HP TippingPoint
Next Generation Firewall Command Line
Interface Reference Guide
Version1.0.1
Abstract
This reference manual describes the Next Generation Firewall Command Line Interface (CLI) and the commands you
can use to configure and manage a NGFW appliance.
*5998-4803*
Part number: 5998-4803
Edition: August 2013, First
Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential
damages in connection with the furnishing, performance, or use of this material.
This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or
translated into another language without the prior written consent of Hewlett-Packard. The information is provided “as is” without warranty of any
kind and is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for
technical or editorial errors or omissions contained herein.
TippingPoint® , the TippingPoint logo, and Digital Vaccine® are registered trademarks of Hewlett-Packard All other company and product names
may be trademarks of their respective holders. All rights reserved. This document contains confidential information, trade secrets or both, which are
the property of Hewlett-Packard No part of this documentation may be reproduced in any form or by any means or used to make any derivative
work (such as translation, transformation, or adaptation) without written permission from Hewlett-Packard or one of its subsidiaries.
Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.
Intel and Itanium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Microsoft, Windows, Windows NT, and Windows XP are U.S. registered trademarks of Microsoft Corporation.
Oracle® is a registered U.S. trademark of Oracle Corporation, Redwood City, California.
UNIX® is a registered trademark of The Open Group.
Printed in US or Puerto Rico
Next Generation Firewall Command Line Interface Reference Guide
The Next Generation Firewall command line interface enables you to configure and manage the NGFW
Appliance from a command line. The NGFW commands can be used in custom scripts to automate tasks.
This section covers the following topics:
• Target Audience, page 1
• Related Documentation, page 1
• Document Conventions, page 2
• Customer Support, page 3
Target Audience
This guide is intended for security network administrators and specialists that have the responsibility of
monitoring, managing, and improving system security. The audience for this material is expected to be
familiar with the HP TippingPoint Next Generation Firewall.
Related Documentation
ccess the documentation at http://www.hp.com/support/manuals . For the most recent updates for your
products, check the HP Networking Support web site at
http://www.hp.com/networking/support.
CLI reference guide1
Document Conventions
This guide uses the following document conventions.
• Typefaces, page 2
• Document Messages, page 2
Typefaces
HP TippingPoint publications use the following typographic conventions for structuring information:
Table 1-1Document Typographic conventions
ConventionElement
Medium blue text: Figure 1
Blue, underlined text (http://www.hp.com
Bold font• Key names
Italics fontText emphasis, important terms, variables, and publication titles.
Monospace font• File and directory names
Monospace, italic font• Code variables
Monospace, bold fontEmphasis of file and directory names, system output, code, and text
Document Messages
Document messages are special text that is emphasized by font, format, and icons. This reference guide
contains the following types of messages:
Cross-reference links and e-mail addresses
)
Web site addresses
• Text typed into a GUI element, such as into a box
• GUI elements that are clicked or selected, such as menu and list
items, buttons, and check boxes. Example: Click
• System output
• Code
• Text typed at the command-line
• Command-line variables
typed at the command line
OK to accept.
• Warning
• Caution
• Note
• Tip
WARNING!Warning notes alert you to potential danger of bodily harm or other potential harmful
consequences.
CAUTION: Caution notes provide information to help minimize risk, for example, when a failure to follow
directions could result in damage to equipment or loss of data.
NOTE: Notes provide additional information to explain a concept or complete a task. Notes of specific
importance in clarifying information or instructions are denoted as such.
2
IMPORTANT: Another type of note that provides clarifying information or specific instructions.
TIP:Tips provide helpful hints and shortcuts, such as suggestions about how you can perform a task more
easily or more efficiently.
Customer Support
HP is committed to providing quality customer support to all of its customers. Each customer is provided
with a customized support agreement that provides detailed customer and support contact information.
When you need technical support, use the following information to contact Customer Support.
