CLI Serverd Commands reference Guide

Date
April 2015
Version
V1.3
Details
Update
Introduction
This document details all the Stormshield Network CLI / Serverd commands of the IPS-Firewall for the release 1.3.0
These commands can be executed in the CLI console module in web administration - or with an administration client connected port 1300 (NSRPC).
These commands can be used from version 1.3.0 of Stormshield Network firmware. To check their validity in earlier versions, please refer to the History category of the description of these commands.
Table of Contents

Table of Contents

AUTH
CACHE
CHPWD
CONFIG
CONFIG
CONFIG ACTIVATE
CONFIG ANTISPAM
CONFIG ANTISPAM
CONFIG ANTISPAM ACTIVATE
CONFIG ANTISPAM BLACKLIST
CONFIG ANTISPAM BLACKLIST
CONFIG ANTISPAM BLACKLIST ADD
CONFIG ANTISPAM BLACKLIST LIST
CONFIG ANTISPAM BLACKLIST REMOVE
CONFIG ANTISPAM DNSBL
CONFIG ANTISPAM DNSBL
CONFIG ANTISPAM DNSBL ADD
CONFIG ANTISPAM DNSBL EDIT
CONFIG ANTISPAM DNSBL LIST
CONFIG ANTISPAM DNSBL REMOVE
CONFIG ANTISPAM DNSBL SET
CONFIG ANTISPAM DNSBL SHOW
CONFIG ANTISPAM SET
CONFIG ANTISPAM SHOW
CONFIG ANTISPAM VR
CONFIG ANTISPAM VR
CONFIG ANTISPAM VR SET
CONFIG ANTISPAM VR SHOW
CONFIG ANTISPAM WHITELIST
CONFIG ANTISPAM WHITELIST
CONFIG ANTISPAM WHITELIST ADD
CONFIG ANTISPAM WHITELIST LIST
CONFIG ANTISPAM WHITELIST REMOVE
CONFIG ANTIVIRUS
CONFIG ANTIVIRUS
CONFIG ANTIVIRUS ACTIVATE
CONFIG ANTIVIRUS CLEANUP
CONFIG ANTIVIRUS LICENCE
CONFIG ANTIVIRUS LIST
CONFIG ANTIVIRUS OBJECTS
CONFIG ANTIVIRUS SELECT
CONFIG ANTIVIRUS SERVICES
CONFIG ANTIVIRUS SERVICES
CONFIG ANTIVIRUS SERVICES FTP
CONFIG ANTIVIRUS SERVICES POP3
CONFIG ANTIVIRUS SERVICES SHOW
CONFIG ANTIVIRUS SERVICES SMTP
CONFIG ANTIVIRUS SHOW
CONFIG AUTH
CONFIG AUTH
CONFIG AUTH ACTIVATE
CONFIG AUTH ADVANCED
CONFIG AUTH AGENT
CONFIG AUTH AGENTIGNORE
CONFIG AUTH AGENTIGNORE
CONFIG AUTH AGENTIGNORE ADD
CONFIG AUTH AGENTIGNORE REMOVE
CONFIG AUTH AGENTIGNORE SHOW
CONFIG AUTH ALTRADIUS
CONFIG AUTH DEFAULT
CONFIG AUTH ENROLMENT
CONFIG AUTH GUEST
CONFIG AUTH HTTPS
CONFIG AUTH INTERFACE
CONFIG AUTH INTERFACE
CONFIG AUTH INTERFACE ADVANCED
CONFIG AUTH INTERFACE CONNECT
CONFIG AUTH INTERFACE ENROLMENT
CONFIG AUTH INTERFACE LIST
CONFIG AUTH INTERFACE METHOD
CONFIG AUTH INTERFACE PASSWORD
CONFIG AUTH INTERFACE RENAME
CONFIG AUTH INTERFACE SHOW
CONFIG AUTH INTERFACE STATE
CONFIG AUTH INTERFACE TIME
CONFIG AUTH INTERFACE TIMERANGE
CONFIG AUTH KERBEROS
CONFIG AUTH METHOD
CONFIG AUTH MULTIUSER
CONFIG AUTH MULTIUSER
CONFIG AUTH MULTIUSER ADD
CONFIG AUTH MULTIUSER LIST
CONFIG AUTH MULTIUSER REMOVE
CONFIG AUTH RADIUS
CONFIG AUTH SHOW
CONFIG AUTH SPNEGO
CONFIG AUTH SSL
CONFIG AUTH SSL
CONFIG AUTH SSL CAVERIFY
CONFIG AUTH SSL CAVERIFY
CONFIG AUTH SSL CAVERIFY ADD
CONFIG AUTH SSL CAVERIFY REMOVE
CONFIG AUTH SSL CERTIDENTIFIER
CONFIG AUTH SSL LDAPIDENTIFIER
CONFIG AUTH SSL UPDATE
CONFIG AUTH STATE
CONFIG AUTH TIME
CONFIG AUTOBACKUP
CONFIG AUTOBACKUP
CONFIG AUTOBACKUP ACTIVATE
CONFIG AUTOBACKUP LAUNCH
CONFIG AUTOBACKUP RESTORE
CONFIG AUTOBACKUP SET
CONFIG AUTOBACKUP SHOW
CONFIG AUTOUPDATE
CONFIG AUTOUPDATE
CONFIG AUTOUPDATE ACTIVATE
CONFIG AUTOUPDATE LIST
CONFIG AUTOUPDATE SERVER
CONFIG AUTOUPDATE SHOW
CONFIG AUTOUPDATE STATE
CONFIG BACKUP
CONFIG COMMUNICATION
CONFIG COMMUNICATION
CONFIG COMMUNICATION ACTIVATE
CONFIG COMMUNICATION EMAIL
CONFIG COMMUNICATION EMAIL
CONFIG COMMUNICATION EMAIL GROUP
CONFIG COMMUNICATION EMAIL GROUP
CONFIG COMMUNICATION EMAIL GROUP ACTIVATE
CONFIG COMMUNICATION EMAIL GROUP ADDRECIPIENT
CONFIG COMMUNICATION EMAIL GROUP CHECK
CONFIG COMMUNICATION EMAIL GROUP CREATE
CONFIG COMMUNICATION EMAIL GROUP DELRECIPIENT
CONFIG COMMUNICATION EMAIL GROUP EDIT
CONFIG COMMUNICATION EMAIL GROUP LIST
CONFIG COMMUNICATION EMAIL GROUP REMOVE
CONFIG COMMUNICATION EMAIL GROUP RENAME
CONFIG COMMUNICATION EMAIL TEMPLATE
CONFIG COMMUNICATION EMAIL TEMPLATE
CONFIG COMMUNICATION EMAIL TEMPLATE DEFAULT
CONFIG COMMUNICATION EMAIL TEMPLATE DOWNLOAD
CONFIG COMMUNICATION EMAIL TEMPLATE LIST
CONFIG COMMUNICATION EMAIL TEMPLATE UPLOAD
CONFIG COMMUNICATION HTTPPROXY
CONFIG COMMUNICATION SHOW
CONFIG COMMUNICATION SMTP
CONFIG COMMUNICATION SYSLOG
CONFIG CONSOLE
CONFIG CONSOLE
CONFIG CONSOLE ACTIVATE
CONFIG CONSOLE GETHOSTKEY
CONFIG CONSOLE GETKEY
CONFIG CONSOLE REMOTEADMIN
CONFIG CONSOLE RESTOREPUBKEY
CONFIG CONSOLE SETPASSPHRASE
CONFIG CONSOLE SETPUBKEY
CONFIG CONSOLE SSH
CONFIG DDNSCLIENT
CONFIG DDNSCLIENT
CONFIG DDNSCLIENT ACTIVATE
CONFIG DDNSCLIENT DELETE
CONFIG DDNSCLIENT LIST
CONFIG DDNSCLIENT NEW
CONFIG DDNSCLIENT RESETEVENT
CONFIG DDNSCLIENT SET
CONFIG DDNSCLIENT SHOW
CONFIG DDNSCLIENT UNSET
CONFIG DHCP
CONFIG DHCP
CONFIG DHCP ACTIVATE
CONFIG DHCP HOST
CONFIG DHCP HOST
CONFIG DHCP HOST ADD
CONFIG DHCP HOST LIST
CONFIG DHCP HOST REMOVE
CONFIG DHCP PARAMETERS
CONFIG DHCP PARAMETERS
CONFIG DHCP PARAMETERS ADD
CONFIG DHCP PARAMETERS LIST
CONFIG DHCP PARAMETERS REMOVE
CONFIG DHCP RANGE
CONFIG DHCP RANGE
CONFIG DHCP RANGE ADD
CONFIG DHCP RANGE LIST
CONFIG DHCP RANGE REMOVE
CONFIG DHCP RELAY
CONFIG DHCP RELAY
CONFIG DHCP RELAY ADVANCED
CONFIG DHCP RELAY INTERFACE
CONFIG DHCP RELAY INTERFACE
CONFIG DHCP RELAY INTERFACE ADD
CONFIG DHCP RELAY INTERFACE ALL
CONFIG DHCP RELAY INTERFACE LIST
CONFIG DHCP RELAY INTERFACE REMOVE
CONFIG DHCP RELAY SERVER
CONFIG DHCP RELAY SHOW
CONFIG DHCP RELAY STATE
CONFIG DHCP SERVERS
CONFIG DHCP SERVERS
CONFIG DHCP SERVERS ADD
CONFIG DHCP SERVERS LIST
CONFIG DHCP SERVERS REMOVE
CONFIG DHCP SHOW
CONFIG DHCP STATE
CONFIG DHCP6
CONFIG DHCP6
CONFIG DHCP6 ACTIVATE
CONFIG DHCP6 HOST
CONFIG DHCP6 HOST
CONFIG DHCP6 HOST ADD
CONFIG DHCP6 HOST LIST
CONFIG DHCP6 HOST REMOVE
CONFIG DHCP6 PARAMETERS
CONFIG DHCP6 PARAMETERS
CONFIG DHCP6 PARAMETERS ADD
CONFIG DHCP6 PARAMETERS LIST
CONFIG DHCP6 PARAMETERS REMOVE
CONFIG DHCP6 RANGE
CONFIG DHCP6 RANGE
CONFIG DHCP6 RANGE ADD
CONFIG DHCP6 RANGE LIST
CONFIG DHCP6 RANGE REMOVE
CONFIG DHCP6 RELAY
CONFIG DHCP6 RELAY
CONFIG DHCP6 RELAY FWDINTERFACE
CONFIG DHCP6 RELAY FWDINTERFACE
CONFIG DHCP6 RELAY FWDINTERFACE ADD
CONFIG DHCP6 RELAY FWDINTERFACE LIST
CONFIG DHCP6 RELAY FWDINTERFACE REMOVE
CONFIG DHCP6 RELAY RCVINTERFACE
CONFIG DHCP6 RELAY RCVINTERFACE
CONFIG DHCP6 RELAY RCVINTERFACE ADD
CONFIG DHCP6 RELAY RCVINTERFACE LIST
CONFIG DHCP6 RELAY RCVINTERFACE REMOVE
CONFIG DHCP6 RELAY SERVER
CONFIG DHCP6 RELAY SHOW
CONFIG DHCP6 RELAY STATE
CONFIG DHCP6 SERVERS
CONFIG DHCP6 SERVERS
CONFIG DHCP6 SERVERS ADD
CONFIG DHCP6 SERVERS LIST
CONFIG DHCP6 SERVERS REMOVE
CONFIG DHCP6 SHOW
CONFIG DHCP6 STATE
CONFIG DNS
CONFIG DNS
CONFIG DNS ACTIVATE
CONFIG DNS ADVANCED
CONFIG DNS CLIENT
CONFIG DNS CLIENT
CONFIG DNS CLIENT ADD
CONFIG DNS CLIENT LIST
CONFIG DNS CLIENT REMOVE
CONFIG DNS SERVER
CONFIG DNS SERVER
CONFIG DNS SERVER ADD
CONFIG DNS SERVER LIST
CONFIG DNS SERVER REMOVE
CONFIG DNS SHOW
CONFIG DNS STATE
CONFIG DOWNLOAD
CONFIG FILTER
CONFIG FILTER
CONFIG FILTER ACTIVATE
CONFIG FILTER CHECK
CONFIG FILTER DEFAULT
CONFIG FILTER EXPLICIT
CONFIG FILTER IMPLICIT
CONFIG FILTER MANAGE
CONFIG FILTER RULE
CONFIG FILTER RULE
CONFIG FILTER RULE ADDSEP
CONFIG FILTER RULE COLLAPSE
CONFIG FILTER RULE COPY
CONFIG FILTER RULE INSERT
CONFIG FILTER RULE MOVE
CONFIG FILTER RULE REMOVE
CONFIG FILTER RULE UPDATE
CONFIG FILTER SHOW
CONFIG GLOBAL
CONFIG GLOBAL
CONFIG GLOBAL OBJECT
CONFIG GLOBAL OBJECT
CONFIG GLOBAL OBJECT GET
CONFIG GLOBAL OBJECT GROUP
CONFIG GLOBAL OBJECT GROUP
CONFIG GLOBAL OBJECT GROUP ADDTO
CONFIG GLOBAL OBJECT GROUP CHECK
CONFIG GLOBAL OBJECT GROUP DELETE
