GMS_CLI

Accessing the CLI

The GMS CLI may be accessed either locally (directly from a prompt on the GMS machine), or remotely (through an SSL connection using the SonicWALL GMS CLI Server-Client).

Local CLI Access

To access the CLI locally:

1. Open the command-line prompt.

2. Change to the following directory:
sonicwall_directory\cli
where sonicwall_directory is the location where Dell SonicWALL GMS is installed.

3. Enter one of the following commands:

• For Windows NT, enter: sgms

4. Perform any of the commands described in CLI Commands.

5. To exit from the Dell SonicWALL GMS CLI, enter the following command: sgms> quit

Remote (SSL) CLI Access

The GMS CLI Server feature allows for remote clients to connect and administer CLI commands over a secure SSL connection using a lightweight Java client. The CLI server uses the gmsvpserverks (SonicWALL Self-Signed) keystore.

This section provides instructions to configure both server and client for remote CLI access.

Note The default port for the CLI service is 5555. Ensure that this port is opened on your perimeter firewall or UTM device in order for a connection to be established. This port is configurable in the <gmsvp>/CLI/cliserver/liserver.properties file.

Using the Remote Client

To access the CLI remotely:

1. Unzip and install the CLIClient.zip bundle on the client system. This file is found inside the CLI directory on your GMS or ViewPoint system.

2. On the client system, run the remote client from a command prompt.

3. Enter the network configuration information for your remote server as prompted.

Note: On the client system, verify that the “JAVA_HOME” environment variable is set to the “JRE/JDK” install directory.

4. Perform any commands as you would using a local CLI prompt. These commands are described in CLI Commands.

5. To exit from the Dell SonicWALL GMS CLI, enter the following command: sgms> quit

CLI Commands

This section provides both syntax and usage guidelines for common GMS CLI commands. This section contains the following sub-sections:

Logging In

Logging Out

Executing a Command without Logging In

Adding SonicWALL Appliances

Adding Users

Changing Users

Deleting a Single User

Deleting Multiple Users

Adding and Removing Activation Codes

Deleting Nodes Using XML

Monitoring Tunnel Status

Monitoring Tunnel Statistics

Refreshing a Tunnel

Renegotiating a Tunnel

Synchronizing Tunnel Information

Logging In

To log in to the Dell SonicWALL GMS CLI, use the sgms login command: sgms > login username password

Syntax

 

username

Admin user.

password

Password of the admin user.

Usage Guidelines

When this command is entered, Dell SonicWALL GMS does the following:

• Checks whether the command is entered with the correct parameters.

– If the command is not entered correctly, it returns the correct form of the command.

• Checks the validity of the username and password.

• Executes the login command.

• Creates a new session with a randomly generated session ID.

• Returns any command output.

Example

In the following example, the user admin logs in using the password “password.”

sgms> login admin password

Logging Out

To log out from the Dell SonicWALL GMS CLI, use the logout command.

sgms> logout

Usage Guidelines

When this command is entered, Dell SonicWALL GMS does the following:

• Executes the logout command.

• Closes the session.

• Returns to the SGMS prompt from which you can login again.

Executing a Command without Logging In

To execute a command without logging in to the Dell SonicWALL GMS CLI, use the login command.

sgms> login -Lusername password-Ccommand parameter

Syntax

 

username

Admin user.

password

Password of the admin user.

command

The command.

parameter

Any command parameters.

Usage Guidelines

When this command is entered, Dell SonicWALL GMS does the following:

• Checks whether the command is entered with the correct parameters.

– If the command is not entered correctly, it returns the correct form of the command.

• Checks the validity of the username and password.

• Executes the login command.

• Creates a new session with a randomly generated session ID.

• Executes the command.

• Closes the session and exits.

Example

In the following example, the user admin logs in using the password “password” and runs an addunit command.

sgms> login -L admin password -C addunit new_sonicwall.xml

Adding SonicWALL Appliances

To add one or more SonicWALL appliances to Dell SonicWALL GMS using the CLI, use the addunit command.

sgms> addunit xml_file

Syntax

 

xml_file

XML file that contains SonicWALL appliance information.

Usage Guidelines

The XML file should contain the following:

<?xml version ="1.0" ?>

<sgmscommand>

: <command>addUnit</command>

: <FirewallList>

: <FirewallInfo>

: <SonicwallName>sonicwall_name</sonicwallName>

: <SonicwallPassword>password</sonicwallPassword>

: <IpAddress>ip_address</ipAddress>

: <SerialNumber>serial_number</serialNumber>

: <SAencryptionKey>encrypt_key</SAencryptionKey>

: <SAAuthKey>auth_key</SAAuthKey>

: <AntivirusPassword>av_password</antivirusPassword>

: <SchedulerIPAddress>scheduler_ip</schedulerIPAddress>

: <StandbySchedulerIP>standby_ip</standbySchedulerIP>

: <UseVPN>use_vpn</useVPN>

: <supportRavlin>ravlin_bit</supportRavlin>

: <snmpRead>read_string</snmpRead>

: <snmpWrite>write_string</snmpWrite>

: <httpsMgmt>https_bit</httpsMgmt>

: <managedOnLanIP>managedon_lanip</managedOnLanIP>

: <StandbyManagedAtWan>standbymanaged_atwan</standbyManagedAtWan>

: <CustomInfo>

: : <Customfield01>field_01</Customfield01>

: : <Customfield02>field_02</Customfield02>

: : ...

: : <Customfield10>field_10</Customfield10>

: </CustomInfo>

: <userList>

: : <user>user_01</user>

: : <user>user_02</user>

: : ...

