
Mode
Config
Description
Configure advanced diag Backend servers settings. Example
diag advanced backend-server
Syntax
enable
Mode
Diag Advanced Backend Server Settings
Description
Enable communication with SonicWALL Backend servers. Example
enable
Syntax
no enable
Mode
Diag Advanced Backend Server Settings
Description
Disable communication with SonicWALL Backend servers. Example
no enable
Syntax
force-through { any | interface <IF_ASSIGNED_NAME> }
Mode
Diag Advanced Backend Server Settings
Description
Set interface to force communication with SonicWALL Backend servers going through. Options
| |
|---|
| any | Any interface. |
| |
|---|
| interface | Set interface. |
|
<IF_ASSIGNED_NAME>
|
Interface name.
Example: X0 |
Example
force-through interface X1
Syntax
diag advanced visualization-proxy
Mode
Config
Description
Configure advanced diag Visualization Proxy to Remote Server. Example
diag advanced visualization-proxy
Syntax
enable
Mode
Diag Advanced Visualization Proxy to Remote Server
Description
Enable Visualization Proxy to Remote Server. Example
enable
Syntax
no enable
Mode
Diag Advanced Visualization Proxy to Remote Server
Description
Disable Visualization Proxy to Remote Server. Example
no enable
Syntax
remote-server <IPV4_HOST>
Mode
Diag Advanced Visualization Proxy to Remote Server
Description
Set the Visualization Remote Server Address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
remote-server 204.212.170.189
Syntax
no remote-server
Mode
Diag Advanced Visualization Proxy to Remote Server
Description
Clear the Visualization Remote Server Address. Example
no remote-server
Syntax
diag advanced flow-reporting
Mode
Config
Description
Configure advanced diag Flow Reporting. Example
diag advanced flow-reporting
Syntax
remote-geoip-server { always | failed-resolution } [ default | ip <IPV4_HOST> ]
Mode
Diag Advanced Flow Reporting
Description
Set location of remote GeoIP Server address. Options
| |
|---|
| always | Always use this IP for geoipdata.global.sonicwall.com. |
| |
|---|
| failed-resolution | Use if geoipdata.global.sonicwall.com does not resolve. |
| |
|---|
| default | Set the IP address to the default setting. |
| |
|---|
| ip | Specify the IP address. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
remote-geoip-server failed-resolution 204.212.170.189
Syntax
clear location-map
Mode
Diag Advanced Flow Reporting
Description
Clear Location Map Database. Example
clear location-map
Syntax
export-raw-database
Mode
Diag Advanced Flow Reporting
Description
Enable Export of Raw Flow-related Database Table Entries. Example
export-raw-database
Syntax
no export-raw-database
Mode
Diag Advanced Flow Reporting
Description
Disable Export of Raw Flow-related Database Table Entries. Example
no export-raw-database
Syntax
sql-console
Mode
Diag Advanced Flow Reporting
Description
Enable SQL Console in System > Diagnostics page. Example
sql-console
Syntax
no sql-console
Mode
Diag Advanced Flow Reporting
Description
Disable SQL Console in System > Diagnostics page. Example
no sql-console
Syntax
appflow-monitor-browser-frame-launch
Mode
Diag Advanced Flow Reporting
Description
Enable launching of AppFlow Monitor in a stand-alone browser frame. Example
appflow-monitor-browser-frame-launch
Syntax
no appflow-monitor-browser-frame-launch
Mode
Diag Advanced Flow Reporting
Description
Disable launching of AppFlow Monitor in a stand-alone browser frame. Example
no appflow-monitor-browser-frame-launch
Syntax
non-admin-visualization
Mode
Diag Advanced Flow Reporting
Description
Enable Visualization UI for Non-Admin/Config users. Example
non-admin-visualization
Syntax
no non-admin-visualization
Mode
Diag Advanced Flow Reporting
Description
Disable Visualization UI for Non-Admin/Config users. Example
no non-admin-visualization
Syntax
appflow report-on-close
Mode
Diag Advanced Flow Reporting
Description
Enable reporting flows to AppFlow Server only on CLOSE. Example
appflow report-on-close
Syntax
no appflow report-on-close
Mode
Diag Advanced Flow Reporting
Description
Disable reporting flows to AppFlow Server only on CLOSE. Example
no appflow-report-on-close
Syntax
database-busy-timeout <UINT32>
Mode
Diag Advanced Flow Reporting
Description
Set database busy timeout in msec. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
database-busy-timeout 3000
Syntax
no database-busy-timeout
Mode
Diag Advanced Flow Reporting
Description
Clear database busy timeout in msec. Example
no database-busy-timeout
Syntax
appflow reporting-upload-timeout <UINT8>
Mode
Diag Advanced Flow Reporting
Description
AppFlow Report Upload Timeout in sec. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
appflow reporting-upload-timeout 30
Syntax
clear database-tables
Mode
Diag Advanced Flow Reporting
Description
Clear Appflow database tables. Example
clear database-tables
Syntax
diag advanced control-plane
Mode
Config
Description
Configure Control Plane (CP) Master/Slaves Monitoring and Diagnostics. Example
diag advanced control-plane
Syntax
slave-monitoring-ips [ cp1 <IPV4_HOST> ] [ cp2 <IPV4_HOST> ]
Mode
Diag Advanced Control Plane Master/Slaves Monitoring and Diagnostics
Description
Enable Slave CP Monitoring IPs. Options
| cp1 | Set Slave CP1 Monitoring IP. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| cp2 | Set Slave CP1 Monitoring IP. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
slave-monitoring-ips
Syntax
no slave-monitoring-ips
Mode
Diag Advanced Control Plane Master/Slaves Monitoring and Diagnostics
Description
Disable Slave CP Monitoring IPs. Example
no slave-monitoring-ips
Syntax
show vpn [ { { tunnel <VPN_POLICY_NAME> | tunnels } [ ike | ipsec | summary ] } | dhcp-over-vpn [ leases ] | l2tp-server | policies | policy <VPN_POLICY_NAME> ] [ pending-config ]
Mode
All Modes
Description
Show VPN status or configuration. Options
| |
|---|
| |
|---|
| tunnel | Show an active VPN tunnel. |
|
<VPN_POLICY_NAME>
|
VPN Policy name.
Example: Remote Office |
| |
|---|
| tunnels | Show all currently active VPN tunnels. |
| |
|---|
| ike | Show ike sa. |
| |
|---|
| ipsec | Show ipsec sa. |
| |
|---|
| summary | Show vpn sa number. |
| |
|---|
| dhcp-over-vpn | Show DHCP over VPN status or configuration. |
| leases | Show DHCP over VPN leases. |
| |
|---|
| l2tp-server | Show L2TP server configuration. |
| |
|---|
| policies | Show all VPN Policies. |
| |
|---|
| policy | Show a VPN Policy. |
|
<VPN_POLICY_NAME>
|
VPN Policy name.
Example: Remote Office |
| pending-config | Show pending configuration changes. |
Example
show vpn
show vpn tunnels
show vpn tunnel "Remote Office"
show vpn tunnels ipsec
show vpn statistics 0x23ab3456
show vpn dhcp-over-vpn
show vpn dhcp-over-vpn leases
show vpn l2tp-server
show vpn policy "Remote Office"
show vpn policies
Syntax
vpn [ policy { enable <VPN_POLICY_NAME> | group-vpn <VPN_GROUP_POLICY_NAME> | site-to-site <VPN_SITE_POLICY_NAME> | tunnel-interface <VPN_TUNNEL_POLICY_NAME> } ]
Mode
Config
Description
Configure VPN. Options
| policy | Add, Edit or Enable a VPN Policy. |
| |
|---|
| enable | Enable a VPN Policy. |
|
<VPN_POLICY_NAME>
|
VPN Policy name.
Example: Remote Office |
| |
|---|
| group-vpn | Edit Group VPN Policy. |
|
<VPN_GROUP_POLICY_NAME>
|
Group VPN Policy name.
Example: WAN GroupVPN |
| |
|---|
| site-to-site | Add or Edit Site-to-Site VPN Policy. |
|
<VPN_SITE_POLICY_NAME>
|
Site-to-Site VPN Policy name.
Example: Remote Office |
| |
|---|
| tunnel-interface | Add or Edit Tunnel Interface VPN Policy. |
|
<VPN_TUNNEL_POLICY_NAME>
|
Tunnel Interface VPN Policy name.
Example: Remote Office |
Example
vpn
vpn policy site-to-site "Remote Office"
vpn policy group-vpn "WAN GroupVPN"
vpn policy enable "Remote Office"
Syntax
no vpn policy { enable <VPN_POLICY_NAME> | site-to-site <VPN_SITE_POLICY_NAME> | tunnel-interface <VPN_TUNNEL_POLICY_NAME> }
Mode
Config
Description
Delete or Enable a VPN Policy. Options
| |
|---|
| enable | Enable a VPN Policy. |
|
<VPN_POLICY_NAME>
|
VPN Policy name.
Example: Remote Office |
| |
|---|
| site-to-site | Delete Site-to-Site VPN Policy. |
|
<VPN_SITE_POLICY_NAME>
|
Site-to-Site VPN Policy name.
Example: Remote Office |
| |
|---|
| tunnel-interface | Delete Tunnel Interface VPN Policy. |
|
<VPN_TUNNEL_POLICY_NAME>
|
Tunnel Interface VPN Policy name.
Example: Remote Office |
Example
no vpn policy site-to-site "Remote Office"
no vpn policy enable "Remote Office"
Syntax
no vpn policies
Mode
Config
Description
Delete all VPN policies. Example
no vpn policies
Syntax
enable
Mode
VPN
Description
Enable VPN. Example
enable
Syntax
no enable
Mode
VPN
Description
Disable VPN. Example
no enable
Syntax
firewall-identifier <WORD>
Mode
VPN
Description
Configure Unique Firewall Identifier. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
firewall-identifier CorpFirewall
Syntax
no ike-dpd
Mode
VPN
Description
Disable IKE Dead Peer Detection. Example
no ike-dpd
Syntax
ike-dpd
Mode
VPN
Description
Configure IKE Dead Peer Detection. Example
ike-dpd
Syntax
interval <UINT8>
Mode
IKE Dead Peer Detection
Description
Configure Dead Peer Detection Interval. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
interval 60
Syntax
trigger <UINT8>
Mode
IKE Dead Peer Detection
Description
Configure Failure Trigger Level in number of heartbeats. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
trigger 3
Syntax
idle-dpd [ interval <UINT16> ]
Mode
IKE Dead Peer Detection
Description
Enable Dead Peer Detection for Idle VPN sessions. Options
| interval | Dead Peer Detection Interval for Idle VPN sessions in seconds. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
idle-dpd interval 600
Syntax
no idle-dpd
Mode
IKE Dead Peer Detection
Description
Disable Dead Peer Detection for Idle VPN sessions. Example
no idle-dpd
Syntax
frag-packets
Mode
VPN
Description
Enable and configure Fragmented Packet Handling for VPN. Example
frag-packets
Syntax
no frag-packets
Mode
VPN
Description
Disable Fragmented Packet Handling for VPN. Example
no frag-packets
Syntax
ignore-df-bit
Mode
Fragmented Packet Handling
Description
Enable Ignore Don't Fragment Bit. Example
ignore-df-bit
Syntax
no ignore-df-bit
Mode
Fragmented Packet Handling
Description
Disable Ignore Don't Fragment Bit. Example
no ignore-df-bit
Syntax
nat-traversal
Mode
VPN
Description
Enable NAT Traversal. Example
nat-traversal
Syntax
no nat-traversal
Mode
VPN
Description
Disable NAT Traversal. Example
no nat-traversal
Syntax
cleanup-tunnels
Mode
VPN
Description
Enable clean up Active tunnels when Peer Gateway DNS name resolves to a different IP address. Example
cleanup-tunnels
Syntax
no cleanup-tunnels
Mode
VPN
Description
Disable clean up Active tunnels when Peer Gateway DNS name resolves to a different IP address. Example
no cleanup-tunnels
Syntax
preserve-ike-port
Mode
VPN
Description
Enable Preserve IKE Port for Pass Through Connections. Example
preserve-ike-port
Syntax
no preserve-ike-port
Mode
VPN
Description
Disable Preserve IKE Port for Pass Through Connections. Example
no preserve-ike-port
Syntax
no ocsp-checking
Mode
VPN
Description
Disable OCSP Checking. Example
no ocsp-checking
Syntax
ocsp-checking
Mode
VPN
Description
Enable and configure OCSP Checking. Example
ocsp-checking
Syntax
responder-url <WEB_URL>
Mode
OCSP Checking
Description
Configure Responder URL. Options
|
<WEB_URL>
|
URL in the form: http://host/file.
Example: http://www.example.com/products/ |
Example
responder-url http://www.sonicwall.com/ocsp
Syntax
no responder-url
Mode
OCSP Checking
Description
Clear Responder URL. Example
no responder-url
Syntax
traps-on-change
Mode
VPN
Description
Enable VPN Tunnel Traps only when tunnel status changes. Example
traps-on-change
Syntax
no traps-on-change
Mode
VPN
Description
Disable VPN Tunnel Traps only when tunnel status changes. Example
no traps-on-change
Syntax
use-radius { mschap | mschapv2 }
Mode
VPN
Description
Enable use RADIUS in specified mode for XAUTH. Options
| |
|---|
| mschap | Use MSCHAP for RADIUS. |
| |
|---|
| mschapv2 | Use MSCHAPv2 for RADIUS. |
Example
use-radius mschapv2
Syntax
no use-radius
Mode
VPN
Description
Disable use RADIUS for XAUTH. Example
no use-radius
Syntax
ikev2
Mode
VPN
Description
Configure IKEv2. Example
ikev2
Syntax
send-cookie
Mode
IKEv2
Description
Enable Send IKEv2 Cookie Notify. Example
send-cookie
Syntax
no send-cookie
Mode
IKEv2
Description
Disable Send IKEv2 Cookie Notify. Example
no send-cookie
Syntax
proposal dh-group { 1 | 14 | 2 | 5 }
Mode
IKEv2
Description
Configure IKEv2 DH Group. Options
| |
|---|
| 1 | Group 1. |
| |
|---|
| 14 | Group 14. |
| |
|---|
| 2 | Group 2. |
| |
|---|
| 5 | Group 5. |
Example
proposal dh-group 2
Syntax
proposal encryption { aes-128 | aes-192 | aes-256 | des | triple-des }
Mode
IKEv2
Description
Configure IKEv2 encryption algorithm. Options
| |
|---|
| aes-128 | Advanced Encryption Standard (AES) - 128 bit. |
| |
|---|
| aes-192 | Advanced Encryption Standard (AES) - 192 bit. |
| |
|---|
| aes-256 | Advanced Encryption Standard (AES) - 256 bit. |
| |
|---|
| des | Data Encryption Standard (DES). |
| |
|---|
| triple-des | Triple Data Encryption Standard (3DES). |
Example
proposal encryption aes-128
Syntax
proposal authentication { md5 | sha-1 }
Mode
IKEv2
Description
Configure IKEv2 authentication hashing algorithm. Options
| |
|---|
| md5 | Message-Digest algorithm 5 (MD5). |
| |
|---|
| sha-1 | Secure Hash Algorithm 1 (SHA-1). |
Example
proposal authentication md5
Syntax
policy { enable <VPN_POLICY_NAME> | group-vpn <VPN_GROUP_POLICY_NAME> | site-to-site <VPN_SITE_POLICY_NAME> | tunnel-interface <VPN_TUNNEL_POLICY_NAME> }
Mode
VPN
Description
Add, Edit or Enable a VPN Policy. Options
| |
|---|
| enable | Enable a VPN Policy. |
|
<VPN_POLICY_NAME>
|
VPN Policy name.
Example: Remote Office |
| |
|---|
| group-vpn | Edit Group VPN Policy. |
|
<VPN_GROUP_POLICY_NAME>
|
Group VPN Policy name.
Example: WAN GroupVPN |
| |
|---|
| site-to-site | Add or Edit Site-to-Site VPN Policy. |
|
<VPN_SITE_POLICY_NAME>
|
Site-to-Site VPN Policy name.