Contact Information
For additional information or assistance, contact the HP Networking Support:
http://www.hp.com/networking/support
Before contacting HP, collect the following information:
• Product model names and numbers
• Technical support registration number (if applicable)
• Product serial numbers
• Error messages
• Operating system type and revision level
• Detailed questions
HP Contact Information
For the name of the nearest HP authorized reseller, see the contact HP worldwide web site:
http://www.hp.com/country/us/en/wwcontact.html
CLI reference guide3
4
1Command Line Interface
In addition to the Local System Manager (LSM) and the Centralized Management Capability of the
Security Management System (SMS), a Command-line Interface (CLI) can be used to configure and
manage the NGFW Appliance. The CLI is accessed directly through the console or remotely through SSH.
Non-secure connections, such as Telnet, are not permitted. For the initial set up, the "superuser" account is
set for the appliance. Once that is set, you can login from the console and set the management port IP
address. SSH and HTTPS are then accessible at the management port IP address.
NOTE: To access the most recent updates to the NGFW product documentation, go to
http://www.hp.com/support/manuals.
This chapter covers the following topics:
•”Overview” on page 5
•”Command Modes” on page 7
•”Configuration File Versions” on page 9
Overview
This chapter covers the hierarchical structure of the CLI, the command line syntax, and an overview on how
to edit, save and manage configuration files. Also provided, are a list of unix like utilities for monitoring
and troubleshooting the system. The
display command displays sections of the running configuration file, or can be used to list a preview of
your configuration file edits before making a commitment to save.
show command provides easy to read sections from log files. The
Access to the NGFW is through the console to initially configure management access. The management
port is enabled by default for SSH and LSM management access. All access is determined by group
membership and the management of their roles. To configure granular levels of access, the aaa
(Authentication and Authorization and Auditing) context has the necessary utilities to modify users, groups,
roles, and their capabilities.
Command Line Interface Syntax
The following syntax is used in the CLI.
Table 1-1Command Line Syntax
Syntax ConventionExplanation
UPPERCASEUppercase replaced by a value that you supply
(x)Parentheses indicate a mandatory argument.
[x]Brackets indicate an optional argument.
|A vertical bar indicates a logical OR - such as alternatives within
Example:
NGFW{}traceroute ? (displays help information)
NGFW{}traceroute (A.B.C.D|HOSTNAME) [from A.B.C.D] [mgmt]
In the above example, arguments for the Traceroute command must either use a IP address or the
hostname. An optional argument can either be “from” a source IP address or the argument “mgmt”.
parentheses or brackets.
NGFW{}traceroute 198.162.0.1 from 198.162.0.2
NGFW{}traceroute 198.162.0.1 mgmt
NGFW Command Line Interface Reference5
Shortcut Navigation Keys
The CLI has the ability to store typed commands in a circular memory. Typed commands can be recalled
with the UP and DOWN arrow keys.
The TAB key may be used to complete partial commands. If the partial command is ambiguous, pressing
the TAB key twice gives a list of possible commands.
Following is a list of shortcuts.
Table 1-2Shortcut Keys
Shortcut Description
ENTERRun the command
TAB Complete partial command
?Question mark at the root prompt or after a command (separated by
!Exclamation mark before a command allows you to execute the
UP ARROW Show the previous command
space) will list next valid sub-commands or command arguments.
Question mark can also be used after sub-commands for more
information. A question mark immediately following a character(s)
(no space) will list commands beginning with those characters.
command from any feature context or sub-level. For example,
NGFW{running-gen}!ping 203.0.113.0
DOWN ARROW Show the next command
Ctrl + P Show the previous command
Ctrl + N Show the next command
Ctrl + L Clear the screen, does not clear history
Ctrl + A Return to the start of the command you are typing
Ctrl + E Go to the end of the command you are typing
Ctrl + U Cut the whole line to a special clipboard
Ctrl + K Cut everything after the cursor to a special clipboard
Ctrl + Y Paste from the special clipboard used by Ctrl + U and Ctrl + K
Hierarchical Menu and Prompt display
Prompts will be displayed based on the context level as shown in the following table.
Table 1-3Root, Edit and Log configuration modes
Command Line promptDescription
NGFW{}
NGFW{}edit
Top level root command mode
From the root command line mode, enter the edit command to access configuration mode.
