Upload
devendra-barhate
View
2.728
Download
17
Embed Size (px)
Citation preview
COMPREHENSIVE INTERNET SECURITY™
S o n i c WALL Internet Security Ap p l i a n c e s
SonicOS Standard/EnhancedCommand Line Interface (CLI)Guide
Page 1
�����������This document contains a categorized complete listing of Command Line Interface (CLI) commands for SonicOS Standard and Enhanced firmware for the Pro 4060, Pro 2040 and TZ 170 devices. Each command is described and, where appropriate, an example of usage is included.
����� Commands using port spec x0, 1x, etc. only take IDs for existing ports on the device. For example, the TZ170 uses x0-x2, the Pro 2040 x0-x3, and the Pro 4060 x0-x5.
This User’s Guide contains the following sections:
• Input Data Format Specification• Text Conventions• Editing and Completion Features• Command Hierarchy• Configuration Security• Management Methods for Each Appliance• Initiating a Management Session• Command Set Status
������ � ����� ������� ���The table below describes the data formats acceptable for most commands. H represents one or more hexadecimal digit (0-9 and A-F). D represents one or more decimal digit.
����������������
���������������Bold text indicates a command executed by interacting with the user interface.
Courier bold text indicates commands and text entered using the CLI.
Italic text indicates the first occurrence of a new term, as well as a book title, and also emphasized text. In this command summary, items presented in italics represent user-specified information.
Items within angle brackets (“< >”) are required information.
Items within square brackets (“[ ]”) are optional information.
Items separated by a “pipe” (“|”) are options. You can select any of them.
Data Data Format
MAC Address HH:HH:HH:HH:HH:HH
MAC Address HHHH.HHHH.HHHH
IP Address D.D.D.D
IP Address 0xHHHHHHHH
Integer Values D
Integer Values 0xH
Integer Range D-D
Page 2 SonicWALL Command Line Interface Guide
����� Though a command string may be displayed on multiple lines in this guide, it must be entered on a single line with no carriage returns except at the end of the complete command.
������ �������������� �����
You can use individual keys and control-key combinations to assist you with the CLI. The table below describes the key and control-key combination functions.
��������������� ���
Key(s) Function
Tab Completes the current word
? Displays possible command completions
CTRL+A Moves cursor to the beginning of the command line
CTRL+B Movers cursor to the previous character
CTRL+C Exits the Quick Start Wizard at any time
CTRL+E Moves cursor to the end of the command line
CTRL+F Moves cursor to the next character
CTRL+K Erases characters from the cursor to the end of the line
CTRL+N Displays the next command in the command history
CTRL+P Displays the previous command in the command history
CTRL+W Erases the previous word
Left Arrow Moves cursor to the previous character
Right Arrow Moves the cursor to the next character
Up Arrow Displays the previous command in the command history
Down Arrow Displays the next command in the command history
Page 3
Most configuration commands require completing all fields in the command. For commands with several possible completers, the Tab or ? key display all options.
myDevice> show [TAB]
The Tab key can also be used to finish a command if the command is uniquely identified by user input.
myDevice> show al [TAB]
displays
myDevice> show alerts
Additionally, commands can be abbreviated as long as the partial commands are unique. The following text:
myDevice> sho int inf
is an acceptable abbreviation for
myDevice> show interface info
alerts interface network tech-support
arp log processes tsr
content-filter memory route web-management
cpu messages security-services
zone
device nat status zones
gms netstat system
Page 4 SonicWALL Command Line Interface Guide
���� ������ �� �The CLI configuration manager allows you to control hardware and firmware of the appliance through a discreet mode and submode system. The commands for the appliance fit into the logical hierarchy shown below.
To configure items in a submode, activate the submode by entering a command in the mode above it.
For example, to set the default LAN interface speed or duplex, you must first enter configure, then interface x0 lan. To return to the higher Configuration mode, simply enter end or finished.
������� �����������SonicWALL Internet Security appliances allow easy, flexible configuration without compromising the security of their configuration or your network.
! ��"����The SonicWALL CLI currently uses the administrator’s password to obtain access. SonicWALL devices are shipped with a default password of password. Setting passwords is important in order to access the SonicWALL and configure it over a network.
� ������������������ ����If you are unable to connect to your device over the network, you can use the command restore to reset the device to factory defaults during a serial configuration session.
Page 5
# � �������#�� ��������� ������$%&&������������������%� ���You can configure the SonicWALL appliance using one of two methods:
• Using a serial connection and the configuration manager -An IP address assignment is not necessary for appliance management.
-A device must be managed while physically connected via a serial cable.
• Web browser-based User Interface -In IP address must have been assigned to the appliance for management or use the default of 192.168.168.168.
��� ���� �# � �������������������� ���&�Serial Management and IP Address Assignment
Follow the steps below to initiate a management session via a serial connection and set an IP address for the device.