Example: Remote Office |
| |
|---|
| tunnel-interface | Add or Edit Tunnel Interface VPN Policy. |
|
<VPN_TUNNEL_POLICY_NAME>
|
Tunnel Interface VPN Policy name.
Example: Remote Office |
Example
policy site-to-site "Remote Office"
policy group-vpn "WAN GroupVPN"
policy enable "Remote Office"
Syntax
no policy { enable <VPN_POLICY_NAME> | site-to-site <VPN_SITE_POLICY_NAME> | tunnel-interface <VPN_TUNNEL_POLICY_NAME> }
Mode
VPN
Description
Delete or Enable a VPN Policy. Options
| |
|---|
| enable | Enable a VPN Policy. |
|
<VPN_POLICY_NAME>
|
VPN Policy name.
Example: Remote Office |
| |
|---|
| site-to-site | Delete Site-to-Site VPN Policy. |
|
<VPN_SITE_POLICY_NAME>
|
Site-to-Site VPN Policy name.
Example: Remote Office |
| |
|---|
| tunnel-interface | Delete Tunnel Interface VPN Policy. |
|
<VPN_TUNNEL_POLICY_NAME>
|
Tunnel Interface VPN Policy name.
Example: Remote Office |
Example
no policy site-to-site "Remote Office"
no policy enable "Remote Office"
Syntax
no policies
Mode
VPN
Description
Delete all VPN policies. Example
no policies
Syntax
name <VPN_POLICY_NAME>
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Group VPN
Description
Configure Policy name.
Options
|
<VPN_POLICY_NAME>
|
VPN Policy name.
Example: Remote Office |
Example
name "Remote Office"
Syntax
enable
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Group VPN
Description
Enable VPN Policy.
Example
enable
Syntax
no enable
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Group VPN
Description
Disable VPN Policy.
Example
no enable
Syntax
gateway primary <HOSTNAME>
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Configure the IPsec Gateway Name or Address.
Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
gateway primary 10.10.10.1
Syntax
gateway secondary <HOSTNAME>
Mode
Site to Site VPN Policy
Description
Configure the IPsec Gateway Name or Address. Options
|
<HOSTNAME>
|
Hostname in the form: hostname OR a.b.c.d.
Example: example.com |
Example
gateway secondary 10.10.10.1
Syntax
auth-method { certificate | manual-key | shared-secret }
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Configure VPN Policy authentication method.
Options
| |
|---|
| certificate | IKE using 3rd Party Certificates. |
| |
|---|
| manual-key | Manual key. |
| |
|---|
| shared-secret | IKE using Pre-shared Secret. |
Example
auth-method shared-secret
Syntax
auth-method { certificate | shared-secret }
Mode
Group VPN
Description
Configure VPN Policy authentication method. Options
| |
|---|
| certificate | IKE using 3rd Party Certificates. |
| |
|---|
| shared-secret | IKE using Pre-shared Secret. |
Example
auth-method shared-secret
Syntax
shared-secret <ESP_WORD>
Mode
IKE Preshared Secret
Description
Configure the pre-shared secret. Options
|
<ESP_WORD>
|
Word (4-128 characters) in the form: WORD or \"QUOTED STRING\".
Example: lanabcedf |
Example
shared-secret mysecret
Syntax
no shared-secret
Mode
IKE Preshared Secret
Description
Clear the pre-shared secret. Example
no shared-secret
Syntax
ike-id local { domain-name <VPN_FQDN> | email-address <EMAIL> | ip <IPV4_HOST> | key-id <WORD> | sonicwall-id <WORD> }
Mode
IKE Preshared Secret
Description
Configure local IKE authentication associated identifiers. Options
| |
|---|
| domain-name | Domain name identifier. |
|
<VPN_FQDN>
|
Domain name in the form: aabb.aa.
Example: example.com |
| |
|---|
| email-address | Email address identifier. |
|
<EMAIL>
|
Email in the form: aaaaa@bbb.com.
Example: support@sonicwall.com |
| |
|---|
| ip | IP address identifier. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| key-id | Key ID identifier. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| sonicwall-id | SonicWALL ID identifier. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
ike-id local email-address user@domain.com
Syntax
ike-id peer { domain-name <VPN_FQDN> | email-address <EMAIL> | ip <IPV4_HOST> | key-id <WORD> | sonicwall-id <WORD> }
Mode
IKE Preshared Secret
Description
Configure peer IKE authentication associated identifiers. Options
| |
|---|
| domain-name | Domain name identifier. |
|
<VPN_FQDN>
|
Domain name in the form: aabb.aa.
Example: example.com |
| |
|---|
| email-address | Email address identifier. |
|
<EMAIL>
|
Email in the form: aaaaa@bbb.com.
Example: support@sonicwall.com |
| |
|---|
| ip | IP address identifier. |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
| |
|---|
| key-id | Key ID identifier. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| sonicwall-id | SonicWALL ID identifier. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
ike-id peer email-address user@domain.com
Syntax
certificate <CERT_NAME>
Mode
IKE 3rd Party Certificate
IKE 3rd Party Certificate
Description
Configure the local certificate name.
Options
|
<CERT_NAME>
|
Certificate name.
Example: my_cert |
Example
certificate mycertificate
Syntax
ike-id local { default-id | distinguished-name | domain-name | email-id | ip }
Mode
IKE 3rd Party Certificate
Description
Configure the local identifier. Options
| |
|---|
| default-id | Default ID from the certificate. |
| |
|---|
| distinguished-name | Distinguished name (DN). |
| |
|---|
| domain-name | Domain name (FQDN). |
| |
|---|
| email-id | E-Mail ID (UserFQDN). |
| |
|---|
| ip | IP address (IPV4). |
Example
ike-id local default-id
Syntax
ike-id peer { distinguished-name <DISTINGUISHED_NAME> | domain-name <VPN_FQDN> | email-id <EMAIL> | ip <IPV4_HOST> }
Mode
IKE 3rd Party Certificate
Description
Configure the peer identifier. Options
| |
|---|
| distinguished-name | Distinguished name (DN). |
|
<DISTINGUISHED_NAME>
|
Distinguished name filter in the form: c=*;cn=*;o=*;ou=*; or *.
Example: ou=aaa;c=a;* |
| |
|---|
| domain-name | Domain name (FQDN). |
|
<VPN_FQDN>
|
Domain name in the form: aabb.aa.
Example: example.com |
| |
|---|
| email-id | E-Mail ID (UserFQDN). |
|
<EMAIL>
|
Email in the form: aaaaa@bbb.com.
Example: support@sonicwall.com |
| |
|---|
| ip | IP address (IPV4). |
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
ike-id peer distinguished-name
Syntax
peer id { distinguished-name <DISTINGUISHED_NAME> | domain-name <FQDN_FILTER> | email-id <EMAIL_FILTER> }
Mode
IKE 3rd Party Certificate
Description
Configure the peer identifier type. Options
| |
|---|
| distinguished-name | Distinguished Name. |
|
<DISTINGUISHED_NAME>
|
Distinguished name filter in the form: c=*;cn=*;o=*;ou=*; or *.
Example: ou=aaa;c=a;* |
| |
|---|
| domain-name | Domain Name. |
|
<FQDN_FILTER>
|
Domain name filter in the form: aabb?*-.aa.
Example: aa-bb.cc.dd?aa |
| |
|---|
| email-id | Email ID. |
|
<EMAIL_FILTER>
|
Email filter in the form: aaaaa@bbb.com.
Example: support@sonicwall.com |
Example
peer id-type domain-name example.com
Syntax
peer match-issuer
Mode
IKE 3rd Party Certificate
Description
Enable Allow Only Peer Certificates Signed by Gateway Issuer. Example
peer match-issuer
Syntax
no peer match-issuer
Mode
IKE 3rd Party Certificate
Description
Disable Allow Only Peer Certificates Signed by Gateway Issuer. Example
no peer match-issuer
Syntax
network local { any | dhcp | group <VPN_ADDR_GROUP_NAME> | host <VPN_ADDR_HOST> | name <VPN_ADDR_NAME> | network <VPN_ADDR_NETWORK> <VPN_ADDR_MASK> | range <VPN_ADDR_BEGIN> <VPN_ADDR_END> }
Mode
Site to Site VPN Policy
Description
Configure the local network. Options
| |
|---|
| any | Any local network. |
| |
|---|
| dhcp | Obtain IP addresses using DHCP through this VPN Tunnel. |
| |
|---|
| group | Configure the local network to named address object group. |
|
<VPN_ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Configure the local network to host address. |
|
<VPN_ADDR_HOST>
|
VPN Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Configure the local network to named address object. |
|
<VPN_ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Configure the local network to network address. |
|
<VPN_ADDR_NETWORK>
|
VPN Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<VPN_ADDR_MASK>
|
VPN Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Configure the local network to range of addresses. |
|
<VPN_ADDR_BEGIN>
|
VPN Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<VPN_ADDR_END>
|
VPN Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
network local name LANSubnets
Syntax
no network local
Mode
Site to Site VPN Policy
Description
Clear the local network. Example
no network local
Syntax
network remote { any | dhcp | group <VPN_ADDR_GROUP_NAME> | host <VPN_ADDR_HOST> | name <VPN_ADDR_NAME> | network <VPN_ADDR_NETWORK> <VPN_ADDR_MASK> | range <VPN_ADDR_BEGIN> <VPN_ADDR_END> }
Mode
Site to Site VPN Policy
Description
Configure the remote network. Options
| |
|---|
| any | Use this VPN Tunnel as default route for all Internet traffic. |
| |
|---|
| dhcp | Destination network obtains IP addresses using DHCP through this VPN Tunnel . |
| |
|---|
| group | Configure the remote network to named address object group. |
|
<VPN_ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Configure the remote network to host address. |
|
<VPN_ADDR_HOST>
|
VPN Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Configure the remote network to named Address Object. |
|
<VPN_ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Configure the remote network to network address. |
|
<VPN_ADDR_NETWORK>
|
VPN Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<VPN_ADDR_MASK>
|
VPN Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Configure the remote network to range of addresses. |
|
<VPN_ADDR_BEGIN>
|
VPN Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<VPN_ADDR_END>
|
VPN Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
network remote name RemoteSubnets
Syntax
no network remote
Mode
Site to Site VPN Policy
Description
Clear the remote network. Example
no network remote
Syntax
proposal ike { authentication { { md5 | sha-1 } } | dh-group { { 1 | 14 | 2 | 5 } } | encryption { { aes-128 | aes-192 | aes-256 | des | triple-des } } | exchange { { aggressive | ikev2 | main } } | lifetime <UINT32> }
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Group VPN
Description
Configure VPN policy IKE (phase 1) proposal.
Options
| |
|---|
| authentication | Authentication hashing encryption algorithm. |
| |
|---|
| md5 | Message-Digest algorithm 5 (MD5). |
| |
|---|
| sha-1 | Secure Hash Algorithm 1 (SHA-1). |
| |
|---|
| dh-group | DH Group. |
| |
|---|
| 1 | Group 1. |
| |
|---|
| 14 | Group 14. |
| |
|---|
| 2 | Group 2. |
| |
|---|
| 5 | Group 5. |
| |
|---|
| encryption | Encryption algorithm. |
| |
|---|
| aes-128 | Advanced Encryption Standard (AES) - 128 bit. |
| |
|---|
| aes-192 | Advanced Encryption Standard (AES) - 192 bit. |
| |
|---|
| aes-256 | Advanced Encryption Standard (AES) - 256 bit. |
| |
|---|
| des | Data Encryption Standard (DES). |
| |
|---|
| triple-des | Triple Data Encryption Standard (3DES). |
| |
|---|
| exchange | Exchange. |
| |
|---|
| aggressive | Aggressive mode. |
| |
|---|
| ikev2 | IKEv2 mode. |
| |
|---|
| main | Main mode. |
| |
|---|
| lifetime | Life Time (seconds). |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
proposal ike encryption aes-256
proposal ike authentication sha-1
proposal ike dh-group 2
proposal ike lifetime 3000
Syntax
proposal ipsec { authentication { { md5 | none | sha-1 } } | authentication-key <HEX_STRING64> | dh-group { { 1 | 14 | 2 | 5 | none } } | encryption { { aes-128 | aes-192 | aes-256 | des | none | triple-des } } | encryption-key <HEX_STRING64> | in-spi <HEX_UINT32> | lifetime <UINT32> | out-spi <HEX_UINT32> | protocol { { ah | esp } } }
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Group VPN
Description
Configure VPN policy IPSEC (phase 2) proposal.
Options
| |
|---|
| authentication | Authentication hashing encryption algorithm. |
| |
|---|
| md5 | Message-Digest algorithm 5 (MD5). |
| |
|---|
| none | No authentication. |
| |
|---|
| sha-1 | Secure Hash Algorithm 1 (SHA-1). |
| |
|---|
| authentication-key | Configure authentication key. |
|
<HEX_STRING64>
|
String of hexadecimal (16-64)digits.
Example: 0123456989abcdef |
| |
|---|
| dh-group | DH Group. |
| |
|---|
| 1 | Group 1. |
| |
|---|
| 14 | Group 14. |
| |
|---|
| 2 | Group 2. |
| |
|---|
| 5 | Group 5. |
| |
|---|
| none | Disable Perfect Forward Secrecy. |
| |
|---|
| encryption | Encryption algorithm. |
| |
|---|
| aes-128 | Advanced Encryption Standard (AES) - 128 bit. |
| |
|---|
| aes-192 | Advanced Encryption Standard (AES) - 192 bit. |
| |
|---|
| aes-256 | Advanced Encryption Standard (AES) - 256 bit. |
| |
|---|
| des | Data Encryption Standard (DES). |
| |
|---|
| none | No encryption. |
| |
|---|
| triple-des | Triple Data Encryption Standard (3DES). |
| |
|---|
| encryption-key | Configure encryption key. |
|
<HEX_STRING64>
|
String of hexadecimal (16-64)digits.
Example: 0123456989abcdef |
| |
|---|
| in-spi | Configure incoming SPI. |
|
<HEX_UINT32>
|
Hexadecimal integer in the form: 0xHHHHHHHH.
Example: 0xaa55aa55 |
| |
|---|
| lifetime | Life Time (seconds). |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| |
|---|
| out-spi | Configure outgoing SPI. |
|
<HEX_UINT32>
|
Hexadecimal integer in the form: 0xHHHHHHHH.
Example: 0xaa55aa55 |
| |
|---|
| protocol | Protocol. |
| |
|---|
| ah | Configure AH. |
| |
|---|
| esp | Configure ESP. |
Example
proposal ipsec encryption aes-256
proposal ipsec authentication sha-1
proposal ipsec dh-group 2
proposal ipsec lifetime 3000
Manual Key Only:
proposal ipsec in-spi 0x5d1b19a1
proposal ipsec out-spi 0x88f24984
proposal ipsec encryption-key 5f7cd04166523fd78e56ca9920d9c870d53ed63d92001d4f
proposal ipsec authentication-key 3b1db664fe578ae5fd38d7042e7a106f4c23408a
Syntax
no proposal ipsec { authentication-key | encryption-key }
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Clear VPN policy IPSEC (phase 2) proposal encryption key and authentication key.
Options
| |
|---|
| authentication-key | Configure authentication key. |
| |
|---|
| encryption-key | Configure encryption key. |
Example
no proposal ipsec encryption-key
no proposal ipsec authentication-key
Syntax
client cache-xauth { always | never | single-session }
Mode
Group VPN
Description
Configure Cache XAUTH User Name and Password on Client. Options
| |
|---|
| always | Always cache. |
| |
|---|
| never | No caching. |
| |
|---|
| single-session | Cache for single session. |
Example
client cache-xauth single-session
Syntax
client virtual-adaptor { dhcp-and-manual | dhcp-only | none }
Mode
Group VPN
Description
Configure Virtual Adaptor lease settings. Options
| |
|---|
| dhcp-and-manual | Use DHCP lease or manual configuration. |
| |
|---|
| dhcp-only | Use DHCP lease. |
| |
|---|
| none | None. |
Example
client virtual-adaptor dhcp-only
Syntax
client allow-connections-to { all-secured-gateways | split-tunnels | this-gateway-only }
Mode
Group VPN
Description
Configure what connections to allow to. Options
| |
|---|
| all-secured-gateways | All secured gateways. |
| |
|---|
| split-tunnels | Split Tunnels. |
| |
|---|
| this-gateway-only | This gateway only. |
Example
client allow-connections-to this-gateway-only
Syntax
client default-route { access-list | disable-acl }
Mode
Group VPN
Description
Configure Default Route as this Gateway. Options
| |
|---|
| access-list | Enable Apply VPN Access Control List. |
| |
|---|
| disable-acl | Disable Apply VPN Access Control List. |
Example
client default-route access-list
Syntax
no client default-route
Mode
Group VPN
Syntax
client simple-provisioning
Mode
Group VPN
Description
Enable Use Default Key for Simple Client Provisioning. Example
client simple-provisioning
Syntax
no client simple-provisioning
Mode
Group VPN
Description
Disable Use Default Key for Simple Client Provisioning. Example
no client simple-provisioning
Syntax
keep-alive
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Enable VPN Policy Keep Alive.