NGFW{running}
NGFW{running}firewall
NGFW{running}display
NGFW{running}commit
NGFW{running}exit
6Command Line Interface
Configuration mode - indicated with the prompt change
Enters the firewall configuration context
View current configuration and your changes
Commits changes to the running configuration
Leaves the current context mode
Table 1-3Root, Edit and Log configuration modes
Command Line promptDescription
NGFW{}log-configure
NGFW{log-configure}
NGFW{log-configure}help
NGFW{log-configure}exit
Help
The help command provides a list of commands within the current context and the command line usage.
The help command can be executed with or without an argument.
•Enter help or ? to see a list of all commands. (question mark at any context level generates a list of
available commands within the context, along with a brief description)
•Enter help
•Enter
•Enter
commandname
commandname
string
? to show the commands or keywords that match the string. For example, s?.
Command Modes
From the root command line mode, enter the log-configure command to access the log configuration mode.
log configuration mode
display list of valid commands and syntax usage
leave the log configuration mode
to see the syntax for a command.
? to list the options for a command. For example, ping ?.
The NGFW uses a hierarchical menu structure. Within this structure, commands are grouped by functional
area within one of three command modes: Root Command mode, Edit Configuration mode (edit), and Log Configuration mode (log-configure). At the top of the hierarchy is the Root command mode.
A context is an environment in which a set of parameters can be configured for a feature or named
object. A context can be the name of an instance of an object set by the administrator, or can be the
feature itself. The current context is indicated in the command prompt, and it’s visibility is determined by
the user’s role.
Administrative access allows the ability to modify the configuration of the NGFW appliance. Not all
contexts may be visible.
The
help and display commands are useful in becoming familiar with the context options. The question
mark (?) lists the next valid entry and help for this entry.
If the appliance is controlled by SMS, only read-only access will be available to the system resources. To
determine if the SMS controls the unit, or to change the control, see the
Root Command Mode
When you initially enter the NGFW Appliance, either through the console or SSH, you will be placed at
the top level root command line mode with the NGFW{} prompt. The commands at this level are used for
managing and monitoring system operations for the various subsystems. From the root command mode,
you can access the configuration mode, and the available operational commands that apply to the unit as
a whole. To view the commands available at this level, type
prompt.
sms command usage.
help[full|COMMAND] at the command
NGFW{}help
The default NGFW{} command prompt can be changed using the host name command in the interface
mgmt
context of the edit mode. For example:
NGFW Command Line Interface Reference7
NGFW{}edit
NGFW{running}interface mgmt
NGFW{running-mgmt}help host (displays valid entries for configuring management port host settings)
NGFW{running-mgmt}host ? (displays valid entries for host command)
NGFW{running-mgmt}host name yourhostname
For a list of root commands and their usage see the Root Commands section.
NOTE: Your membership role determines your command line interface.
Edit Configuration Mode
The configuration mode enables administrators with the appropriate credentials to write configuration
changes to the active (running) configuration. The logon account used to configure the device must either
be associated with the Superuser role or the Administrator role to edit the configuration context. The
configuration mode has different context levels that provide access to a specific set of configuration
commands. To enter the configuration mode, use the edit command. Once you have executed the edit
command the CLI prompt will indicate that you are in the Edit mode, and can make configuration
changes. Configuration options, and sub contexts are available for use until you exit. To exit the edit
configuration mode, type exit.
When exiting the configuration mode, the following warning appears:
“WARNING: Modifications will be lost. Are you sure to exit (y/n)? [n]”
will discard any uncommitted changes you made to the configuration file, and n will keep you in the
y
edit context.
The display command is a helpful utility to view the current running configuration and to review your
configuration changes before you save the changes.
NGFW{running} display
A commit command must be used to save your changes to the running configuration.
The command hierarchy has two types of statements. The Container statement, which contain objects and
the Object statement, which are actual commands with options.
For example:
• Container statement in edit mode:
NGFW{running}log
NGFW{running-log}? (help will list all the available entries)
• Object statement:
NGFW{running} application-visibility enable|disable (help will display command options)
A brief overview of what you can do within the edit configuration mode:
• Issue a command that configures a setting in the candidate configuration setting. The candidate
configuration allows you to make configuration changes without causing changes to the active
configuration until you can review your changes and issue the
commit command.
• Enter into a container context to access additional configuration settings.
•Run the
modifications you make can be viewed using the
•Run the
display command to see your candidate configuration settings for a context. Any
display command.