: </userList>

: </FirewallInfo>

: <FirewallInfo>

: (SonicWALL Configuration Information)

: </FirewallInfo>

: <FirewallInfo>

: (SonicWALL Configuration Information)

: </FirewallInfo>

: </FirewallList>

</sgmscommand>

 

sonicwall_name

Required. Descriptive name for the SonicWALL appliance.

password

Required. Password used to access the SonicWALL appliance.

ip_address

If the WAN IP address of the SonicWALL appliance is static, enter the IP address. If the WAN IP address of the SonicWALL appli­ance changes dynamically, leave this field blank.

serial_number

Required. Serial number of the SonicWALL appliance.

encrypt_key

Required. Enter a 16-character encryption key. The key must be exactly 16 characters long and comprised of hexadecimal char­acters. Valid hexadecimal characters are “0” to “9”, and “a” to “f” (i.e., 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, a valid key would be 1234567890abcdef.

This key must match the encryption key of the SonicWALL appli­ance.

auth_key

Required. Enter a 32-character authentication key. The key must be exactly 32 characters long and comprised of hexadecimal characters. For example, a valid key would be 1234567890abcdef1234567890abcdef.

This key must match the authentication key of the SonicWALL appliance.

av_password

If the SonicWALL appliance uses the Anti-Virus feature, enter the Anti-Virus password. Otherwise, leave the field blank.

scheduler_ip

Required. Enter the IP address of the Dell SonicWALL GMS server that will manage the SonicWALL appliance:

If Dell SonicWALL GMS is configured in a two-tier distributed environment, you can select any Agent. However, the IP address must match the IP address that you specified when configuring the SonicWALL appliance for Dell SonicWALL GMS management.

If Dell SonicWALL GMS is in a single server environment, enter the IP address of the Dell SonicWALL GMS server.

standby_ip

Enter the IP address of the standby Dell SonicWALL GMS server. The standby Dell SonicWALL GMS server will automatically man­age the SonicWALL appliance in the event of a primary failure. Any Agent can be configured as the standby.

If SonicWALL GMS is in a single server environment, leave this field blank.

use_vpn

Specifies whether Dell SonicWALL GMS will need a VPN tunnel to reach the SonicWALL appliance (default: yes). If yes, enter use_vpn. If no, leave it blank.

ravlin_bit

Specifies whether this is a Ravlin device (default: no). If yes, enter 1. If no, enter 0. If this entry does not appear in the file, Dell SonicWALL GMS assumes it is
SonicWALL appliance.

read_string

Specifies the SNMP read string for Ravlin devices.

write_string

Specifies the SNMP write string for Ravlin devices.

https_bit

Specifies whether this device uses HTTPS instead of a VPN tun­nel (default: no). If yes, enter 1. If no, enter 0.

managedon_lanip

Specifies the device will be managed from the LAN interface. If you will use HTTPS, this setting must be enabled.

standbymanaged_atwan

Specifies whether the SonicWALL appliance will establish a VPN tunnel to the standby scheduler (default: yes). If yes, standbymanaged_atwan. If no, leave it blank.

field_01...field_10

Specifies the values of each custom field.

user_01...

Specifies the usernames of non-administrator Dell SonicWALL GMS users that have access to this SonicWALL appli­ance through the Dell SonicWALL GMS UI.

Example

In the following example, two new SonicWALL appliances are added to Dell SonicWALL GMS:

sgms> addunit new_sonicwall.xml

The following is the content of new_sonicwall.xml.

<?xml version ="1.0" ?>

<sgmscommand>

: <command>addUnit</command>

: <FirewallList>

: <FirewallInfo>

: <sonicwallName>ABC14</sonicwallName>

: <sonicwallPassword>abc</sonicwallPassword>

: <ipAddress></ipAddress>

: <serialNumber>00F12211F114</serialNumber>

: <SAencryptionKey>1234567812345678</SAencryptionKey>

: <SAuthKey>12345678123456781234567812345678</SAuthKey>

: <antivirusPassword>avpass</antivirusPassword>

: <schedulerIPAddress>192.168.168.168</schedulerIPAddress>

: <useVPN>1</useVPN>

: <standbyManagedAtWan>1</standbyManagedAtWan>

: <standbySchedulerIP>192.168.168.23</standbySchedulerIP>

: <supportRavlin>1</supportRavlin>

: <snmpRead>abcdef12</snmpRead>

: <snmpWrite>abcdef12</snmpWrite>

: <httpsMgmt>0</httpsMgmt>

: <manageOnLanIP>0</manageOnLanIP>

: <CustomInfo>

: <Company>SonicWAll</Company>

: <Country>China</Country>

: <State>California</State>

: <Department>Engineering</Department>

: </CustomInfo>

: <userList>

: : <user>billb</user>

: : <user>dana</user>

: </userList>

: </FirewallInfo>

: <FirewallInfo>

: <sonicwallName>XYZ26</sonicwallName>

: <sonicwallPassword>abc</sonicwallPassword>

: <ipAddress></ipAddress>

: <serialNumber>00F1434CE265</serialNumber>

: <SAencryptionKey>1234567812345678</SAencryptionKey>

: <SAuthKey>123456781234567812345678abcdef89</SAuthKey>

: <antivirusPassword></antivirusPassword>

: <schedulerIPAddress>192.168.168.168</schedulerIPAddress>

: <useVPN>1</useVPN>

: <standbyManagedAtWan>1</standbyManagedAtWan>

: <standbySchedulerIP>192.168.168.23</standbySchedulerIP>

: <httpsMgmt>0</httpsMgmt>

: <manageOnLanIP>0</manageOnLanIP>

: <CustomInfo>

: : <Company>SonicWAll</Company>

: : <Country>China</Country>

: : <State>California</State>

: : <Department>Engineering</Department>

: </CustomInfo>

: </FirewallInfo>

: </FirewallList>

</sgmscommand>

Note A sample of this file, sample_nodes.xml, is located in the Misc directory on the SonicWALL GMS CD-ROM.