Example
keep-alive
Syntax
no keep-alive
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Disable VPN Policy Keep Alive.
Example
no keep-alive
Syntax
suppress-auto-add-rule
Mode
Site to Site VPN Policy
Description
Enable Suppress automatic Access Rules creation for VPN Policy. Example
suppress-auto-add-rule
Syntax
no suppress-auto-add-rule
Mode
Site to Site VPN Policy
Description
Disable Suppress automatic Access Rules creation for VPN Policy. Example
no suppress-auto-add-rule
Syntax
require-xauth <LOCAL_USER_GROUP_NAME>
Mode
Site to Site VPN Policy
Description
Enable XAUTH checking for VPN Policy. Options
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
Example
require-xauth "Everyone"
Syntax
no require-xauth
Mode
Site to Site VPN Policy
Description
Disable Require authentication of VPN clients by XAUTH. Example
no require-xauth
Syntax
allow-advanced-routing
Mode
Tunnel Interface VPN Policy
Description
Enable Allow Advanced Routing. Example
allow-advanced-routing
Syntax
no allow-advanced-routing
Mode
Tunnel Interface VPN Policy
Description
Disable Allow Advanced Routing. Example
no allow-advanced-routing
Syntax
transport-mode
Mode
Tunnel Interface VPN Policy
Description
Enable Transport Mode. Example
transport-mode
Syntax
no transport-mode
Mode
Tunnel Interface VPN Policy
Description
Disable Transport Mode. Example
no transport-mode
Syntax
netbios
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Group VPN
Description
Enable VPN Policy NetBIOS.
Example
netbios
Syntax
no netbios
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Group VPN
Description
Disable VPN Policy NetBIOS.
Example
no nebios
Syntax
multicast
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Group VPN
Description
Enable VPN Policy Multicast.
Example
multicast
Syntax
no multicast
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Group VPN
Description
Disable VPN Policy Multicast.
Example
no multicast
Syntax
apply-nat [ translated-local { group <VPN_ADDR_GROUP_NAME> | host <VPN_ADDR_HOST> | name <VPN_ADDR_NAME> | network <VPN_ADDR_NETWORK> <VPN_ADDR_MASK> | original | range <VPN_ADDR_BEGIN> <VPN_ADDR_END> } ] [ translated-remote { group <VPN_ADDR_GROUP_NAME> | host <VPN_ADDR_HOST> | name <VPN_ADDR_NAME> | network <VPN_ADDR_NETWORK> <VPN_ADDR_MASK> | original | range <VPN_ADDR_BEGIN> <VPN_ADDR_END> } ]
Mode
Site to Site VPN Policy
Description
Enable VPN Policy NAT translation. Options
| translated-local | Translated Local Network. |
| |
|---|
| group | Configure the local network to named address object group. |
|
<VPN_ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Host IP. |
|
<VPN_ADDR_HOST>
|
VPN Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<VPN_ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Network Address. |
|
<VPN_ADDR_NETWORK>
|
VPN Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<VPN_ADDR_MASK>
|
VPN Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| original | Original Translated Local Network. |
| |
|---|
| range | Network Range. |
|
<VPN_ADDR_BEGIN>
|
VPN Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<VPN_ADDR_END>
|
VPN Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| translated-remote | Translated Remote Network. |
| |
|---|
| group | Configure the local network to named address object group. |
|
<VPN_ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Host IP. |
|
<VPN_ADDR_HOST>
|
VPN Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<VPN_ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Network Address. |
|
<VPN_ADDR_NETWORK>
|
VPN Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<VPN_ADDR_MASK>
|
VPN Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| original | Original Translated Remote Network. |
| |
|---|
| range | Network Range. |
|
<VPN_ADDR_BEGIN>
|
VPN Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<VPN_ADDR_END>
|
VPN Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
apply-nat translated-local name "TranslatedLocalAddrs"
apply-nat translated-remote name "TranslatedRemoteAddrs"
Syntax
no apply-nat
Mode
Site to Site VPN Policy
Description
Disable VPN Policy NAT Parameters. Example
no apply-nat
Syntax
no ocsp-checking
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Group VPN
Description
Disable OCSP Checking.
Example
no ocsp-checking
Syntax
ocsp-checking
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Group VPN
Description
Enable and configure OCSP Checking.
Example
ocsp-checking
Syntax
responder-url <WEB_URL>
Mode
OCSP Checking
Description
Configure Responder URL. Options
|
<WEB_URL>
|
URL in the form: http://host/file.
Example: http://www.example.com/products/ |
Example
responder-url http://www.sonicwall.com/ocsp
Syntax
no responder-url
Mode
OCSP Checking
Description
Clear Responder URL. Example
no responder-url
Syntax
management { http | https | ssh }
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Group VPN
Description
Enable Management for VPN Policy.
Options
| |
|---|
| http | Enable HTTP Management for VPN Policy. |
| |
|---|
| https | Enable HTTPS Management for VPN Policy. |
| |
|---|
| ssh | Enable SSH Management for VPN Policy. |
Example
management https
Syntax
no management { http | https | ssh }
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Group VPN
Description
Disable Management for VPN Policy.
Options
| |
|---|
| http | Disable HTTP Management for VPN Policy. |
| |
|---|
| https | Disable HTTPS Management for VPN Policy. |
| |
|---|
| ssh | Disable SSH Management for VPN Policy. |
Example
no management https
Syntax
user-login { http | https }
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Enable VPN Policy for User Login.
Options
| |
|---|
| http | Enable VPN Policy for HTTP User Login. |
| |
|---|
| https | Enable VPN Policy for HTTPS User Login. |
Example
user-login http
Syntax
no user-login { http | https }
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Disable VPN Policy for User Login.
Options
| |
|---|
| http | Disable VPN Policy for HTTP User Login. |
| |
|---|
| https | Disable VPN Policy for HTTPS User Login. |
Example
no user-login http
Syntax
default-lan-gateway <IPV4_HOST>
Mode
Site to Site VPN Policy
Group VPN
Description
Configure LAN Default Gateway.
Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
default-lan-gateway 192.168.168.1
Syntax
no default-lan-gateway
Mode
Site to Site VPN Policy
Group VPN
Description
Clear LAN Default Gateway.
Example
no default-lan-gateway
Syntax
bound-to { interface <IF_ASSIGNED_NOMGMT_NAME> | zone <WAN_ZONE_NAME> }
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Configure VPN Policy Bound To.
Options
| |
|---|
| interface | Bound to interface. |
|
<IF_ASSIGNED_NOMGMT_NAME>
|
Interface name.
Example: X0 |
| |
|---|
| zone | Bound to Zone. |
|
<WAN_ZONE_NAME>
|
Zone object name.
Example: LAN |
Example
bound-to interface X1
Syntax
group { 1 | 2 | 3 | 4 }
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Configure VPN Policy Group.
Options
| |
|---|
| 1 | Bound to Group 1. |
| |
|---|
| 2 | Bound to Group 2. |
| |
|---|
| 3 | Bound to Group 3. |
| |
|---|
| 4 | Bound to Group 4. |
Example
group 1
Syntax
preempt-secondary-gateway <UINT32>
Mode
Site to Site VPN Policy
Description
Enable Preempt Secondary Gateway and set Primary Gateway Detection Interval (seconds). Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
preempt-secondary-gateway 28800
Syntax
no preempt-secondary-gateway
Mode
Site to Site VPN Policy
Description
Disable Preempt Secondary Gateway. Example
no preempt-secondary-gateway
Syntax
client-authentication { allow-unauthenticated { { group <VPN_ADDR_GROUP_NAME> | host <VPN_ADDR_HOST> | name <VPN_ADDR_NAME> | network <VPN_ADDR_NETWORK> <VPN_ADDR_MASK> | range <VPN_ADDR_BEGIN> <VPN_ADDR_END> } } | require-xauth <LOCAL_USER_GROUP_NAME> }
Mode
Group VPN
Description
Enable XAUTH checking for VPN Policy. Options
| |
|---|
| allow-unauthenticated | Enable Unauthenticated Access for VPN Policy. |
| |
|---|
| group | Configure the remote network to named address object group. |
|
<VPN_ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Host IP. |
|
<VPN_ADDR_HOST>
|
VPN Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<VPN_ADDR_NAME>
|
Address Object name.
Example: Web Server |
| |
|---|
| network | Network Address. |
|
<VPN_ADDR_NETWORK>
|
VPN Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<VPN_ADDR_MASK>
|
VPN Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Network Range. |
|
<VPN_ADDR_BEGIN>
|
VPN Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<VPN_ADDR_END>
|
VPN Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
| |
|---|
| require-xauth | Enable XAUTH checking for VPN Policy. |
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
Example
client-authentication require-xauth "Everyone"
Syntax
suppress-trigger-packet
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Do not send trigger packet during IKE SA negotiation for IKEv2.
Example
suppress-trigger-packet
Syntax
no suppress-trigger-packet
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Send trigger packet during IKE SA negotiation for IKEv2.
Example
no suppress-trigger-packet
Syntax
accept-hash
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Accept Hash & URL Certificate Type for IKEv2.
Example
accept-hash
Syntax
no accept-hash
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Do not accept Hash & URL Certificate Type for IKEv2.
Example
no accept-hash
Syntax
send-hash <WEB_URL>
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Enable Send Hash & URL Certificate Type for IKEv2 and specify url.
Options
|
<WEB_URL>
|
URL in the form: http://host/file.
Example: http://www.example.com/products/ |
Example
send-hash <ikev2CertUrl>
Syntax
no send-hash
Mode
Site to Site VPN Policy
Tunnel Interface VPN Policy
Description
Do not send Hash & URL Certificate Type for IKEv2.
Example
no send-hash
Syntax
show intrusion-prevention [ categories | category { id <IPS_CATEGORY_ID> | name <IPS_CATEGORY_NAME> } | exclusion-list | policies | policy <WORD> | status ] [ { custom | default } ] [ pending-config ]
Mode
All Modes
Description
Show Intrusion Prevention configuration. Options
| |
|---|
| categories | Show Intrusion Prevention categories. |
| |
|---|
| category | Show Intrusion Prevention category. |
| |
|---|
| id | Category ID. |
|
<IPS_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<IPS_CATEGORY_NAME>
|
Category name.
Example: ACTIVEX |
| |
|---|
| exclusion-list | Show Intrusion Prevention exclusion list. |
| |
|---|
| policies | Show Intrusion Prevention policies. |
| |
|---|
| policy | Show Intrusion Prevention policy. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| status | Show Intrusion Prevention status. |
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| pending-config | Show pending configuration changes. |
Example
show intrusion-prevention
Syntax
intrusion-prevention
Mode
Config
Description
Enter Intrusion Prevention Configuration Mode. Example
intrusion-prevention
Syntax
update-signatures
Mode
IPS
Description
Update signature database. Example
update-signatures
Syntax
enable
Mode
IPS
Description
Enable Intrusion Prevention. Example
enable
Syntax
no enable
Mode
IPS
Description
Disable Intrusion Prevention. Example
no enable
Syntax
signature-group high-priority { detect-all | log-redundancy <UINT32> | prevent-all }
Mode
IPS
Description
Enable signature group high priority detection and log redundancy. Options
| |
|---|
| detect-all | Detect All. |
| |
|---|
| log-redundancy | Set Log Redundancy in seconds. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| |
|---|
| prevent-all | Prevent All. |
Example
signature-group high-priority prevent-all
signature-group high-priority log-redundancy 60
Syntax
signature-group medium-priority { detect-all | log-redundancy <UINT32> | prevent-all }
Mode
IPS
Description
Enable signature group medium priority detection and log redundancy. Options
| |
|---|
| detect-all | Detect All. |
| |
|---|
| log-redundancy | Set Log Redundancy in seconds. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| |
|---|
| prevent-all | Prevent All. |
Example
signature-group medium-priority prevent-all
signature-group medium-priority log-redundancy 60
Syntax
signature-group low-priority { detect-all | log-redundancy <UINT32> | prevent-all }
Mode
IPS
Description
Enable signature group low priority detection and log redundancy. Options
| |
|---|
| detect-all | Detect All. |
| |
|---|
| log-redundancy | Set Log Redundancy in seconds. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| |
|---|
| prevent-all | Prevent All. |
Example
signature-group low-priority prevent-all
signature-group low-priority log-redundancy 60
Syntax
no signature-group high-priority { detect-all | log-redundancy | prevent-all }
Mode
IPS
Description
Disable signature group high priority detection and log redundancy. Options
| |
|---|
| detect-all | Detect All. |
| |
|---|
| log-redundancy | Clear Log Redundancy. |
| |
|---|
| prevent-all | Prevent All. |
Example
no signature-group high-priority prevent-all
no signature-group high-priority log-redundancy
Syntax
no signature-group medium-priority { detect-all | log-redundancy | prevent-all }
Mode
IPS
Description
Disable signature group medium priority detection and log redundancy. Options
| |
|---|
| detect-all | Detect All. |
| |
|---|
| log-redundancy | Clear Log Redundancy. |
| |
|---|
| prevent-all | Prevent All. |
Example
no signature-group medium-priority prevent-all
no signature-group medium-priority log-redundancy
Syntax
no signature-group low-priority { detect-all | log-redundancy | prevent-all }
Mode
IPS
Description
Disable signature group low priority detection and log redundancy. Options
| |
|---|
| detect-all | Detect All. |
| |
|---|
| log-redundancy | Clear Log Redundancy. |
| |
|---|
| prevent-all | Prevent All. |
Example
no signature-group low-priority prevent-all
no signature-group low-priority log-redundancy
Syntax
reset-settings
Mode
IPS
Description
Reset Intrusion Prevention Settings to default. Example
reset-settings
Syntax
category { id <IPS_CATEGORY_ID> | name <IPS_CATEGORY_NAME> }
Mode
IPS
Description
Enter configuration mode for the specified IPS Category. Options
| |
|---|
| id | Category ID. |
|
<IPS_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<IPS_CATEGORY_NAME>
|
Category name.
Example: ACTIVEX |
Example
category name "BACKDOOR"
Syntax
exclusion list
Mode
IPS
Description
Enable Intrusion Prevention List. Example
exclusion list
Syntax
no exclusion list
Mode
IPS
Description
Disable Intrusion Prevention Exclusion List. Example
no exclusion list
Syntax
exclusion entry <IPS_EXCLUSION_BEGIN_IPV4_HOST> <IPS_EXCLUSION_END_IPV4_HOST>
Mode
IPS
Description
Add Intrusion Prevention Exclusion List entry. Options
|
<IPS_EXCLUSION_BEGIN_IPV4_HOST>
|
IPS Exclusion List entry begin IPV4 in the form: D.D.D.D.
Example: 10.10.10.1 |
|
<IPS_EXCLUSION_END_IPV4_HOST>
|
IPS Exclusion List entry end IPV4 in the form: D.D.D.D.
Example: 10.10.10.10 |
Example
exclusion entry 10.10.10.1 10.10.10.10
Syntax
no exclusion entry <IPS_EXCLUSION_BEGIN_IPV4_HOST> <IPS_EXCLUSION_END_IPV4_HOST>
Mode
IPS
Description
Delete Intrusion Prevention Exclusion List entry. Options
|
<IPS_EXCLUSION_BEGIN_IPV4_HOST>
|
IPS Exclusion List entry begin IPV4 in the form: D.D.D.D.
Example: 10.10.10.1 |
|
<IPS_EXCLUSION_END_IPV4_HOST>
|
IPS Exclusion List entry end IPV4 in the form: D.D.D.D.
