HP TippingPoint Next Generation Firewall Command Reference Guide

HP TippingPoint Next Generation Firewall Command Line
Interface Reference Guide
Version1.0.1
Abstract
This reference manual describes the Next Generation Firewall Command Line Interface (CLI) and the commands you can use to configure and manage a NGFW appliance.
*5998-4803*
Part number: 5998-4803 Edition: August 2013, First
Legal and notice information
© Copyright 2013 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of Hewlett-Packard. The information is provided “as is” without warranty of any kind and is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
TippingPoint® , the TippingPoint logo, and Digital Vaccine® are registered trademarks of Hewlett-Packard All other company and product names may be trademarks of their respective holders. All rights reserved. This document contains confidential information, trade secrets or both, which are the property of Hewlett-Packard No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from Hewlett-Packard or one of its subsidiaries.
Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.
Intel and Itanium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Microsoft, Windows, Windows NT, and Windows XP are U.S. registered trademarks of Microsoft Corporation.
Oracle® is a registered U.S. trademark of Oracle Corporation, Redwood City, California.
UNIX® is a registered trademark of The Open Group.
Printed in US or Puerto Rico
Next Generation Firewall Command Line Interface Reference Guide
Publication Part Number: 5998-4803
Table of Contents
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Target Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Typefaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Document Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Command Line Interface Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Shortcut Navigation Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Hierarchical Menu and Prompt display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Root Command Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Edit Configuration Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Configuration File Versions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2 Global Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
commit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
more . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3 Root Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
edit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
flush . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
high-availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
log-configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
master-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
ping6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
save-config. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
service-access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
show aaa. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
show agglink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
show arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
show ndp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
CLI Reference Guide i
show autoconf dhcpv4 client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
show autoconf dhcpv6 client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
show autoconf ra . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
show cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
show date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
show dhcp relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
show dhcp server lease . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
show dhcpv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
show dns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
show firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
show high-availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
show interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
show ip bgp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
show ip igmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
show ip mroute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
show ip ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
show ip pim-sm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
show ip rip. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
show ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
show ip smr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
show ipv6 mld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
show ipv6 mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
show ipv6 ospfv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
show ipv6 pim-sm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
show ipv6 ripng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
show ipv6 route ospfv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
show ipv6 route ripng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
show (ip|ipv6) route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
show key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
show l2tp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
show license. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
show log-file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
show log-file FILE_NAME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
show log-file FILE_NAME stat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
show log-file summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
show log-file boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
show mfg-info. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
show np engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
show np general statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
show np protocol-mix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
show np reassembly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
show np rule-stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
show np softlinx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
show np tier-stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
show quarantine-list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
show reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
show service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
show sms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
show snmp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
show system buffers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
show system connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 43
show system processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
show system statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
show system usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
show system virtual-memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
show system xms memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
show terminal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
show traffic-file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
show tse connection-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
ii
show tse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
show user-disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
sms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
snapshot create . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
snapshot list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
snapshot remove. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
snapshot restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
tcpdump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
traceroute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
traceroute6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
user-disk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
4 Log Configure Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
email. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
log-file-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
log-storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
log-test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
rotate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
5 Edit Running Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Configuration Contexts by Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Monitor/System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
VPN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Edit Context Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
aaa. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
actionsets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
addressgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
application-filter-mgmt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
application-groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
application-visibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
autodv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
blockedStreams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
captive-portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
dns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
dst-nat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
gen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
global-inspection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
high-availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
ips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
ipv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
l2tp-serverX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
multicast-registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
notifycontacts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
CLI Reference Guide iii
ntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
reputation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
route-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
schedules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
segmentX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
src-nat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Contexts and Related Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
running-aaa Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
running-aaa-ldap-group-X Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
running-aaa-radius-group-X Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
running-actionsets Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
running-actionsets-X Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
running-addressgroups Context Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
running-addressgroups-X Context Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
running-agglinkX Context Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
running-app-filter-mgmt Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
running-app-groups Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
running-app-groups-X Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
running-autodv Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
running-autodv-calendar Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
running-autodv-periodic Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
running-bgp-X Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
running-blockedStreams Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
running-bridgeX Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
running-captive-portal Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
running-captive-portal-rule-X Context Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
running-certificates Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
running-certificates-crl Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
running-cluster Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
running-cluster-tct Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
running-dhcp-relay Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
running-dhcp-server Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
running-dhcp-server-X Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
running-dnat Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
running-dnat-rule-X Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
running-dns Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
running-ethernetX Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
running-firewall Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
running-firewall-rule-X Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
running-gen Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
running-global-inspection Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
running-greX Context Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
running-high-availability Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
running-ips Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
running-ips-X Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
running-ipsec Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
running-ipsec-policy-X Context Commands and their Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
running-ipsec-vpn-X Context Commands and their Usage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
running-l2tp-serverX Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
running-l2tpX Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
running-log Context Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
running-loopbackX Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
running-manual-sa Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
running-mgmt Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
iv
running-multicast-registration Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
running-notifycontacts (email) Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
running-notifycontacts-X (SNMP) Context Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
running-ntp Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
running-phase1-proposal-X Context Commands and their Usage . . . . . . . . . . . . . . . . . . . . . . . . . 190
running-phase1-proposal-X Context Commands and their Usage . . . . . . . . . . . . . . . . . . . . . . . . . 191
running-ospf Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
running-ospfv3 Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
running-pim-smv4 Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
running-pim-smv6 Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
running-pppoeX Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
running-pptpX Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
running-rep Context Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
running-rep-X (group X) Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
running-rep-X (profile X) Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
running-rip Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
running-ripng Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
running-route-map Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
running-schedules Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
running-schedules-X Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
running-segmentX Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
running-services Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
running-services-X Context Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
running-smr Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
running-snat Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
running-snat-rule-X Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
running-snmp Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
running-vlanX Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
running-zones Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
running-zones-X Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
CLI Reference Guide v
vi