Adding Users

To add users, use the addusers command.

sgms> addusers xml_file

Syntax

Table 1:

xml_file

XML file that contains user information.

Usage Guidelines

The XML file should contain the following:

<? Xml version ="1.0" >

<Sgmscommand>

: <AddUsers>

: <AddUser>

: <UserAccountInfo>

: <Name>username</Name>

: <Password>password</Password>

: <UserTypeName>group</UserTypeName>

: <DefaultViewName>viewname</DefaultViewName>

: <FirstName>firstname</FirstName>

: <MiddleName>middlename</MiddleName>

: <LastName>lastname</LastName>

: <Phone>phone</Phone>

: <Fax>fax</Fax>

: <Email1>email</Email1>

: <Email2>email2</Email2>

: <Timeout>timeout_period</Timeout>

: </UserAccountInfo>

: <UserPermsInfo>

: <UserScreenList>

: <UserScreen pathname="screenpath" permtype="permission_type"> </UserScreen>

: </UserScreenList>

: <UserNodeList>

: <UserNode displayname="node" viewname="viewname" operationtype="optype"></UserNode>

: </UserNodeList>

: <UserActionList>

: <AddUnit>permission</AddUnit>

: <ModifyUnit>permission</ModifyUnit>

: <DeleteUnit>permission</DeleteUnit>

: <RenameUnit>permission</RenameUnit>

: <ModifyProperties>permission</ModifyProperties>

: <ReassignAgents>permission</ReassignAgents>

: <AddDeleteModifyView>permission</AddDeleteModifyView>

: <ChangeView>permission</ChangeView>

: <AllowCLI>permission</AllowCLI>

: </UserActionList>

: </UserPermsInfo>

: </AddUser>

: </AddUsers>

: </Sgmscommand>

Table 2:

UserAc­countInfo

User account options include:

Name—username of the user.

Password—password of the user.

UserTypeName—user group to which the user belongs.

DefaultViewName—default view for the user.

FirstName—first name of the user.

MiddleName—middle name of the user.

LastName—last name of the user.

Phone—phone number of the user.

Fax—fax number of the user.

Email1—email address of the user.

Email2—email address of the user.

Timeout—idle-timeout setting for the user.

UserPermsInfo

User permissions information include:

UserScreenList

pathname—path to a screen. For example: “Console/Manage­ment/Users” or “Policies/Access/General.”

permtype—permissions for the screen. Options include: Read Only and Read/Write.

UserNodeList

displayname—name of the node.

viewname—view in which the node appears.

UserActionList

AddUnit—specifies whether the user can add units (allow or deny).

ModifyUnit—specifies whether the user can modify units (allow or deny).

DeleteUnit—specifies whether the user can delete units (allow or deny).

RenameUnit—specifies whether the user can rename units (allow or deny).

ModifyProperties—specifies whether the user can modify unit proper­ties (allow or deny).

ReassignAgents—specifies whether the user can reassign units to other agents (allow or deny).

AddDeleteModifyView—specifies whether the user can add, delete, or modify views (allow or deny).

ChangeView—specifies whether the user can change views (allow or deny).

AllowCLI—specifies whether the user can use the CLI (allow or deny).

Example

In the following example, the user Linda is added:

sgms> addusers linda.xml

The following is the content of linda.xml.

<? Xml version ="1.0" >

<Sgmscommand>

: <AddUsers>

: <AddUser>

: <UserAccountInfo>

: <Name>Linda</Name>

: <Password>password</Password>

: <UserTypeName>Operators</UserTypeName>

: <DefaultViewName>ISPView</DefaultViewName>

: <FirstName>Linda</FirstName>

: <MiddleName></MiddleName>

: <LastName>Griffith</LastName>

: <Phone>(408)111-2222</Phone>

: <Fax>(408)222-3333</Fax>

: <Email1>lgriffith@sonicwall.com</Email1>

: <Email2></Email2>

: <Timeout>40</Timeout>

: </UserAccountInfo>

: <UserPermsInfo>

: <UserScreenList>

: <UserScreen pathname="Console/Management/Users" permtype="Read Only"> </UserScreen>

: <UserScreen pathname="Policies/Access/General" permtype="Read/Write"></UserScreen>

: </UserScreenList>

: <UserNodeList>

: <UserNode displayname="Palo Alto1" viewname="ISPView" operationtype="Add"></UserNode>

: <UserNode displayname="Houston 1" viewname="View All" operationtype="Add"></UserNode>

: </UserNodeList>

: <UserActionList>

: <AddUnit>allow</AddUnit>

: <ModifyUnit>allow</ModifyUnit>

: <DeleteUnit>deny</DeleteUnit>

: <RenameUnit>deny</RenameUnit>

: <ModifyProperties>deny</ModifyProperties>

: <ReassignAgents>deny</ReassignAgents>

: <AddDeleteModifyView>allow</AddDeleteModifyView>

: <ChangeView>allow</ChangeView>

: <AllowCLI>deny</AllowCLI>

: </UserActionList>

: </UserPermsInfo>

: </AddUser>

: </AddUsers>

: </Sgmscommand>

Changing Users

To change user settings, use the changeusers command. This command is similar to the addusers command.

sgms> changeusers xml_file

Syntax

 

xml_file

XML file that contains user information.