Commit command to save any changes from your candidate configuration to the running
configuration.
•
Exit from a context.
8Command Line Interface
NOTE: As you move through the context menu hierarchies, the command prompt changes accordingly.
The
help or display command can be entered at any level.
Configuration File Versions
When troubleshooting or needing to rollback a configuration, the current configuration setup can be
viewed. Reviewing network configuration files should be a necessary step to becoming knowledgeable
about your current system setup. When the device is initially configured, make sure the settings are saved
to the persistent configuration with the
snapshot using the following command:
NGFW{}snapshot create orig_conf
Snapshots capture the configuration of a device, which can then be delivered to technical support for
troubleshooting. Users can also use snapshots to save and re-apply configurations. Snapshots include the
currently installed OS version, and cannot be restored on a device that is not running the same version of
the OS. If a snapshot restore needs to be completed, use the following command:
NGFW{}snapshot restore orig_conf
A warning message is displayed, followed by an automatic reboot when snapshot restore is completed.
The NGFW Appliance CLI uses the deferred-commit model. In this capacity, the architecture maintains a
set of configuration files to ensure that a working configuration is persistently maintained. This
configuration set includes the following configuration files.
NGFW{}save-config command. It’s also advisable to create a
Utilities
• Running configuration — this version is currently executing on the system. Any changes that
administrators make from the
will take effect once they have been committed, by issuing the
committed, all modifications are discarded on
administrators are on the system, the version that was last committed is used as the current running
configuration and is visible to other administrators, once they have exited the
prompt is displayed if the committed changes would overwrite configuration that was made by
another administrator since the configuration was edited.
• Saved (persistent) configuration — this is the running configuration that was last committed prior to
executing the
configuration when the system reboots.
• Start configuration — This is a backup copy of the configuration file saved at the time of system startup, and is loaded at the next system bootup. The
persistent and running configuration that was the last known good configuration.
NOTE: Future versions of the product will support multiple named saved configuration sets.
The Display and Show commands are helpful for troubleshooting and monitoring the operational status of
the system. Command line usage can be found in Root Commands.
save-config command. NGFW copies the saved configuration to the start
edit mode (except for IPS features, action sets and notification contacts)
Commit command. If changes are not
exit from the running context. If multiple
edit mode. A warning
rollback-config command can be used to rollback to a
Display
Enter display to see your candidate configuration settings for a context. Any modifications you make can
be viewed using the
command is executed. If executed at the configuration level, it displays the entire configuration of the unit.
Executing the display command with a configuration name parameter, or from within a context displays
the contents of that particular configuration.
display command. The output of the display command depends on where the
NGFW Command Line Interface Reference9
Show
The show command is most efficient in providing critical information, such as traffic usage, router platform
type, operating system revision, amount of memory, and the number of interfaces. The
show command can
also be used to evaluate logging, troubleshooting, tracking resources, sessions, and security settings. To
view all the available
show utilities, enter the help show command at the root command level. All the
available commands along with the correct command line usage are displayed.
10Command Line Interface
2Global Commands
Global commands can be used in any context.
commit
Initiates all pending configuration changes in the edit mode.
NOTE: This command does not write the modifications to the startup configuration file. However, the
save-config command can be run from the edit configuration context by using the exclamation mark.
Syntax
commit
Example
NGFW{running}commit
NGFW{running}!save-config
exit
Exits the current context.
help
Syntax
exit
Example
NGFW{running-aaa}exit
NGFW{running}
Displays help information.
Syntax
help [full|COMMAND]
Example
NGFW{running}help log
Enter log context
Syntax: log
log Enter log context
Displays the current configuration, or the candidate configuration before a commit is issued. Display
options vary by context, enter the "help display" command in a context to view the available options.
Syntax
display
display [xml]
Example
NGFW{running-aaa-user-myuser1}display
# USER ID
user myuser1
12Global Commands
3Root Commands
The top level root command line mode displays the NGFW{} prompt. Commands at this level are used for
managing and monitoring system operations for the various subsystems. From the root command mode,
you can access the configuration mode, and the available commands that apply to the appliance as a
boot
whole. Enter
commands or help on a specific command.