CONFIG GLOBAL OBJECT GROUP NEW
CONFIG GLOBAL OBJECT GROUP REMOVEFROM
CONFIG GLOBAL OBJECT GROUP SHOW
CONFIG GLOBAL OBJECT HOST
CONFIG GLOBAL OBJECT HOST
CONFIG GLOBAL OBJECT HOST CHECK
CONFIG GLOBAL OBJECT HOST DELETE
CONFIG GLOBAL OBJECT HOST NEW
CONFIG GLOBAL OBJECT NETWORK
CONFIG GLOBAL OBJECT NETWORK
CONFIG GLOBAL OBJECT NETWORK CHECK
CONFIG GLOBAL OBJECT NETWORK DELETE
CONFIG GLOBAL OBJECT NETWORK NEW
CONFIG GLOBAL OBJECT PROTOCOL
CONFIG GLOBAL OBJECT PROTOCOL
CONFIG GLOBAL OBJECT PROTOCOL CHECK
CONFIG GLOBAL OBJECT PROTOCOL DELETE
CONFIG GLOBAL OBJECT PROTOCOL NEW
CONFIG GLOBAL OBJECT RENAME
CONFIG GLOBAL OBJECT SERVICE
CONFIG GLOBAL OBJECT SERVICE
CONFIG GLOBAL OBJECT SERVICE CHECK
CONFIG GLOBAL OBJECT SERVICE DELETE
CONFIG GLOBAL OBJECT SERVICE NEW
CONFIG GLOBAL OBJECT SERVICEGROUP
CONFIG GLOBAL OBJECT SERVICEGROUP
CONFIG GLOBAL OBJECT SERVICEGROUP ADDTO
CONFIG GLOBAL OBJECT SERVICEGROUP CHECK
CONFIG GLOBAL OBJECT SERVICEGROUP DELETE
CONFIG GLOBAL OBJECT SERVICEGROUP NEW
CONFIG GLOBAL OBJECT SERVICEGROUP REMOVEFROM
CONFIG GLOBAL OBJECT SERVICEGROUP SHOW
CONFIG GLOBAL OBJECT TIME
CONFIG GLOBAL OBJECT TIME
CONFIG GLOBAL OBJECT TIME CHECK
CONFIG GLOBAL OBJECT TIME DELETE
CONFIG GLOBAL OBJECT TIME NEW
CONFIG HA
CONFIG HA
CONFIG HA ACTIVATE
CONFIG HA CREATE
CONFIG HA JOIN
CONFIG HA SHOW
CONFIG HA STATE
CONFIG HA UPDATE
CONFIG HA WEIGHT
CONFIG HA WEIGHT
CONFIG HA WEIGHT ACTIVATE
CONFIG HA WEIGHT SHOW
CONFIG HA WEIGHT UPDATE
CONFIG IPSEC
CONFIG IPSEC
CONFIG IPSEC ACTIVATE
CONFIG IPSEC CA
CONFIG IPSEC CA
CONFIG IPSEC CA ADD
CONFIG IPSEC CA LIST
CONFIG IPSEC CA REMOVE
CONFIG IPSEC PEER
CONFIG IPSEC PEER
CONFIG IPSEC PEER CHECK
CONFIG IPSEC PEER LIST
CONFIG IPSEC PEER NEW
CONFIG IPSEC PEER REMOVE
CONFIG IPSEC PEER SHOW
CONFIG IPSEC PEER UPDATE
CONFIG IPSEC POLICY
CONFIG IPSEC POLICY
CONFIG IPSEC POLICY GATEWAY
CONFIG IPSEC POLICY GATEWAY
CONFIG IPSEC POLICY GATEWAY ADD
CONFIG IPSEC POLICY GATEWAY ADDSEP
CONFIG IPSEC POLICY GATEWAY COLLAPSE
CONFIG IPSEC POLICY GATEWAY LIST
CONFIG IPSEC POLICY GATEWAY MOVE
CONFIG IPSEC POLICY GATEWAY REMOVE
CONFIG IPSEC POLICY GATEWAY UPDATE
CONFIG IPSEC POLICY MOBILE
CONFIG IPSEC POLICY MOBILE
CONFIG IPSEC POLICY MOBILE ADD
CONFIG IPSEC POLICY MOBILE ADDSEP
CONFIG IPSEC POLICY MOBILE COLLAPSE
CONFIG IPSEC POLICY MOBILE GETPEER
CONFIG IPSEC POLICY MOBILE LIST
CONFIG IPSEC POLICY MOBILE MOVE
CONFIG IPSEC POLICY MOBILE REMOVE
CONFIG IPSEC POLICY MOBILE SETPEER
CONFIG IPSEC POLICY MOBILE UPDATE
CONFIG IPSEC PROFILE
CONFIG IPSEC PROFILE
CONFIG IPSEC PROFILE PHASE1
CONFIG IPSEC PROFILE PHASE1
CONFIG IPSEC PROFILE PHASE1 ADDPROP
CONFIG IPSEC PROFILE PHASE1 CHECK
CONFIG IPSEC PROFILE PHASE1 GETDEFAULT
CONFIG IPSEC PROFILE PHASE1 LIST
CONFIG IPSEC PROFILE PHASE1 MOVEPROP
CONFIG IPSEC PROFILE PHASE1 NEW
CONFIG IPSEC PROFILE PHASE1 REMOVE
CONFIG IPSEC PROFILE PHASE1 REMOVEPROP
CONFIG IPSEC PROFILE PHASE1 SETDEFAULT
CONFIG IPSEC PROFILE PHASE1 SHOW
CONFIG IPSEC PROFILE PHASE1 UPDATE
CONFIG IPSEC PROFILE PHASE2
CONFIG IPSEC PROFILE PHASE2
CONFIG IPSEC PROFILE PHASE2 CHECK
CONFIG IPSEC PROFILE PHASE2 GETDEFAULT
CONFIG IPSEC PROFILE PHASE2 LIST
CONFIG IPSEC PROFILE PHASE2 NEW
CONFIG IPSEC PROFILE PHASE2 REMOVE
CONFIG IPSEC PROFILE PHASE2 SETDEFAULT
CONFIG IPSEC PROFILE PHASE2 SHOW
CONFIG IPSEC PROFILE PHASE2 UPDATE
CONFIG IPSEC PROPERTY
CONFIG IPSEC PSK
CONFIG IPSEC PSK
CONFIG IPSEC PSK ADD
CONFIG IPSEC PSK LIST
CONFIG IPSEC PSK REMOVE
CONFIG IPSEC SHOW
CONFIG IPSEC UPDATE
CONFIG KEY
CONFIG KEY
CONFIG KEY ADD
CONFIG KEY LIST
CONFIG KEY REMOVE
CONFIG LDAP
CONFIG LDAP
CONFIG LDAP ACTIVATE
CONFIG LDAP CHECK
CONFIG LDAP DELMAP
CONFIG LDAP EXTERNAL
CONFIG LDAP INITIALIZE
CONFIG LDAP PASSWORD
CONFIG LDAP PUBLIC
CONFIG LDAP SETMAP
CONFIG LDAP SHOW
CONFIG LDAP STATE
CONFIG LDAP UPDATE
CONFIG LOG
CONFIG LOG
CONFIG LOG ACTIVATE
CONFIG LOG ALARM
CONFIG LOG AUTH
CONFIG LOG COMMUNICATION
CONFIG LOG COMMUNICATION
CONFIG LOG COMMUNICATION EMAIL
CONFIG LOG COMMUNICATION SNMP
CONFIG LOG CONNECTION
CONFIG LOG FILTER
CONFIG LOG FTP
CONFIG LOG MONITOR
CONFIG LOG PLUGIN
CONFIG LOG POP3
CONFIG LOG PVM
CONFIG LOG SERVER
CONFIG LOG SHOW
CONFIG LOG SMTP
CONFIG LOG SSL
CONFIG LOG STAT
CONFIG LOG SYSTEM
CONFIG LOG VPN
CONFIG LOG WEB
CONFIG LOG XVPN
CONFIG MAILFILTERING
CONFIG MAILFILTERING
CONFIG MAILFILTERING ACTIVATE
CONFIG MAILFILTERING COPY
CONFIG MAILFILTERING DEFAULT
CONFIG MAILFILTERING LIST
CONFIG MAILFILTERING RULE
CONFIG MAILFILTERING RULE
CONFIG MAILFILTERING RULE INSERT
CONFIG MAILFILTERING RULE MOVE
CONFIG MAILFILTERING RULE REMOVE
CONFIG MAILFILTERING RULE SHOW
CONFIG MAILFILTERING RULE UPDATE
CONFIG MAILFILTERING UPDATE
CONFIG NETWORK
CONFIG NETWORK
CONFIG NETWORK ACTIVATE
CONFIG NETWORK GATEWAY
CONFIG NETWORK GATEWAY
CONFIG NETWORK GATEWAY ACTIVATE
CONFIG NETWORK GATEWAY ADD
CONFIG NETWORK GATEWAY IPV6
CONFIG NETWORK GATEWAY IPV6
CONFIG NETWORK GATEWAY IPV6 ADD
CONFIG NETWORK GATEWAY IPV6 REMOVE
CONFIG NETWORK GATEWAY IPV6 SET
CONFIG NETWORK GATEWAY IPV6 SHOW
CONFIG NETWORK GATEWAY IPV6 UPDATE
CONFIG NETWORK GATEWAY REMOVE
CONFIG NETWORK GATEWAY SET
CONFIG NETWORK GATEWAY SHOW
CONFIG NETWORK GATEWAY UPDATE
CONFIG NETWORK INTERFACE
CONFIG NETWORK INTERFACE
CONFIG NETWORK INTERFACE ACTIVATE
CONFIG NETWORK INTERFACE ADDRESS
CONFIG NETWORK INTERFACE ADDRESS
CONFIG NETWORK INTERFACE ADDRESS ADD
CONFIG NETWORK INTERFACE ADDRESS REMOVE
CONFIG NETWORK INTERFACE ADDRESS UPDATE
CONFIG NETWORK INTERFACE AGGREGATE
CONFIG NETWORK INTERFACE CAPABILITIES
CONFIG NETWORK INTERFACE CHECK
CONFIG NETWORK INTERFACE CREATE
CONFIG NETWORK INTERFACE IPSEC
CONFIG NETWORK INTERFACE IPV6
CONFIG NETWORK INTERFACE IPV6
CONFIG NETWORK INTERFACE IPV6 ADDRESS
CONFIG NETWORK INTERFACE IPV6 ADDRESS
CONFIG NETWORK INTERFACE IPV6 ADDRESS ADD
CONFIG NETWORK INTERFACE IPV6 ADDRESS REMOVE
CONFIG NETWORK INTERFACE IPV6 ADDRESS UPDATE
CONFIG NETWORK INTERFACE IPV6 ROUTERADV
CONFIG NETWORK INTERFACE IPV6 ROUTERADV
CONFIG NETWORK INTERFACE IPV6 ROUTERADV CONFIG
CONFIG NETWORK INTERFACE IPV6 ROUTERADV PREFIX
CONFIG NETWORK INTERFACE IPV6 ROUTERADV PREFIX
CONFIG NETWORK INTERFACE IPV6 ROUTERADV PREFIX ADD
CONFIG NETWORK INTERFACE IPV6 ROUTERADV PREFIX REMOVE
CONFIG NETWORK INTERFACE IPV6 ROUTERADV PREFIX UPDATE
CONFIG NETWORK INTERFACE LIMIT
CONFIG NETWORK INTERFACE LIMIT
CONFIG NETWORK INTERFACE LIMIT SET
CONFIG NETWORK INTERFACE LIMIT SHOW
CONFIG NETWORK INTERFACE REMOVE
CONFIG NETWORK INTERFACE RENAME
CONFIG NETWORK INTERFACE SHOW
CONFIG NETWORK INTERFACE UPDATE
CONFIG NETWORK IPV6
CONFIG NETWORK IPV6
CONFIG NETWORK IPV6 STATE
CONFIG NETWORK ROUTE
CONFIG NETWORK ROUTE
CONFIG NETWORK ROUTE ACTIVATE
CONFIG NETWORK ROUTE ADD
CONFIG NETWORK ROUTE IPV6
CONFIG NETWORK ROUTE IPV6
CONFIG NETWORK ROUTE IPV6 ADD
CONFIG NETWORK ROUTE IPV6 REMOVE
CONFIG NETWORK ROUTE IPV6 SHOW
CONFIG NETWORK ROUTE IPV6 UPDATE
CONFIG NETWORK ROUTE REMOVE
CONFIG NETWORK ROUTE SHOW
CONFIG NETWORK ROUTE UPDATE
CONFIG NETWORK SWITCH
CONFIG NETWORK SWITCH
CONFIG NETWORK SWITCH ACTIVATE
CONFIG NETWORK SWITCH ADD
CONFIG NETWORK SWITCH MODIFY
CONFIG NETWORK SWITCH SHOW
CONFIG NTP
CONFIG NTP
CONFIG NTP ACTIVATE
CONFIG NTP ADVANCED
CONFIG NTP KEY
CONFIG NTP KEY
CONFIG NTP KEY ADD
CONFIG NTP KEY LIST
CONFIG NTP KEY REMOVE
CONFIG NTP SERVER
CONFIG NTP SERVER
CONFIG NTP SERVER ADD
CONFIG NTP SERVER LIST
CONFIG NTP SERVER REMOVE
CONFIG NTP SHOW
CONFIG NTP STATE
CONFIG OBJECT
CONFIG OBJECT
CONFIG OBJECT ACTIVATE
CONFIG OBJECT CNCATEGORYGROUP
CONFIG OBJECT CNCATEGORYGROUP