Example: 10.10.10.10 |
Example
no exclusion entry 10.10.10.1 10.10.10.10
Syntax
no exclusion entries
Mode
IPS
Description
Delete all Intrusion Prevention Exclusion List entries. Example
no exclusion entries
Syntax
policy category { id <IPS_CATEGORY_ID> | name <IPS_CATEGORY_NAME> } signature { id <IPS_POLICY_ID> | name <IPS_POLICY_NAME> }
Mode
IPS
Description
Enter configuration mode for the specified IPS Policy. Options
| category | Category. |
| |
|---|
| id | Category ID. |
|
<IPS_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<IPS_CATEGORY_NAME>
|
Category name.
Example: ACTIVEX |
| signature | Signature. |
| |
|---|
| id | Signature ID. |
|
<IPS_POLICY_ID>
|
Policy ID.
Example: 1234 |
| |
|---|
| name | Signature name. |
|
<IPS_POLICY_NAME>
|
Policy name.
Example: ActivePDF WebGrabber ActiveX Instantiation |
Example
policy category name "ActivePDF WebGrabber ActiveX Instantiation"
Syntax
name <WORD>
Mode
IPS Category
Description
Category name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name ACTIVEX
Syntax
id <UINT32>
Mode
IPS Category
Description
Category ID. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
id 8
Syntax
prevention { disable | enable | global-setting }
Mode
IPS Category
Description
Set Prevention for IPS Category. Options
| |
|---|
| disable | Disable. |
| |
|---|
| enable | Enable. |
| |
|---|
| global-setting | Use Global Setting. |
Example
prevention enable
Syntax
detection { disable | enable | global-setting }
Mode
IPS Category
Description
Set Detection for IPS Category. Options
| |
|---|
| disable | Enable. |
| |
|---|
| enable | Enable. |
| |
|---|
| global-setting | Use Global Setting. |
Example
detection enable
Syntax
included users { administrator | all | group <LOCAL_USER_GROUP_NAME> | guests | name <LOCAL_USER_NAME> }
Mode
IPS Category
Description
Set Included Users/Groups. Options
| |
|---|
| administrator | Built-in administrator. |
| |
|---|
| all | All. |
| |
|---|
| group | Specify local user group. |
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
| |
|---|
| guests | Guests. |
| |
|---|
| name | Specify local user. |
|
<LOCAL_USER_NAME>
|
User object name.
Example: user1 |
Example
included users all
Syntax
excluded users { administrator | group <LOCAL_USER_GROUP_NAME> | guests | name <LOCAL_USER_NAME> | none }
Mode
IPS Category
Description
Set Excluded Users/Groups. Options
| |
|---|
| administrator | Built-in administrator. |
| |
|---|
| group | Specify local user group. |
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
| |
|---|
| guests | Guests. |
| |
|---|
| name | Specify local user. |
|
<LOCAL_USER_NAME>
|
User object name.
Example: user1 |
| |
|---|
| none | None. |
Example
excluded users guests
Syntax
included ip { all | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_RANGE_GROUP> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> }
Mode
IPS Category
Description
Set Included IP address Range. Options
| |
|---|
| all | All. |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Specify name of Range Address Object. |
|
<ADDR_RANGE_GROUP>
|
Address Range Group name.
Example: Public Servers Group |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Specify IP Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
included ip range 10.10.10.1 10.10.10.10
Syntax
excluded ip { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_RANGE_GROUP> | network <ADDR_NETWORK> <ADDR_MASK> | none | range <ADDR_BEGIN> <ADDR_END> }
Mode
IPS Category
Description
Set Excluded IP address Range. Options
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Specify name of Range Address Object. |
|
<ADDR_RANGE_GROUP>
|
Address Range Group name.
Example: Public Servers Group |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| none | None. |
| |
|---|
| range | Specify IP Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
excluded ip range 10.10.10.1 10.10.10.10
Syntax
schedule { always-on | days <SCHED_DAYS> time <SCHED_TIME_BEGIN> <SCHED_TIME_END> | name <SCHED_NAME> }
Mode
IPS Category
Description
Set IPS category schedule. Options
| |
|---|
| always-on | Always on. |
| |
|---|
| days | Schedule Object days. |
|
<SCHED_DAYS>
|
Days of the week in the form: SU-M-T-W-TH-F-SA.
Example: SU-M-TH-SA |
| time | Schedule Object beginning/ending time. |
|
<SCHED_TIME_BEGIN>
|
Time in the form: hh:mm.
Example: 23:59 |
|
<SCHED_TIME_END>
|
Time in the form: hh:mm.
Example: 23:59 |
| |
|---|
| name | Schedule Object name. |
|
<SCHED_NAME>
|
Schedule object name.
Example: Work Hours |
Example
schedule always-on
Syntax
log-redundancy { filter <UINT16> | global-setting }
Mode
IPS Category
Description
Set IPS category log redundancy filter. Options
| |
|---|
| filter | Set log redundancy filter in seconds. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
| |
|---|
| global-setting | Use Global Setting. |
Example
log-redundancy filter 45
Syntax
prevention { category-setting | disable | enable }
Mode
IPS Policy
Description
Set Prevention for IPS Policy. Options
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| disable | Enable. |
| |
|---|
| enable | Enable. |
Example
prevention enable
Syntax
detection { category-setting | disable | enable }
Mode
IPS Policy
Description
Set Detection for IPS Policy. Options
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| disable | Enable. |
| |
|---|
| enable | Enable. |
Example
detection enable
Syntax
included users { administrator | all | category-setting | group <LOCAL_USER_GROUP_NAME> | guests | name <LOCAL_USER_NAME> }
Mode
IPS Policy
Description
Set Included Users/Groups. Options
| |
|---|
| administrator | Built-in administrator. |
| |
|---|
| all | All. |
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| group | Specify local user group. |
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
| |
|---|
| guests | Guests. |
| |
|---|
| name | Specify local user. |
|
<LOCAL_USER_NAME>
|
User object name.
Example: user1 |
Example
included users all
Syntax
excluded users { administrator | category-setting | group <LOCAL_USER_GROUP_NAME> | guests | name <LOCAL_USER_NAME> | none }
Mode
IPS Policy
Description
Set Excluded Users/Groups. Options
| |
|---|
| administrator | Built-in administrator. |
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| group | Specify local user group. |
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
| |
|---|
| guests | Guests. |
| |
|---|
| name | Specify local user. |
|
<LOCAL_USER_NAME>
|
User object name.
Example: user1 |
| |
|---|
| none | None. |
Example
excluded users guests
Syntax
included ip { all | category-setting | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_RANGE_GROUP> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> }
Mode
IPS Policy
Description
Set Included IP address Range. Options
| |
|---|
| all | All. |
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<ADDR_RANGE_GROUP>
|
Address Range Group name.
Example: Public Servers Group |
| |
|---|
| network | Address Object network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
included ip range 10.10.10.1 10.10.10.10
Syntax
excluded ip { category-setting | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_RANGE_GROUP> | network <ADDR_NETWORK> <ADDR_MASK> | none | range <ADDR_BEGIN> <ADDR_END> }
Mode
IPS Policy
Description
Set Excluded IP address Range. Options
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<ADDR_RANGE_GROUP>
|
Address Range Group name.
Example: Public Servers Group |
| |
|---|
| network | Address Object network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| none | None. |
| |
|---|
| range | Address Object range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
excluded ip range 10.10.10.1 10.10.10.10
Syntax
schedule { always-on | category-setting | days <SCHED_DAYS> time <SCHED_TIME_BEGIN> <SCHED_TIME_END> | name <SCHED_NAME> }
Mode
IPS Policy
Description
Set IPS category schedule. Options
| |
|---|
| always-on | Always on. |
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| days | Schedule Object days. |
|
<SCHED_DAYS>
|
Days of the week in the form: SU-M-T-W-TH-F-SA.
Example: SU-M-TH-SA |
| time | Schedule Object beginning/ending time. |
|
<SCHED_TIME_BEGIN>
|
Time in the form: hh:mm.
Example: 23:59 |
|
<SCHED_TIME_END>
|
Time in the form: hh:mm.
Example: 23:59 |
| |
|---|
| name | Schedule Object name. |
|
<SCHED_NAME>
|
Schedule object name.
Example: Work Hours |
Example
schedule always-on
Syntax
log-redundancy { category-setting | filter <UINT16> }
Mode
IPS Policy
Description
Set IPS category log redundancy filter. Options
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| filter | Set log redundancy filter in seconds. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
log-redundancy filter 45
Syntax
show gateway-antivirus [ exclusion-list | signatures | status ] [ { custom | default } ] [ pending-config ]
Mode
All Modes
Description
Show Gateway Anti-Virus configuration. Options
| |
|---|
| exclusion-list | Show Gateway Anti-Virus exclusion list. |
| |
|---|
| signatures | Show Gateway Anti-Virus signatures. |
| |
|---|
| status | Show Gateway Anti-Virus status. |
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| pending-config | Show pending configuration changes. |
Example
show gateway-antivirus
Syntax
gateway-antivirus
Mode
Config
Description
Enter Gateway Anti-Virus Configuration Mode. Example
gateway-antivirus
Syntax
update-signatures
Mode
Gateway Anti-Virus
Description
Update signature database. Example
update-signatures
Syntax
enable [ signature { id <GAV_SIG_ID> | name <GAV_SIG_NAME> } ]
Mode
Gateway Anti-Virus
Description
Enable Gateway Anti-Virus service or signature. Options
| signature | Enable signature. |
| |
|---|
| id | Signature ID. |
|
<GAV_SIG_ID>
|
Signature ID.
Example: 1234 |
| |
|---|
| name | Signature name. |
|
<GAV_SIG_NAME>
|
Signature name.
Example: 007SpySoft.G (Trojan) |
Example
enable
enable signature name "180Solutions_6 (Adware)"
Syntax
no enable [ signature { id <GAV_SIG_ID> | name <GAV_SIG_NAME> } ]
Mode
Gateway Anti-Virus
Description
Enable Gateway Anti-Virus service or signature. Options
| signature | Enable signature. |
| |
|---|
| id | Signature ID. |
|
<GAV_SIG_ID>
|
Signature ID.
Example: 1234 |
| |
|---|
| name | Signature name. |
|
<GAV_SIG_NAME>
|
Signature name.
Example: 007SpySoft.G (Trojan) |
Example
no enable
no enable signature name "180Solutions_6 (Adware)"
Syntax
inbound-inspection { cifs-netbios | ftp | http | imap | pop3 | smtp | tcp-stream }
Mode
Gateway Anti-Virus
Description
Enable inbound inspection for the specified protocols. Options
| |
|---|
| cifs-netbios | CIFS/NetBIOS. |
| |
|---|
| ftp | FTP. |
| |
|---|
| http | HTTP. |
| |
|---|
| imap | IMAP. |
| |
|---|
| pop3 | POP3. |
| |
|---|
| smtp | SMTP. |
| |
|---|
| tcp-stream | TCP Stream. |
Example
inbound-inspection http
Syntax
no inbound-inspection { cifs-netbios | ftp | http | imap | pop3 | smtp | tcp-stream }
Mode
Gateway Anti-Virus
Description
Disable inbound inspection for the specified protocols. Options
| |
|---|
| cifs-netbios | CIFS/NetBIOS. |
| |
|---|
| ftp | FTP. |
| |
|---|
| http | HTTP. |
| |
|---|
| imap | IMAP. |
| |
|---|
| pop3 | POP3. |
| |
|---|
| smtp | SMTP. |
| |
|---|
| tcp-stream | TCP Stream. |
Example
no inbound-inspection http
Syntax
outbound-inspection { ftp | http | smtp | tcp-stream }
Mode
Gateway Anti-Virus
Description
Enable outbound inspection for the specified protocols. Options
| |
|---|
| ftp | FTP. |
| |
|---|
| http | HTTP. |
| |
|---|
| smtp | SMTP. |
| |
|---|
| tcp-stream | TCP Stream. |
Example
outbound-inspection http
Syntax
no outbound-inspection { ftp | http | smtp | tcp-stream }
Mode
Gateway Anti-Virus
Description
Disable outbound inspection for the specified protocols. Options
| |
|---|
| ftp | FTP. |
| |
|---|
| http | HTTP. |
| |
|---|
| smtp | SMTP. |
| |
|---|
| tcp-stream | TCP Stream. |
Example
no outbound-inspection http
Syntax
restrict password-protected-zip { cifs-netbios | ftp | http | imap | pop3 | smtp }
Mode
Gateway Anti-Virus
Description
Enable restricting transfer of password-protected ZIP files for the specified protocols. Options
| |
|---|
| cifs-netbios | CIFS/NetBIOS. |
| |
|---|
| ftp | FTP. |
| |
|---|
| http | HTTP. |
| |
|---|
| imap | IMAP. |
| |
|---|
| pop3 | POP3. |
| |
|---|
| smtp | SMTP. |
Example
restrict password-protected-zip http
Syntax
no restrict password-protected-zip { cifs-netbios | ftp | http | imap | pop3 | smtp }
Mode
Gateway Anti-Virus
Description
Disable restricting transfer of password-protected ZIP files for the specified protocols. Options
| |
|---|
| cifs-netbios | CIFS/NetBIOS. |
| |
|---|
| ftp | FTP. |
| |
|---|
| http | HTTP. |
| |
|---|
| imap | IMAP. |
| |
|---|
| pop3 | POP3. |
| |
|---|
| smtp | SMTP. |
Example
no restrict password-protected-zip http
Syntax
restrict ms-office-macros { cifs-netbios | ftp | http | imap | pop3 | smtp }
Mode
Gateway Anti-Virus
Description
Enable restricting transfer of MS-Office type files containing macros (VBA 5 and above). Options
| |
|---|
| cifs-netbios | CIFS/NetBIOS. |
| |
|---|
| ftp | FTP. |
| |
|---|
| http | HTTP. |
| |
|---|
| imap | IMAP. |
| |
|---|
| pop3 | POP3. |
| |
|---|
| smtp | SMTP. |
Example
restrict ms-office-macros http
Syntax
no restrict ms-office-macros { cifs-netbios | ftp | http | imap | pop3 | smtp }
Mode
Gateway Anti-Virus
Description
Disable restricting transfer of MS-Office type files containing macros (VBA 5 and above) for the specified protocols. Options
| |
|---|
| cifs-netbios | CIFS/NetBIOS. |
| |
|---|
| ftp | FTP. |
| |
|---|
| http | HTTP. |
| |
|---|
| imap | IMAP. |
| |
|---|
| pop3 | POP3. |
| |
|---|
| smtp | SMTP. |
Example
no restrict ms-office-macros http
Syntax
restrict packed-executables { cifs-netbios | ftp | http | imap | pop3 | smtp }
Mode
Gateway Anti-Virus
Description
Enable restricting transfer of packed executable files (UPX, FSG, etc.) for the specified protocols. Options
| |
|---|
| cifs-netbios | CIFS/NetBIOS. |
| |
|---|
| ftp | FTP. |
| |
|---|
| http | HTTP. |
| |
|---|
| imap | IMAP. |
| |
|---|
| pop3 | POP3. |
| |
|---|
| smtp | SMTP. |
Example
restrict packed-executables http
Syntax
no restrict packed-executables { cifs-netbios | ftp | http | imap | pop3 | smtp }
Mode
Gateway Anti-Virus
Description
Disable restricting transfer of packed executable files (UPX, FSG, etc.) for the specified protocols. Options
| |
|---|
| cifs-netbios | CIFS/NetBIOS. |
| |
|---|
| ftp | FTP. |
| |
|---|
| http | HTTP. |
| |
|---|
| imap | IMAP. |
| |
|---|
| pop3 | POP3. |
| |
|---|
| smtp | SMTP. |
Example
no restrict packed-executables http
Syntax
reset-settings
Mode
Gateway Anti-Virus
Description
Reset Gateway Anti-Virus Settings to default. Example
reset-settings
Syntax
cloud anti-virus-database
Mode
Gateway Anti-Virus
Description
Enable Cloud Anti-Virus Database. Example
cloud anti-virus-database
Syntax
no cloud anti-virus-database
Mode
Gateway Anti-Virus
Description
Disable Cloud Anti-Virus Database. Example
no cloud anti-virus-database
Syntax
cloud exclusion { id <GAV_SIG_ID> | name <GAV_SIG_NAME> }
Mode
Gateway Anti-Virus
Description
Add a Cloud Anti-Virus Database exclusion. Options
| |
|---|
| id | Signature ID. |
|
<GAV_SIG_ID>
|
Signature ID.