About This Guide

The Next Generation Firewall command line interface enables you to configure and manage the NGFW Appliance from a command line. The NGFW commands can be used in custom scripts to automate tasks.
This section covers the following topics:
Target Audience, page 1
Related Documentation, page 1
Document Conventions, page 2
Customer Support, page 3

Target Audience

This guide is intended for security network administrators and specialists that have the responsibility of monitoring, managing, and improving system security. The audience for this material is expected to be familiar with the HP TippingPoint Next Generation Firewall.

Related Documentation

ccess the documentation at http://www.hp.com/support/manuals . For the most recent updates for your products, check the HP Networking Support web site at
http://www.hp.com/networking/support.
CLI reference guide 1

Document Conventions

This guide uses the following document conventions.
Typefaces, page 2
Document Messages, page 2
Typefaces
HP TippingPoint publications use the following typographic conventions for structuring information:
Table 1-1 Document Typographic conventions
Convention Element
Medium blue text: Figure 1
Blue, underlined text (http://www.hp.com
Bold font Key names
Italics font Text emphasis, important terms, variables, and publication titles.
Monospace font File and directory names
Monospace, italic font Code variables
Monospace, bold font Emphasis of file and directory names, system output, code, and text
Document Messages
Document messages are special text that is emphasized by font, format, and icons. This reference guide contains the following types of messages:
Cross-reference links and e-mail addresses
)
Web site addresses
Text typed into a GUI element, such as into a box
GUI elements that are clicked or selected, such as menu and list
items, buttons, and check boxes. Example: Click
System output
Code
Text typed at the command-line
Command-line variables
typed at the command line
OK to accept.
Warning
Caution
Note
Tip
WARNING! Warning notes alert you to potential danger of bodily harm or other potential harmful
consequences.
CAUTION: Caution notes provide information to help minimize risk, for example, when a failure to follow
directions could result in damage to equipment or loss of data.
NOTE: Notes provide additional information to explain a concept or complete a task. Notes of specific
importance in clarifying information or instructions are denoted as such.
2
IMPORTANT: Another type of note that provides clarifying information or specific instructions.
TIP: Tips provide helpful hints and shortcuts, such as suggestions about how you can perform a task more
easily or more efficiently.

Customer Support

HP is committed to providing quality customer support to all of its customers. Each customer is provided with a customized support agreement that provides detailed customer and support contact information. When you need technical support, use the following information to contact Customer Support.
Contact Information
For additional information or assistance, contact the HP Networking Support:
http://www.hp.com/networking/support
Before contacting HP, collect the following information:
Product model names and numbers
Technical support registration number (if applicable)
Product serial numbers
Error messages
Operating system type and revision level
Detailed questions
HP Contact Information
For the name of the nearest HP authorized reseller, see the contact HP worldwide web site:
http://www.hp.com/country/us/en/wwcontact.html
CLI reference guide 3
4
1 Command Line Interface
In addition to the Local System Manager (LSM) and the Centralized Management Capability of the Security Management System (SMS), a Command-line Interface (CLI) can be used to configure and manage the NGFW Appliance. The CLI is accessed directly through the console or remotely through SSH. Non-secure connections, such as Telnet, are not permitted. For the initial set up, the "superuser" account is set for the appliance. Once that is set, you can login from the console and set the management port IP address. SSH and HTTPS are then accessible at the management port IP address.
NOTE: To access the most recent updates to the NGFW product documentation, go to
http://www.hp.com/support/manuals.
This chapter covers the following topics:
•”Overview” on page 5
•”Command Modes” on page 7
•”Configuration File Versions” on page 9