NGFW{}help
The default NGFW{} command prompt can be changed using the host name command in the interface
mgmt
context of the edit mode. For example:
NGFW{}edit
NGFW{running}interface mgmt
NGFW{running-mgmt}help host (displays valid entries for configuring management port host settings)
NGFW{running-mgmt}host ? (displays valid entries for host command)
NGFW{running-mgmt}host name yourhostname
Manages software packages.
Syntax
boot (list-image|rollback)
help full or help COMMANDNAMEat the command prompt to display a list of available
NGFW{}clear ip bgp 10.10.10.10 soft in
Not cleared BGP is not active
Example
NGFW{}clear ip bgp external soft
Example
NGFW{}clear users fred
Used alone to display the current date, or with arguments to configure the date in a 24 hour format. The
date command shows the current time in the time zone configured on the device and the "gmt" argument
shows the time in GMT (UTC).
edit
flush
Syntax
date [MMDDhhmm[[CC]YY][.ss]])
date gmt
Example
NGFW{}date 071718202013.59 (sets date to July 17 2013 6:20PM 59 seconds)
The edit context modifies the configuration that identifies the security policy and interfaces that you can
configure for your firewall.
Edit takes an instance of the running configuration file. This instance is your
version. After making modifications to this candidate configuration version, you have the option of saving
it to the running configuration, or discarding any changes you made. To discard, simply
your candidates configuration, enter the
commit command before exiting the edit context. To see
exit. To save
commands under the edit context, see edit configuration.
flush (arp|ndp)
flush ipsec sa policy NAME [id ID]
flush ike sa [policy NAME [id ID]]
flush bgp [ip] A.B.C.D [(in prefix-filter)|in|out|(soft [in|out])|rsclient]
14Root Commands
flush bgp ip A.B.C.D [ipv4 (unicast|multicast) (in prefix-filter)|in|out|(soft
[in|out])]
[in|out])]
flush bgp ipv6 external [(in prefix-filter)|(soft [in|out])]
flush bgp ipv6 external [peer WORD (in|out)]
flush bgp [ip] view WORD [soft [in|out]]
flush bgp [ip|ipv6] view WORD (A.B.C.D|X:X::X:X|all) rsclient
flush bgp ip view WORD [ipv4 (unicast|multicast)] (in prefix-filter)|(soft [in|out])
flush bgp [ip|ipv6] PEERAS [(in prefix-filter)|in|out|(soft [in|out])]
flush bgp ip PEERAS [ipv4 (unicast|multicast) (in prefix-filter)|in|out|(soft
[in|out])]
flush bgp ip PEERAS [vpnv4 unicast in|out|(soft [in|out])]
flush bgp [ip|ipv6] all [(in prefix-filter)|in|out|(soft [in|out])|rsclient]
flush bgp ip all [ipv4 (unicast|multicast) (in prefix-filter)|in|out|(soft
NGFW{}flush firewall-session 134217756
Success
NGFW{}flush ipsec sa policy mytunnel
help
Displays help information at any context level.
high-availability
Manage high-availability devices.
Syntax
high-availability force (active|passive)
high-availability segment force (normal|fallback)
Example
NGFW{}high-availability segment force normal
Status: OK
list
Displays traffic capture file list.
Syntax
list traffic-file
Example
NGFW{}list traffic-file
log-configure
Enter log configuration context.
NGFW Command Line Interface Reference15
Syntax
log-configure
Example
Related Commands
Log Configure Commands
logout
Logs you out of the system.
Syntax
logout
Example
NGFW{} logout
master-key
The system master-key is used to encrypt the removable user-disk (the external CFast), and the system
keystore. The user-disk holds traffic logs, packet capture data, and system snapshots. The keystore retains
data such as device certificates and private keys.
The master-key has the following complexity requirements:
• Must be between 9 and 32 characters in length.
• Combination of upper and lower case alpha and numbers.
• Must contain at least one “special” char (eg: !@#$%)
• Set or clear the master key for keystore and external Cfast user-disk encryption.
Syntax
master-key (clear|get|set)
Example
Get the master key for keystore and user-disk encryption
NGFW{}master-key set
WARNING: Master key will be used to encrypt the keystore and external user disk.