CONFIG OBJECT CNCATEGORYGROUP ADDTO
CONFIG OBJECT CNCATEGORYGROUP CHECK
CONFIG OBJECT CNCATEGORYGROUP DELETE
CONFIG OBJECT CNCATEGORYGROUP NEW
CONFIG OBJECT CNCATEGORYGROUP REMOVEFROM
CONFIG OBJECT CNCATEGORYGROUP SHOW
CONFIG OBJECT GET
CONFIG OBJECT GROUP
CONFIG OBJECT GROUP
CONFIG OBJECT GROUP ADDTO
CONFIG OBJECT GROUP CHECK
CONFIG OBJECT GROUP DELETE
CONFIG OBJECT GROUP NEW
CONFIG OBJECT GROUP REMOVEFROM
CONFIG OBJECT GROUP SHOW
CONFIG OBJECT HOST
CONFIG OBJECT HOST
CONFIG OBJECT HOST CHECK
CONFIG OBJECT HOST DELETE
CONFIG OBJECT HOST NEW
CONFIG OBJECT INTERNET
CONFIG OBJECT INTERNET
CONFIG OBJECT INTERNET SHOW
CONFIG OBJECT INTERNET UPDATE
CONFIG OBJECT LIST
CONFIG OBJECT NETWORK
CONFIG OBJECT NETWORK
CONFIG OBJECT NETWORK CHECK
CONFIG OBJECT NETWORK DELETE
CONFIG OBJECT NETWORK NEW
CONFIG OBJECT PROTOCOL
CONFIG OBJECT PROTOCOL
CONFIG OBJECT PROTOCOL CHECK
CONFIG OBJECT PROTOCOL DELETE
CONFIG OBJECT PROTOCOL NEW
CONFIG OBJECT QOS
CONFIG OBJECT QOS
CONFIG OBJECT QOS ACTIVATE
CONFIG OBJECT QOS DROP
CONFIG OBJECT QOS QID
CONFIG OBJECT QOS QID
CONFIG OBJECT QOS QID ADD
CONFIG OBJECT QOS QID CHECK
CONFIG OBJECT QOS QID LIST
CONFIG OBJECT QOS QID REMOVE
CONFIG OBJECT QOS QID RENAME
CONFIG OBJECT QOS SET
CONFIG OBJECT QOS SHOW
CONFIG OBJECT RENAME
CONFIG OBJECT SERVICE
CONFIG OBJECT SERVICE
CONFIG OBJECT SERVICE CHECK
CONFIG OBJECT SERVICE DELETE
CONFIG OBJECT SERVICE NEW
CONFIG OBJECT SERVICEGROUP
CONFIG OBJECT SERVICEGROUP
CONFIG OBJECT SERVICEGROUP ADDTO
CONFIG OBJECT SERVICEGROUP CHECK
CONFIG OBJECT SERVICEGROUP DELETE
CONFIG OBJECT SERVICEGROUP NEW
CONFIG OBJECT SERVICEGROUP REMOVEFROM
CONFIG OBJECT SERVICEGROUP SHOW
CONFIG OBJECT TIME
CONFIG OBJECT TIME
CONFIG OBJECT TIME CHECK
CONFIG OBJECT TIME DELETE
CONFIG OBJECT TIME NEW
CONFIG OBJECT URLCATEGORYGROUP
CONFIG OBJECT URLCATEGORYGROUP
CONFIG OBJECT URLCATEGORYGROUP ADDTO
CONFIG OBJECT URLCATEGORYGROUP CHECK
CONFIG OBJECT URLCATEGORYGROUP DELETE
CONFIG OBJECT URLCATEGORYGROUP NEW
CONFIG OBJECT URLCATEGORYGROUP REMOVEFROM
CONFIG OBJECT URLCATEGORYGROUP SHOW
CONFIG OBJECT URLGROUP
CONFIG OBJECT URLGROUP
CONFIG OBJECT URLGROUP ADDTO
CONFIG OBJECT URLGROUP CHECK
CONFIG OBJECT URLGROUP CLASSIFY
CONFIG OBJECT URLGROUP DELETE
CONFIG OBJECT URLGROUP NEW
CONFIG OBJECT URLGROUP REMOVEFROM
CONFIG OBJECT URLGROUP SETBASE
CONFIG OBJECT URLGROUP SHOW
CONFIG OPENVPN
CONFIG OPENVPN
CONFIG OPENVPN ACTIVATE
CONFIG OPENVPN DEFAULT
CONFIG OPENVPN SHOW
CONFIG OPENVPN UPDATE
CONFIG PPTP
CONFIG PPTP
CONFIG PPTP ACTIVATE
CONFIG PPTP ADVANCED
CONFIG PPTP METHOD
CONFIG PPTP POOL
CONFIG PPTP SHOW
CONFIG PPTP STATE
CONFIG PPTP USER
CONFIG PPTP USER ACTIVATE
CONFIG PPTP USER ADD
CONFIG PPTP USER LIST
CONFIG PPTP USER REMOVE
CONFIG PROTOCOL
CONFIG PROTOCOL
CONFIG PROTOCOL ACTIVATE
CONFIG PROTOCOL COMMON
CONFIG PROTOCOL COMMON
CONFIG PROTOCOL COMMON CONFIG
CONFIG PROTOCOL COMMON DEFAULT
CONFIG PROTOCOL COMMON SHOW
CONFIG PROTOCOL DNS
CONFIG PROTOCOL DNS
CONFIG PROTOCOL DNS ACTIVATE
CONFIG PROTOCOL DNS COMMON
CONFIG PROTOCOL DNS COMMON
CONFIG PROTOCOL DNS COMMON CONFIG
CONFIG PROTOCOL DNS COMMON DEFAULT
CONFIG PROTOCOL DNS COMMON SHOW
CONFIG PROTOCOL DNS PROFILE
CONFIG PROTOCOL DNS PROFILE
CONFIG PROTOCOL DNS PROFILE ALARM
CONFIG PROTOCOL DNS PROFILE ALARM
CONFIG PROTOCOL DNS PROFILE ALARM DEFAULT
CONFIG PROTOCOL DNS PROFILE ALARM SHOW
CONFIG PROTOCOL DNS PROFILE ALARM UPDATE
CONFIG PROTOCOL DNS PROFILE COPY
CONFIG PROTOCOL DNS PROFILE DEFAULT
CONFIG PROTOCOL DNS PROFILE IPS
CONFIG PROTOCOL DNS PROFILE IPS
CONFIG PROTOCOL DNS PROFILE IPS CONFIG
CONFIG PROTOCOL DNS PROFILE LIST
CONFIG PROTOCOL DNS PROFILE SHOW
CONFIG PROTOCOL DNS PROFILE UPDATE
CONFIG PROTOCOL EDONKEY
CONFIG PROTOCOL EDONKEY
CONFIG PROTOCOL EDONKEY ACTIVATE
CONFIG PROTOCOL EDONKEY COMMON
CONFIG PROTOCOL EDONKEY COMMON
CONFIG PROTOCOL EDONKEY COMMON CONFIG
CONFIG PROTOCOL EDONKEY COMMON DEFAULT
CONFIG PROTOCOL EDONKEY COMMON SHOW
CONFIG PROTOCOL EDONKEY PROFILE
CONFIG PROTOCOL EDONKEY PROFILE
CONFIG PROTOCOL EDONKEY PROFILE ALARM
CONFIG PROTOCOL EDONKEY PROFILE ALARM
CONFIG PROTOCOL EDONKEY PROFILE ALARM DEFAULT
CONFIG PROTOCOL EDONKEY PROFILE ALARM SHOW
CONFIG PROTOCOL EDONKEY PROFILE ALARM UPDATE
CONFIG PROTOCOL EDONKEY PROFILE COPY
CONFIG PROTOCOL EDONKEY PROFILE DEFAULT
CONFIG PROTOCOL EDONKEY PROFILE IPS
CONFIG PROTOCOL EDONKEY PROFILE IPS
CONFIG PROTOCOL EDONKEY PROFILE IPS CONFIG
CONFIG PROTOCOL EDONKEY PROFILE LIST
CONFIG PROTOCOL EDONKEY PROFILE SHOW
CONFIG PROTOCOL EDONKEY PROFILE UPDATE
CONFIG PROTOCOL FTP
CONFIG PROTOCOL FTP
CONFIG PROTOCOL FTP ACTIVATE
CONFIG PROTOCOL FTP COMMON
CONFIG PROTOCOL FTP COMMON
CONFIG PROTOCOL FTP COMMON CONFIG
CONFIG PROTOCOL FTP COMMON DEFAULT
CONFIG PROTOCOL FTP COMMON PROXY
CONFIG PROTOCOL FTP COMMON PROXY
CONFIG PROTOCOL FTP COMMON PROXY CONFIG
CONFIG PROTOCOL FTP COMMON SHOW
CONFIG PROTOCOL FTP PROFILE
CONFIG PROTOCOL FTP PROFILE
CONFIG PROTOCOL FTP PROFILE ALARM
CONFIG PROTOCOL FTP PROFILE ALARM
CONFIG PROTOCOL FTP PROFILE ALARM DEFAULT
CONFIG PROTOCOL FTP PROFILE ALARM SHOW
CONFIG PROTOCOL FTP PROFILE ALARM UPDATE
CONFIG PROTOCOL FTP PROFILE COPY
CONFIG PROTOCOL FTP PROFILE DEFAULT
CONFIG PROTOCOL FTP PROFILE IPS
CONFIG PROTOCOL FTP PROFILE IPS
CONFIG PROTOCOL FTP PROFILE IPS CONFIG
CONFIG PROTOCOL FTP PROFILE LIST
CONFIG PROTOCOL FTP PROFILE PROXY
CONFIG PROTOCOL FTP PROFILE PROXY
CONFIG PROTOCOL FTP PROFILE PROXY ANTIVIRUS
CONFIG PROTOCOL FTP PROFILE PROXY CMD
CONFIG PROTOCOL FTP PROFILE PROXY CONFIG
CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD
CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD
CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD ADD
CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD LIST
CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD REMOVE
CONFIG PROTOCOL FTP PROFILE PROXY POSTPROC
CONFIG PROTOCOL FTP PROFILE SHOW
CONFIG PROTOCOL FTP PROFILE UPDATE
CONFIG PROTOCOL H323
CONFIG PROTOCOL H323
CONFIG PROTOCOL H323 ACTIVATE
CONFIG PROTOCOL H323 COMMON
CONFIG PROTOCOL H323 COMMON
CONFIG PROTOCOL H323 COMMON CONFIG
CONFIG PROTOCOL H323 COMMON DEFAULT
CONFIG PROTOCOL H323 COMMON SHOW
CONFIG PROTOCOL H323 PROFILE
CONFIG PROTOCOL H323 PROFILE
CONFIG PROTOCOL H323 PROFILE ALARM
CONFIG PROTOCOL H323 PROFILE ALARM
CONFIG PROTOCOL H323 PROFILE ALARM DEFAULT
CONFIG PROTOCOL H323 PROFILE ALARM SHOW
CONFIG PROTOCOL H323 PROFILE ALARM UPDATE
CONFIG PROTOCOL H323 PROFILE COPY
CONFIG PROTOCOL H323 PROFILE DEFAULT
CONFIG PROTOCOL H323 PROFILE IPS
CONFIG PROTOCOL H323 PROFILE IPS
CONFIG PROTOCOL H323 PROFILE IPS CONFIG
CONFIG PROTOCOL H323 PROFILE LIST
CONFIG PROTOCOL H323 PROFILE SHOW
CONFIG PROTOCOL H323 PROFILE UPDATE
CONFIG PROTOCOL HTTP
CONFIG PROTOCOL HTTP
CONFIG PROTOCOL HTTP ACTIVATE
CONFIG PROTOCOL HTTP COMMON
CONFIG PROTOCOL HTTP COMMON
CONFIG PROTOCOL HTTP COMMON CONFIG
CONFIG PROTOCOL HTTP COMMON DEFAULT
CONFIG PROTOCOL HTTP COMMON PROXY
CONFIG PROTOCOL HTTP COMMON PROXY
CONFIG PROTOCOL HTTP COMMON PROXY CONFIG
CONFIG PROTOCOL HTTP COMMON SHOW
CONFIG PROTOCOL HTTP PROFILE
CONFIG PROTOCOL HTTP PROFILE
CONFIG PROTOCOL HTTP PROFILE ALARM
CONFIG PROTOCOL HTTP PROFILE ALARM
CONFIG PROTOCOL HTTP PROFILE ALARM DEFAULT
CONFIG PROTOCOL HTTP PROFILE ALARM SHOW
CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE
CONFIG PROTOCOL HTTP PROFILE COPY
CONFIG PROTOCOL HTTP PROFILE DEFAULT
CONFIG PROTOCOL HTTP PROFILE IPS
CONFIG PROTOCOL HTTP PROFILE IPS
CONFIG PROTOCOL HTTP PROFILE IPS CONFIG
CONFIG PROTOCOL HTTP PROFILE LIST