����� The default terminal settings on the SonicWALL and modules is 80 columns by 25 lines. To ensure the best display and reduce the chance of graphic anomalies, use the same settings with the serial terminal software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on the serial terminal software.
1. Attach the included null modem cable to the appliance port marked CONSOLE. Attach the other end of the null modem cable to a serial port on the configuring computer.
2. Launch any terminal emulation application that communicates with the serial port connected to the appliance. Use these settings:
• 115,200 baud (9600 for TZ170)• 8 data bits• no parity• 1 stop bit• no flow control3. Press Return. Initial information is displayed followed by a DEVICE NAME> prompt.
Page 6 SonicWALL Command Line Interface Guide
����'���� ��������� ���&����The following table displays all commands available for the SonicWALL.
• Top Level Command Description • Configuration Command Description • Interface Configuration Command Description • Log Category Command Description • Zone Command Description
���� ������������
Command Description
show alerts Show alerts
show arp Displays currently known arp entries
show content filter Show content filter list status
show cpu Show cpu and memory information
show device Displays on the console the contents of the status section of the Tech Support Report (TSR)
show gms Displays GMS configuration
show interface details <x1|x2|x3|x4|x5>
Displays on the console the contents of the network section of the TSR
Show interface status <x1|x2|x3|x4|x5> Displays on the console basic interface status for the SonicWALL, such as active/inactive/disabled, speed setting, duplex setting, IP addressing infor-mation
show log content Display the SonicWALL log contents
show log settings Display the configuration data
show memory Display the system memory on the appliance
show messages Show system messages
show nat policies Display on the console the NAT policy section of the TSR
show netstat Displays the contents of the netstat table.
show network Shows the network summary.
show processes Display procedure information.
show route Displays the complete routing table.
show security-services Displays the complete status of all security services on the SonicWALL, including license status, licenses available, licenses in use, and license expi-ration dates.
show status Shows the current status of the appliance.
Page 7
show tech-support Displays the contents of the TSR.
show tsr <all | av | cfl | dhcpc |dhcprelay | dhcps | dhcpsstat | eth-ernet | ha | ip-helper | ipsec | l2tpclient | license | log | manage-ment | network | objects | policies | pppoe | pptpclient | radius | snmp | status | time | update | users | wlb>
Displays on the console the named TSR sections or all of the TSR.
show web-management Display the Web-management status and configura-tion.
Show zone <name> Displays on the console all rules for the specified zone. For example, show zone <lan rules> displays all of the rules to and from the LAN zone.
show zones Displays configured zones on the appliance and interfaces associated with each zone.
Command Description
Page 8 SonicWALL Command Line Interface Guide
���&��������� ���
Command Description
clear screen Clears the console screen, leaving a single prompt line.
clear log Clear log.
cls Clears the console screen, leaving a single prompt line.
configure Enters the configuration level
exit Causes you to exit the submenu, or if issued at the global level, returns to the login prompt.
export preferences Export a preferences file using Z-modem.
export tst Export TSR using Z-modem.
help <command> Displays the command and description.
import Import preferences from the SonicWALl using Z-modem.
logout Log out from the console.
nslookup <Domain Name> Look up the IP address of the given domain name from the configured domain name serv-ers.
ping <IP address|Domain Name> Sends ICMP packets to the destination IP address.
restart Restart the SonicWALL.
restore Restore the factory default settings on the SonicWALL
synchronize-licenses Synchronizes the SonicWALL licensing infor-mation with the mysonicwall.com backend.
traceroute <IP address|Domain Name>
Displays router hops to destination.
Page 9
���������&��������� ���
Command Description
[no] arpt <IP address><MAC address> interface <lan|wan|dmz> [perm] [pub]
Add and remove arp entries for specified inter-face.
end Exit configuration menu.
help <command> Displays command and description.
interface <x1|x2|x3|x4|x5> [<lan|wan|dmz>]
Assigns a zone to an interface and then enters the configuration of the interface.
gms Enter GMS configuration menu.
GMS Configuration
algorithm <des-md5|frd3-sha> Sets GMS encryption and authentication algo-rithm.
[no] authentication-key <hex key> Sets the 32-hex or 40-hex authentication key to communicate with the GMS server.
[no] behind-nat Enables GMS behind a NAT device.
bound-interface <x1|x2|x3|x4|x5> Bind a VPN policy to an interface.
[no] enable Enables GMS management on a SonicWALL.
encryption-key <hex key> set the 16-hex/48-hex encryption key to com-municate with the GMS server.
end Exit configuration menu.
finished Exit configuration mode to top menu.
help <command> Displays command and description.
info Displays current GMS configuration state.
[no] nat-address <IP Address> Sets the public NAT IP address that the GMS server resides behind.