Overview

This chapter covers the hierarchical structure of the CLI, the command line syntax, and an overview on how to edit, save and manage configuration files. Also provided, are a list of unix like utilities for monitoring and troubleshooting the system. The
display command displays sections of the running configuration file, or can be used to list a preview of
your configuration file edits before making a commitment to save.
show command provides easy to read sections from log files. The
Access to the NGFW is through the console to initially configure management access. The management port is enabled by default for SSH and LSM management access. All access is determined by group membership and the management of their roles. To configure granular levels of access, the aaa (Authentication and Authorization and Auditing) context has the necessary utilities to modify users, groups, roles, and their capabilities.
Command Line Interface Syntax
The following syntax is used in the CLI.
Table 1-1 Command Line Syntax
Syntax Convention Explanation
UPPERCASE Uppercase replaced by a value that you supply
(x) Parentheses indicate a mandatory argument.
[x] Brackets indicate an optional argument.
| A vertical bar indicates a logical OR - such as alternatives within
Example:
NGFW{}traceroute ? (displays help information) NGFW{}traceroute (A.B.C.D|HOSTNAME) [from A.B.C.D] [mgmt]
In the above example, arguments for the Traceroute command must either use a IP address or the hostname. An optional argument can either be “from” a source IP address or the argument “mgmt”.
parentheses or brackets.
NGFW{}traceroute 198.162.0.1 from 198.162.0.2 NGFW{}traceroute 198.162.0.1 mgmt
NGFW Command Line Interface Reference 5
Shortcut Navigation Keys
The CLI has the ability to store typed commands in a circular memory. Typed commands can be recalled with the UP and DOWN arrow keys.
The TAB key may be used to complete partial commands. If the partial command is ambiguous, pressing the TAB key twice gives a list of possible commands.
Following is a list of shortcuts.
Table 1-2 Shortcut Keys
Shortcut Description
ENTER Run the command
TAB Complete partial command
? Question mark at the root prompt or after a command (separated by
! Exclamation mark before a command allows you to execute the
UP ARROW Show the previous command
space) will list next valid sub-commands or command arguments. Question mark can also be used after sub-commands for more information. A question mark immediately following a character(s) (no space) will list commands beginning with those characters.
command from any feature context or sub-level. For example,
NGFW{running-gen}!ping 203.0.113.0
DOWN ARROW Show the next command
Ctrl + P Show the previous command
Ctrl + N Show the next command
Ctrl + L Clear the screen, does not clear history
Ctrl + A Return to the start of the command you are typing
Ctrl + E Go to the end of the command you are typing
Ctrl + U Cut the whole line to a special clipboard
Ctrl + K Cut everything after the cursor to a special clipboard
Ctrl + Y Paste from the special clipboard used by Ctrl + U and Ctrl + K
Hierarchical Menu and Prompt display
Prompts will be displayed based on the context level as shown in the following table.
Table 1-3 Root, Edit and Log configuration modes
Command Line prompt Description
NGFW{}
NGFW{}edit
Top level root command mode
From the root command line mode, enter the edit com­mand to access configuration mode.
NGFW{running}
NGFW{running}firewall
NGFW{running}display
NGFW{running}commit
NGFW{running}exit
6 Command Line Interface
Configuration mode - indicated with the prompt change
Enters the firewall configuration context
View current configuration and your changes
Commits changes to the running configuration
Leaves the current context mode
Table 1-3 Root, Edit and Log configuration modes
Command Line prompt Description
NGFW{}log-configure
NGFW{log-configure}
NGFW{log-configure}help
NGFW{log-configure}exit
Help
The help command provides a list of commands within the current context and the command line usage. The help command can be executed with or without an argument.
•Enter help or ? to see a list of all commands. (question mark at any context level generates a list of available commands within the context, along with a brief description)
•Enter help
•Enter
•Enter
commandname commandname string
? to show the commands or keywords that match the string. For example, s?.