Example: 1234 |
| |
|---|
| name | Signature name. |
|
<GAV_SIG_NAME>
|
Signature name.
Example: 007SpySoft.G (Trojan) |
Example
cloud exclusion id 1345342
Syntax
no cloud exclusion { id <GAV_SIG_ID> | name <GAV_SIG_NAME> }
Mode
Gateway Anti-Virus
Description
Remove a Cloud Anti-Virus Database exclusion. Options
| |
|---|
| id | Signature ID. |
|
<GAV_SIG_ID>
|
Signature ID.
Example: 1234 |
| |
|---|
| name | Signature name. |
|
<GAV_SIG_NAME>
|
Signature name.
Example: 007SpySoft.G (Trojan) |
Example
no cloud exclusion id 1345342
Syntax
no cloud exclusions
Mode
Gateway Anti-Virus
Description
Delete all Cloud Anti-Virus Database exclusions. Example
no cloud exclusions
Syntax
smtp-responses
Mode
Gateway Anti-Virus
Description
Enable SMTP responses. Example
smtp-responses
Syntax
no smtp-responses
Mode
Gateway Anti-Virus
Description
Disable SMTP responses. Example
no smtp-responses
Syntax
eicar-detection
Mode
Gateway Anti-Virus
Description
Enable detection of EICAR test virus. Example
eicar-detection
Syntax
no eicar-detection
Mode
Gateway Anti-Virus
Description
Disable detection of EICAR test virus. Example
no eicar-detection
Syntax
http-byte-range
Mode
Gateway Anti-Virus
Description
Enable HTTP Byte-Range requests with Gateway AV. Example
http-byte-range
Syntax
no http-byte-range
Mode
Gateway Anti-Virus
Description
Disable HTTP Byte-Range requests with Gateway AV. Example
no http-byte-range
Syntax
ftp-rest
Mode
Gateway Anti-Virus
Description
Enable FTP 'REST' requests with Gateway AV. Example
ftp-rest
Syntax
no ftp-rest
Mode
Gateway Anti-Virus
Description
Disable FTP 'REST' requests with Gateway AV. Example
no ftp-rest
Syntax
scan-high-compression
Mode
Gateway Anti-Virus
Description
Scan parts of files with high compression ratios. Example
scan-high-compression
Syntax
no scan-high-compression
Mode
Gateway Anti-Virus
Description
Do not scan parts of files with high compression ratios. Example
no scan-high-compression
Syntax
http-clientless-notification
Mode
Gateway Anti-Virus
Description
Enable HTTP Clientless Notification Alerts. Example
http-clientless-notification
Syntax
no http-clientless-notification
Mode
Gateway Anti-Virus
Description
Disable HTTP Clientless Notification Alerts. Example
no http-clientless-notification
Syntax
no notification-message
Mode
Gateway Anti-Virus
Description
Clear HTTP Clientless Notification Message to display when blocking. Example
no notification-message
Syntax
notification-message <WORD>
Mode
Gateway Anti-Virus
Description
Set HTTP Clientless Notification Message to display when blocking. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
notification-message "This request is blocked by the SonicWALL Gateway Anti-Virus Service."
Syntax
exclusion list
Mode
Gateway Anti-Virus
Description
Enable Gateway AV Exclusion List. Example
exclusion list
Syntax
no exclusion list
Mode
Gateway Anti-Virus
Description
Disable Gateway AV Exclusion List. Example
no exclusion list
Syntax
exclusion entry <GAV_EXCLUSION_BEGIN_IPV4_HOST> <GAV_EXCLUSION_END_IPV4_HOST>
Mode
Gateway Anti-Virus
Description
Add Gateway AV Exclusion List entry. Options
|
<GAV_EXCLUSION_BEGIN_IPV4_HOST>
|
Gateway AV Exclusion List entry begin IPV4 in the form: D.D.D.D.
Example: 10.10.10.1 |
|
<GAV_EXCLUSION_END_IPV4_HOST>
|
Gateway AV Exclusion List entry end IPV4 in the form: D.D.D.D.
Example: 10.10.10.10 |
Example
exclusion entry 10.10.10.1 10.10.10.10
Syntax
no exclusion entry <GAV_EXCLUSION_BEGIN_IPV4_HOST> <GAV_EXCLUSION_END_IPV4_HOST>
Mode
Gateway Anti-Virus
Description
Delete Gateway AV Exclusion List entry. Options
|
<GAV_EXCLUSION_BEGIN_IPV4_HOST>
|
Gateway AV Exclusion List entry begin IPV4 in the form: D.D.D.D.
Example: 10.10.10.1 |
|
<GAV_EXCLUSION_END_IPV4_HOST>
|
Gateway AV Exclusion List entry end IPV4 in the form: D.D.D.D.
Example: 10.10.10.10 |
Example
no exclusion entry 10.10.10.1 10.10.10.10
Syntax
no exclusion entries
Mode
Gateway Anti-Virus
Description
Delete all Gateway AV Exclusion List entries. Example
no exclusion entries
Syntax
show match-objects [ { custom | default } ] [ pending-config ]
Mode
All Modes
Description
Show all Match Objects. Options
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| pending-config | Show pending configuration changes. |
Example
show match-objects
Syntax
show match-object <MATCH_OBJ_NAME> [ pending-config ]
Mode
All Modes
Description
Show a Match Object. Options
|
<MATCH_OBJ_NAME>
|
Match Object name.
Example: Match FTP |
| pending-config | Show pending configuration changes. |
Example
show match-object "Match FTP"
Syntax
no match-object <MATCH_OBJ_NAME>
Mode
Config
Description
Delete a Match Object. Options
|
<MATCH_OBJ_NAME>
|
Match Object name.
Example: Match FTP |
Example
no match-object "myMatchObject"
Syntax
no match-objects
Mode
Config
Description
Delete all Match Objects. Example
no match-objects
Syntax
match-object <MATCH_OBJ_NAME>
Mode
Config
Description
Add/Edit Match Object and Enter Configuration Mode. Options
|
<MATCH_OBJ_NAME>
|
Match Object name.
Example: Match FTP |
Example
match-object "Denied File Extensions"
Syntax
no type
Mode
Match Object
Example
no type
Syntax
type { activex-class-id | application-category-list | application-list | application-signature-list | cfs-allow-forbidden-list | cfs-category-list | custom | email-body | email-cc | email-from | email-size | email-subject | email-to | file-content | file-extension | file-name | ftp-command | ftp-command-value | http-cookie | http-host | http-referer | http-request-custom-header | http-response-custom-header | http-set-cookie | http-uri-content | http-url | http-user-agent | ips-signature-category-list | ips-signature-list | mime-custom-header | web-browser }
Mode
Match Object
Description
Match Object type. Options
| |
|---|
| activex-class-id | Active X Class ID. |
| |
|---|
| application-category-list | Application category list. |
| |
|---|
| application-list | Application list. |
| |
|---|
| application-signature-list | Application Signature list. |
| |
|---|
| cfs-allow-forbidden-list | CFS allow/forbidden list. |
| |
|---|
| cfs-category-list | CFS category list. |
| |
|---|
| custom | Active X Class ID. |
| |
|---|
| email-body | Email body. |
| |
|---|
| email-cc | Email CC. |
| |
|---|
| email-from | Email from. |
| |
|---|
| email-size | Email size. |
| |
|---|
| email-subject | Email Subject. |
| |
|---|
| email-to | Email to. |
| |
|---|
| file-content | File content. |
| |
|---|
| file-extension | File extension. |
| |
|---|
| file-name | File name. |
| |
|---|
| ftp-command | FTP command |
| |
|---|
| ftp-command-value | FTP Command and Value. |
| |
|---|
| http-cookie | HTTP cookie. |
| |
|---|
| http-host | HttpHost. |
| |
|---|
| http-referer | HTTP referer. |
| |
|---|
| http-request-custom-header | HTTP request custom header. |
| |
|---|
| http-response-custom-header | HTTP response custom header. |
| |
|---|
| http-set-cookie | HTTP set cookie. |
| |
|---|
| http-uri-content | HTTP URI content. |
| |
|---|
| http-url | HTTP URL. |
| |
|---|
| http-user-agent | Http User Agent. |
| |
|---|
| ips-signature-category-list | IPS signature category list. |
| |
|---|
| ips-signature-list | IPS signature list. |
| |
|---|
| mime-custom-header | MIME custom header. |
| |
|---|
| web-browser | Web Browser. |
Example
type email-body
Syntax
name <WORD>
Mode
Match Object
Description
Set Match Object name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name "Denied File Extensions "
Syntax
match-type { exact | partial | prefix | regex | suffix }
Mode
Match Object
Description
Set Match Object match type. Options
| |
|---|
| exact | Exact match. |
| |
|---|
| partial | Partial match. |
| |
|---|
| prefix | Prefix match. |
| |
|---|
| regex | Regular expression match. |
| |
|---|
| suffix | Suffix match. |
Example
match-type exact
Syntax
no match-type
Mode
Match Object
Description
Clear Match Object match type. Example
no match-type
Syntax
enable
Mode
Match Object
Description
Enable custom settings. Example
enable
Syntax
no enable
Mode
Match Object
Description
Disable custom settings. Example
no enable
Syntax
offset <UINT32>
Mode
Match Object
Description
Set offset. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
offset 1
Syntax
no offset
Mode
Match Object
Description
Clear offset. Example
no offset
Syntax
depth <UINT32>
Mode
Match Object
Description
Set depth. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
depth 1
Syntax
no depth
Mode
Match Object
Description
Clear depth. Example
no depth
Syntax
min-size <UINT32>
Mode
Match Object
Description
Set min size. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
min-size 1
Syntax
no min-size
Mode
Match Object
Description
Clear min size. Example
no min-size
Syntax
max-size <UINT32>
Mode
Match Object
Description
Set max size. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
max-size 1
Syntax
no max-size
Mode
Match Object
Description
Clear max size. Example
no max-size
Syntax
negative-matching
Mode
Match Object
Description
Enable negative matching. Example
negative-matching
Syntax
no negative-matching
Mode
Match Object
Description
Disable negative matching. Example
no negative-matching
Syntax
input-representation { alphanumeric | hexadecimal }
Mode
Match Object
Description
Set Match Object input representation. Options
| |
|---|
| alphanumeric | Alphanumeric |
| |
|---|
| hexadecimal | Hexadecimal |
Example
input-representation alphanumeric
Syntax
content-entry <WORD>
Mode
Match Object
Description
Add Match Object content. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
content-entry mpg
Syntax
no content-entry <MATCH_OBJ_CONTENT_ENTRY>
Mode
Match Object
Description
Delete Match Object content. Options
|
<MATCH_OBJ_CONTENT_ENTRY>
|
Match Object content. |
Example
no content-entry mpg
Syntax
no content-entries
Mode
Match Object
Description
Delete all Match Object content. Example
no content-entries
Syntax
browser { chrome | firefox | msie | netscape | safari }
Mode
Match Object
Description
Add Match Object browser. Options
| |
|---|
| chrome | Chrome. |
| |
|---|
| firefox | Firefox. |
| |
|---|
| msie | Internet Explorer. |
| |
|---|
| netscape | Netscape. |
| |
|---|
| safari | Safari. |
Example
browser safari
Syntax
no browser { chrome | firefox | msie | netscape | safari }
Mode
Match Object
Description
Delete Match Object browser. Options
| |
|---|
| chrome | Chrome. |
| |
|---|
| firefox | Firefox. |
| |
|---|
| msie | Internet Explorer. |
| |
|---|
| netscape | Netscape. |
| |
|---|
| safari | Safari. |
Example
no browser safari
Syntax
no browsers
Mode
Match Object
Description
Delete all Match Object browsers. Example
no browsers
Syntax
custom-header <WORD>
Mode
Match Object
Description
Set custom header name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
custom-header "TBD "
Syntax
no custom-header
Mode
Match Object
Description
Clear custom header name. Example
no custom-header
Syntax
email-size <UINT32>
Mode
Match Object
Description
Specify email size in bytes. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
email-size 1000000
Syntax
no email-size
Mode
Match Object
Description
Clear email size. Example
no email-size
Syntax
ftp-command { abort | account | allocate | append | ascii | binary | cd | cdup | delete | get | help | ls | mkdir | mode | modified-time | nlist | noop | passive | password | port | put | pwd | quit | reinitialize | rename-from | rename-to | restart | rmdir | site | size | status | structure | structure-mount | type | user }
Mode
Match Object
Description
Add Match Object FTP command. Options
| |
|---|
| abort | ABORT. |
| |
|---|
| account | ACCOUNT. |
| |
|---|
| allocate | ALLOCATE. |
| |
|---|
| append | APPEND. |
| |
|---|
| ascii | ASCII. |
| |
|---|
| binary | BINARY. |
| |
|---|
| cd | CD. |
| |
|---|
| cdup | CDUP. |
| |
|---|
| delete | DELETE. |
| |
|---|
| get | GET. |
| |
|---|
| help | HELP. |
| |
|---|
| ls | LS. |
| |
|---|
| mkdir | MKDIR. |
| |
|---|
| mode | MODE. |
| |
|---|
| modified-time | MODIFIED_TIME. |
| |
|---|
| nlist | NLIST. |
| |
|---|
| noop | NOOP. |
| |
|---|
| passive | PASSIVE. |
| |
|---|
| password | PASSWORD. |
| |
|---|
| port | PORT. |
| |
|---|
| put | PUT. |
| |
|---|
| pwd | PWD. |
| |
|---|
| quit | QUIT. |
| |
|---|
| reinitialize | REINITIALIZE. |
| |
|---|
| rename-from | RENAME_FROM. |
| |
|---|
| rename-to | RENAME_TO. |
| |
|---|
| restart | RESTART. |
| |
|---|
| rmdir | RMDIR. |
| |
|---|
| site | SITE. |
| |
|---|
| size | SIZE. |
| |
|---|
| status | STATUS. |
| |
|---|
| structure | STRUCTURE. |
| |
|---|
| structure-mount | STRUCTURE_MOUNT. |
| |
|---|
| type | TYPE. |
| |
|---|
| user | USER. |
Example
ftp-command put
Syntax
no ftp-command { abort | account | allocate | append | ascii | binary | cd | cdup | delete | get | help | ls | mkdir | mode | modified-time | nlist | noop | passive | password | port | put | pwd | quit | reinitialize | rename-from | rename-to | restart | rmdir | site | size | status | structure | structure-mount | type | user }
Mode
Match Object
Description
Delete Match Object FTP command. Options
| |
|---|
| abort | ABORT. |
| |
|---|
| account | ACCOUNT. |
| |
|---|
| allocate | ALLOCATE. |
| |
|---|
| append | APPEND. |
| |
|---|
| ascii | ASCII. |
| |
|---|
| binary | BINARY. |
| |
|---|
| cd | CD. |
| |
|---|
| cdup | CDUP. |
| |
|---|
| delete | DELETE. |
| |
|---|
| get | GET. |
| |
|---|
| help | HELP. |
| |
|---|
| ls | LS. |
| |
|---|
| mkdir | MKDIR. |
| |
|---|
| mode | MODE. |
| |
|---|
| modified-time | MODIFIED_TIME. |
| |
|---|
| nlist | NLIST. |
| |
|---|
| noop | NOOP. |
| |
|---|
| passive | PASSIVE. |
| |
|---|
| password | PASSWORD. |
| |
|---|
| port | PORT. |
| |
|---|
| put | PUT. |
| |
|---|
| pwd | PWD. |
| |
|---|
| quit | QUIT. |
| |
|---|
| reinitialize | REINITIALIZE. |
| |
|---|
| rename-from | RENAME_FROM. |
| |
|---|
| rename-to | RENAME_TO. |
| |
|---|
| restart | RESTART. |
| |
|---|
| rmdir | RMDIR. |
| |
|---|
| site | SITE. |
| |
|---|
| size | SIZE. |
| |
|---|
| status | STATUS. |
| |
|---|
| structure | STRUCTURE. |
| |
|---|
| structure-mount | STRUCTURE_MOUNT. |
| |
|---|
| type | TYPE. |
| |
|---|
| user | USER. |
Example
no ftp-command put
Syntax
no ftp-commands
Mode
Match Object
Description
Delete all Match Object FTP commands. Example
no ftp-commands
Syntax
argument <WORD>
Mode
Match Object
Description
Add FTP command argument. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
argument file1
Syntax
no argument <MATCH_OBJ_CONTENT_ENTRY>
Mode
Match Object
Description
Delete FTP command argument. Options
|
<MATCH_OBJ_CONTENT_ENTRY>
|
Match Object content. |
Example
no argument file1
Syntax
no arguments
Mode
Match Object
Description
Delete all FTP command arguments. Example
no arguments
Syntax
ips category { id <IPS_CATEGORY_ID> | name <IPS_CATEGORY_NAME> }
Mode
Match Object
Description
Add an IPS category. Options
| |
|---|
| id | Category ID. |
|
<IPS_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<IPS_CATEGORY_NAME>
|
Category name.