CONFIG PROTOCOL HTTP PROFILE PROXY
CONFIG PROTOCOL HTTP PROFILE PROXY
CONFIG PROTOCOL HTTP PROFILE PROXY ANTIVIRUS
CONFIG PROTOCOL HTTP PROFILE PROXY CONFIG
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE ADD
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE LIST
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE REMOVE
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPREQMOD
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPRESPMOD
CONFIG PROTOCOL HTTP PROFILE PROXY MIME
CONFIG PROTOCOL HTTP PROFILE PROXY MIME
CONFIG PROTOCOL HTTP PROFILE PROXY MIME INSERT
CONFIG PROTOCOL HTTP PROFILE PROXY MIME MOVE
CONFIG PROTOCOL HTTP PROFILE PROXY MIME REMOVE
CONFIG PROTOCOL HTTP PROFILE PROXY MIME SHOW
CONFIG PROTOCOL HTTP PROFILE PROXY MIME UPDATE
CONFIG PROTOCOL HTTP PROFILE PROXY POSTPROC
CONFIG PROTOCOL HTTP PROFILE PROXY URLFILTERING
CONFIG PROTOCOL HTTP PROFILE SHOW
CONFIG PROTOCOL HTTP PROFILE UPDATE
CONFIG PROTOCOL ICMP
CONFIG PROTOCOL ICMP
CONFIG PROTOCOL ICMP ACTIVATE
CONFIG PROTOCOL ICMP COMMON
CONFIG PROTOCOL ICMP COMMON
CONFIG PROTOCOL ICMP COMMON CONFIG
CONFIG PROTOCOL ICMP COMMON DEFAULT
CONFIG PROTOCOL ICMP COMMON SHOW
CONFIG PROTOCOL ICMP PROFILE
CONFIG PROTOCOL ICMP PROFILE
CONFIG PROTOCOL ICMP PROFILE ALARM
CONFIG PROTOCOL ICMP PROFILE ALARM
CONFIG PROTOCOL ICMP PROFILE ALARM DEFAULT
CONFIG PROTOCOL ICMP PROFILE ALARM SHOW
CONFIG PROTOCOL ICMP PROFILE ALARM UPDATE
CONFIG PROTOCOL ICMP PROFILE COPY
CONFIG PROTOCOL ICMP PROFILE DEFAULT
CONFIG PROTOCOL ICMP PROFILE IPS
CONFIG PROTOCOL ICMP PROFILE IPS
CONFIG PROTOCOL ICMP PROFILE IPS CONFIG
CONFIG PROTOCOL ICMP PROFILE LIST
CONFIG PROTOCOL ICMP PROFILE SHOW
CONFIG PROTOCOL ICMP PROFILE UPDATE
CONFIG PROTOCOL IGMP
CONFIG PROTOCOL IGMP
CONFIG PROTOCOL IGMP ACTIVATE
CONFIG PROTOCOL IGMP COMMON
CONFIG PROTOCOL IGMP COMMON
CONFIG PROTOCOL IGMP COMMON CONFIG
CONFIG PROTOCOL IGMP COMMON DEFAULT
CONFIG PROTOCOL IGMP COMMON SHOW
CONFIG PROTOCOL IGMP PROFILE
CONFIG PROTOCOL IGMP PROFILE
CONFIG PROTOCOL IGMP PROFILE ALARM
CONFIG PROTOCOL IGMP PROFILE ALARM
CONFIG PROTOCOL IGMP PROFILE ALARM DEFAULT
CONFIG PROTOCOL IGMP PROFILE ALARM SHOW
CONFIG PROTOCOL IGMP PROFILE ALARM UPDATE
CONFIG PROTOCOL IGMP PROFILE COPY
CONFIG PROTOCOL IGMP PROFILE DEFAULT
CONFIG PROTOCOL IGMP PROFILE IPS
CONFIG PROTOCOL IGMP PROFILE IPS
CONFIG PROTOCOL IGMP PROFILE IPS CONFIG
CONFIG PROTOCOL IGMP PROFILE LIST
CONFIG PROTOCOL IGMP PROFILE SHOW
CONFIG PROTOCOL IGMP PROFILE UPDATE
CONFIG PROTOCOL IMAP4
CONFIG PROTOCOL IMAP4
CONFIG PROTOCOL IMAP4 ACTIVATE
CONFIG PROTOCOL IMAP4 COMMON
CONFIG PROTOCOL IMAP4 COMMON
CONFIG PROTOCOL IMAP4 COMMON CONFIG
CONFIG PROTOCOL IMAP4 COMMON DEFAULT
CONFIG PROTOCOL IMAP4 COMMON SHOW
CONFIG PROTOCOL IMAP4 PROFILE
CONFIG PROTOCOL IMAP4 PROFILE
CONFIG PROTOCOL IMAP4 PROFILE ALARM
CONFIG PROTOCOL IMAP4 PROFILE ALARM
CONFIG PROTOCOL IMAP4 PROFILE ALARM DEFAULT
CONFIG PROTOCOL IMAP4 PROFILE ALARM SHOW
CONFIG PROTOCOL IMAP4 PROFILE ALARM UPDATE
CONFIG PROTOCOL IMAP4 PROFILE COPY
CONFIG PROTOCOL IMAP4 PROFILE DEFAULT
CONFIG PROTOCOL IMAP4 PROFILE IPS
CONFIG PROTOCOL IMAP4 PROFILE IPS
CONFIG PROTOCOL IMAP4 PROFILE IPS CONFIG
CONFIG PROTOCOL IMAP4 PROFILE LIST
CONFIG PROTOCOL IMAP4 PROFILE SHOW
CONFIG PROTOCOL IMAP4 PROFILE UPDATE
CONFIG PROTOCOL IP
CONFIG PROTOCOL IP
CONFIG PROTOCOL IP ACTIVATE
CONFIG PROTOCOL IP COMMON
CONFIG PROTOCOL IP COMMON
CONFIG PROTOCOL IP COMMON CONFIG
CONFIG PROTOCOL IP COMMON DEFAULT
CONFIG PROTOCOL IP COMMON IPS CONFIG
CONFIG PROTOCOL IP COMMON IPS FRAGMENT
CONFIG PROTOCOL IP COMMON SHOW
CONFIG PROTOCOL IP PROFILE
CONFIG PROTOCOL IP PROFILE
CONFIG PROTOCOL IP PROFILE ALARM
CONFIG PROTOCOL IP PROFILE ALARM
CONFIG PROTOCOL IP PROFILE ALARM DEFAULT
CONFIG PROTOCOL IP PROFILE ALARM SHOW
CONFIG PROTOCOL IP PROFILE ALARM UPDATE
CONFIG PROTOCOL IP PROFILE COPY
CONFIG PROTOCOL IP PROFILE DEFAULT
CONFIG PROTOCOL IP PROFILE IPS
CONFIG PROTOCOL IP PROFILE IPS
CONFIG PROTOCOL IP PROFILE IPS CONFIG
CONFIG PROTOCOL IP PROFILE LIST
CONFIG PROTOCOL IP PROFILE SHOW
CONFIG PROTOCOL IP PROFILE UPDATE
CONFIG PROTOCOL LIST
CONFIG PROTOCOL MGCP
CONFIG PROTOCOL MGCP
CONFIG PROTOCOL MGCP ACTIVATE
CONFIG PROTOCOL MGCP COMMON
CONFIG PROTOCOL MGCP COMMON
CONFIG PROTOCOL MGCP COMMON CONFIG
CONFIG PROTOCOL MGCP COMMON DEFAULT
CONFIG PROTOCOL MGCP COMMON SHOW
CONFIG PROTOCOL MGCP PROFILE
CONFIG PROTOCOL MGCP PROFILE
CONFIG PROTOCOL MGCP PROFILE ALARM
CONFIG PROTOCOL MGCP PROFILE ALARM
CONFIG PROTOCOL MGCP PROFILE ALARM DEFAULT
CONFIG PROTOCOL MGCP PROFILE ALARM SHOW
CONFIG PROTOCOL MGCP PROFILE ALARM UPDATE
CONFIG PROTOCOL MGCP PROFILE COPY
CONFIG PROTOCOL MGCP PROFILE DEFAULT
CONFIG PROTOCOL MGCP PROFILE IPS
CONFIG PROTOCOL MGCP PROFILE IPS
CONFIG PROTOCOL MGCP PROFILE IPS CONFIG
CONFIG PROTOCOL MGCP PROFILE LIST
CONFIG PROTOCOL MGCP PROFILE SHOW
CONFIG PROTOCOL MGCP PROFILE UPDATE
CONFIG PROTOCOL MSN
CONFIG PROTOCOL MSN
CONFIG PROTOCOL MSN ACTIVATE
CONFIG PROTOCOL MSN COMMON
CONFIG PROTOCOL MSN COMMON
CONFIG PROTOCOL MSN COMMON CONFIG
CONFIG PROTOCOL MSN COMMON DEFAULT
CONFIG PROTOCOL MSN COMMON SHOW
CONFIG PROTOCOL MSN PROFILE
CONFIG PROTOCOL MSN PROFILE
CONFIG PROTOCOL MSN PROFILE ALARM
CONFIG PROTOCOL MSN PROFILE ALARM
CONFIG PROTOCOL MSN PROFILE ALARM DEFAULT
CONFIG PROTOCOL MSN PROFILE ALARM SHOW
CONFIG PROTOCOL MSN PROFILE ALARM UPDATE
CONFIG PROTOCOL MSN PROFILE COPY
CONFIG PROTOCOL MSN PROFILE DEFAULT
CONFIG PROTOCOL MSN PROFILE IPS
CONFIG PROTOCOL MSN PROFILE IPS
CONFIG PROTOCOL MSN PROFILE IPS CONFIG
CONFIG PROTOCOL MSN PROFILE LIST
CONFIG PROTOCOL MSN PROFILE SHOW
CONFIG PROTOCOL MSN PROFILE UPDATE
CONFIG PROTOCOL MYSQL
CONFIG PROTOCOL MYSQL
CONFIG PROTOCOL MYSQL ACTIVATE
CONFIG PROTOCOL MYSQL COMMON
CONFIG PROTOCOL MYSQL COMMON
CONFIG PROTOCOL MYSQL COMMON CONFIG
CONFIG PROTOCOL MYSQL COMMON DEFAULT
CONFIG PROTOCOL MYSQL COMMON SHOW
CONFIG PROTOCOL MYSQL PROFILE
CONFIG PROTOCOL MYSQL PROFILE
CONFIG PROTOCOL MYSQL PROFILE ALARM
CONFIG PROTOCOL MYSQL PROFILE ALARM
CONFIG PROTOCOL MYSQL PROFILE ALARM DEFAULT
CONFIG PROTOCOL MYSQL PROFILE ALARM SHOW
CONFIG PROTOCOL MYSQL PROFILE ALARM UPDATE
CONFIG PROTOCOL MYSQL PROFILE COPY
CONFIG PROTOCOL MYSQL PROFILE DEFAULT
CONFIG PROTOCOL MYSQL PROFILE IPS
CONFIG PROTOCOL MYSQL PROFILE IPS
CONFIG PROTOCOL MYSQL PROFILE IPS CONFIG
CONFIG PROTOCOL MYSQL PROFILE LIST
CONFIG PROTOCOL MYSQL PROFILE SHOW
CONFIG PROTOCOL MYSQL PROFILE UPDATE
CONFIG PROTOCOL NB-CIFS_TCP
CONFIG PROTOCOL NB-CIFS_TCP
CONFIG PROTOCOL NB-CIFS_TCP ACTIVATE
CONFIG PROTOCOL NB-CIFS_TCP COMMON
CONFIG PROTOCOL NB-CIFS_TCP COMMON
CONFIG PROTOCOL NB-CIFS_TCP COMMON CONFIG
CONFIG PROTOCOL NB-CIFS_TCP COMMON DEFAULT
CONFIG PROTOCOL NB-CIFS_TCP COMMON SHOW
CONFIG PROTOCOL NB-CIFS_TCP PROFILE
CONFIG PROTOCOL NB-CIFS_TCP PROFILE
CONFIG PROTOCOL NB-CIFS_TCP PROFILE ALARM
CONFIG PROTOCOL NB-CIFS_TCP PROFILE ALARM
CONFIG PROTOCOL NB-CIFS_TCP PROFILE ALARM DEFAULT
CONFIG PROTOCOL NB-CIFS_TCP PROFILE ALARM SHOW
CONFIG PROTOCOL NB-CIFS_TCP PROFILE ALARM UPDATE
CONFIG PROTOCOL NB-CIFS_TCP PROFILE COPY
CONFIG PROTOCOL NB-CIFS_TCP PROFILE DEFAULT
CONFIG PROTOCOL NB-CIFS_TCP PROFILE IPS
CONFIG PROTOCOL NB-CIFS_TCP PROFILE IPS
CONFIG PROTOCOL NB-CIFS_TCP PROFILE IPS CONFIG
CONFIG PROTOCOL NB-CIFS_TCP PROFILE LIST
CONFIG PROTOCOL NB-CIFS_TCP PROFILE SHOW
CONFIG PROTOCOL NB-CIFS_TCP PROFILE UPDATE
CONFIG PROTOCOL NB-CIFS_UDP
CONFIG PROTOCOL NB-CIFS_UDP
CONFIG PROTOCOL NB-CIFS_UDP ACTIVATE
CONFIG PROTOCOL NB-CIFS_UDP COMMON