Command Modes

From the root command line mode, enter the log-config­ure command to access the log configuration mode.
log configuration mode
display list of valid commands and syntax usage
leave the log configuration mode
to see the syntax for a command.
? to list the options for a command. For example, ping ?.
The NGFW uses a hierarchical menu structure. Within this structure, commands are grouped by functional area within one of three command modes: Root Command mode, Edit Configuration mode (edit), and Log Configuration mode (log-configure). At the top of the hierarchy is the Root command mode.
NGFW{} Root command line mode NGFW{running} Edit configuration mode NGFW{log-configure} Log configuration mode
A context is an environment in which a set of parameters can be configured for a feature or named object. A context can be the name of an instance of an object set by the administrator, or can be the feature itself. The current context is indicated in the command prompt, and it’s visibility is determined by the user’s role.
Administrative access allows the ability to modify the configuration of the NGFW appliance. Not all contexts may be visible.
The
help and display commands are useful in becoming familiar with the context options. The question
mark (?) lists the next valid entry and help for this entry.
If the appliance is controlled by SMS, only read-only access will be available to the system resources. To determine if the SMS controls the unit, or to change the control, see the
Root Command Mode
When you initially enter the NGFW Appliance, either through the console or SSH, you will be placed at the top level root command line mode with the NGFW{} prompt. The commands at this level are used for managing and monitoring system operations for the various subsystems. From the root command mode, you can access the configuration mode, and the available operational commands that apply to the unit as a whole. To view the commands available at this level, type prompt.
sms command usage.
help[full|COMMAND] at the command
NGFW{}help
The default NGFW{} command prompt can be changed using the host name command in the interface
mgmt
context of the edit mode. For example:
NGFW Command Line Interface Reference 7
NGFW{}edit NGFW{running}interface mgmt NGFW{running-mgmt}help host (displays valid entries for configuring management port host settings) NGFW{running-mgmt}host ? (displays valid entries for host command) NGFW{running-mgmt}host name yourhostname
For a list of root commands and their usage see the Root Commands section.
NOTE: Your membership role determines your command line interface.
Edit Configuration Mode
The configuration mode enables administrators with the appropriate credentials to write configuration changes to the active (running) configuration. The logon account used to configure the device must either be associated with the Superuser role or the Administrator role to edit the configuration context. The configuration mode has different context levels that provide access to a specific set of configuration commands. To enter the configuration mode, use the edit command. Once you have executed the edit command the CLI prompt will indicate that you are in the Edit mode, and can make configuration changes. Configuration options, and sub contexts are available for use until you exit. To exit the edit configuration mode, type exit.
When exiting the configuration mode, the following warning appears:
“WARNING: Modifications will be lost. Are you sure to exit (y/n)? [n]”
will discard any uncommitted changes you made to the configuration file, and n will keep you in the
y
edit context.
The display command is a helpful utility to view the current running configuration and to review your configuration changes before you save the changes.
NGFW{running} display
A commit command must be used to save your changes to the running configuration.
The command hierarchy has two types of statements. The Container statement, which contain objects and the Object statement, which are actual commands with options.
For example:
• Container statement in edit mode:
NGFW{running}log NGFW{running-log}? (help will list all the available entries)
• Object statement:
NGFW{running} application-visibility enable|disable (help will display command options)
A brief overview of what you can do within the edit configuration mode:
• Issue a command that configures a setting in the candidate configuration setting. The candidate configuration allows you to make configuration changes without causing changes to the active configuration until you can review your changes and issue the
commit command.
• Enter into a container context to access additional configuration settings.
•Run the modifications you make can be viewed using the
•Run the
display command to see your candidate configuration settings for a context. Any
display command.
Commit command to save any changes from your candidate configuration to the running
configuration.
Exit from a context.
8 Command Line Interface
NOTE: As you move through the context menu hierarchies, the command prompt changes accordingly.
The
help or display command can be entered at any level.

Configuration File Versions

When troubleshooting or needing to rollback a configuration, the current configuration setup can be viewed. Reviewing network configuration files should be a necessary step to becoming knowledgeable about your current system setup. When the device is initially configured, make sure the settings are saved to the persistent configuration with the snapshot using the following command:
NGFW{}snapshot create orig_conf
Snapshots capture the configuration of a device, which can then be delivered to technical support for troubleshooting. Users can also use snapshots to save and re-apply configurations. Snapshots include the currently installed OS version, and cannot be restored on a device that is not running the same version of the OS. If a snapshot restore needs to be completed, use the following command:
NGFW{}snapshot restore orig_conf
A warning message is displayed, followed by an automatic reboot when snapshot restore is completed.
The NGFW Appliance CLI uses the deferred-commit model. In this capacity, the architecture maintains a set of configuration files to ensure that a working configuration is persistently maintained. This configuration set includes the following configuration files.
NGFW{}save-config command. It’s also advisable to create a
Utilities
Running configuration — this version is currently executing on the system. Any changes that administrators make from the will take effect once they have been committed, by issuing the committed, all modifications are discarded on administrators are on the system, the version that was last committed is used as the current running configuration and is visible to other administrators, once they have exited the prompt is displayed if the committed changes would overwrite configuration that was made by another administrator since the configuration was edited.
Saved (persistent) configuration — this is the running configuration that was last committed prior to executing the configuration when the system reboots.
Start configurationThis is a backup copy of the configuration file saved at the time of system startup, and is loaded at the next system bootup. The persistent and running configuration that was the last known good configuration.
NOTE: Future versions of the product will support multiple named saved configuration sets.
The Display and Show commands are helpful for troubleshooting and monitoring the operational status of the system. Command line usage can be found in Root Commands.
save-config command. NGFW copies the saved configuration to the start
edit mode (except for IPS features, action sets and notification contacts)
Commit command. If changes are not
exit from the running context. If multiple
edit mode. A warning
rollback-config command can be used to rollback to a
Display
Enter display to see your candidate configuration settings for a context. Any modifications you make can be viewed using the command is executed. If executed at the configuration level, it displays the entire configuration of the unit. Executing the display command with a configuration name parameter, or from within a context displays the contents of that particular configuration.
display command. The output of the display command depends on where the
NGFW Command Line Interface Reference 9
Show
The show command is most efficient in providing critical information, such as traffic usage, router platform type, operating system revision, amount of memory, and the number of interfaces. The
show command can
also be used to evaluate logging, troubleshooting, tracking resources, sessions, and security settings. To view all the available
show utilities, enter the help show command at the root command level. All the
available commands along with the correct command line usage are displayed.
10 Command Line Interface