Example: ACTIVEX |
Example
ips category name ACTIVEX
Syntax
no ips category { id <IPS_CATEGORY_ID> | name <IPS_CATEGORY_NAME> }
Mode
Match Object
Description
Delete an IPS category. Options
| |
|---|
| id | Category ID. |
|
<IPS_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<IPS_CATEGORY_NAME>
|
Category name.
Example: ACTIVEX |
Example
no ips category name ACTIVEX
Syntax
no ips categories
Mode
Match Object
Description
Delete all IPS categories. Example
no ips categories
Syntax
ips policy category { id <IPS_CATEGORY_ID> | name <IPS_CATEGORY_NAME> } signature { id <IPS_POLICY_ID> | name <IPS_POLICY_NAME> }
Mode
Match Object
Description
Add an IPS Policy. Options
| category | Category. |
| |
|---|
| id | Category ID. |
|
<IPS_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<IPS_CATEGORY_NAME>
|
Category name.
Example: ACTIVEX |
| signature | Signature. |
| |
|---|
| id | Signature ID. |
|
<IPS_POLICY_ID>
|
Policy ID.
Example: 1234 |
| |
|---|
| name | Signature name. |
|
<IPS_POLICY_NAME>
|
Policy name.
Example: ActivePDF WebGrabber ActiveX Instantiation |
Example
ips category name ACTIVEX signature name "Free Tetris Executable (Adware)"
Syntax
no ips policy category { id <IPS_CATEGORY_ID> | name <IPS_CATEGORY_NAME> } signature { id <IPS_POLICY_ID> | name <IPS_POLICY_NAME> }
Mode
Match Object
Description
Delete an IPS Policy. Options
| category | Category. |
| |
|---|
| id | Category ID. |
|
<IPS_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<IPS_CATEGORY_NAME>
|
Category name.
Example: ACTIVEX |
| signature | Signature. |
| |
|---|
| id | Signature ID. |
|
<IPS_POLICY_ID>
|
Policy ID.
Example: 1234 |
| |
|---|
| name | Signature name. |
|
<IPS_POLICY_NAME>
|
Policy name.
Example: ActivePDF WebGrabber ActiveX Instantiation |
Example
no ips category name ACTIVEX signature name "Free Tetris Executable (Adware)"
Syntax
no ips policies
Mode
Match Object
Description
Delete all IPS policies. Example
no ips policies
Syntax
category { id <AC_CATEGORY_ID> | name <AC_CATEGORY_NAME> }
Mode
Match Object
Description
Add an application category. Options
| |
|---|
| id | Category ID. |
|
<AC_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<AC_CATEGORY_NAME>
|
Category name.
Example: APP-UPDATE |
Example
category name APP-UPDATE
category id 22
Syntax
no category { id <AC_CATEGORY_ID> | name <AC_CATEGORY_NAME> }
Mode
Match Object
Description
Delete an application category. Options
| |
|---|
| id | Category ID. |
|
<AC_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<AC_CATEGORY_NAME>
|
Category name.
Example: APP-UPDATE |
Example
no category name APP-UPDATE
no category id 22
Syntax
no categories
Mode
Match Object
Description
Delete all application categories. Example
no categories
Syntax
application category { id <AC_CATEGORY_ID> | name <AC_CATEGORY_NAME> } app { id <AC_APP_ID> | name <AC_APP_NAME> }
Mode
Match Object
Description
Add an application. Options
| category | Application category. |
| |
|---|
| id | Category ID. |
|
<AC_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<AC_CATEGORY_NAME>
|
Category name.
Example: APP-UPDATE |
| app | Application. |
| |
|---|
| id | Application ID. |
|
<AC_APP_ID>
|
Application ID.
Example: 1234 |
| |
|---|
| name | Application name. |
|
<AC_APP_NAME>
|
Application name.
Example: APP-UPDATE |
Example
application category name BACKUP-APPS app name Dropbox
application category id 56 app id 604
Syntax
no application category { id <AC_CATEGORY_ID> | name <AC_CATEGORY_NAME> } app { id <AC_APP_ID> | name <AC_APP_NAME> }
Mode
Match Object
Description
Delete an application. Options
| category | Application category. |
| |
|---|
| id | Category ID. |
|
<AC_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<AC_CATEGORY_NAME>
|
Category name.
Example: APP-UPDATE |
| app | Application. |
| |
|---|
| id | Application ID. |
|
<AC_APP_ID>
|
Application ID.
Example: 1234 |
| |
|---|
| name | Application name. |
|
<AC_APP_NAME>
|
Application name.
Example: APP-UPDATE |
Example
no application category name BACKUP-APPS app name Dropbox
no application category id 56 app id 604
Syntax
no applications
Mode
Match Object
Description
Delete all applications. Example
no applications
Syntax
signature category { id <AC_CATEGORY_ID> | name <AC_CATEGORY_NAME> } app { id <AC_APP_ID> | name <AC_APP_NAME> } sig { id <AC_SIG_ID> | name <AC_SIG_NAME> }
Mode
Match Object
Description
Add a signature. Options
| category | Application category. |
| |
|---|
| id | Category ID. |
|
<AC_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<AC_CATEGORY_NAME>
|
Category name.
Example: APP-UPDATE |
| app | Application. |
| |
|---|
| id | Application ID. |
|
<AC_APP_ID>
|
Application ID.
Example: 1234 |
| |
|---|
| name | Application name. |
|
<AC_APP_NAME>
|
Application name.
Example: APP-UPDATE |
| sig | Signature. |
| |
|---|
| id | Signature ID. |
|
<AC_SIG_ID>
|
Signature ID.
Example: 1234 |
| |
|---|
| name | Signature name. |
|
<AC_SIG_NAME>
|
Signature name. |
Example
signature category name BACKUP-APPS app name Dropbox sig name "SSL Traffic"
signature category id 56 app id 604 sig id 1736
Syntax
no signature category { id <AC_CATEGORY_ID> | name <AC_CATEGORY_NAME> } app { id <AC_APP_ID> | name <AC_APP_NAME> } sig { id <AC_SIG_ID> | name <AC_SIG_NAME> }
Mode
Match Object
Description
Delete a signature. Options
| category | Application category. |
| |
|---|
| id | Category ID. |
|
<AC_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<AC_CATEGORY_NAME>
|
Category name.
Example: APP-UPDATE |
| app | Application. |
| |
|---|
| id | Application ID. |
|
<AC_APP_ID>
|
Application ID.
Example: 1234 |
| |
|---|
| name | Application name. |
|
<AC_APP_NAME>
|
Application name.
Example: APP-UPDATE |
| sig | Signature. |
| |
|---|
| id | Signature ID. |
|
<AC_SIG_ID>
|
Signature ID.
Example: 1234 |
| |
|---|
| name | Signature name. |
|
<AC_SIG_NAME>
|
Signature name. |
Example
no signature category name BACKUP-APPS app name Dropbox sig name "SSL Traffic"
no signature category id 56 app id 604 sig id 1736
Syntax
no signatures
Mode
Match Object
Description
Delete all signatures. Example
no signatures
Syntax
cfs category { abortion-advocacy-groups | adult-mature-content | advertisement | alcohol-tobacco | all | arts-entertainment | business-economy | chat-instant-messaging | cult-occult | cultural-institutions | drugs-illegal-drugs | e-mail | education | freeware-software-downloads | gambling | games | gay-lesbian-issues | government | hacking-proxy-avoidance-systems | health | humor-jokes | illegal-questionable-skills | information-technology-computers | internet-auctions | internet-watch-foundation | intimate-apparel-swimsuit | job-search | kid-friendly | malware | military | multimedia | news-media | not-rated | nudism | online-banking | online-brokerage-trading | other | pay-to-surf-sites | personals-dating | political-advocacy-groups | pornography | real-estate | reference | religion | restaurants-dining | search-engine-portals | sex-education | shopping | social-networking | society-lifestyle | sports-recreation | travel | usernet-news-groups | vehicles | violence-hate-racism | weapons | web-communication | web-hosting }
Mode
Match Object
Description
Enable a CFS category. Options
| |
|---|
| abortion-advocacy-groups | Rating. |
| |
|---|
| adult-mature-content | Rating. |
| |
|---|
| advertisement | Rating. |
| |
|---|
| alcohol-tobacco | Rating. |
| |
|---|
| all | All ratings. |
| |
|---|
| arts-entertainment | Rating. |
| |
|---|
| business-economy | Rating. |
| |
|---|
| chat-instant-messaging | Rating. |
| |
|---|
| cult-occult | Rating. |
| |
|---|
| cultural-institutions | Rating. |
| |
|---|
| drugs-illegal-drugs | Rating. |
| |
|---|
| e-mail | Rating. |
| |
|---|
| education | Rating. |
| |
|---|
| freeware-software-downloads | Rating. |
| |
|---|
| gambling | Rating. |
| |
|---|
| games | Rating. |
| |
|---|
| gay-lesbian-issues | Rating. |
| |
|---|
| government | Rating. |
| |
|---|
| hacking-proxy-avoidance-systems | Rating. |
| |
|---|
| health | Rating. |
| |
|---|
| humor-jokes | Rating. |
| |
|---|
| illegal-questionable-skills | Rating. |
| |
|---|
| information-technology-computers | Rating. |
| |
|---|
| internet-auctions | Rating. |
| |
|---|
| internet-watch-foundation | Rating. |
| |
|---|
| intimate-apparel-swimsuit | Rating. |
| |
|---|
| job-search | Rating. |
| |
|---|
| kid-friendly | Rating. |
| |
|---|
| malware | Rating. |
| |
|---|
| military | Rating. |
| |
|---|
| multimedia | Rating. |
| |
|---|
| news-media | Rating. |
| |
|---|
| not-rated | Rating. |
| |
|---|
| nudism | Rating. |
| |
|---|
| online-banking | Rating. |
| |
|---|
| online-brokerage-trading | Rating. |
| |
|---|
| other | Rating. |
| |
|---|
| pay-to-surf-sites | Rating. |
| |
|---|
| personals-dating | Rating. |
| |
|---|
| political-advocacy-groups | Rating. |
| |
|---|
| pornography | Rating. |
| |
|---|
| real-estate | Rating. |
| |
|---|
| reference | Rating. |
| |
|---|
| religion | Rating. |
| |
|---|
| restaurants-dining | Rating. |
| |
|---|
| search-engine-portals | Rating. |
| |
|---|
| sex-education | Rating. |
| |
|---|
| shopping | Rating. |
| |
|---|
| social-networking | Rating. |
| |
|---|
| society-lifestyle | Rating. |
| |
|---|
| sports-recreation | Rating. |
| |
|---|
| travel | Rating. |
| |
|---|
| usernet-news-groups | Rating. |
| |
|---|
| vehicles | Rating. |
| |
|---|
| violence-hate-racism | Rating. |
| |
|---|
| weapons | Rating. |
| |
|---|
| web-communication | Rating. |
| |
|---|
| web-hosting | Rating. |
Example
cfs category pornography
Syntax
no cfs category { abortion-advocacy-groups | adult-mature-content | advertisement | alcohol-tobacco | all | arts-entertainment | business-economy | chat-instant-messaging | cult-occult | cultural-institutions | drugs-illegal-drugs | e-mail | education | freeware-software-downloads | gambling | games | gay-lesbian-issues | government | hacking-proxy-avoidance-systems | health | humor-jokes | illegal-questionable-skills | information-technology-computers | internet-auctions | internet-watch-foundation | intimate-apparel-swimsuit | job-search | kid-friendly | malware | military | multimedia | news-media | not-rated | nudism | online-banking | online-brokerage-trading | other | pay-to-surf-sites | personals-dating | political-advocacy-groups | pornography | real-estate | reference | religion | restaurants-dining | search-engine-portals | sex-education | shopping | social-networking | society-lifestyle | sports-recreation | travel | usernet-news-groups | vehicles | violence-hate-racism | weapons | web-communication | web-hosting }
Mode
Match Object
Description
Disable a CFS category. Options
| |
|---|
| abortion-advocacy-groups | Rating. |
| |
|---|
| adult-mature-content | Rating. |
| |
|---|
| advertisement | Rating. |
| |
|---|
| alcohol-tobacco | Rating. |
| |
|---|
| all | All ratings. |
| |
|---|
| arts-entertainment | Rating. |
| |
|---|
| business-economy | Rating. |
| |
|---|
| chat-instant-messaging | Rating. |
| |
|---|
| cult-occult | Rating. |
| |
|---|
| cultural-institutions | Rating. |
| |
|---|
| drugs-illegal-drugs | Rating. |
| |
|---|
| e-mail | Rating. |
| |
|---|
| education | Rating. |
| |
|---|
| freeware-software-downloads | Rating. |
| |
|---|
| gambling | Rating. |
| |
|---|
| games | Rating. |
| |
|---|
| gay-lesbian-issues | Rating. |
| |
|---|
| government | Rating. |
| |
|---|
| hacking-proxy-avoidance-systems | Rating. |
| |
|---|
| health | Rating. |
| |
|---|
| humor-jokes | Rating. |
| |
|---|
| illegal-questionable-skills | Rating. |
| |
|---|
| information-technology-computers | Rating. |
| |
|---|
| internet-auctions | Rating. |
| |
|---|
| internet-watch-foundation | Rating. |
| |
|---|
| intimate-apparel-swimsuit | Rating. |
| |
|---|
| job-search | Rating. |
| |
|---|
| kid-friendly | Rating. |
| |
|---|
| malware | Rating. |
| |
|---|
| military | Rating. |
| |
|---|
| multimedia | Rating. |
| |
|---|
| news-media | Rating. |
| |
|---|
| not-rated | Rating. |
| |
|---|
| nudism | Rating. |
| |
|---|
| online-banking | Rating. |
| |
|---|
| online-brokerage-trading | Rating. |
| |
|---|
| other | Rating. |
| |
|---|
| pay-to-surf-sites | Rating. |
| |
|---|
| personals-dating | Rating. |
| |
|---|
| political-advocacy-groups | Rating. |
| |
|---|
| pornography | Rating. |
| |
|---|
| real-estate | Rating. |
| |
|---|
| reference | Rating. |
| |
|---|
| religion | Rating. |
| |
|---|
| restaurants-dining | Rating. |
| |
|---|
| search-engine-portals | Rating. |
| |
|---|
| sex-education | Rating. |
| |
|---|
| shopping | Rating. |
| |
|---|
| social-networking | Rating. |
| |
|---|
| society-lifestyle | Rating. |
| |
|---|
| sports-recreation | Rating. |
| |
|---|
| travel | Rating. |
| |
|---|
| usernet-news-groups | Rating. |
| |
|---|
| vehicles | Rating. |
| |
|---|
| violence-hate-racism | Rating. |
| |
|---|
| weapons | Rating. |
| |
|---|
| web-communication | Rating. |
| |
|---|
| web-hosting | Rating. |
Example
no cfs category pornography
Syntax
no cfs categories
Mode
Match Object
Description
Disable all CFS categories. Example
no cfs categories
Syntax
show action-objects [ pending-config ]
Mode
All Modes
Description
Show all Action Objects. Options
| pending-config | Show pending configuration changes. |
Example
show action-objects
Syntax
show action-object <ACTION_OBJ_NAME> [ pending-config ]
Mode
All Modes
Description
Show Action Object configuration. Options
|
<ACTION_OBJ_NAME>
|
Action Object name.