Usage Guidelines

The XML file can contain the following:

<? Xml version ="1.0" >

<Sgmscommand>

: <AddUsers>

: <AddUser>

: <UserAccountInfo>

: <Name>username</Name>

: <Password>password</Password>

: <UserTypeName>group</UserTypeName>

: <DefaultViewName>viewname</DefaultViewName>

: <FirstName>firstname</FirstName>

: <MiddleName>middlename</MiddleName>

: <LastName>lastname</LastName>

: <Phone>phone</Phone>

: <Fax>fax</Fax>

: <Email1>email</Email1>

: <Email2>email2</Email2>

: <Timeout>timeout_period</Timeout>

: </UserAccountInfo>

: <UserPermsInfo>

: <UserScreenList>

: <UserScreen pathname="screenpath" permtype="permission_type"> </UserScreen>

: </UserScreenList>

: <UserNodeList>

: <UserNode displayname="node" viewname="viewname" operationtype="optype"></UserNode>

: </UserNodeList>

: <UserActionList>

: <AddUnit>permission</AddUnit>

: <ModifyUnit>permission</ModifyUnit>

: <DeleteUnit>permission</DeleteUnit>

: <RenameUnit>permission</RenameUnit>

: <ModifyProperties>permission</ModifyProperties>

: <ReassignAgents>permission</ReassignAgents>

: <AddDeleteModifyView>permission</AddDeleteModifyView>

: <ChangeView>permission</ChangeView>

: <AllowCLI>permission</AllowCLI>

: </UserActionList>

: </UserPermsInfo>

: </AddUser>

: </AddUsers>

: </Sgmscommand>

Table 3:

UserAc­countInfo

User account options include:

Name—username of the user.

Password—password of the user.

UserTypeName—user group to which the user belongs.

DefaultViewName—default view for the user.

FirstName—first name of the user.

MiddleName—middle name of the user.

LastName—last name of the user.

Phone—phone number of the user.

Fax—fax number of the user.

Email1—email address of the user.

Email2—email address of the user.

Timeout—idle-timeout setting for the user.

UserPermsInfo

User permissions information include:

UserScreenList

pathname—path to a screen. For example: “Console/Manage­ment/Users” or “Policies/Access/General.”

permtype—permissions for the screen. Options include: Read Only and Read/Write.

UserNodeList

displayname—name of the node.

viewname—view in which the node appears.

UserActionList

AddUnit—specifies whether the user can add units (allow or deny).

ModifyUnit—specifies whether the user can modify units (allow or deny).

DeleteUnit—specifies whether the user can delete units (allow or deny).

RenameUnit—specifies whether the user can rename units (allow or deny).

ModifyProperties—specifies whether the user can modify unit prop­erties (allow or deny).

ReassignAgents—specifies whether the user can reassign units to other agents (allow or deny).

AddDeleteModifyView—specifies whether the user can add, delete, or modify views (allow or deny).

ChangeView—specifies whether the user can change views (allow or deny).

AllowCLI—specifies whether the user can use the CLI (allow or deny).

Example

In the following example, new information is updated for the users Linda and Mike:

sgms> addusers linda.xml

 

The following is the content of linda-mike.xml.

<? Xml version ="1.0" >

<Sgmscommand>

: <AddUsers>

: <AddUser>

: <UserAccountInfo>

: <Name>Linda</Name>

: <Password>new-password</Password>

: <Phone>(408)555-1212</Phone>

: <Email1>linda@sonicwall.com</Email1>

: <Timeout>70</Timeout>

: </UserAccountInfo>

: </AddUser>

: <AddUser>

: <UserAccountInfo>

: <Name>Mike</Name>

: <Password>new-password</Password>

: <Phone>(408)555-1233</Phone>

: <Email1>mike@sonicwall.com</Email1>

: <Timeout>60</Timeout>

: </UserAccountInfo>

: </AddUser>

: </AddUsers>

: </Sgmscommand>

 

 

Deleting a Single User

To delete users, use the deleteuser command.

sgms> deleteuser username

Syntax

 

username

Name of a user.

Example

In the following example, the user Linda is deleted:

sgms> deleteuser linda

Deleting Multiple Users

To delete users, use the deleteusers command.

sgms> deleteusers xml_file

Syntax

 

xml_file

XML file that contains user information.

Usage Guidelines

The XML file should contain the following:

<? Xml version ="1.0" >

<Sgmscommand>

: <DeleteUsers>

: <DeleteUser username="username"></DeleteUser>

: <DeleteUser username="username"></DeleteUser>

: </DeleteUsers>

: </Sgmscommand>

Table 4:

username

Name of the user to delete.

Example

In the following example, the users John, Linda, and Albert are deleted:

sgms> deleteuser deleteusers.xml

 

The following is the content of deleteusers.xml.

<? Xml version ="1.0" >

<Sgmscommand>

: <DeleteUsers>

: <DeleteUser username="John"></DeleteUser>

: <DeleteUser username="Linda"></DeleteUser>

: <DeleteUser username="Albert"></DeleteUser>

: </DeleteUsers>

: </Sgmscommand>

Adding and Removing Activation Codes

To add or remove activation codes for SonicWALL appliances, use the activationcode command.

sgms> activationcode xml_file

Syntax

 

xml_file

XML file that contains activation code information.

Usage Guidelines

The XML file should contain the following:

<? Xml version ="1.0" >

<Sgmscommand>

: : <Activation>command_type</Activation>

: : : <Activation values>

: : : : : <Activation category>category</Activation _category >

: : : : : : <Activation type>activation_type</Activation type>

: : : </Activation values>

: : : <Codes>

: : : : : : <Code>code</code>

: : : : : : <Code>code</code>

: : : : </Codes>

: </Sgmscommand>

 

command_type

Required. Specifies the action to perform. Options include:

add—adds the specified category and type.

delete—deletes the specified activation codes.

list—lists the activation codes for the specified category and type.