2 Global Commands

Global commands can be used in any context.
commit
Initiates all pending configuration changes in the edit mode.
NOTE: This command does not write the modifications to the startup configuration file. However, the
save-config command can be run from the edit configuration context by using the exclamation mark.
Syntax
commit
Example
NGFW{running}commit NGFW{running}!save-config
exit
Exits the current context.
help
Syntax
exit
Example
NGFW{running-aaa}exit NGFW{running}
Displays help information.
Syntax
help [full|COMMAND]
Example
NGFW{running}help log Enter log context Syntax: log log Enter log context
Example
NGFW{running-firewall}help Valid commands are: default-block-rule DEFACTIONSET delete rule all|XRULEID help [full|COMMAND] rename rule XRULEID NEWRULEID rule (auto|RULEID) [POSITION_VALUE]
NGFW Command Line Interface Reference 11
more
display
Set session to display output page by page.
Syntax
more (enable|disable)
Example
NGFW{running}more enable
Displays the current configuration, or the candidate configuration before a commit is issued. Display options vary by context, enter the "help display" command in a context to view the available options.
Syntax
display display [xml]
Example
NGFW{running-aaa-user-myuser1}display # USER ID user myuser1
12 Global Commands

3 Root Commands

The top level root command line mode displays the NGFW{} prompt. Commands at this level are used for managing and monitoring system operations for the various subsystems. From the root command mode, you can access the configuration mode, and the available commands that apply to the appliance as a
boot
whole. Enter commands or help on a specific command.
NGFW{}help
The default NGFW{} command prompt can be changed using the host name command in the interface
mgmt
context of the edit mode. For example:
NGFW{}edit NGFW{running}interface mgmt NGFW{running-mgmt}help host (displays valid entries for configuring management port host settings) NGFW{running-mgmt}host ? (displays valid entries for host command) NGFW{running-mgmt}host name yourhostname
Manages software packages.
Syntax
boot (list-image|rollback)
help full or help COMMANDNAME at the command prompt to display a list of available
clear
Example
NGFW{}boot list-image Index Version
------------------------------------------------------
0 1.0.0.3935 1 1.0.0.2923 2 1.0.0.3932 3 1.0.0.3917 Oldest Index is 2 Factory Reset Index is 3
Clears system information.
Syntax
clear connection-table (blocks|trusts) clear high-availability state-sync (all|firewall|ips|routing) clear ip bgp (A.B.C.D|ASNUMBER|all|external) [soft] [in|out] clear ip bgp peer-group NAME [soft] [in|out] clear log-file
(audit|fwAlert|fwBlock|ipsAlert|ipsBlock|quarantine|reputationAlert|reputationBlock| system|visibility|vpn)
clear np engine filter clear np engine packet clear np engine parse clear np engine reputation dns clear np engine reputation ip clear np engine rule clear np reassembly ip clear np reassembly tcp clear np rule-stats
NGFW Command Line Interface Reference 13
date
clear np softlinx clear np tier-stats clear counter policy clear rate-limit streams clear users all [locked|ip-locked] clear users (NAME|A.B.C.D|X:X::X:X) [locked]
Example
NGFW{}clear log-file vpn
Example
NGFW{}clear ip bgp 10.10.10.10 soft in Not cleared BGP is not active
Example
NGFW{}clear ip bgp external soft
Example
NGFW{}clear users fred
Used alone to display the current date, or with arguments to configure the date in a 24 hour format. The date command shows the current time in the time zone configured on the device and the "gmt" argument shows the time in GMT (UTC).
edit
flush
Syntax
date [MMDDhhmm[[CC]YY][.ss]]) date gmt
Example
NGFW{}date 071718202013.59 (sets date to July 17 2013 6:20PM 59 seconds)
The edit context modifies the configuration that identifies the security policy and interfaces that you can configure for your firewall.
Edit takes an instance of the running configuration file. This instance is your
version. After making modifications to this candidate configuration version, you have the option of saving it to the running configuration, or discarding any changes you made. To discard, simply your candidates configuration, enter the