Example: HTTP Block Page |
| pending-config | Show pending configuration changes. |
Example
show action-object CorpMailMessage
Syntax
action-object <ACTION_OBJ_NAME>
Mode
Config
Description
Create/Edit specified Action Object and enter its configuration mode. Options
|
<ACTION_OBJ_NAME>
|
Action Object name.
Example: HTTP Block Page |
Example
action-object "Corp Email Message"
Syntax
no action-object <ACTION_OBJ_NAME>
Mode
Config
Description
Delete specified Action Object. Options
|
<ACTION_OBJ_NAME>
|
Action Object name.
Example: HTTP Block Page |
Example
no action-object "Corp Email Message"
Syntax
no action-objects
Mode
Config
Description
Delete all Action Objects. Example
no action objects
Syntax
name <ACTION_OBJ_NAME>
Mode
Action Object
Description
Action Object name. Options
|
<ACTION_OBJ_NAME>
|
Action Object name.
Example: HTTP Block Page |
Example
name "Corp Mail Message"
Syntax
action { block-smtp-email { error-reply | no-reply } | bypass-dpi | cfs-block-page | disable-email-attachment | email-add-text | ftp-notification-reply | http-block-page | http-redirect | no-action | packet-monitor | reset }
Mode
Action Object
Description
Set action. Options
| |
|---|
| block-smtp-email | Block SMTP email. |
| |
|---|
| error-reply | Block SMTP email and send error reply. |
| |
|---|
| no-reply | Block SMTP email with no reply. |
| |
|---|
| bypass-dpi | Bypass DPI. |
| |
|---|
| cfs-block-page | CFS block page. |
| |
|---|
| disable-email-attachment | Disable Email attachment and add text. |
| |
|---|
| email-add-text | Email - add text. |
| |
|---|
| ftp-notification-reply | FTP notification reply. |
| |
|---|
| http-block-page | HTTP block page. |
| |
|---|
| http-redirect | HTTP Redirect. |
| |
|---|
| no-action | No action. |
| |
|---|
| packet-monitor | Packet monitor. |
| |
|---|
| reset | Reset/drop. |
Example
action block-smtp-email
Syntax
no content
Mode
Action Object
Description
Clear Action Object content. Example
no content
Syntax
content <WORD>
Mode
Action Object
Description
Action Object content. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
content "Corporate does not allow attachments to Emails."
Syntax
no color
Mode
Action Object
Description
Clear HTTP block page color. Example
no color
Syntax
color { blue | red | white | yellow }
Mode
Action Object
Description
HTTP block page color. Options
| |
|---|
| blue | Blue. |
| |
|---|
| red | Red. |
| |
|---|
| white | White. |
| |
|---|
| yellow | Yellow. |
Example
color white
Syntax
show app-control [ categories | category { id <AC_CATEGORY_ID> | name <AC_CATEGORY_NAME> } | exclusion-list | policies | policy <WORD> | status ] [ { custom | default } ] [ pending-config ]
Mode
All Modes
Description
Show App Control configuration. Options
| |
|---|
| categories | Show App Control categories. |
| |
|---|
| category | Show App Control category. |
| |
|---|
| id | Category ID. |
|
<AC_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<AC_CATEGORY_NAME>
|
Category name.
Example: APP-UPDATE |
| |
|---|
| exclusion-list | Show App Control exclusion list. |
| |
|---|
| policies | Show App Control policies. |
| |
|---|
| policy | Show App Control policy. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| status | Show App Control status. |
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| pending-config | Show pending configuration changes. |
Example
show app-control
Syntax
app-control
Mode
Config
Description
Enter App Control Configuration Mode. Example
app-control
Syntax
update-signatures
Mode
App Control
Description
Update signature database. Example
update-signatures
Syntax
enable
Mode
App Control
Description
Enable App Control. Example
enable
Syntax
no enable
Mode
App Control
Description
Disable App Control. Example
no enable
Syntax
log-all
Mode
App Control
Description
Enable logging for all apps. Example
log-all
Syntax
no log-all
Mode
App Control
Description
Disable logging for all apps. Example
no log-all
Syntax
reset-settings
Mode
App Control
Description
Reset App Control Settings to default. Example
reset-settings
Syntax
category { id <AC_CATEGORY_ID> | name <AC_CATEGORY_NAME> }
Mode
App Control
Description
Enter configuration mode for the specified App Control Category. Options
| |
|---|
| id | Category ID. |
|
<AC_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<AC_CATEGORY_NAME>
|
Category name.
Example: APP-UPDATE |
Example
category name "GAMING"
Syntax
exclusion list { ips | object { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_RANGE_GROUP> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> } }
Mode
App Control
Description
Enable and Configure Application Control Exclusion List. Options
| |
|---|
| ips | Use IPS Exclusion List. |
| |
|---|
| object | Use specified address object for exclusion list. |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Specify name of Address Object. |
|
<ADDR_RANGE_GROUP>
|
Address Range Group name.
Example: Public Servers Group |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Specify IP Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
exclusion list ips
exclusion list object name "Corp App Control Exclusion List"
exclusion list object range 10.10.10.1 10.10.10.10
Syntax
no exclusion list
Mode
App Control
Description
Disable Application Control Exclusion List. Example
no exclusion list
Syntax
application category { id <AC_CATEGORY_ID> | name <AC_CATEGORY_NAME> } signature { id <WORD> | name <WORD> }
Mode
App Control
Description
Enter configuration mode for the specified Application Control Application. Options
| category | Category. |
| |
|---|
| id | Category ID. |
|
<AC_CATEGORY_ID>
|
Category ID.
Example: 1234 |
| |
|---|
| name | Category name. |
|
<AC_CATEGORY_NAME>
|
Category name.
Example: APP-UPDATE |
| signature | Application signature. |
| |
|---|
| id | App ID. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| name | App name. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
application category GAMING signature "Build-A-Bearville Online"
Syntax
name <WORD>
Mode
App Control Category
Description
Category name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name GAMING
Syntax
id <UINT32>
Mode
App Control Category
Description
Category ID. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
id 8
Syntax
block { disable | enable }
Mode
App Control Category
Description
Set Prevention for App Control Category. Options
| |
|---|
| disable | Disable. |
| |
|---|
| enable | Enable. |
Example
block enable
Syntax
log { disable | enable | global-setting }
Mode
App Control Category
Description
Set Logging for App Control Category. Options
| |
|---|
| disable | Enable. |
| |
|---|
| enable | Enable. |
| |
|---|
| global-setting | Use Global Setting. |
Example
log enable
Syntax
included users { administrator | all | group <LOCAL_USER_GROUP_NAME> | guests | name <LOCAL_USER_NAME> }
Mode
App Control Category
Description
Set Included Users/Groups. Options
| |
|---|
| administrator | Built-in administrator. |
| |
|---|
| all | All. |
| |
|---|
| group | Specify local user group. |
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
| |
|---|
| guests | Guests. |
| |
|---|
| name | Specify local user. |
|
<LOCAL_USER_NAME>
|
User object name.
Example: user1 |
Example
included users all
Syntax
excluded users { administrator | group <LOCAL_USER_GROUP_NAME> | guests | name <LOCAL_USER_NAME> | none }
Mode
App Control Category
Description
Set Excluded Users/Groups. Options
| |
|---|
| administrator | Built-in administrator. |
| |
|---|
| group | Specify local user group. |
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
| |
|---|
| guests | Guests. |
| |
|---|
| name | Specify local user. |
|
<LOCAL_USER_NAME>
|
User object name.
Example: user1 |
| |
|---|
| none | None. |
Example
excluded users guests
Syntax
included ip { all | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_RANGE_GROUP> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> }
Mode
App Control Category
Description
Set Included IP address Range. Options
| |
|---|
| all | All. |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Specify name of Range Address Object. |
|
<ADDR_RANGE_GROUP>
|
Address Range Group name.
Example: Public Servers Group |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Specify IP Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
included ip range 10.10.10.1 10.10.10.10
Syntax
excluded ip { group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_RANGE_GROUP> | network <ADDR_NETWORK> <ADDR_MASK> | none | range <ADDR_BEGIN> <ADDR_END> }
Mode
App Control Category
Description
Set Excluded IP address Range. Options
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object Host |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Specify name of Range Address Object. |
|
<ADDR_RANGE_GROUP>
|
Address Range Group name.
Example: Public Servers Group |
| |
|---|
| network | Address Object Network |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| none | None. |
| |
|---|
| range | Specify IP Range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
excluded ip range 10.10.10.1 10.10.10.10
Syntax
schedule { always-on | days <SCHED_DAYS> time <SCHED_TIME_BEGIN> <SCHED_TIME_END> | name <SCHED_NAME> }
Mode
App Control Category
Description
Set IPS category schedule. Options
| |
|---|
| always-on | Always on. |
| |
|---|
| days | Schedule Object days. |
|
<SCHED_DAYS>
|
Days of the week in the form: SU-M-T-W-TH-F-SA.
Example: SU-M-TH-SA |
| time | Schedule Object beginning/ending time. |
|
<SCHED_TIME_BEGIN>
|
Time in the form: hh:mm.
Example: 23:59 |
|
<SCHED_TIME_END>
|
Time in the form: hh:mm.
Example: 23:59 |
| |
|---|
| name | Schedule Object name. |
|
<SCHED_NAME>
|
Schedule object name.
Example: Work Hours |
Example
schedule always-on
Syntax
log-redundancy { filter <UINT16> | global-setting }
Mode
App Control Category
Description
Set IPS category log redundancy filter. Options
| |
|---|
| filter | Set log redundancy filter in seconds. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
| |
|---|
| global-setting | Use Global Setting. |
Example
log-redundancy filter 45
Syntax
block { category-setting | disable | enable }
Mode
App Control Application
Description
Set Blocking for App Control Policy. Options
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| disable | Enable. |
| |
|---|
| enable | Enable. |
Example
block enable
Syntax
log { category-setting | disable | enable }
Mode
App Control Application
Description
Set Logging for App Control Policy. Options
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| disable | Enable. |
| |
|---|
| enable | Enable. |
Example
log enable
Syntax
included users { administrator | all | category-setting | group <LOCAL_USER_GROUP_NAME> | guests | name <LOCAL_USER_NAME> }
Mode
App Control Application
Description
Set Included Users/Groups. Options
| |
|---|
| administrator | Built-in administrator. |
| |
|---|
| all | All. |
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| group | Specify local user group. |
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
| |
|---|
| guests | Guests. |
| |
|---|
| name | Specify local user. |
|
<LOCAL_USER_NAME>
|
User object name.
Example: user1 |
Example
included users all
Syntax
excluded users { administrator | category-setting | group <LOCAL_USER_GROUP_NAME> | guests | name <LOCAL_USER_NAME> | none }
Mode
App Control Application
Description
Set Excluded Users/Groups. Options
| |
|---|
| administrator | Built-in administrator. |
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| group | Specify local user group. |
|
<LOCAL_USER_GROUP_NAME>
|
User group object name.
Example: Limited Administrators |
| |
|---|
| guests | Guests. |
| |
|---|
| name | Specify local user. |
|
<LOCAL_USER_NAME>
|
User object name.
Example: user1 |
| |
|---|
| none | None. |
Example
excluded users guests
Syntax
included ip { all | category-setting | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_RANGE_GROUP> | network <ADDR_NETWORK> <ADDR_MASK> | range <ADDR_BEGIN> <ADDR_END> }
Mode
App Control Application
Description
Set Included IP address Range. Options
| |
|---|
| all | All. |
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<ADDR_RANGE_GROUP>
|
Address Range Group name.
Example: Public Servers Group |
| |
|---|
| network | Address Object network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| range | Address Object range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
included ip range 10.10.10.1 10.10.10.10
Syntax
excluded ip { category-setting | group <ADDR_GROUP_NAME> | host <ADDR_HOST> | name <ADDR_RANGE_GROUP> | network <ADDR_NETWORK> <ADDR_MASK> | none | range <ADDR_BEGIN> <ADDR_END> }
Mode
App Control Application
Description
Set Excluded IP address Range. Options
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| group | Address Object Group |
|
<ADDR_GROUP_NAME>
|
Address Group name.
Example: Sales Group |
| |
|---|
| host | Address Object host. |
|
<ADDR_HOST>
|
Address Object IPv4 host address in the form: D.D.D.D.
Example: 192.168.168.168 |
| |
|---|
| name | Address Object name. |
|
<ADDR_RANGE_GROUP>
|
Address Range Group name.
Example: Public Servers Group |
| |
|---|
| network | Address Object network. |
|
<ADDR_NETWORK>
|
Address Object IPv4 network in the form: D.D.D.D.
Example: 192.168.168.0 |
|
<ADDR_MASK>
|
Address Object IPv4 netmask in decimal dotted or CIDR form: D.D.D.D OR /D.
Example: 255.255.255.0 |
| |
|---|
| none | None. |
| |
|---|
| range | Address Object range. |
|
<ADDR_BEGIN>
|
Address Object IPv4 starting range in the form: D.D.D.D.
Example: 192.168.1.100 |
|
<ADDR_END>
|
Address Object IPv4 ending range in the form: D.D.D.D.
Example: 192.168.1.150 |
Example
excluded ip range 10.10.10.1 10.10.10.10
Syntax
schedule { always-on | category-setting | days <SCHED_DAYS> time <SCHED_TIME_BEGIN> <SCHED_TIME_END> | name <SCHED_NAME> }
Mode
App Control Application
Description
Set IPS category schedule. Options
| |
|---|
| always-on | Always on. |
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| days | Schedule Object days. |
|
<SCHED_DAYS>
|
Days of the week in the form: SU-M-T-W-TH-F-SA.
Example: SU-M-TH-SA |
| time | Schedule Object beginning/ending time. |
|
<SCHED_TIME_BEGIN>
|
Time in the form: hh:mm.
Example: 23:59 |
|
<SCHED_TIME_END>
|
Time in the form: hh:mm.
Example: 23:59 |
| |
|---|
| name | Schedule Object name. |
|
<SCHED_NAME>
|
Schedule object name.
Example: Work Hours |
Example
schedule always-on
Syntax
log-redundancy { category-setting | filter <UINT16> }
Mode
App Control Application
Description
Set IPS category log redundancy filter. Options
| |
|---|
| category-setting | Use Category Setting. |
| |
|---|
| filter | Set log redundancy filter in seconds. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
Example
log-redundancy filter 45
Syntax
show email-objects [ pending-config ]
Mode
All Modes
Description
Show all Email Address Objects. Options
| pending-config | Show pending configuration changes. |
Example
show email-objects
Syntax
show email-object <EMAIL_OBJ_NAME> [ pending-config ]
Mode
All Modes
Description
Show an Email Address Object. Options
|
<EMAIL_OBJ_NAME>
|
Email Object name.
Example: Marketing Email Object |
| pending-config | Show pending configuration changes. |
Example
show email-object "Client Email Addresses"
Syntax
no email-object <EMAIL_OBJ_NAME>
Mode
Config
Description
Delete an Email Address Object. Options
|
<EMAIL_OBJ_NAME>
|
Email Object name.
Example: Marketing Email Object |
Example
no email-object "Client Email Addresses"
Syntax
no email-objects
Mode
Config
Description
Delete all Email Address Objects. Example
no email-objects
Syntax
email-object <EMAIL_OBJ_NAME>
Mode
Config
Description
Add/Edit Email Address Object and Enter Configuration Mode. Options
|
<EMAIL_OBJ_NAME>
|
Email Object name.