To add activation codes, enter add. To remove codes, enter delete.

category

Required for add and list. Enter the category of upgrade. Options include:

Anti-Virus

Content Filter Subscription

PKI End User Certificate

Node Upgrade

PKI Administrator Certificate

VPN Upgrade

VPN Client Upgrade

HA Upgrade

activation_type

Required for add and list. Enter the type of upgrade for the selected cate­gory. Options include:

 

Anti-Virus

 

 

 

 

 

 

Content Filter Subscrip­tion

 

 

 

PKI EndUser Certificate

 

 

 

 

 

Node Upgrade

 

 

 

 

 

PKI Administrator Cer­tificate

 

 

 

 

 

 

VPN Upgrade

 

 

VPN Client Upgrade

 

 

 

 

HA Upgrade

• 5 Nodes

• 10 Nodes

• 50 Nodes

• 100 Nodes

• 1000 Nodes

 

• 5 Nodes

• 10 Nodes

• 50 Nodes

• Unlimited Nodes

 

• 1 Node

• 10 Nodes

• 50 Nodes

• 100 Nodes

 

• 10->25 Nodes

• 10->50 Nodes

• 10->Unlimited Nodes

• 25->50 Nodes

• 50->Unlimited Nodes

 

• SOHO2/SOHO3

• GX 2500/GX 2500 HA Backup

• GX 6500/GX6500 HA Backup

• XPRS/XPRS2/PRO 100

• PRO/PRO-VX/RPO 200/PRO 300

• TELE2/TELE3

 

• 5/10/25/50 Nodes

• Unlimited Nodes

 

• Single VPN Client

• 10 VPN Clients

• 100 VPN Clients

• 50 VPN Clients

• PRO/PRO 200

code

Required for add and delete. One or more code numbers. Each code num­ber must appear on its own line.

Example

In the following example, four 100 Node Anti-Virus activation codes are added to Dell SonicWALL GMS:

sgms> activationcode new_virus_codes.xml

 

The following is the content of new_virus_codes.xml.

<? Xml version ="1.0" >

<Sgmscommand>

: : <Activation>add</Activation>

: : : <Activation values>

: : : : : <Activation category>Anti-Virus</Activation _category >

: : : : : : <Activation type>100 Nodes</Activation type>

: : : </Activation values>

: : : <Codes>

: : : : : : <Code>12345678</code>

: : : : : : <Code>23456780</code>

: : : : : : <Code>34567890</code>

: : : : : : <Code>45678901</code>

: : : : </Codes>

: </Sgmscommand>

Note A sample of the file is available on the SonicWALL GMS CD-ROM. It is called sample_activationcode.xml and is located in the Misc directory.

Deleting Nodes Using the CLI

To delete a single node, use the deletenode command.

sgms> deletenode displayname viewname [deleteSAs {0 | 1}]

Syntax

 

displayname

Required. Specifies the name of the node.

viewname

Required. Specifies the name of a view in which the node appears.

{0 | 1}

Specifies whether the node’s SAs are deleted. To delete the SAs, enter 1. To save the SAs, enter 0.

Example

In the following example, the node “Timbuktu52” and its SAs are deleted.

sgms> deletenode Timbuktu52 NewView deleteSAs 1

Deleting Nodes Using XML

To delete nodes or groups, use the deletenodes command.

sgms> deletenodes xml_file

Syntax

 

xml_file

XML file that contains nodes to delete.

Usage Guidelines

The XML file should contain the following:

<? Xml version ="1.0" >

<Sgmscommand>

: <DeleteNodes>

: <DeleteNode displayname="displayname" viewname="viewname" deleteSAs="0" />

: </DeleteNodes>

: </Sgmscommand>

 

displayname

Required. Specifies the name of the node. If you specify group parameters, all nodes that belong to the groups will be deleted.

viewname

Required. Specifies the name of a view in which the node appears.

deleteSAs

Specifies whether the node’s SAs are deleted. To delete the SAs, enter 1. To save the SAs, enter 0.

Example

In the following example, “Palo Alto 4” and all nodes within the specified groups are deleted:

sgms> activationcode node-delete.xml

 

The following is the content of node-delete.xml.

<? Xml version ="1.0" >

<Sgmscommand>

: <DeleteNodes>

: <DeleteNode displayname="Country=USA:State=California:Department=Engineering:Company=
: Silicon Valley" viewname="View All" deleteSAs="1" />

: <DeleteNode displayname="Palo Alto 4" viewname="View All" deleteSAs="0" />

: </DeleteNodes>

: </Sgmscommand>

Monitoring Tunnel Status

To monitor the status of a VPN tunnel, use the vpnmonitor status command.

sgms> vpnmonitor status firewall-sn [type {up | down | all }]

Syntax

 

firewall-sn

Serial number of the firewall to view.

type {up | down | all }

Specifies which types of tunnels are displayed (default: all).

Note This command causes the SonicWALL appliance to display the first five VPN tunnels. If the SonicWALL appliance has more than 5 tunnels, enter the vpnmonitor N command to display the next page of results.