commit command before exiting the edit context. To see
exit. To save
commands under the edit context, see edit configuration.
NGFW{} NGFW{}edit NGFW{running} NGFW{running}commit NGFW{running}exit NGFW{}
Flushes the following configuration items.
Syntax
flush (arp|ndp) flush ipsec sa policy NAME [id ID] flush ike sa [policy NAME [id ID]] flush bgp [ip] A.B.C.D [(in prefix-filter)|in|out|(soft [in|out])|rsclient]
14 Root Commands
flush bgp ip A.B.C.D [ipv4 (unicast|multicast) (in prefix-filter)|in|out|(soft [in|out])]
flush bgp ip A.B.C.D [vpnv4 unicast in|out|(soft [in|out])] flush bgp ipv6 X:X::X:X [(in prefix-filter)|in|out|(soft [in|out])|rsclient] flush bgp [ip] dampening [A.B.C.D/M|(A.B.C.D [A.B.C.D])] flush bgp [ip] external [(in prefix-filter)|in|out|(soft [in|out])] flush bgp ip external [ipv4 (unicast|multicast) (in prefix-filter)|in|out|(soft
[in|out])] flush bgp ipv6 external [(in prefix-filter)|(soft [in|out])] flush bgp ipv6 external [peer WORD (in|out)] flush bgp [ip] view WORD [soft [in|out]] flush bgp [ip|ipv6] view WORD (A.B.C.D|X:X::X:X|all) rsclient flush bgp ip view WORD [ipv4 (unicast|multicast)] (in prefix-filter)|(soft [in|out]) flush bgp [ip|ipv6] PEERAS [(in prefix-filter)|in|out|(soft [in|out])] flush bgp ip PEERAS [ipv4 (unicast|multicast) (in prefix-filter)|in|out|(soft
[in|out])] flush bgp ip PEERAS [vpnv4 unicast in|out|(soft [in|out])] flush bgp [ip|ipv6] all [(in prefix-filter)|in|out|(soft [in|out])|rsclient] flush bgp ip all [ipv4 (unicast|multicast) (in prefix-filter)|in|out|(soft
[in|out])] flush bgp ip all [vpnv4 unicast in|out|(soft [in|out])] flush bgp [ip|ipv6] peer-group [(in prefix-filter)|in|out|(soft [in|out])] flush firewall-session (all|ID) [family (ipv4|ipv6)]
Example
NGFW{}flush firewall-session 134217756 Success NGFW{}flush ipsec sa policy mytunnel
help
Displays help information at any context level.
high-availability
Manage high-availability devices.
Syntax
high-availability force (active|passive) high-availability segment force (normal|fallback)
Example
NGFW{}high-availability segment force normal Status: OK
list
Displays traffic capture file list.
Syntax
list traffic-file
Example
NGFW{}list traffic-file
log-configure
Enter log configuration context.
NGFW Command Line Interface Reference 15
Syntax
log-configure
Example
Related Commands
Log Configure Commands
logout
Logs you out of the system.
Syntax
logout
Example
NGFW{} logout
master-key
The system master-key is used to encrypt the removable user-disk (the external CFast), and the system keystore. The user-disk holds traffic logs, packet capture data, and system snapshots. The keystore retains data such as device certificates and private keys.
NGFW{}log-configure NGFW{log-configure}help NGFW{log-configure}show log-file summary
The master-key has the following complexity requirements:
• Must be between 9 and 32 characters in length.
• Combination of upper and lower case alpha and numbers.
• Must contain at least one “special” char (eg: !@#$%)
• Set or clear the master key for keystore and external Cfast user-disk encryption.
Syntax
master-key (clear|get|set)
Example
Get the master key for keystore and user-disk encryption
NGFW{}master-key set
WARNING: Master key will be used to encrypt the keystore and external user disk. Do you want to continue (y/n)? [n]: y Enter Master Key : **************** Re-enter Master Key: **************** Success: Master key has been set.
Example
NGFW{}master-key get Success: My.1.MasterKey!!
Example
NGFW{}master-key clear
WARNING: Clearing master key will remove encryption from the keystore and external user disk.
Do you want to continue (y/n)? [n]: y Success: Master key has been cleared.
16 Root Commands
ping
Test connectivity with ICMP traffic. The mgmt option uses the management interface.
Syntax
ping (A.B.C.D|HOSTNAME) [count INT] [maxhop INT] [from A.B.C.D] [mgmt] [datasize INT] ping (A.B.C.D|HOSTNAME) [count (1-900000)] [maxhop (1-800)] [from A.B.C.D] [mgmt]
[datasize (64-65468)] ping6 (X:X::X:X|HOSTNAME) [count INT] [maxhop INT] [interface INTERFACE] [from