Do you want to continue (y/n)? [n]: y
Enter Master Key : ****************
Re-enter Master Key: ****************
Success: Master key has been set.
Example
NGFW{}master-key get
Success: My.1.MasterKey!!
Example
NGFW{}master-key clear
WARNING: Clearing master key will remove encryption from the keystore and
external user disk.
Do you want to continue (y/n)? [n]: y
Success: Master key has been cleared.
16Root Commands
ping
Test connectivity with ICMP traffic. The mgmt option uses the management interface.
NGFW{}ping 192.168.1.1 mgmt
ping using mgmt port
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 vrfid=500 time=0.4 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 vrfid=500 time=0.1 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 vrfid=500 time=0.1 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 vrfid=500 time=0.1 ms
--- 192.168.1.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.4 ms
NGFW{}ping6 100:0:0:0:0:0:0:1
ping using data ports
PING 100:0:0:0:0:0:0:1 (100:0:0:0:0:0:0:1): 56 data bytes
64 bytes from 100:0:0:0:0:0:0:1: icmp_seq=1 ttl=64 vrfid=0 time=0.3 ms
64 bytes from 100:0:0:0:0:0:0:1: icmp_seq=2 ttl=64 vrfid=0 time=0.1 ms
64 bytes from 100:0:0:0:0:0:0:1: icmp_seq=3 ttl=64 vrfid=0 time=0.1 ms
64 bytes from 100:0:0:0:0:0:0:1: icmp_seq=4 ttl=64 vrfid=0 time=0.1 ms
--- 100:0:0:0:0:0:0:1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.3 ms
Reboots the system.
Syntax
reboot
Example
NGFW{}reboot
WARNING: Are you sure you want to reboot the system (y/n) [n]:
Valid entries:
reset Delete report data
enable Start data collection for reports
disable Stop data collection for reports
all All reports (default)
cpu CPU utilization report
disk Disk utilization report
fan Fan speed report
memory Memory utilization report
network Network bandwidth report
rate-limiter Rate Limiter report
temperature Temperature report
traffic-profile Traffic Profile report
vpn VPN report
Example
NGFW{}reports enable cpu
NGFW{}reports reset cpu
WARNING: Are you sure you want to reset cpu reports (y/n)? [n]:
Related Commands
show reports
save-config
Saves the running configuration to a persistent configuration.
Syntax
save-config
Example
NGFW{}save-config
WARNING: Saving will apply this configuration at the next system start. Continue
The show command enables you to view current system configuration, status, and statistics.
Table 3-1Show command
CommandDescription
show aaashow AAA information
show agglinkShow agglink status
show arpShow Address Resolution Protocol entries
show autoconf dhcpv4 clientIPv4 Dynamic Host Configuration Protocol
show autoconf dhcpv6 clientIPv6 Dynamic Host Configuration Protocol
show autoconf raShow autoconfig Router Advertisement information
show clusterShow cluster status
show dateShow the current router date and time
show dhcp relayShow DHCPv4 Relay information
show dhcp server leaseDisplay DHCP server leases history
show dhcpv6Show DHCPv6 client lease
show dnsShow Domain Name Service
show firewallDisplays firewall rules and sessions.