CONFIG PROTOCOL NB-CIFS_UDP COMMON
CONFIG PROTOCOL NB-CIFS_UDP COMMON CONFIG
CONFIG PROTOCOL NB-CIFS_UDP COMMON DEFAULT
CONFIG PROTOCOL NB-CIFS_UDP COMMON SHOW
CONFIG PROTOCOL NB-CIFS_UDP PROFILE
CONFIG PROTOCOL NB-CIFS_UDP PROFILE
CONFIG PROTOCOL NB-CIFS_UDP PROFILE ALARM
CONFIG PROTOCOL NB-CIFS_UDP PROFILE ALARM
CONFIG PROTOCOL NB-CIFS_UDP PROFILE ALARM DEFAULT
CONFIG PROTOCOL NB-CIFS_UDP PROFILE ALARM SHOW
CONFIG PROTOCOL NB-CIFS_UDP PROFILE ALARM UPDATE
CONFIG PROTOCOL NB-CIFS_UDP PROFILE COPY
CONFIG PROTOCOL NB-CIFS_UDP PROFILE DEFAULT
CONFIG PROTOCOL NB-CIFS_UDP PROFILE IPS
CONFIG PROTOCOL NB-CIFS_UDP PROFILE IPS
CONFIG PROTOCOL NB-CIFS_UDP PROFILE IPS CONFIG
CONFIG PROTOCOL NB-CIFS_UDP PROFILE LIST
CONFIG PROTOCOL NB-CIFS_UDP PROFILE SHOW
CONFIG PROTOCOL NB-CIFS_UDP PROFILE UPDATE
CONFIG PROTOCOL NB-DGM
CONFIG PROTOCOL NB-DGM
CONFIG PROTOCOL NB-DGM ACTIVATE
CONFIG PROTOCOL NB-DGM COMMON
CONFIG PROTOCOL NB-DGM COMMON
CONFIG PROTOCOL NB-DGM COMMON CONFIG
CONFIG PROTOCOL NB-DGM COMMON DEFAULT
CONFIG PROTOCOL NB-DGM COMMON SHOW
CONFIG PROTOCOL NB-DGM PROFILE
CONFIG PROTOCOL NB-DGM PROFILE
CONFIG PROTOCOL NB-DGM PROFILE ALARM
CONFIG PROTOCOL NB-DGM PROFILE ALARM
CONFIG PROTOCOL NB-DGM PROFILE ALARM DEFAULT
CONFIG PROTOCOL NB-DGM PROFILE ALARM SHOW
CONFIG PROTOCOL NB-DGM PROFILE ALARM UPDATE
CONFIG PROTOCOL NB-DGM PROFILE COPY
CONFIG PROTOCOL NB-DGM PROFILE DEFAULT
CONFIG PROTOCOL NB-DGM PROFILE IPS
CONFIG PROTOCOL NB-DGM PROFILE IPS
CONFIG PROTOCOL NB-DGM PROFILE IPS CONFIG
CONFIG PROTOCOL NB-DGM PROFILE LIST
CONFIG PROTOCOL NB-DGM PROFILE SHOW
CONFIG PROTOCOL NB-DGM PROFILE UPDATE
CONFIG PROTOCOL NB-SSN
CONFIG PROTOCOL NB-SSN
CONFIG PROTOCOL NB-SSN ACTIVATE
CONFIG PROTOCOL NB-SSN COMMON
CONFIG PROTOCOL NB-SSN COMMON
CONFIG PROTOCOL NB-SSN COMMON CONFIG
CONFIG PROTOCOL NB-SSN COMMON DEFAULT
CONFIG PROTOCOL NB-SSN COMMON SHOW
CONFIG PROTOCOL NB-SSN PROFILE
CONFIG PROTOCOL NB-SSN PROFILE
CONFIG PROTOCOL NB-SSN PROFILE ALARM
CONFIG PROTOCOL NB-SSN PROFILE ALARM
CONFIG PROTOCOL NB-SSN PROFILE ALARM DEFAULT
CONFIG PROTOCOL NB-SSN PROFILE ALARM SHOW
CONFIG PROTOCOL NB-SSN PROFILE ALARM UPDATE
CONFIG PROTOCOL NB-SSN PROFILE COPY
CONFIG PROTOCOL NB-SSN PROFILE DEFAULT
CONFIG PROTOCOL NB-SSN PROFILE IPS
CONFIG PROTOCOL NB-SSN PROFILE IPS
CONFIG PROTOCOL NB-SSN PROFILE IPS CONFIG
CONFIG PROTOCOL NB-SSN PROFILE LIST
CONFIG PROTOCOL NB-SSN PROFILE SHOW
CONFIG PROTOCOL NB-SSN PROFILE UPDATE
CONFIG PROTOCOL NNTP
CONFIG PROTOCOL NNTP
CONFIG PROTOCOL NNTP ACTIVATE
CONFIG PROTOCOL NNTP COMMON
CONFIG PROTOCOL NNTP COMMON
CONFIG PROTOCOL NNTP COMMON CONFIG
CONFIG PROTOCOL NNTP COMMON DEFAULT
CONFIG PROTOCOL NNTP COMMON SHOW
CONFIG PROTOCOL NNTP PROFILE
CONFIG PROTOCOL NNTP PROFILE
CONFIG PROTOCOL NNTP PROFILE ALARM
CONFIG PROTOCOL NNTP PROFILE ALARM
CONFIG PROTOCOL NNTP PROFILE ALARM DEFAULT
CONFIG PROTOCOL NNTP PROFILE ALARM SHOW
CONFIG PROTOCOL NNTP PROFILE ALARM UPDATE
CONFIG PROTOCOL NNTP PROFILE COPY
CONFIG PROTOCOL NNTP PROFILE DEFAULT
CONFIG PROTOCOL NNTP PROFILE IPS
CONFIG PROTOCOL NNTP PROFILE IPS
CONFIG PROTOCOL NNTP PROFILE IPS CONFIG
CONFIG PROTOCOL NNTP PROFILE LIST
CONFIG PROTOCOL NNTP PROFILE SHOW
CONFIG PROTOCOL NNTP PROFILE UPDATE
CONFIG PROTOCOL OSCAR
CONFIG PROTOCOL OSCAR
CONFIG PROTOCOL OSCAR ACTIVATE
CONFIG PROTOCOL OSCAR COMMON
CONFIG PROTOCOL OSCAR COMMON
CONFIG PROTOCOL OSCAR COMMON CONFIG
CONFIG PROTOCOL OSCAR COMMON DEFAULT
CONFIG PROTOCOL OSCAR COMMON SHOW
CONFIG PROTOCOL OSCAR PROFILE
CONFIG PROTOCOL OSCAR PROFILE
CONFIG PROTOCOL OSCAR PROFILE ALARM
CONFIG PROTOCOL OSCAR PROFILE ALARM
CONFIG PROTOCOL OSCAR PROFILE ALARM DEFAULT
CONFIG PROTOCOL OSCAR PROFILE ALARM SHOW
CONFIG PROTOCOL OSCAR PROFILE ALARM UPDATE
CONFIG PROTOCOL OSCAR PROFILE COPY
CONFIG PROTOCOL OSCAR PROFILE DEFAULT
CONFIG PROTOCOL OSCAR PROFILE IPS
CONFIG PROTOCOL OSCAR PROFILE IPS
CONFIG PROTOCOL OSCAR PROFILE IPS CONFIG
CONFIG PROTOCOL OSCAR PROFILE LIST
CONFIG PROTOCOL OSCAR PROFILE SHOW
CONFIG PROTOCOL OSCAR PROFILE UPDATE
CONFIG PROTOCOL PGSQL
CONFIG PROTOCOL PGSQL
CONFIG PROTOCOL PGSQL ACTIVATE
CONFIG PROTOCOL PGSQL COMMON
CONFIG PROTOCOL PGSQL COMMON
CONFIG PROTOCOL PGSQL COMMON CONFIG
CONFIG PROTOCOL PGSQL COMMON DEFAULT
CONFIG PROTOCOL PGSQL COMMON SHOW
CONFIG PROTOCOL PGSQL PROFILE
CONFIG PROTOCOL PGSQL PROFILE
CONFIG PROTOCOL PGSQL PROFILE ALARM
CONFIG PROTOCOL PGSQL PROFILE ALARM
CONFIG PROTOCOL PGSQL PROFILE ALARM DEFAULT
CONFIG PROTOCOL PGSQL PROFILE ALARM SHOW
CONFIG PROTOCOL PGSQL PROFILE ALARM UPDATE
CONFIG PROTOCOL PGSQL PROFILE COPY
CONFIG PROTOCOL PGSQL PROFILE DEFAULT
CONFIG PROTOCOL PGSQL PROFILE IPS
CONFIG PROTOCOL PGSQL PROFILE IPS
CONFIG PROTOCOL PGSQL PROFILE IPS CONFIG
CONFIG PROTOCOL PGSQL PROFILE LIST
CONFIG PROTOCOL PGSQL PROFILE SHOW
CONFIG PROTOCOL PGSQL PROFILE UPDATE
CONFIG PROTOCOL POP3
CONFIG PROTOCOL POP3
CONFIG PROTOCOL POP3 ACTIVATE
CONFIG PROTOCOL POP3 COMMON
CONFIG PROTOCOL POP3 COMMON
CONFIG PROTOCOL POP3 COMMON CONFIG
CONFIG PROTOCOL POP3 COMMON DEFAULT
CONFIG PROTOCOL POP3 COMMON PROXY
CONFIG PROTOCOL POP3 COMMON PROXY
CONFIG PROTOCOL POP3 COMMON PROXY CONFIG
CONFIG PROTOCOL POP3 COMMON SHOW
CONFIG PROTOCOL POP3 PROFILE
CONFIG PROTOCOL POP3 PROFILE
CONFIG PROTOCOL POP3 PROFILE ALARM
CONFIG PROTOCOL POP3 PROFILE ALARM
CONFIG PROTOCOL POP3 PROFILE ALARM DEFAULT
CONFIG PROTOCOL POP3 PROFILE ALARM SHOW
CONFIG PROTOCOL POP3 PROFILE ALARM UPDATE
CONFIG PROTOCOL POP3 PROFILE COPY
CONFIG PROTOCOL POP3 PROFILE DEFAULT
CONFIG PROTOCOL POP3 PROFILE IPS
CONFIG PROTOCOL POP3 PROFILE IPS
CONFIG PROTOCOL POP3 PROFILE IPS CONFIG
CONFIG PROTOCOL POP3 PROFILE LIST
CONFIG PROTOCOL POP3 PROFILE PROXY
CONFIG PROTOCOL POP3 PROFILE PROXY
CONFIG PROTOCOL POP3 PROFILE PROXY ANTIVIRUS
CONFIG PROTOCOL POP3 PROFILE PROXY CMD
CONFIG PROTOCOL POP3 PROFILE PROXY CONFIG
CONFIG PROTOCOL POP3 PROFILE PROXY EXTRACMD
CONFIG PROTOCOL POP3 PROFILE PROXY EXTRACMD
CONFIG PROTOCOL POP3 PROFILE PROXY EXTRACMD ADD
CONFIG PROTOCOL POP3 PROFILE PROXY EXTRACMD LIST
CONFIG PROTOCOL POP3 PROFILE PROXY EXTRACMD REMOVE
CONFIG PROTOCOL POP3 PROFILE PROXY POSTPROC
CONFIG PROTOCOL POP3 PROFILE SHOW
CONFIG PROTOCOL POP3 PROFILE UPDATE
CONFIG PROTOCOL PROFILE
CONFIG PROTOCOL PROFILE
CONFIG PROTOCOL PROFILE ALARM
CONFIG PROTOCOL PROFILE ALARM
CONFIG PROTOCOL PROFILE ALARM DEFAULT
CONFIG PROTOCOL PROFILE ALARM SHOW
CONFIG PROTOCOL PROFILE ALARM UPDATE
CONFIG PROTOCOL PROFILE CHECK
CONFIG PROTOCOL PROFILE COPY
CONFIG PROTOCOL PROFILE DEFAULT
CONFIG PROTOCOL PROFILE IPS
CONFIG PROTOCOL PROFILE IPS
CONFIG PROTOCOL PROFILE IPS CONFIG
CONFIG PROTOCOL PROFILE LIST
CONFIG PROTOCOL PROFILE PROXY
CONFIG PROTOCOL PROFILE PROXY
CONFIG PROTOCOL PROFILE SHOW
CONFIG PROTOCOL PROFILE UPDATE
CONFIG PROTOCOL PROXY_TCP
CONFIG PROTOCOL PROXY_TCP
CONFIG PROTOCOL PROXY_TCP ACTIVATE
CONFIG PROTOCOL PROXY_TCP COMMON
CONFIG PROTOCOL PROXY_TCP COMMON
CONFIG PROTOCOL PROXY_TCP COMMON CONFIG
CONFIG PROTOCOL PROXY_TCP COMMON DEFAULT
CONFIG PROTOCOL PROXY_TCP COMMON SHOW
CONFIG PROTOCOL PROXY_TCP PROFILE
CONFIG PROTOCOL PROXY_TCP PROFILE
CONFIG PROTOCOL PROXY_TCP PROFILE ALARM
CONFIG PROTOCOL PROXY_TCP PROFILE ALARM
CONFIG PROTOCOL PROXY_TCP PROFILE ALARM DEFAULT
CONFIG PROTOCOL PROXY_TCP PROFILE ALARM SHOW
CONFIG PROTOCOL PROXY_TCP PROFILE ALARM UPDATE
CONFIG PROTOCOL PROXY_TCP PROFILE COPY
CONFIG PROTOCOL PROXY_TCP PROFILE DEFAULT
CONFIG PROTOCOL PROXY_TCP PROFILE IPS
CONFIG PROTOCOL PROXY_TCP PROFILE IPS
CONFIG PROTOCOL PROXY_TCP PROFILE IPS CONFIG