X:X::X:X] [datasize INT] ping6 (X:X::X:X|HOSTNAME) [count (1-900000)] [maxhop (1-800)] [interface INTERFACE]
[from X:X::X:X] [datasize (64-65468)]
Example
NGFW{}ping 192.168.1.1 mgmt ping using mgmt port PING 192.168.1.1 (192.168.1.1): 56 data bytes 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 vrfid=500 time=0.4 ms 64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 vrfid=500 time=0.1 ms 64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 vrfid=500 time=0.1 ms 64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 vrfid=500 time=0.1 ms
--- 192.168.1.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.1/0.1/0.4 ms
ping6
reboot
Test connectivity with ICMPv6 traffic
Syntax
ping6 (X:X::X:X|HOSTNAME) [count (1-900000)] [maxhop (1-800)] [interface INTERFACE] [from X:X::X:X] [datasize (64-65468)]
Example
NGFW{}ping6 100:0:0:0:0:0:0:1 ping using data ports PING 100:0:0:0:0:0:0:1 (100:0:0:0:0:0:0:1): 56 data bytes 64 bytes from 100:0:0:0:0:0:0:1: icmp_seq=1 ttl=64 vrfid=0 time=0.3 ms 64 bytes from 100:0:0:0:0:0:0:1: icmp_seq=2 ttl=64 vrfid=0 time=0.1 ms 64 bytes from 100:0:0:0:0:0:0:1: icmp_seq=3 ttl=64 vrfid=0 time=0.1 ms 64 bytes from 100:0:0:0:0:0:0:1: icmp_seq=4 ttl=64 vrfid=0 time=0.1 ms
--- 100:0:0:0:0:0:0:1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.1/0.1/0.3 ms
Reboots the system.
Syntax
reboot
Example
NGFW{}reboot WARNING: Are you sure you want to reboot the system (y/n) [n]:
NGFW Command Line Interface Reference 17
Reports
Configure data collection for on-box reports.
Syntax
reports (reset|enable|disable) [all|cpu|disk|fan|memory|network|rate-limiter|temperature|traffic-profile|vpn]
Valid entries: reset Delete report data enable Start data collection for reports disable Stop data collection for reports all All reports (default) cpu CPU utilization report disk Disk utilization report fan Fan speed report memory Memory utilization report network Network bandwidth report rate-limiter Rate Limiter report temperature Temperature report traffic-profile Traffic Profile report vpn VPN report
Example
NGFW{}reports enable cpu NGFW{}reports reset cpu WARNING: Are you sure you want to reset cpu reports (y/n)? [n]:
Related Commands
show reports
save-config
Saves the running configuration to a persistent configuration.
Syntax
save-config
Example
NGFW{}save-config WARNING: Saving will apply this configuration at the next system start. Continue
(y/n)? [n]:
service-access
Enable or disable service access.
Syntax
service-access (enable|disable)
Example
NGFW{}service-access enable Serial: X-NGF-S1020F-GENERIC-001 Salt: Zk0lenyg NGFW{}service-access disable
18 Root Commands
set
show
Syntax
set cli filtering rule (auto-comment|no-auto-comment|(last-auto-comment-value INT))
Example
NGFW{}set cli filtering rule auto-comment NGFW{}set cli filtering rule no-auto-comment
The show command enables you to view current system configuration, status, and statistics.
Table 3-1 Show command
Command Description
show aaa show AAA information
show agglink Show agglink status
show arp Show Address Resolution Protocol entries
show autoconf dhcpv4 client IPv4 Dynamic Host Configuration Protocol
show autoconf dhcpv6 client IPv6 Dynamic Host Configuration Protocol
show autoconf ra Show autoconfig Router Advertisement information
show cluster Show cluster status
show date Show the current router date and time
show dhcp relay Show DHCPv4 Relay information
show dhcp server lease Display DHCP server leases history
show dhcpv6 Show DHCPv6 client lease
show dns Show Domain Name Service
show firewall Displays firewall rules and sessions.
show high-availability Show high-availability status
show interface Show network interface
show ip bgp Show the Border Gateway Protocol information
show ip igmp Show Internet Group Management Protocol
show ip mroute Show Multicast Static IP route
show ip ospf Show Open Shortest Path First (OSPF) information
show ip pim-sm Show PIM-SM routing information
show ip rip Show the RIP routes
show ip route Show the unicast routes
show ip smr Show SMR routing information
show ipv6 mld Show IPv6 routing information for MLD group or