Example

In the following example, the status of each VPN tunnel for the SonicWALL appliance with serial number 004010126FB0 is displayed:

sgms> vpnmonitor status 004010126FB0

 

-----------------------------------------------------------------------------

SA NAME: GroupVPN

LAST UPDATED: Mar 22, 2004 Mon [11:49 AM]

 

Tunnel ID Status Destination Address Range

MT107998499199600B0D01FDBF8 Down 0.0.0.0 - 0.0.0.0

-----------------------------------------------------------------------------

SA NAME: SGMS-0006B1040148

LAST UPDATED: Mar 22, 2004 Mon [11:49 AM]

 

Tunnel ID Status Destination Address Range

MT107998499489000B0D01FDBF8 Up 10.0.14.43 - 10.0.14.43

-----------------------------------------------------------------------------

SA NAME: SGMS-0006B1044046

LAST UPDATED: Mar 22, 2004 Mon [11:49 AM]

 

Tunnel ID Status Destination Address Range

MT107998499529000B0D01FDBF8 Up 10.0.14.44 - 10.0.14.44

-----------------------------------------------------------------------------

SA NAME: SGMS-00401012550C

LAST UPDATED: Mar 22, 2004 Mon [11:49 AM]

 

Tunnel ID Status Destination Address Range

MT107998499428900B0D01FDBF8 Up 10.0.14.45 - 10.0.14.45

-----------------------------------------------------------------------------

 

Displayed 0 to 4 of 4 rows.

Monitoring Tunnel Statistics

To view the statistics for a VPN tunnel, use the vpnmonitor statistics command.

sgms> vpnmonitor statistics tunnel-id

Syntax

 

tunnel-id

ID of the tunnel to view.

Example

In the following example, the statistics for tunnel MT107998499428900B0D01FDBF8 are displayed:

sgms> vpnmonitor statistics MT107998499428900B0D01FDBF8

 

Statistics for tunnel MT107998499428900B0D01FDBF8

-------------------------------------------------------------------

SA Name: SGMS-00401012550C

Gateway: 10.0.14.45

Source Address Range: 0.0.0.0 - 255.255.255.255

Destination Address Range: 10.0.14.45 - 10.0.14.45

Creation Time: 03/19/2004 10:43:34

Expiry Time: SaUpTime: No Expiry

Packets In: 18822

Packets Out: 2941

Bytes In: 267

Bytes Out: 103

Fragmented Packets In: 0

Fragmented Packets Out: 0

-------------------------------------------------------------------

Refreshing a Tunnel

To refresh a tunnel, use the vpnmonitor refresh command.

sgms> vpnmonitor refresh tunnel-id

Syntax

 

tunnel-id

ID of the tunnel to view.

Example

In the following example, tunnel MT107998499428900B0D01FDBF8 is refreshed:

sgms> vpnmonitor refresh MT107998499428900B0D01FDBF8

Renegotiating a Tunnel

To renegotiate a VPN tunnel, use the vpnmonitor renegotiate command.

sgms> vpnmonitor renegotiate tunnel-id

Syntax

 

tunnel-id

ID of the tunnel to view.

Example

In the following example, tunnel MT107998499428900B0D01FDBF8 is renegotiated:

sgms> vpnmonitor renegotiate MT107998499428900B0D01FDBF8

Synchronizing Tunnel Information

To synchronize VPN information for a SonicWALL appliance with Dell SonicWALL GMS, use the vpnmonitor synchronize command.

sgms> vpnmonitor synchronize firewall-sn

Syntax

 

firewall-sn

Serial number of the firewall to view.

Example

In the following example, tunnel status information for each VPN tunnel on the SonicWALL appliance with serial number 004010126FB0 is synchronized with Dell SonicWALL GMS:

sgms> vpnmonitor synchronize 004010126FB0

Configuring SonicWALL Parameters

This section describes how to use the configure command to execute a group of commands using an XML configuration file.

Using the Configure Command

To execute a group of commands in an XML configuration file, use the configure command.

sgms> configure xml_file

Note For information on creating a configuration file, see Preparing a Configuration File.

Syntax

 

xml_file

The XML file that contains configuration instructions.

Usage Guidelines

When this command is entered, Dell SonicWALL GMS does the following:

• Checks whether the command is entered with the correct parameters.

– If the command is not entered correctly, it returns the correct form of the command.

• Checks the validity of the XML file.

• Executes the command.

• Closes the session and exits.

Example

In the following example, the user admin logs in using the password “password” and runs an addunit command.

sgms> configure configure.xml

Preparing a Configuration File

Configuration files can be used to set, add, or delete parameters that are normally only accessible from the Dell SonicWALL GMS UI. Additional examples of XML files are found in the SGMS2/CLI directory. The following is the format of an XML configuration file:

Note For information on configuration parameters, see Configuration Parameters.

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>

<!DOCTYPE Configure [

: <!ELEMENT Configure (Task*)>

: <!ELEMENT Task (SetParam*,DelParam*,AddParam*)>

: <!ATTLIST Task

: : : displayname: : CDATA: #REQUIRED

: : : viewname: : CDATA : #REQUIRED

: : : updatetype: : CDATA : #REQUIRED

: : : tasktype: : CDATA: #REQUIRED

: : : description : : CDATA: #REQUIRED>

: <!ELEMENT SetParam EMPTY>

: <!ATTLIST SetParam

: : : setParamName: : CDATA: #REQUIRED

: : : setParamValue: : CDATA: #REQUIRED>

 

: <!ELEMENT DelParam EMPTY>

: <!ATTLIST DelParam

: : : delParamName: : CDATA: #REQUIRED

: : : delParamValue: : CDATA: #REQUIRED>

 

: <!ELEMENT AddParam EMPTY>

: <!ATTLIST AddParam

: : : addParamName: : CDATA: #REQUIRED

: : : addParamValue: : CDATA: #REQUIRED>:

]>

<Configure>

: <Task

: : displayname="firewall_parameters"

: : viewname="view_name"

: : updatetype="update_type"

: : tasktype="task_type"

: : description="description"

: : >

: <AddParam addParamName="add_parameter_name" addParamValue="add_parameter_value"/>

: <AddParam setParamName="set_parameter_name" setParamValue="set_parameter_value"/>

: : </Task>

</Configure>

firewall_parameters

Required. Specifies the firewall or parameters of the firewalls that will updated.