[no] over-vpn Enable GMS server locally or over VPN.
[no] send-heartbeat Send heart beat status messages only.
[no] server <IP Address> Sets the real IP address of the GMS server.
[no] standby-management-sa Enable the backup SA for GMS management.
syslog-port <uvalue|(default)> Sets the syslog server port of the GMS server.
help <command> Displays the command and description
Page 10 SonicWALL Command Line Interface Guide
&%(������� ���������� ���
$%(������� ���������� ����
Command Description
interface <x0|x1|x2|x3|x4|x5> [<lan|wan|dmz>}
Assigns zone and enters the configuration mode for the interface.
auto Sets the interface to auto nego-tiate.
comment <string> Adds comment as part of the port configuration
duplex <full|half> Sets the interface duplex speed.
end Exit the configuration mode.
finished Exit configuration mode to the top menu.
help <command> Displays the command and description.
info Displays information about the interface.
mode lan Enter the LAN configuration mode.
end Exit configuration mode.
finished Exit configuration mode to top menu level.
help <command> Displays the command and description.
info Displays information about the interface.
ip <IP Address> netmask <mask>
Sets the IP address for the interface.
name <interface name> Sets the name for the interface.
speed <10|100> Sets the interface speed.
Command Description
auto Sets the interface to autonegotiate.
bandwidth-management enable Enables bandwidth management.
Page 11
bandwidth-management size <uvalue> Sets the bandwidth management size.
comment <string> Adds comment as part of the port configuration.
duplex <full|half> Sets the interface duplex speed.
end Exit the configuration mode.
finished Exit configuration mode to the top menu.
fragment-packets Enable/disable fragmentation of packets larger than the interface MTU.
ignore-df-bit Enable/disable ignoring the don’t fragment bit.
help <command> Displays the command and description.
info Displays information about the interface.
mode <static|dhcp|pptp|l2tp|pppoe> Sets the mode for the WAN inter-face and inters the given mode configuration.
Mode Static WAN Interface Configuration
[no] dns <IP Address>
Enters or removes IP address of DNS servers.
end Exits configuration mode.
finished Exits configuration mode to top menu.
gateway <IP Address>
Sets or removes default gateway for the interface.
help <command> Displays help for given com-mand.
info Displays IP information about the interfac.
[no] ip <IP Address>
Sets the IP address for the interface.
Mode DHCP WAN Interface Configuration
end Exits configuration mode.
finished Exits configuration mode to top menu.
Command Description
Page 12 SonicWALL Command Line Interface Guide
help <command> Displays help for given com-mand.
info Displays IP information about the interfac.
[no] hostname <string>
Sets the hostname for the inter-face.
release Releases IP address information.
renew Renews IP address information.
Mode PPTP WAN Interface
[no] dynamic Sets the SonicWALL to obtain the IP address dynamically.
Configuration end Exits configuration mode.
finished Exits configuration mode to top menu.
help <command> Displays help for given command.
[no] hostname <string>
Clears/Sets PPTP hostname.
[no] inactivity Enables/disables the PPTP inactivity timer.
timeout <uvalue > Sets/Clears the PPTP inactivity timeout.
info Displays IP information about the interface.
[no] ip <IP Address>
Sets/Clears the IP address for the interface.
[no] password <quoted string>
Sets/Clears the PPTP password.
[no] server ip <IP Address>
Sest/Clears the PPTP server IP address.
start
stop
[no] username <string>
Sets/Clears the PPTP username
Mode L2TP WAN [no] dynamic Sets the SonicWALL to obtain the IP address dynamically.
Configuration end Exits configuration mode.
Command Description
Page 13
Mode finished Exits configuration mode to top menu.
help <command> Displays help for given command.
[no] hostname <string>
Clears/Sets L2TP hostname.
[no] inactivity Enables/disables the L2TP inactivity timer.
timeout <uvalue> Sets/Clears the L2TP inactivity timeout.
info Displays IP information about the interface.
[no] ip <IP Address>
Sets/Clears the IP address for the interface.
[no] password <quoted string>
Sets/Clears the L2TP password.
[no] server ip <IP Address>
Sets/Clears the L2TP server IP address.
start
stop
[no] username <string>
Sets/Clears the L2TP username.
mtu <uvalue> Sets the MTU of the interface.
name <interface name>
Sets the name for the interface.
speed <10|100> Sets the interface speed.
Other auto Sets the interface to autonegoti-ate.
Interface comment <string> Adds a comment as part of the force configuration.
Configuration duplex <full|half>
Sets the interface duplex speed.
end Exits configuration mode.
finished Exits configuration mode to top menu.
help <command> Displays help for given command.
Command Description
Page 14 SonicWALL Command Line Interface Guide
info Displays IP information about the interface.
name <interface name>
Sets the name for the interface.
speed <10|100> Sets the interface to autonegoti-ate.