show high-availabilityShow high-availability status
show interfaceShow network interface
show ip bgpShow the Border Gateway Protocol information
show ip igmpShow Internet Group Management Protocol
show ip mrouteShow Multicast Static IP route
show ip ospfShow Open Shortest Path First (OSPF) information
show ip pim-smShow PIM-SM routing information
show ip ripShow the RIP routes
show ip routeShow the unicast routes
show ip smrShow SMR routing information
show ipv6 mldShow IPv6 routing information for MLD group or
interface
show ipv6 mrouteShow IPv6 routing information for multicast routes
show ipv6 ospfv3Show the OSPFv3 unicast routes
NGFW Command Line Interface Reference19
Table 3-1Show command
CommandDescription
show ipv6 pim-smShow ipv6 Protocol Independent Multicast - Sparse
Mode (PIM-SM) routing information
show ipv6 ripngShow RIPng routing information
show ipv6 route ripngShow ripng route information
show (ip|ipv6) routeShow the unicast routes
show keyShow local server SSH key information
show l2tpShow Layer 2 Tunneling Protocol information
show licenseShows the license number and status
show log-fileShows the logfiles
show log-file bootShows the boot file
show mfg-infoShow manufacturing information
show ndpShow Neighbor Discovery Protocol
show np engineShow net processor statistics
show np general statisticsShow general network processor information
show np protocol-mixShow network processor protocol-level statistics
show np reassemblyShow network processor reassembly statistics
show np rule-statsShow network processor rules, number of flows,
successful matches
show np softlinxShow network processor softlinx statistics
show np tier-statsShow network processor throughput and utilization for
each tier
show quarantine-listShow quarantine list information
show reportsShow status of data collection for reports
show serviceShow network service information
show smsShow status of SMS control
show snmpShow SNMP information
show system buffersShow Forwarding buffer state
show system connectionsShow active socket information
show system processesShow system processes
show system statisticsShow system-wide protocol-related statistics
show system usageShow system usage
show system virtual-memoryShow system virtual memory
show system xms memoryShow xms memory usage
show terminalShow terminal settings
show traffic-fileShow network traffic from file
show tse connection-tableShow TSE connection-table information
20Root Commands
Table 3-1Show command
CommandDescription
show usersShow users information
show versionShow device version information
show aaa
Syntax
show aaa capabilities USER
Example
show aaa capabilities fred
NGFW{}show aaa capabilities fred
ID NAME STATE
--------------------------------------------1 NGFW full
2 SECURITY full
3 FIREWALLRULES full
4 SECURITYZONES full
5 APPLICATIONGROUPS full
6 ADDRESSGROUPS full
7 SERVICES full
8 SCHEDULES full
9 INSPECTIONPROFILES full
10 IPS full
11 IPREPUTATION full
12 PROFILEGROUPS full
13 CAPTIVEPORTALRULES full
14 NATRULES full
15 ACTIONSETS full
16 SYSTEM full
17 SMSMANAGED full
18 MANAGEMENT full
19 DNS full
20 IPFILTERS full
21 UPGRADE full
22 NOTIFICATION full
23 LOGGING full
24 HIGHAVAILABILITY full
25 HACONFIGURATION full
26 HASTATE full
27 SNMP full
28 TIME full
29 FIPS full
30 UPDATE full
31 PACKAGES full
32 AUTODV full
33 SNAPSHOT full
34 USERAUTH full
35 LOCALUSER full
36 USERGROUP full
37 ROLES full
38 RADIUS full
39 LDAP full
NGFW Command Line Interface Reference21
40 CAPTIVEPORTAL full
41 GENERAL full
42 X509CERT full
43 VPN full
44 IKE full
45 IKECONFIGURATION full
46 IKESTATUS full
47 IPSEC full
48 IPSECCONFIGURATION full
49 IPSECSTATUS full
50 L2TP full
51 L2TPCONFIGURATION full
52 L2TPSTATUS full
53 REPORTING full
54 LOG full
55 FIREWALLLOG full
56 IPSLOG full
57 REPUTATIONLOG full
58 VPNLOG full
59 SYSTEMLOG full
60 AUDITLOG full
61 SECURITYREPORTS full
62 NETWORKREPORTS full
63 DEBUGTOOLS full
64 REBOOT full
65 SHUTDOWN full
66 SERVICEACCESS full
67 NETWORK full
68 INTERFACES full
69 SEGMENTS full
70 DHCPSERVER full
71 DHCPRELAY full
72 ARPNDP full
73 STATICROUTES full
74 STATICMONITOREDROUTES full
75 DYNAMICROUTING full
76 ACCESSLISTS full
77 ROUTEMAPS full
78 OSPF full
79 RIP full
80 BGP full
81 MULTICAST full
82 ROUTINGTABLE full
83 COMPACTFLASH full
84 CUSTOMCATEGORIES full
85 APPLICATIONVISIBILITY full
86 GLOBALINSPECTIONPROFILE full
87 DEBUGNP full
show agglink
Displays information about whether or not the member ports are up in the aggregated link.
Syntax
show (agglink|INTERFACE)
22Root Commands
Loading...
+ 222 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.