To specify a single firewall, enter the firewall name. For example:

displayname="Firewall_42"

To specify more than one firewall, enter each group parameter that applies to the firwall. For example:

displayname="Country=USA:State=California:Department=Engineer­ing"

view_name

Specifies the view to which the firewall or group of firewalls belongs. This allows you to apply changes to firewalls within a specific view.

For example, to apply the changes to firewalls that meet the param­eters that you specified in the view “USA_west_coast,” enter the fol­lowing:

viewname=”USA_west_coast”

update_type

Specifies the kind of update to be performed such as changing exist­ing values, adding new values, or deleting values. Options include:

• change_field—used to set a non-array-type field

• add_array_field—used to add an array-type field

• del_array_field—used to delete a value from an array-type field

• special_action—used to perform special tasks, such as synchroniz­ing or restarting a firewall

task_type

Specifies the task type. Options include:

• Configure_FW—used to configure SonicWALL firewalls

• Configure_RC—used to configure Ravlin devices

• Register—used to register SonicWALL appliances

description

Description of the tasks you are performing. This information will appear in the log files.

Parameter Settings

Used to add, delete, or set parameters.

Change Fields
Used to set independent firewall parameters.

set_parameter_name—specifies the name of the parameter.

set_parameter_value—specifies the new setting.

For example, to create a task to change the time zone of the firewall (the timezone parameter), enter the following:

updatetype=change_field
tasktype=Configure_FW
description=Change Timezone
setParamName=timezone
setParamValue=829

 

Add Fields
Used to add new firewall parameters.

add_parameter_name—specifies the name of the parameter.

add_parameter_value—specifies the new parameter setting.

For example, to add a rule (such as Allow File Transfer (FTP)), use the following text:

updatetype=add_array_field
tasktype=Configure_FW
description=Add Rule, Allow File Transfer (FTP)
setParamName=serviceNameInRule
setParamValue=File Transfer (FTP)

 

Delete Fields
Used to delete firewall parameters.

del_parameter_name—specifies the name of the parameter.

del_parameter_value—specifies the setting to delete.

For example, to remove a rule (such as Allow File Transfer (FTP)), use the following text:

updatetype=del_array_field
tasktype=Configure_FW
description=Delete Rule, Allow File Transfer (FTP)
setParamName=serviceNameInRule
setParamValue=File Transfer (FTP)

 

Special Action
Used to execute special actions such as a resetting a firewall.

set_parameter_name—specifies the name of the parameter.

set_parameter_value—specifies the action to execute.

For example, to restart a firewall, use the following text:

updatetype=special_action
tasktype=Configure_FW
description=Restart Firewall
setParamName=cgi_action
setParamValue=restart

Modifying SonicWALL Parameters

This section describes how to use the ModifyArray command to change SonicWALL appliance settings using an XML configuration file.

Using the ModifyArray Command

To modify a SonicWALL parameter setting, use the ModifyArray command.

sgms> modifyarray xml_file

Note For information on creating a configuration file, see Preparing a Parameter Modification File.

Syntax

 

xml_file

The XML file that contains configuration instructions.

Usage Guidelines

When this command is entered, Dell SonicWALL GMS does the following:

• Checks whether the command is entered with the correct parameters.

– If the command is not entered correctly, it returns the correct form of the command.

• Checks the validity of the XML file.

• Executes the command.

• Closes the session and exits.

Example

In the following example, the value of the secondary phone number is changed to the number specifed in the primary phone number field and the primary phone number is changed to 800-555-1212.

sgms> modifyarray modify.xml

The following is the content of modify.xml.

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>

<!DOCTYPE Configure (View Source for full doctype...)>

: <Configure>

: <Task displayname="root" viewname="AGENTCompany" description="Modify SP Profiles" arraytable
: name="SW_PROFILES" indidxcolumnname="dialupProfileInUse_0">

: <ArrayIndexColumnName paramName="dialConfigName" />

: <ModParam paramName="secPhone" paramValue="%priPhone%" />

: <ModParam paramName="priPhone" paramValue="[18005551212]" />

: </Task>

: </Configure>

Preparing a Parameter Modification File

Modification files can be used to change parameters that are normally only accessible from the Dell SonicWALL GMS UI. For example, you can change the DNS Settings of the first DNS server to a specific new address or you can set the IP address of the first DNS server to the IP address of the second server for each selected SonicWALL appliance.

The following is the format of an XML modification file:

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>

<!DOCTYPE Configure [

 

: <!ELEMENT Configure (Task*)>

 

: <!ELEMENT Task (ArrayIndexColumnName*,ModParam*)>

: <!ATTLIST Task

: : : displayname: : CDATA: : #REQUIRED

: : : viewname : : CDATA: : #REQUIRED

: : : description : : CDATA: : #REQUIRED

: : : arraytablename : : CDATA: : #REQUIRED

: : : indidxcolumnname: : CDATA: : #REQUIRED>

 

: <!ELEMENT ArrayIndexColumnName: : EMPTY>

: <!ATTLIST ArrayIndexColumnName

: : : paramName: CDATA: : #REQUIRED>

 

: <!ELEMENT ModParam: : EMPTY>

: <!ATTLIST ModParam

: : : paramName: CDATA: : #REQUIRED

: : : paramValue: CDATA: : #REQUIRED>

: :

]>

<Configure>

: <Task displayname="firewall_parameters"

viewname="view_name"

description="description"

arraytablename="SW_PROFILES"

: : indidxcolumnname="dialupProfileInUse_0"

: >

: <ArrayIndexColumnName paramName="column_name"/>

 

: <ModParam paramName="secPhone" paramValue="param_value"/>

: <ModParam paramName="priPhone" paramValue="param_value"/>

: </Task>

</Configure>

 

firewall_parameters

Required. Specifies the firewall or parameters of the firewalls that will updated.