CONFIG PROTOCOL PROXY_TCP PROFILE LIST
CONFIG PROTOCOL PROXY_TCP PROFILE SHOW
CONFIG PROTOCOL PROXY_TCP PROFILE UPDATE
CONFIG PROTOCOL PROXY_UDP
CONFIG PROTOCOL PROXY_UDP
CONFIG PROTOCOL PROXY_UDP ACTIVATE
CONFIG PROTOCOL PROXY_UDP COMMON
CONFIG PROTOCOL PROXY_UDP COMMON
CONFIG PROTOCOL PROXY_UDP COMMON CONFIG
CONFIG PROTOCOL PROXY_UDP COMMON DEFAULT
CONFIG PROTOCOL PROXY_UDP COMMON SHOW
CONFIG PROTOCOL PROXY_UDP PROFILE
CONFIG PROTOCOL PROXY_UDP PROFILE
CONFIG PROTOCOL PROXY_UDP PROFILE ALARM
CONFIG PROTOCOL PROXY_UDP PROFILE ALARM
CONFIG PROTOCOL PROXY_UDP PROFILE ALARM DEFAULT
CONFIG PROTOCOL PROXY_UDP PROFILE ALARM SHOW
CONFIG PROTOCOL PROXY_UDP PROFILE ALARM UPDATE
CONFIG PROTOCOL PROXY_UDP PROFILE COPY
CONFIG PROTOCOL PROXY_UDP PROFILE DEFAULT
CONFIG PROTOCOL PROXY_UDP PROFILE IPS
CONFIG PROTOCOL PROXY_UDP PROFILE IPS
CONFIG PROTOCOL PROXY_UDP PROFILE IPS CONFIG
CONFIG PROTOCOL PROXY_UDP PROFILE LIST
CONFIG PROTOCOL PROXY_UDP PROFILE SHOW
CONFIG PROTOCOL PROXY_UDP PROFILE UPDATE
CONFIG PROTOCOL RDP
CONFIG PROTOCOL RDP
CONFIG PROTOCOL RDP ACTIVATE
CONFIG PROTOCOL RDP COMMON
CONFIG PROTOCOL RDP COMMON
CONFIG PROTOCOL RDP COMMON CONFIG
CONFIG PROTOCOL RDP COMMON DEFAULT
CONFIG PROTOCOL RDP COMMON SHOW
CONFIG PROTOCOL RDP PROFILE
CONFIG PROTOCOL RDP PROFILE
CONFIG PROTOCOL RDP PROFILE ALARM
CONFIG PROTOCOL RDP PROFILE ALARM
CONFIG PROTOCOL RDP PROFILE ALARM DEFAULT
CONFIG PROTOCOL RDP PROFILE ALARM SHOW
CONFIG PROTOCOL RDP PROFILE ALARM UPDATE
CONFIG PROTOCOL RDP PROFILE COPY
CONFIG PROTOCOL RDP PROFILE DEFAULT
CONFIG PROTOCOL RDP PROFILE IPS
CONFIG PROTOCOL RDP PROFILE IPS
CONFIG PROTOCOL RDP PROFILE IPS CONFIG
CONFIG PROTOCOL RDP PROFILE LIST
CONFIG PROTOCOL RDP PROFILE SHOW
CONFIG PROTOCOL RDP PROFILE UPDATE
CONFIG PROTOCOL RIP
CONFIG PROTOCOL RIP
CONFIG PROTOCOL RIP ACTIVATE
CONFIG PROTOCOL RIP COMMON
CONFIG PROTOCOL RIP COMMON
CONFIG PROTOCOL RIP COMMON CONFIG
CONFIG PROTOCOL RIP COMMON DEFAULT
CONFIG PROTOCOL RIP COMMON SHOW
CONFIG PROTOCOL RIP PROFILE
CONFIG PROTOCOL RIP PROFILE
CONFIG PROTOCOL RIP PROFILE ALARM
CONFIG PROTOCOL RIP PROFILE ALARM
CONFIG PROTOCOL RIP PROFILE ALARM DEFAULT
CONFIG PROTOCOL RIP PROFILE ALARM SHOW
CONFIG PROTOCOL RIP PROFILE ALARM UPDATE
CONFIG PROTOCOL RIP PROFILE COPY
CONFIG PROTOCOL RIP PROFILE DEFAULT
CONFIG PROTOCOL RIP PROFILE IPS
CONFIG PROTOCOL RIP PROFILE IPS
CONFIG PROTOCOL RIP PROFILE IPS CONFIG
CONFIG PROTOCOL RIP PROFILE LIST
CONFIG PROTOCOL RIP PROFILE SHOW
CONFIG PROTOCOL RIP PROFILE UPDATE
CONFIG PROTOCOL RTCP
CONFIG PROTOCOL RTCP
CONFIG PROTOCOL RTCP ACTIVATE
CONFIG PROTOCOL RTCP COMMON
CONFIG PROTOCOL RTCP COMMON
CONFIG PROTOCOL RTCP COMMON CONFIG
CONFIG PROTOCOL RTCP COMMON DEFAULT
CONFIG PROTOCOL RTCP COMMON SHOW
CONFIG PROTOCOL RTCP PROFILE
CONFIG PROTOCOL RTCP PROFILE
CONFIG PROTOCOL RTCP PROFILE ALARM
CONFIG PROTOCOL RTCP PROFILE ALARM
CONFIG PROTOCOL RTCP PROFILE ALARM DEFAULT
CONFIG PROTOCOL RTCP PROFILE ALARM SHOW
CONFIG PROTOCOL RTCP PROFILE ALARM UPDATE
CONFIG PROTOCOL RTCP PROFILE COPY
CONFIG PROTOCOL RTCP PROFILE DEFAULT
CONFIG PROTOCOL RTCP PROFILE IPS
CONFIG PROTOCOL RTCP PROFILE IPS
CONFIG PROTOCOL RTCP PROFILE IPS CONFIG
CONFIG PROTOCOL RTCP PROFILE LIST
CONFIG PROTOCOL RTCP PROFILE SHOW
CONFIG PROTOCOL RTCP PROFILE UPDATE
CONFIG PROTOCOL RTP
CONFIG PROTOCOL RTP
CONFIG PROTOCOL RTP ACTIVATE
CONFIG PROTOCOL RTP COMMON
CONFIG PROTOCOL RTP COMMON
CONFIG PROTOCOL RTP COMMON CONFIG
CONFIG PROTOCOL RTP COMMON DEFAULT
CONFIG PROTOCOL RTP COMMON SHOW
CONFIG PROTOCOL RTP PROFILE
CONFIG PROTOCOL RTP PROFILE
CONFIG PROTOCOL RTP PROFILE ALARM
CONFIG PROTOCOL RTP PROFILE ALARM
CONFIG PROTOCOL RTP PROFILE ALARM DEFAULT
CONFIG PROTOCOL RTP PROFILE ALARM SHOW
CONFIG PROTOCOL RTP PROFILE ALARM UPDATE
CONFIG PROTOCOL RTP PROFILE COPY
CONFIG PROTOCOL RTP PROFILE DEFAULT
CONFIG PROTOCOL RTP PROFILE IPS
CONFIG PROTOCOL RTP PROFILE IPS
CONFIG PROTOCOL RTP PROFILE IPS CONFIG
CONFIG PROTOCOL RTP PROFILE LIST
CONFIG PROTOCOL RTP PROFILE SHOW
CONFIG PROTOCOL RTP PROFILE UPDATE
CONFIG PROTOCOL RTP_RTCP
CONFIG PROTOCOL RTP_RTCP
CONFIG PROTOCOL RTP_RTCP ACTIVATE
CONFIG PROTOCOL RTP_RTCP COMMON
CONFIG PROTOCOL RTP_RTCP COMMON
CONFIG PROTOCOL RTP_RTCP COMMON CONFIG
CONFIG PROTOCOL RTP_RTCP COMMON DEFAULT
CONFIG PROTOCOL RTP_RTCP COMMON SHOW
CONFIG PROTOCOL RTP_RTCP PROFILE
CONFIG PROTOCOL RTP_RTCP PROFILE
CONFIG PROTOCOL RTP_RTCP PROFILE ALARM
CONFIG PROTOCOL RTP_RTCP PROFILE ALARM
CONFIG PROTOCOL RTP_RTCP PROFILE ALARM DEFAULT
CONFIG PROTOCOL RTP_RTCP PROFILE ALARM SHOW
CONFIG PROTOCOL RTP_RTCP PROFILE ALARM UPDATE
CONFIG PROTOCOL RTP_RTCP PROFILE COPY
CONFIG PROTOCOL RTP_RTCP PROFILE DEFAULT
CONFIG PROTOCOL RTP_RTCP PROFILE IPS
CONFIG PROTOCOL RTP_RTCP PROFILE IPS
CONFIG PROTOCOL RTP_RTCP PROFILE IPS CONFIG
CONFIG PROTOCOL RTP_RTCP PROFILE LIST
CONFIG PROTOCOL RTP_RTCP PROFILE SHOW
CONFIG PROTOCOL RTP_RTCP PROFILE UPDATE
CONFIG PROTOCOL SHOW
CONFIG PROTOCOL SIP_TCP
CONFIG PROTOCOL SIP_TCP
CONFIG PROTOCOL SIP_TCP ACTIVATE
CONFIG PROTOCOL SIP_TCP COMMON
CONFIG PROTOCOL SIP_TCP COMMON
CONFIG PROTOCOL SIP_TCP COMMON CONFIG
CONFIG PROTOCOL SIP_TCP COMMON DEFAULT
CONFIG PROTOCOL SIP_TCP COMMON SHOW
CONFIG PROTOCOL SIP_TCP PROFILE
CONFIG PROTOCOL SIP_TCP PROFILE
CONFIG PROTOCOL SIP_TCP PROFILE ALARM
CONFIG PROTOCOL SIP_TCP PROFILE ALARM
CONFIG PROTOCOL SIP_TCP PROFILE ALARM DEFAULT
CONFIG PROTOCOL SIP_TCP PROFILE ALARM SHOW
CONFIG PROTOCOL SIP_TCP PROFILE ALARM UPDATE
CONFIG PROTOCOL SIP_TCP PROFILE COPY
CONFIG PROTOCOL SIP_TCP PROFILE DEFAULT
CONFIG PROTOCOL SIP_TCP PROFILE IPS
CONFIG PROTOCOL SIP_TCP PROFILE IPS
CONFIG PROTOCOL SIP_TCP PROFILE IPS CONFIG
CONFIG PROTOCOL SIP_TCP PROFILE LIST
CONFIG PROTOCOL SIP_TCP PROFILE SHOW
CONFIG PROTOCOL SIP_TCP PROFILE UPDATE
CONFIG PROTOCOL SIP_UDP
CONFIG PROTOCOL SIP_UDP
CONFIG PROTOCOL SIP_UDP ACTIVATE
CONFIG PROTOCOL SIP_UDP COMMON
CONFIG PROTOCOL SIP_UDP COMMON
CONFIG PROTOCOL SIP_UDP COMMON CONFIG
CONFIG PROTOCOL SIP_UDP COMMON DEFAULT
CONFIG PROTOCOL SIP_UDP COMMON SHOW
CONFIG PROTOCOL SIP_UDP PROFILE
CONFIG PROTOCOL SIP_UDP PROFILE
CONFIG PROTOCOL SIP_UDP PROFILE ALARM
CONFIG PROTOCOL SIP_UDP PROFILE ALARM
CONFIG PROTOCOL SIP_UDP PROFILE ALARM DEFAULT
CONFIG PROTOCOL SIP_UDP PROFILE ALARM SHOW
CONFIG PROTOCOL SIP_UDP PROFILE ALARM UPDATE
CONFIG PROTOCOL SIP_UDP PROFILE COPY
CONFIG PROTOCOL SIP_UDP PROFILE DEFAULT
CONFIG PROTOCOL SIP_UDP PROFILE IPS
CONFIG PROTOCOL SIP_UDP PROFILE IPS
CONFIG PROTOCOL SIP_UDP PROFILE IPS CONFIG
CONFIG PROTOCOL SIP_UDP PROFILE LIST
CONFIG PROTOCOL SIP_UDP PROFILE SHOW
CONFIG PROTOCOL SIP_UDP PROFILE UPDATE
CONFIG PROTOCOL SMTP
CONFIG PROTOCOL SMTP
CONFIG PROTOCOL SMTP ACTIVATE
CONFIG PROTOCOL SMTP COMMON
CONFIG PROTOCOL SMTP COMMON
CONFIG PROTOCOL SMTP COMMON CONFIG
CONFIG PROTOCOL SMTP COMMON DEFAULT
CONFIG PROTOCOL SMTP COMMON PROXY
CONFIG PROTOCOL SMTP COMMON PROXY
CONFIG PROTOCOL SMTP COMMON PROXY CONFIG
CONFIG PROTOCOL SMTP COMMON SHOW
CONFIG PROTOCOL SMTP PROFILE
CONFIG PROTOCOL SMTP PROFILE
CONFIG PROTOCOL SMTP PROFILE ALARM
CONFIG PROTOCOL SMTP PROFILE ALARM
CONFIG PROTOCOL SMTP PROFILE ALARM SHOW
CONFIG PROTOCOL SMTP PROFILE ALARM UPDATE
CONFIG PROTOCOL SMTP PROFILE COPY
CONFIG PROTOCOL SMTP PROFILE DEFAULT
CONFIG PROTOCOL SMTP PROFILE IPS
CONFIG PROTOCOL SMTP PROFILE IPS
CONFIG PROTOCOL SMTP PROFILE IPS CONFIG
CONFIG PROTOCOL SMTP PROFILE LIST
CONFIG PROTOCOL SMTP PROFILE PROXY
CONFIG PROTOCOL SMTP PROFILE PROXY
CONFIG PROTOCOL SMTP PROFILE PROXY ANTIVIRUS