interface
show ipv6 mroute Show IPv6 routing information for multicast routes
show ipv6 ospfv3 Show the OSPFv3 unicast routes
NGFW Command Line Interface Reference 19
Table 3-1 Show command
Command Description
show ipv6 pim-sm Show ipv6 Protocol Independent Multicast - Sparse
Mode (PIM-SM) routing information
show ipv6 ripng Show RIPng routing information
show ipv6 route ripng Show ripng route information
show (ip|ipv6) route Show the unicast routes
show key Show local server SSH key information
show l2tp Show Layer 2 Tunneling Protocol information
show license Shows the license number and status
show log-file Shows the logfiles
show log-file boot Shows the boot file
show mfg-info Show manufacturing information
show ndp Show Neighbor Discovery Protocol
show np engine Show net processor statistics
show np general statistics Show general network processor information
show np protocol-mix Show network processor protocol-level statistics
show np reassembly Show network processor reassembly statistics
show np rule-stats Show network processor rules, number of flows,
successful matches
show np softlinx Show network processor softlinx statistics
show np tier-stats Show network processor throughput and utilization for
each tier
show quarantine-list Show quarantine list information
show reports Show status of data collection for reports
show service Show network service information
show sms Show status of SMS control
show snmp Show SNMP information
show system buffers Show Forwarding buffer state
show system connections Show active socket information
show system processes Show system processes
show system statistics Show system-wide protocol-related statistics
show system usage Show system usage
show system virtual-memory Show system virtual memory
show system xms memory Show xms memory usage
show terminal Show terminal settings
show traffic-file Show network traffic from file
show tse connection-table Show TSE connection-table information
20 Root Commands
Table 3-1 Show command
Command Description
show users Show users information
show version Show device version information
show aaa
Syntax
show aaa capabilities USER
Example
show aaa capabilities fred NGFW{}show aaa capabilities fred ID NAME STATE
--------------------------------------------­1 NGFW full 2 SECURITY full 3 FIREWALLRULES full 4 SECURITYZONES full 5 APPLICATIONGROUPS full 6 ADDRESSGROUPS full 7 SERVICES full 8 SCHEDULES full 9 INSPECTIONPROFILES full 10 IPS full 11 IPREPUTATION full 12 PROFILEGROUPS full 13 CAPTIVEPORTALRULES full 14 NATRULES full 15 ACTIONSETS full 16 SYSTEM full 17 SMSMANAGED full 18 MANAGEMENT full 19 DNS full 20 IPFILTERS full 21 UPGRADE full 22 NOTIFICATION full 23 LOGGING full 24 HIGHAVAILABILITY full 25 HACONFIGURATION full 26 HASTATE full 27 SNMP full 28 TIME full 29 FIPS full 30 UPDATE full 31 PACKAGES full 32 AUTODV full 33 SNAPSHOT full 34 USERAUTH full 35 LOCALUSER full 36 USERGROUP full 37 ROLES full 38 RADIUS full 39 LDAP full
NGFW Command Line Interface Reference 21
40 CAPTIVEPORTAL full 41 GENERAL full 42 X509CERT full 43 VPN full 44 IKE full 45 IKECONFIGURATION full 46 IKESTATUS full 47 IPSEC full 48 IPSECCONFIGURATION full 49 IPSECSTATUS full 50 L2TP full 51 L2TPCONFIGURATION full 52 L2TPSTATUS full 53 REPORTING full 54 LOG full 55 FIREWALLLOG full 56 IPSLOG full 57 REPUTATIONLOG full 58 VPNLOG full 59 SYSTEMLOG full 60 AUDITLOG full 61 SECURITYREPORTS full 62 NETWORKREPORTS full 63 DEBUGTOOLS full 64 REBOOT full 65 SHUTDOWN full 66 SERVICEACCESS full 67 NETWORK full 68 INTERFACES full 69 SEGMENTS full 70 DHCPSERVER full 71 DHCPRELAY full 72 ARPNDP full 73 STATICROUTES full 74 STATICMONITOREDROUTES full 75 DYNAMICROUTING full 76 ACCESSLISTS full 77 ROUTEMAPS full 78 OSPF full 79 RIP full 80 BGP full 81 MULTICAST full 82 ROUTINGTABLE full 83 COMPACTFLASH full 84 CUSTOMCATEGORIES full 85 APPLICATIONVISIBILITY full 86 GLOBALINSPECTIONPROFILE full 87 DEBUGNP full
show agglink
Displays information about whether or not the member ports are up in the aggregated link.
Syntax
show (agglink|INTERFACE)
22 Root Commands
Loading...
+ 222 hidden pages