To specify a single firewall, enter the firewall name. For example:

displayname="Firewall_42"

To specify more than one firewall, enter each group parameter that applies to the firwall. For example:

displayname="Country=USA:State=California:Department=Engineer­ing"

To specify all firewalls, enter “root”. For example:

displayname="root"

description

Description of the tasks you are performing. This information will appear in the log files.

view_name

Specifies the view to which the firewall or group of firewalls belongs. This allows you to apply changes to firewalls within a specific view.

For example, to apply the changes to firewalls that meet the parameters that you specified in the view “USA_west_coast,” enter the following:

viewname=”USA_west_coast”

column_name

Specifies the array index column name.

Parameter Values

Used to modify parameters.

Modify Parameters
Used to set independent firewall parameters.

param_name—specifies the name of the parameter.

param_value—specifies the new setting. This can be a variable that refers to another the setting for another paramter. For example, the following string will change the Secondary modem phone number to the value of the Primary modem phone number:

<ModParam paramName="secPhone" paramValue="%pri­Phone%" />

 

Configuration Parameters

For the latest list of available CLI configuration parameters, see the SonicWALL GMS CLI Reference Guide, which is available at the following URL:

http://www.sonicwall.com/us/Support.html

This chapter contains information on how to retrieve parameters that can be used with the command-line interface (CLI) configure command.

System/Time

This section describes parameters that can be configured for the time screen of the System tree. To get firewall parameters list that needs to be configured on firmware, it is necessary to query the back-end database. To configure the time screen, perform the following steps:

1. Open Query Analyzer select sgmsdb database, then execute following queries:

– Select id from screens where name like 'Time'. Output: 1003

– Query to get details of parameters.

– Select prefs_file_name,independent,default_value from params_info where prefs_file_name in (Select param_name from sub_policy where screen_id = 1003)

provides the parameters returned for above query.

Table 26 Query Parameters

Prefs file name

Independent

Default value

Min. value

Max. value

addCustomNTPServer

0

 

Null

Null

ntp_updateInterval

1

60

Null

Null

ntp_useDst

1

0

Null

Null

ntp_useNtp

1

0

Null

Null

ntp_utcLogs

1

0

Null

Null

timezone

1

28

Null

Null

useInternational

1

0

Null

Null

Grouping independent and array parameters from above query results

– Independent Parameter list: ntp_updateInterval, ntp_useDst, ntp_useNtp, ntp_utcLogs, timezone, useInternational (Independent attribute value 0)

– Array List: addCustomNTPServer (Independent attribute value 1)

The following provides the XML to configure the Array parameters of the time screen:

<!ELEMENT Task (SetParam*,DelParam*,AddParam*)>

<!ATTLIST Task

displayname CDATA #REQUIRED

viewname CDATA #REQUIRED

updatetype CDATA #REQUIRED

tasktype CDATA #REQUIRED

description CDATA #REQUIRED>

<!ELEMENT SetParam EMPTY>

<!ATTLIST SetParam

setParamName CDATA #REQUIRED

setParamValue CDATA #REQUIRED>

xml_file The XML file that contains configuration instructions.

Using the Command Line Interface 27

<!ELEMENT DelParam EMPTY>

<!ATTLIST DelParam

delParamName CDATA #REQUIRED

delParamValue CDATA #REQUIRED>

<!ELEMENT AddParam EMPTY>

<!ATTLIST AddParam

addParamName CDATA #REQUIRED

addParamValue CDATA #REQUIRED>

]>

<Configure>

<Task

displayname="firewall_parameters"

viewname="view_name"

updatetype="update_type"

tasktype="task_type"

description="description"

>

<AddParam addParamName=" addCustomNTPServer " addParamValue="10.0.0.1"/>

</Task>

</Configure>

The following provides the the XML to configure independent parameters for the time screen.

<!ELEMENT Task (SetParam*,DelParam*,AddParam*)>

<!ATTLIST Task

displayname CDATA #REQUIRED

viewname CDATA #REQUIRED

updatetype CDATA #REQUIRED

tasktype CDATA #REQUIRED

description CDATA #REQUIRED>

<!ELEMENT SetParam EMPTY>

<!ATTLIST SetParam

setParamName CDATA #REQUIRED

setParamValue CDATA #REQUIRED>

xml_file The XML file that contains configuration instructions.

Using the Command Line Interface 27

<!ELEMENT DelParam EMPTY>

<!ATTLIST DelParam

delParamName CDATA #REQUIRED

delParamValue CDATA #REQUIRED>

<!ELEMENT AddParam EMPTY>

<!ATTLIST AddParam

addParamName CDATA #REQUIRED

addParamValue CDATA #REQUIRED>

]>

<Configure>

<Task

displayname="firewall_parameters"

viewname="view_name"

updatetype="update_type"

tasktype="task_type"

description="description"

<AddParam setParamName=" ntp_updateInterval " setParamValue="30"/>

<AddParam setParamName= " ntp_useDst " setParamValue="1"/>

<AddParam setParamName=" ntp_useNtp " setParamValue="1"/>

<AddParam setParamName=" ntp_utcLogs " setParamValue="1"/>

<AddParam setParamName=" timezone " setParamValue="829"/>

<AddParam setParamName=" useInternational " setParamValue="1"/>

</Task>

</Configure>