CONFIG PROTOCOL SMTP PROFILE PROXY CMD
CONFIG PROTOCOL SMTP PROFILE PROXY CONFIG
CONFIG PROTOCOL SMTP PROFILE PROXY EXTRACMD
CONFIG PROTOCOL SMTP PROFILE PROXY EXTRACMD
CONFIG PROTOCOL SMTP PROFILE PROXY EXTRACMD ADD
CONFIG PROTOCOL SMTP PROFILE PROXY EXTRACMD LIST
CONFIG PROTOCOL SMTP PROFILE PROXY EXTRACMD REMOVE
CONFIG PROTOCOL SMTP PROFILE PROXY POSTPROC
CONFIG PROTOCOL SMTP PROFILE SHOW
CONFIG PROTOCOL SMTP PROFILE UPDATE
CONFIG PROTOCOL SSH
CONFIG PROTOCOL SSH
CONFIG PROTOCOL SSH ACTIVATE
CONFIG PROTOCOL SSH COMMON
CONFIG PROTOCOL SSH COMMON
CONFIG PROTOCOL SSH COMMON CONFIG
CONFIG PROTOCOL SSH COMMON DEFAULT
CONFIG PROTOCOL SSH COMMON SHOW
CONFIG PROTOCOL SSH PROFILE
CONFIG PROTOCOL SSH PROFILE
CONFIG PROTOCOL SSH PROFILE ALARM
CONFIG PROTOCOL SSH PROFILE ALARM
CONFIG PROTOCOL SSH PROFILE ALARM DEFAULT
CONFIG PROTOCOL SSH PROFILE ALARM SHOW
CONFIG PROTOCOL SSH PROFILE ALARM UPDATE
CONFIG PROTOCOL SSH PROFILE COPY
CONFIG PROTOCOL SSH PROFILE DEFAULT
CONFIG PROTOCOL SSH PROFILE IPS
CONFIG PROTOCOL SSH PROFILE IPS
CONFIG PROTOCOL SSH PROFILE IPS CONFIG
CONFIG PROTOCOL SSH PROFILE LIST
CONFIG PROTOCOL SSH PROFILE SHOW
CONFIG PROTOCOL SSH PROFILE UPDATE
CONFIG PROTOCOL SSL
CONFIG PROTOCOL SSL
CONFIG PROTOCOL SSL ACTIVATE
CONFIG PROTOCOL SSL COMMON
CONFIG PROTOCOL SSL COMMON
CONFIG PROTOCOL SSL COMMON CONFIG
CONFIG PROTOCOL SSL COMMON DEFAULT
CONFIG PROTOCOL SSL COMMON PROXY
CONFIG PROTOCOL SSL COMMON PROXY
CONFIG PROTOCOL SSL COMMON PROXY CA
CONFIG PROTOCOL SSL COMMON PROXY CA
CONFIG PROTOCOL SSL COMMON PROXY CA CUSTOM
CONFIG PROTOCOL SSL COMMON PROXY CA CUSTOM
CONFIG PROTOCOL SSL COMMON PROXY CA CUSTOM ADD
CONFIG PROTOCOL SSL COMMON PROXY CA CUSTOM LIST
CONFIG PROTOCOL SSL COMMON PROXY CA CUSTOM REMOVE
CONFIG PROTOCOL SSL COMMON PROXY CA TRUSTED
CONFIG PROTOCOL SSL COMMON PROXY CA TRUSTED
CONFIG PROTOCOL SSL COMMON PROXY CA TRUSTED DISABLE
CONFIG PROTOCOL SSL COMMON PROXY CA TRUSTED ENABLE
CONFIG PROTOCOL SSL COMMON PROXY CA TRUSTED LIST
CONFIG PROTOCOL SSL COMMON PROXY CERT
CONFIG PROTOCOL SSL COMMON PROXY CERT
CONFIG PROTOCOL SSL COMMON PROXY CERT TRUSTED
CONFIG PROTOCOL SSL COMMON PROXY CERT TRUSTED
CONFIG PROTOCOL SSL COMMON PROXY CERT TRUSTED ADD
CONFIG PROTOCOL SSL COMMON PROXY CERT TRUSTED LIST
CONFIG PROTOCOL SSL COMMON PROXY CERT TRUSTED REMOVE
CONFIG PROTOCOL SSL COMMON PROXY CONFIG
CONFIG PROTOCOL SSL COMMON PROXY SSLPROTOCOL
CONFIG PROTOCOL SSL COMMON SHOW
CONFIG PROTOCOL SSL PROFILE
CONFIG PROTOCOL SSL PROFILE
CONFIG PROTOCOL SSL PROFILE ALARM
CONFIG PROTOCOL SSL PROFILE ALARM
CONFIG PROTOCOL SSL PROFILE ALARM DEFAULT
CONFIG PROTOCOL SSL PROFILE ALARM SHOW
CONFIG PROTOCOL SSL PROFILE ALARM UPDATE
CONFIG PROTOCOL SSL PROFILE COPY
CONFIG PROTOCOL SSL PROFILE DEFAULT
CONFIG PROTOCOL SSL PROFILE IPS
CONFIG PROTOCOL SSL PROFILE IPS
CONFIG PROTOCOL SSL PROFILE IPS CONFIG
CONFIG PROTOCOL SSL PROFILE LIST
CONFIG PROTOCOL SSL PROFILE PROXY
CONFIG PROTOCOL SSL PROFILE PROXY
CONFIG PROTOCOL SSL PROFILE PROXY CONFIG
CONFIG PROTOCOL SSL PROFILE PROXY SSLFILTERING
CONFIG PROTOCOL SSL PROFILE SHOW
CONFIG PROTOCOL SSL PROFILE UPDATE
CONFIG PROTOCOL TCPUDP
CONFIG PROTOCOL TCPUDP
CONFIG PROTOCOL TCPUDP ACTIVATE
CONFIG PROTOCOL TCPUDP COMMON
CONFIG PROTOCOL TCPUDP COMMON
CONFIG PROTOCOL TCPUDP COMMON CONFIG
CONFIG PROTOCOL TCPUDP COMMON DEFAULT
CONFIG PROTOCOL TCPUDP COMMON IPS CONFIG
CONFIG PROTOCOL TCPUDP COMMON IPS CONNECTION
CONFIG PROTOCOL TCPUDP COMMON SHOW
CONFIG PROTOCOL TCPUDP PROFILE
CONFIG PROTOCOL TCPUDP PROFILE
CONFIG PROTOCOL TCPUDP PROFILE ALARM
CONFIG PROTOCOL TCPUDP PROFILE ALARM
CONFIG PROTOCOL TCPUDP PROFILE ALARM DEFAULT
CONFIG PROTOCOL TCPUDP PROFILE ALARM SHOW
CONFIG PROTOCOL TCPUDP PROFILE ALARM UPDATE
CONFIG PROTOCOL TCPUDP PROFILE COPY
CONFIG PROTOCOL TCPUDP PROFILE DEFAULT
CONFIG PROTOCOL TCPUDP PROFILE IPS
CONFIG PROTOCOL TCPUDP PROFILE IPS
CONFIG PROTOCOL TCPUDP PROFILE IPS CONFIG
CONFIG PROTOCOL TCPUDP PROFILE IPS CONNECTION
CONFIG PROTOCOL TCPUDP PROFILE IPS SYNPROXY
CONFIG PROTOCOL TCPUDP PROFILE LIST
CONFIG PROTOCOL TCPUDP PROFILE SHOW
CONFIG PROTOCOL TCPUDP PROFILE UPDATE
CONFIG PROTOCOL TELNET
CONFIG PROTOCOL TELNET
CONFIG PROTOCOL TELNET ACTIVATE
CONFIG PROTOCOL TELNET COMMON
CONFIG PROTOCOL TELNET COMMON
CONFIG PROTOCOL TELNET COMMON CONFIG
CONFIG PROTOCOL TELNET COMMON DEFAULT
CONFIG PROTOCOL TELNET COMMON SHOW
CONFIG PROTOCOL TELNET PROFILE
CONFIG PROTOCOL TELNET PROFILE
CONFIG PROTOCOL TELNET PROFILE ALARM
CONFIG PROTOCOL TELNET PROFILE ALARM
CONFIG PROTOCOL TELNET PROFILE ALARM DEFAULT
CONFIG PROTOCOL TELNET PROFILE ALARM SHOW
CONFIG PROTOCOL TELNET PROFILE ALARM UPDATE
CONFIG PROTOCOL TELNET PROFILE COPY
CONFIG PROTOCOL TELNET PROFILE DEFAULT
CONFIG PROTOCOL TELNET PROFILE IPS
CONFIG PROTOCOL TELNET PROFILE IPS
CONFIG PROTOCOL TELNET PROFILE IPS CONFIG
CONFIG PROTOCOL TELNET PROFILE LIST
CONFIG PROTOCOL TELNET PROFILE SHOW
CONFIG PROTOCOL TELNET PROFILE UPDATE
CONFIG PROTOCOL TEREDO
CONFIG PROTOCOL TEREDO
CONFIG PROTOCOL TEREDO ACTIVATE
CONFIG PROTOCOL TEREDO COMMON
CONFIG PROTOCOL TEREDO COMMON
CONFIG PROTOCOL TEREDO COMMON CONFIG
CONFIG PROTOCOL TEREDO COMMON DEFAULT
CONFIG PROTOCOL TEREDO COMMON SHOW
CONFIG PROTOCOL TEREDO PROFILE
CONFIG PROTOCOL TEREDO PROFILE
CONFIG PROTOCOL TEREDO PROFILE ALARM
CONFIG PROTOCOL TEREDO PROFILE ALARM
CONFIG PROTOCOL TEREDO PROFILE ALARM DEFAULT
CONFIG PROTOCOL TEREDO PROFILE ALARM SHOW
CONFIG PROTOCOL TEREDO PROFILE ALARM UPDATE
CONFIG PROTOCOL TEREDO PROFILE COPY
CONFIG PROTOCOL TEREDO PROFILE DEFAULT
CONFIG PROTOCOL TEREDO PROFILE IPS
CONFIG PROTOCOL TEREDO PROFILE IPS
CONFIG PROTOCOL TEREDO PROFILE IPS CONFIG
CONFIG PROTOCOL TEREDO PROFILE LIST
CONFIG PROTOCOL TEREDO PROFILE SHOW
CONFIG PROTOCOL TEREDO PROFILE UPDATE
CONFIG PROTOCOL TFTP
CONFIG PROTOCOL TFTP
CONFIG PROTOCOL TFTP ACTIVATE
CONFIG PROTOCOL TFTP COMMON
CONFIG PROTOCOL TFTP COMMON
CONFIG PROTOCOL TFTP COMMON CONFIG
CONFIG PROTOCOL TFTP COMMON DEFAULT
CONFIG PROTOCOL TFTP COMMON SHOW
CONFIG PROTOCOL TFTP PROFILE
CONFIG PROTOCOL TFTP PROFILE
CONFIG PROTOCOL TFTP PROFILE ALARM
CONFIG PROTOCOL TFTP PROFILE ALARM
CONFIG PROTOCOL TFTP PROFILE ALARM DEFAULT
CONFIG PROTOCOL TFTP PROFILE ALARM SHOW
CONFIG PROTOCOL TFTP PROFILE ALARM UPDATE
CONFIG PROTOCOL TFTP PROFILE COPY
CONFIG PROTOCOL TFTP PROFILE DEFAULT
CONFIG PROTOCOL TFTP PROFILE IPS
CONFIG PROTOCOL TFTP PROFILE IPS
CONFIG PROTOCOL TFTP PROFILE IPS CONFIG
CONFIG PROTOCOL TFTP PROFILE LIST
CONFIG PROTOCOL TFTP PROFILE SHOW
CONFIG PROTOCOL TFTP PROFILE UPDATE
CONFIG PROTOCOL XMPP
CONFIG PROTOCOL XMPP
CONFIG PROTOCOL XMPP ACTIVATE
CONFIG PROTOCOL XMPP COMMON
CONFIG PROTOCOL XMPP COMMON
CONFIG PROTOCOL XMPP COMMON CONFIG
CONFIG PROTOCOL XMPP COMMON DEFAULT
CONFIG PROTOCOL XMPP COMMON SHOW
CONFIG PROTOCOL XMPP PROFILE
CONFIG PROTOCOL XMPP PROFILE
CONFIG PROTOCOL XMPP PROFILE ALARM
CONFIG PROTOCOL XMPP PROFILE ALARM
CONFIG PROTOCOL XMPP PROFILE ALARM DEFAULT
CONFIG PROTOCOL XMPP PROFILE ALARM SHOW
CONFIG PROTOCOL XMPP PROFILE ALARM UPDATE
CONFIG PROTOCOL XMPP PROFILE COPY
CONFIG PROTOCOL XMPP PROFILE DEFAULT
CONFIG PROTOCOL XMPP PROFILE IPS
CONFIG PROTOCOL XMPP PROFILE IPS
CONFIG PROTOCOL XMPP PROFILE IPS CONFIG
CONFIG PROTOCOL XMPP PROFILE LIST
CONFIG PROTOCOL XMPP PROFILE SHOW
CONFIG PROTOCOL XMPP PROFILE UPDATE
CONFIG PROTOCOL YMSG
CONFIG PROTOCOL YMSG
CONFIG PROTOCOL YMSG ACTIVATE
CONFIG PROTOCOL YMSG COMMON
CONFIG PROTOCOL YMSG COMMON
CONFIG PROTOCOL YMSG COMMON CONFIG
CONFIG PROTOCOL YMSG COMMON DEFAULT