Example: Marketing Email Object |
Example
email-object "Client Email Addresses"
Syntax
name <WORD>
Mode
Email Address Object
Description
Set Email Address Object name. Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
name "Client Email Addresses "
Syntax
no match-type
Mode
Email Address Object
Description
Clear Email Address Object match type. Example
no match-type
Syntax
match-type { exact | partial | regex }
Mode
Email Address Object
Description
Set Email Address Object match type. Options
| |
|---|
| exact | Exact match. |
| |
|---|
| partial | Partial match. |
| |
|---|
| regex | Regular expression match. |
Example
match-type exact
Syntax
content-entry <EMAIL_OBJ_CONTENT_ENTRY>
Mode
Email Address Object
Description
Add Email Address Object content entry. Options
|
<EMAIL_OBJ_CONTENT_ENTRY>
|
Email Object content. |
Example
content-entry administrator@corp.local
Syntax
no content-entry <EMAIL_OBJ_CONTENT_ENTRY>
Mode
Email Address Object
Description
Delete Email Address Object content entry. Options
|
<EMAIL_OBJ_CONTENT_ENTRY>
|
Email Object content. |
Example
no content-entry administrator@corp.local
Syntax
no content-entries
Mode
Email Address Object
Description
Delete all Email Address Object content entries. Example
no content-entries
Syntax
show high-availability [ monitoring [ interface <HA_MONITOR_IF_NAME> ] | status ] [ pending-config ]
Mode
All Modes
Description
Show High Availability configuration and status. Options
| |
|---|
| monitoring | Show High Availability monitoring interface. |
| interface | Show High Availability monitoring interface. |
|
<HA_MONITOR_IF_NAME>
|
Physical interface name.
Example: X0 |
| |
|---|
| status | Show High Availability status. |
| pending-config | Show pending configuration changes. |
Example
show high-availability
Syntax
high-availability
Mode
Config
Description
Enter High Availability Configuration Mode. Example
ha mode active-passive
Syntax
no mode
Mode
High Availability
Description
Disable High Availability. Example
no mode
Syntax
mode { active-passive }
Mode
High Availability
Description
Enable High Availability. Options
| active-passive | Active-Passive Mode. |
Example
mode active-passive
Syntax
monitoring <HA_MONITOR_IF_NAME>
Mode
High Availability
Description
Enter High Availability Monitoring Configuration Mode. Options
|
<HA_MONITOR_IF_NAME>
|
Physical interface name.
Example: X0 |
Example
monitoring X1
Syntax
primary <MAC>
Mode
Active Passive
Description
Set High Availability Primary Serial Number. Options
|
<MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Example
primary 0017C5010203
Syntax
secondary <MAC>
Mode
Active Passive
Description
Set High Availability Secondary Serial Number. Options
|
<MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Example
secondary 0017C5040506
Syntax
no secondary
Mode
Active Passive
Description
Clear High Availability Secondary Serial Number. Example
no secondary
Syntax
stateful-synchronization
Mode
Active Passive
Description
Enable Stateful Synchronization. Example
stateful-synchronization
Syntax
no stateful-synchronization
Mode
Active Passive
Description
Disable Stateful Synchronization. Example
no stateful-synchronization
Syntax
active-active-dpi [ data-interface <IF_UNASSIGNED_NONVLAN_NAME> ]
Mode
Active Passive
Description
Enable Active-Active Deep Packet Inspection and configure HA Data Interface. Options
| data-interface | Set the HA Data Interface. |
|
<IF_UNASSIGNED_NONVLAN_NAME>
|
Interface name.
Example: X3 |
Example
active-active-dpi data-interface X5
Syntax
no active-active-dpi
Mode
Active Passive
Description
Disable Active-Active Deep Packet Inspection. Example
no active-active-dpi
Syntax
preempt
Mode
Active Passive
Description
Enable Preempt Mode. Example
preempt
Syntax
no preempt
Mode
Active Passive
Description
Disable Preempt Mode. Example
no preempt
Syntax
generate-backup-firmware
Mode
Active Passive
Description
Enable Generate/Overwrite Backup Firmware and Settings When Upgrading Firmware. Example
generate-backup-firmware
Syntax
no generate-backup-firmware
Mode
Active Passive
Description
Disable Generate/Overwrite Backup Firmware and Settings When Upgrading Firmware. Example
no generate-backup-firmware
Syntax
virtual-mac
Mode
Active Passive
Description
Enable Virtual Mac. Example
virtual-mac
Syntax
no virtual-mac
Mode
Active Passive
Description
Disable Virtual Mac. Example
no virtual-mac
Syntax
heartbeat-interval <UINT32>
Mode
Active Passive
Description
Set Heartbeat Interval in milliseconds. Options
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
heartbeat-interval 5000
Syntax
failover-trigger-level <UINT8>
Mode
Active Passive
Description
Set Failover Trigger Level (missed heartbeats). Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
failover-trigger-level 5
Syntax
probe interval <UINT8>
Mode
Active Passive
Description
Set Probe Interval in seconds. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
probe interval 20
Syntax
probe count <UINT8>
Mode
Active Passive
Description
Set Probe Count. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
probe count 3
Syntax
election-delay-time <UINT8>
Mode
Active Passive
Description
Set Election Delay Time in seconds. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
election-delay-time 3
Syntax
include-certificates-keys
Mode
Active Passive
Description
Enable Include Certificates and Keys. Example
include-certificates-keys
Syntax
no include-certificates-keys
Mode
Active Passive
Description
Disable Include Certificates and Keys. Example
no include-certificates-keys
Syntax
synchronize settings
Mode
Active Passive
Description
Synchronize settings. Example
synchronize settings
Syntax
synchronize firmware
Mode
Active Passive
Description
Synchronize Firmware. Example
synchronize firmware
Syntax
link-monitoring
Mode
High Availability Monitoring
Description
Enable Physical/Link Monitoring. Example
link-monitoring
Syntax
no link-monitoring
Mode
High Availability Monitoring
Description
Disable Physical/Link Monitoring. Example
no link-monitoring
Syntax
no primary
Mode
High Availability Monitoring
Description
Clear Primary Interface Monitoring IP address. Example
no primary
Syntax
primary <IPV4_HOST>
Mode
High Availability Monitoring
Description
Set Primary Interface Monitoring IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
primary 192.168.168.211
Syntax
no secondary
Mode
High Availability Monitoring
Description
Clear Secondary Interface Monitoring IP address. Example
no secondary
Syntax
secondary <IPV4_HOST>
Mode
High Availability Monitoring
Description
Set Secondary Interface Monitoring IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
secondary 192.168.168.212
Syntax
allow-management
Mode
High Availability Monitoring
Description
Enable Allow Management on Primary/Secondary IP address. Example
allow-management
Syntax
no allow-management
Mode
High Availability Monitoring
Description
Disable Allow Management on Primary/Secondary IP address. Example
no allow-management
Syntax
logical-probe <IPV4_HOST>
Mode
High Availability Monitoring
Description
Enable Logical/Probe and set IP address. Options
|
<IPV4_HOST>
|
IPV4 Address in the form: a.b.c.d.
Example: 192.168.168.168 |
Example
logical-probe 10.10.10.10
Syntax
no logical-probe
Mode
High Availability Monitoring
Description
Disable Logical/Probe. Example
no logical-probe
Syntax
override-virtual-mac <MAC>
Mode
High Availability Monitoring
Description
Enable Override Virtual MAC and set MAC. Options
|
<MAC>
|
MAC address in the form: HH:HH:HH:HH:HH:HH OR HHHHHHHHHHHH.
Example: 00:0C:F1:56:98:AD |
Example
override-virtual-mac 02:17:c5:01:02:03
Syntax
no override-virtual-mac
Mode
High Availability Monitoring
Description
Disable Override Virtual MAC. Example
no override-virtual-mac
Syntax
show qos-mapping [ pending-config ]
Mode
All Modes
Description
Show QoS mapping. Options
| pending-config | Show pending configuration changes. |
Example
show qos-mapping
Syntax
qos-mapping reset
Mode
Config
Description
Reset Qos Mapping settings. Example
qos-mapping reset
Syntax
qos-mapping cos <UINT8> [ to-dscp <UINT8> ] [ from-dscp <UINT8> <UINT8> ]
Mode
Config
Description
Configure QoS Mapping. Options
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
| to-dscp | Set the DSCP value to map to. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
| from-dscp | Set the from DSCP range. |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
|
<UINT8>
|
Integer in the form: D OR 0xHH.
Example: 123 |
Example
qos-mapping cos 4 to-dscp 24 from-dscp 24 31
Syntax
cancel
Mode
All Modes (
excluding Top Level)
Description
Cancel current changes and return to the previous mode.
Example
cancel
Syntax
commit [ best-effort ]
Mode
All Modes (
excluding Top Level)
Description
Commits configuration changes.
Options
| best-effort | Commits only valid configuration (best effort). |
Example
commit
Syntax
end
Mode
Config
Description
End configuration mode. Example
end
Syntax
end
Mode
All Modes (
excluding Top Level) (excluding Config)
Description
Exits current mode and returns to global configuration mode.
Example
end
Syntax
exit
Mode
All Modes
Description
Exit the current mode. Example
exit
Syntax
help
Mode
All Modes
Description
Display command help. Example
help
Syntax
show current-config
Mode
All Modes (
excluding Top Level) (excluding Config)
Description
Show current configuration.
Example
show current-config
Syntax
show current-config [ { custom | default } ] [ json | validate | xml ]
Mode
Top Level
Config
Description
Show current configuration.
Options
| |
|---|
| custom | Show custom configuration. |
| |
|---|
| default | Show system/factory default configuration. |
| |
|---|
| json | Format output as JSON. |
| |
|---|
| validate | Validate configuration settings. |
| |
|---|
| xml | Format output as XML. |
Example
show current-config
Syntax
show pending-config [ [ json | validate | xml ] ]
Mode
All Modes (
excluding Top Level)
Description
Show pending configuration.
Options
| |
|---|
| json | Format output as JSON. |
| |
|---|
| validate | Validate configuration settings. |
| |
|---|
| xml | Format output as XML. |
Example
show pending-config
Syntax
clear screen
Mode
All Modes
Description
Disable command history for the current CLI session. Example
clear screen
Syntax
no cli history
Mode
Top Level
Config
Description
Disable command history for the current CLI session.
Example
no cli history
Syntax
cli history [ size <UINT32> ]
Mode
Top Level
Config
Description
Enable command history for the current CLI session.
Options
| size | Command history buffer size. |
|
<UINT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
Example
cli history
Syntax
cli output-format { json | plain-text | xml }
Mode
All Modes
Description
Set the CLI output format. Options
| |
|---|
| json | Render all CLI output as JSON. |
| |
|---|
| plain-text | Render all CLI output as plain-text. |
| |
|---|
| xml | Render all CLI output as XML. |
Example
cli output plain-text
Syntax
cli show output-validation session
Mode
All Modes
Description
Enable show output syntax validation. Example
cli show output-validation session
Syntax
no cli show output-validation session
Mode
All Modes
Description
Disable show output syntax validation. Example
cli show output-validation session
Syntax
cli show output-validation default
Mode
All Modes
Description
Enable show output syntax validation. Example
cli show output-validation default
Syntax
no cli show output-validation default
Mode
All Modes
Description
Disable show output syntax validation. Example
cli show output-validation default
Syntax
cli idle-timeout session <CLI_IDLE_TIMEOUT>
Mode
Top Level
Config
Description
Set the maximum time that a session can be idle before being logged off.
Options
|
<CLI_IDLE_TIMEOUT>
|
Integer in the form: D OR 0xHH.
Max: 60
Example: 5 |
Example
cli idle-timeout session 5
Syntax
cli idle-timeout default <CLI_IDLE_TIMEOUT>
Mode
Top Level
Config
Description
Set the maximum time that a session can be idle before being logged off.
Options
|
<CLI_IDLE_TIMEOUT>
|
Integer in the form: D OR 0xHH.
Max: 60
Example: 5 |
Example
cli idle-timeout default 5
Syntax
cli screen-width session <CLI_SCREEN_WIDTH>
Mode
Top Level
Config
Description
Set the number of characters on a line.
Options
|
<CLI_SCREEN_WIDTH>
|
Integer in the form: D OR 0xHH.
Min: 80
Max: 2560
Example: 80 |
Example
cli screen-width session 80
Syntax
cli screen-width default <CLI_SCREEN_WIDTH>
Mode
Top Level
Config
Description
Set the number of characters on a line.
Options
|
<CLI_SCREEN_WIDTH>
|
Integer in the form: D OR 0xHH.
Min: 80
Max: 2560
Example: 80 |
Example
cli screen-width default 80
Syntax
cli screen-length session <CLI_SCREEN_LENGTH>
Mode
Top Level
Config
Description
Set the number of lines on screen.
Options
|
<CLI_SCREEN_LENGTH>
|
Integer in the form: D OR 0xHH.
Min: 24
Max: 1600
Example: 24 |
Example
cli screen-length session 24
Syntax
cli screen-length default <CLI_SCREEN_LENGTH>
Mode
Top Level
Config
Description
Set the number of lines on screen.
Options
|
<CLI_SCREEN_LENGTH>
|
Integer in the form: D OR 0xHH.
Min: 24
Max: 1600
Example: 24 |
Example
cli screen-length default 24
Syntax
cli show-unmodified session
Mode
All Modes
Description
Show unmodified pending configuration changes. Example
cli show-unmodified session
Syntax
cli show-unmodified default
Mode
All Modes
Description
Show unmodified pending configuration changes. Example
cli show-unmodified default
Syntax
no cli show-unmodified session
Mode
All Modes
Description
Hide unmodified pending configuration changes. Example
no cli show-unmodified session
Syntax
no cli show-unmodified default
Mode
All Modes
Description
Hide unmodified pending configuration changes. Example
no cli show-unmodified default
Syntax
cli pager { default | session }
Mode
All Modes
Description
Enable cli pager. Options
| |
|---|
| default | Default setting (changes take effect upon next login). |
| |
|---|
| session | Apply to the current session. |
Example
cli pager
Syntax
no cli pager { default | session }
Mode
All Modes
Description
Disable cli pager. Options
| |
|---|
| default | Default setting (changes take effect upon next login). |
| |
|---|
| session | Apply to the current session. |
Example
no cli pager
Syntax
cli data-store index [ keys-only ]
Mode
All Modes
Options
| keys-only | |
Syntax
no cli data-store index
Mode
All Modes
Syntax
show cli [ data-model [ group <INT32> | tag <WORD> ] | data-store [ group <INT32> ] | debug | ftp | history [ top <UINT16> ] | idle-timeout | pager | screen-length | screen-width | show-api | show-unmodified | staging-area [ command-hash | current-mode ] | token-types ]
Mode
All Modes
Description
Show a list of recent commands issued. Options
| |
|---|
| data-model | Display data model debug information. |
| |
|---|
| group | Group ID. |
|
<INT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| |
|---|
| tag | CGI tag name. |
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
| |
|---|
| data-store | Display data store debug information. |
| group | Group ID. |
|
<INT32>
|
Integer in the form: D OR 0xHHHHHHHH.
Example: 123 |
| |
|---|
| debug | Display CLI debug information. |
| |
|---|
| ftp | Display CLI FTP configuration. |
| |
|---|
| history | Show a list of recent keywords issued. |
| top | Show the specified number of recent keywords issued. |
|
<UINT16>
|
Integer in the form: D OR 0xHHHH.
Example: 123 |
| |
|---|
| idle-timeout | Show idle timeout. |
| |
|---|
| pager | Show tty pager. |
| |
|---|
| screen-length | Show screen length. |
| |
|---|
| screen-width | Show screen width. |
| |
|---|
| show-api | Display Show command API debug information. |
| |
|---|
| show-unmodified | Show unmodified settings. |
| |
|---|
| staging-area | Display staging area debug information. |
| |
|---|
| command-hash | Display only the command hash. |
| |
|---|
| current-mode | Display only the current mode. |
| |
|---|
| token-types | Display token type debug information. |
Example
show cli history
Syntax
cli ftp user default <WORD>
Mode
Top Level
Config
Description
Configure the username for File Transfer Protocol (FTP) connections.
Options
|
<WORD>
|
Word in the form: WORD or \"QUOTED STRING\".
Example: abc |
Example
cli ftp user default Administrator
Syntax
no cli ftp user default
Mode
Top Level
Config
Description
Configure anonymous username for File Transfer Protocol (FTP) connections.
Example
cli ftp user default
Syntax
cli ftp password default <ENC_PASSWORD>
Mode
Top Level
Config
Description
Configure the password for File Transfer Protocol (FTP) connections.
Options
|
<ENC_PASSWORD>
|
PASSWORD.
Example: secret |
Example
cli ftp password default mysecret
Syntax
no cli ftp password default
Mode
Top Level
Config
Description
Clear password for File Transfer Protocol (FTP) connections.
Example
no cli ftp password default