[no] log categories [all] Assigns/clears logging catego-ries.
Log [no] all Assigns/clears all logging catego-ries.
Category [no] attack Assigns/clears attack logging cat-egory.
Information [no] blocked-code Assigns/clears blocked code log-ging category.
[no] blocked-sites
Assigns/clears blocked sites log-ging category.
[no] connection Assigns/clears connection log-ging category.
[no] conn-traf-fic[
Assigns/clears conn traffic log-ging category.
[no] debug Assigns/clears debug logging cat-egory.
end Exits configuration mode.
finished Exits configuration mode to top menu.
help <command> Displays help for given command.
[no] icmp Assigns/clears ICMP logging cat-egory.
info Displays IP information about the interface.
[no] lan-icmp Assigns/clears LAN-ICMP log-ging category.
[no]lan-tcp Assigns/clears LAN-TCP logging category.
[no]lan-udp Assigns/clears LAN-UDP logging category.
[no]maintenance Assigns/clears maintenance log-ging category.
Command Description
Page 15
[no] mgmt-80211b Assigns/clears 80211b manage-ment logging category.
[no] modem-debug Assigns/clears modem debug-ging logging category.
[no] sys-env Assigns/clears sys env logging category.
[no] sys-err Assigns/clears sys error logging category.
[no]tcp Assigns/clears TCP logging cate-gory.
[no] udp Assigns/clears UDP logging cate-gory.
[no] user-activ-ity
Assign/clear user-activity logging category.
[no] vpn-stat Assigns/clears vpn-stat logging category.
[no] vpn-tunnel-status
Assigns/clears vpn tunnel status logging category.
[no] log filter-time <uvalue> Assigns/clears log filter time.
log ordering <choices> [invert] Assign/clear ordering method when displaying log entries.
name <string> Sets/clears the firewall name.
[no] route default <IP address> Assigns clear default route.
[no] route <Destination> <Netmask> <Gateway> [metric <route metric>]
Assigns clear static routes.
[no] web-management http enable <x0 | x1 | x2 | x3 | x4 | x5>
Enables/disables HTTP web management.
web-management http port <tcp port or ’default’>
Assigns the HTTP web manage-ment port or reset to default.
[no] web-management https enable <x0 | x1 | x2 | x3 | x4 | x5>
Enables/disables HTTPS web management.
web-management https port <tcp port or ’default’>
Assigns the HTTPS web management port or resets to default.
web-management restore Restores default web-manage-ment port and interface assign-ments.
zone <wan|lan|dms> Enters the zone configuration menu.
Command Description
Page 16 SonicWALL Command Line Interface Guide
����$%&&�'���� �� ������� ���Show and Diag Commands (available at all levels)
Top Level Commands
end Exits configuration mode.
finished Exits configuration mode to top menu.
[no] intrazone-communications
Enables/disables intra-zone communications.
Command Description
Command Description
show memory Shows the system memory on the device.
show processes Shows procedure information.
show status Shows the current status of the device.
show tech-support Displays to the console the contents of the TSR.
show tsr <all | av | cfl | dhcpc |dhcprelay | dhcps | dhcpsstat | ethernet | ha | ip-helper | ipsec | l2tpclient | license | log | management | network | objects | policies | pppoe | pptpclient | radius | snmp | status | time | update | users | wlb>
Displays to the console the contents of the TSR section named or all of the TSR.
show web-management Displays the web-management status and configuration.
Command Description
cls Clears window, leaving a single prompt line.
exit This command causes you to exit sub-menu, or if issued at the global level, returns you to the login prompt.
export preferences Exports the preferences file using the Z-modem.
export tsr Exports the tsr using the Z-modem.
help <command> Displays command and description.
import Import preferences file using Z-modem.
Page 17
logout Logout from the console.
ping < IP address | Domain Name> Sends ICMP packets to destination IP address.
restart Restarts the device.
restore Restore the device to factory defaults.
[no] web-management http enable Enables/disables HTTP web management.
web-management http port <tcp port or ’default’>
Assigns the HTTP web management port or reset to default.
[no] web-management https enable Enables/disables HTTPS web manage-ment.
web-management https port <tcp port or ’default’>
Assigns the HTTPS web management port or resets to default.
web-management restore Restores default web-management port and interface assignments.
Command Description
Page 18 SonicWALL Command Line Interface Guide
© 2002 SonicWALL, I n c . SonicWALL is a registered trademark of SonicWALL, I n c . Other product and company names mentioned herein may bet rademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice.
T: 408.745.9600F: 408.745.9300
www.sonicwall.comSonicWALL,Inc.1143 Borregas AvenueSunnyvale,CA 94089-1306
P/ N 232- 000549- 00Rev A 04/ 04