CONFIG PROTOCOL YMSG COMMON SHOW
CONFIG PROTOCOL YMSG PROFILE
CONFIG PROTOCOL YMSG PROFILE
CONFIG PROTOCOL YMSG PROFILE ALARM
CONFIG PROTOCOL YMSG PROFILE ALARM
CONFIG PROTOCOL YMSG PROFILE ALARM DEFAULT
CONFIG PROTOCOL YMSG PROFILE ALARM SHOW
CONFIG PROTOCOL YMSG PROFILE ALARM UPDATE
CONFIG PROTOCOL YMSG PROFILE COPY
CONFIG PROTOCOL YMSG PROFILE DEFAULT
CONFIG PROTOCOL YMSG PROFILE IPS
CONFIG PROTOCOL YMSG PROFILE IPS
CONFIG PROTOCOL YMSG PROFILE IPS CONFIG
CONFIG PROTOCOL YMSG PROFILE LIST
CONFIG PROTOCOL YMSG PROFILE SHOW
CONFIG PROTOCOL YMSG PROFILE UPDATE
CONFIG PROTOCOL YYY
CONFIG PROTOCOL YYY
CONFIG PVM
CONFIG PVM
CONFIG PVM ACTIVATE
CONFIG PVM DATA
CONFIG PVM DATA
CONFIG PVM DATA FAMILY
CONFIG PVM DATA SEVERITY
CONFIG PVM DATA VULN
CONFIG PVM EMAIL
CONFIG PVM HOSTLIST
CONFIG PVM HOSTLIST
CONFIG PVM HOSTLIST ADD
CONFIG PVM HOSTLIST CLEAR
CONFIG PVM HOSTLIST REMOVE
CONFIG PVM HOSTLIST SHOW
CONFIG PVM PROFILE
CONFIG PVM PROFILE
CONFIG PVM PROFILE CLEAR
CONFIG PVM PROFILE CREATE
CONFIG PVM PROFILE LINE
CONFIG PVM PROFILE LINE
CONFIG PVM PROFILE LINE ADD
CONFIG PVM PROFILE LINE REMOVE
CONFIG PVM PROFILE LINE UPDATE
CONFIG PVM PROFILE LIST
CONFIG PVM PROFILE REMOVE
CONFIG PVM PROFILE SHOW
CONFIG PVM PROFILE UPDATE
CONFIG PVM PROFILE VULN
CONFIG PVM PROFILE VULN
CONFIG PVM PROFILE VULN ADD
CONFIG PVM PROFILE VULN CLEAR
CONFIG PVM PROFILE VULN REMOVE
CONFIG PVM PROFILE VULN SHOW
CONFIG PVM SHOW
CONFIG PVM STATE
CONFIG PVM TIMEOUT
CONFIG RAID
CONFIG RAID
CONFIG RAID CREATE
CONFIG RAID HOTSPARE
CONFIG RAID REBUILD
CONFIG REPORT
CONFIG REPORT
CONFIG REPORT ACTIVATE
CONFIG REPORT SHOW
CONFIG REPORT STATE
CONFIG REPORT UPDATE
CONFIG RESTORE
CONFIG SECURE
CONFIG SECURE
CONFIG SECURE ADD
CONFIG SECURE BACKUP
CONFIG SECURE INITIALIZE
CONFIG SECURE LIST
CONFIG SECURE LOAD
CONFIG SECURE REMOVE
CONFIG SECURE RESTORE
CONFIG SECURE SHOW
CONFIG SECURE STATE
CONFIG SECURE SYNC
CONFIG SECURE USBCONF
CONFIG SECURITYINSPECTION
CONFIG SECURITYINSPECTION
CONFIG SECURITYINSPECTION ACTIVATE
CONFIG SECURITYINSPECTION COMMON
CONFIG SECURITYINSPECTION COMMON
CONFIG SECURITYINSPECTION COMMON ADDRESSLIST
CONFIG SECURITYINSPECTION COMMON ADDRESSLIST
CONFIG SECURITYINSPECTION COMMON ADDRESSLIST ADD
CONFIG SECURITYINSPECTION COMMON ADDRESSLIST REMOVE
CONFIG SECURITYINSPECTION COMMON ADDRESSLIST SHOW
CONFIG SECURITYINSPECTION COMMON ALARM
CONFIG SECURITYINSPECTION COMMON ALARM
CONFIG SECURITYINSPECTION COMMON ALARM LIST
CONFIG SECURITYINSPECTION COMMON ALARM NEW
CONFIG SECURITYINSPECTION COMMON ALARM NEW
CONFIG SECURITYINSPECTION COMMON ALARM NEW LIST
CONFIG SECURITYINSPECTION COMMON ALARM NEW REMOVE
CONFIG SECURITYINSPECTION COMMON INIT
CONFIG SECURITYINSPECTION COMMON PROBE
CONFIG SECURITYINSPECTION COMMON PROBE
CONFIG SECURITYINSPECTION COMMON PROBE ADD
CONFIG SECURITYINSPECTION COMMON PROBE MODIFY
CONFIG SECURITYINSPECTION COMMON PROBE REMOVE
CONFIG SECURITYINSPECTION COMMON PROBE SHOW
CONFIG SECURITYINSPECTION COMMON SHOW
CONFIG SECURITYINSPECTION COMMON STATEFUL
CONFIG SECURITYINSPECTION CONFIG
CONFIG SECURITYINSPECTION CONFIG
CONFIG SECURITYINSPECTION CONFIG ALARM
CONFIG SECURITYINSPECTION CONFIG ALARM
CONFIG SECURITYINSPECTION CONFIG ALARM LIST
CONFIG SECURITYINSPECTION CONFIG ALARM TEMPLATE
CONFIG SECURITYINSPECTION CONFIG COPY
CONFIG SECURITYINSPECTION CONFIG DEFAULT
CONFIG SECURITYINSPECTION CONFIG LIST
CONFIG SECURITYINSPECTION CONFIG PROTOCOL
CONFIG SECURITYINSPECTION CONFIG SHOW
CONFIG SECURITYINSPECTION CONFIG UPDATE
CONFIG SLOT
CONFIG SLOT
CONFIG SLOT ACTIVATE
CONFIG SLOT COPY
CONFIG SLOT DEFAULT
CONFIG SLOT DOWNLOAD
CONFIG SLOT LIST
CONFIG SLOT REMOVE
CONFIG SLOT STATE
CONFIG SLOT UPDATE
CONFIG SLOT UPLOAD
CONFIG SNMP
CONFIG SNMP
CONFIG SNMP ACCESS
CONFIG SNMP ACCESS
CONFIG SNMP ACCESS COMMUNITY
CONFIG SNMP ACCESS USERV3
CONFIG SNMP ACTIVATE
CONFIG SNMP SHOW
CONFIG SNMP STATE
CONFIG SNMP SYSTEM
CONFIG SNMP TRAP
CONFIG SNMP TRAP AUTH
CONFIG SNMP TRAP V1
CONFIG SNMP TRAP V1 ADD
CONFIG SNMP TRAP V1 MODIFY
CONFIG SNMP TRAP V1 REMOVE
CONFIG SNMP TRAP V1 SHOW
CONFIG SNMP TRAP V2
CONFIG SNMP TRAP V2
CONFIG SNMP TRAP V2 ADD
CONFIG SNMP TRAP V2 MODIFY
CONFIG SNMP TRAP V2 REMOVE
CONFIG SNMP TRAP V2 SHOW
CONFIG SNMP TRAP V3
CONFIG SNMP TRAP V3
CONFIG SNMP TRAP V3 ADD
CONFIG SNMP TRAP V3 MODIFY
CONFIG SNMP TRAP V3 REMOVE
CONFIG SNMP TRAP V3 SHOW
CONFIG SNMP VERSION
CONFIG SSLFILTERING
CONFIG SSLFILTERING
CONFIG SSLFILTERING ACTIVATE
CONFIG SSLFILTERING COPY
CONFIG SSLFILTERING DEFAULT
CONFIG SSLFILTERING LIST
CONFIG SSLFILTERING RULE
CONFIG SSLFILTERING RULE
CONFIG SSLFILTERING RULE INSERT
CONFIG SSLFILTERING RULE MOVE
CONFIG SSLFILTERING RULE REMOVE
CONFIG SSLFILTERING RULE SHOW
CONFIG SSLFILTERING RULE UPDATE
CONFIG SSLFILTERING UPDATE
CONFIG STATUS
CONFIG STATUS
CONFIG STATUS CHECK
CONFIG STATUS REMOVE
CONFIG STATUS SHOW
CONFIG STATUS VALIDATE
CONFIG SYSEVENT
CONFIG SYSEVENT
CONFIG SYSEVENT ACTIVATE
CONFIG SYSEVENT DEFAULT
CONFIG SYSEVENT MODIFY
CONFIG SYSEVENT SHOW
CONFIG UPLOAD
CONFIG URLFILTERING
CONFIG URLFILTERING
CONFIG URLFILTERING ACTIVATE
CONFIG URLFILTERING BLOCKPAGE
CONFIG URLFILTERING BLOCKPAGE
CONFIG URLFILTERING BLOCKPAGE DEFAULT
CONFIG URLFILTERING BLOCKPAGE LIST
CONFIG URLFILTERING BLOCKPAGE UPDATE
CONFIG URLFILTERING COPY
CONFIG URLFILTERING DEFAULT
CONFIG URLFILTERING LIST
CONFIG URLFILTERING RULE
CONFIG URLFILTERING RULE
CONFIG URLFILTERING RULE INSERT
CONFIG URLFILTERING RULE MOVE
CONFIG URLFILTERING RULE REMOVE
CONFIG URLFILTERING RULE SHOW
CONFIG URLFILTERING RULE UPDATE
CONFIG URLFILTERING UPDATE
CONFIG WEBADMIN
CONFIG WEBADMIN
CONFIG WEBADMIN ACCESS
CONFIG WEBADMIN ACCESS
CONFIG WEBADMIN ACCESS ADD
CONFIG WEBADMIN ACCESS REMOVE
CONFIG WEBADMIN ACCESS SHOW
CONFIG WEBADMIN ACCESS SSLONLY
CONFIG WEBADMIN ACTIVATE
CONFIG WEBADMIN ADMINACCOUNT
CONFIG WEBADMIN BRUTEFORCE
CONFIG WEBADMIN BRUTEFORCE
CONFIG WEBADMIN BRUTEFORCE NBATTEMPTS
CONFIG WEBADMIN BRUTEFORCE STATE
CONFIG WEBADMIN BRUTEFORCE TIME
CONFIG WEBADMIN BRUTEFORCE TRIESTIME
CONFIG WEBADMIN IDLE
CONFIG WEBADMIN PORT
CONFIG WEBADMIN SHOW
CONFIG WEBADMIN STATE
CONFIG WEBSERVER
CONFIG WEBSERVER
CONFIG WEBSERVER FILES
CONFIG WEBSERVER SHOW
CONFIG WEBSERVER STATE
CONFIG XVPN
CONFIG XVPN
CONFIG XVPN ACCESS
CONFIG XVPN ACTIVATE
CONFIG XVPN ADVANCED
CONFIG XVPN PROFILE
CONFIG XVPN PROFILE
CONFIG XVPN PROFILE ACTIVATE
CONFIG XVPN PROFILE CREATE
CONFIG XVPN PROFILE LIST
CONFIG XVPN PROFILE REMOVE
CONFIG XVPN PROFILE SHOW
CONFIG XVPN PROFILE UPDATE
CONFIG XVPN SERVER
CONFIG XVPN SERVER
CONFIG XVPN SERVER HTTP
CONFIG XVPN SERVER HTTP
CONFIG XVPN SERVER HTTP ADD
CONFIG XVPN SERVER HTTP ALIAS
CONFIG XVPN SERVER HTTP ALIAS
CONFIG XVPN SERVER HTTP ALIAS ADD
CONFIG XVPN SERVER HTTP ALIAS REMOVE
CONFIG XVPN SERVER HTTP REMOVE
CONFIG XVPN SERVER HTTP STATE
CONFIG XVPN SERVER HTTP UPDATE
CONFIG XVPN SERVER OTHER
CONFIG XVPN SERVER OTHER
CONFIG XVPN SERVER OTHER ADD
CONFIG XVPN SERVER OTHER REMOVE
CONFIG XVPN SERVER OTHER STATE
CONFIG XVPN SERVER OTHER UPDATE
CONFIG XVPN SHOW
CONFIG XVPN STATE
GLOBALADMIN
GLOBALADMIN
GLOBALADMIN GETINFOS
GLOBALADMIN GETSTATUS
HA
HA
HA CHECKSYNC
HA CLUSTER
HA CLUSTER
HA CLUSTER ACTIVATE
HA CLUSTER ADD
HA CLUSTER LIST
HA CLUSTER REMOVE
HA CLUSTER SHOW
HA CLUSTER UPDATE
HA HALT
HA INFO
HA REBOOT
HA REMOTE
HA REMOTE
HA REMOTE HACLUSTERREMOVE
HA REMOTE HAINFO
HA SETMODE
HA SYNC
HELP
LIST
LOG
LOG
LOG CLEAR
LOG DATETOLINE
LOG DOWNLIMIT
LOG DOWNLOAD
LOG INFO
LOG PROPERTY
LOG SEARCH
LOG SEARCH
LOG SEARCH GET
LOG SEARCH JUMP
LOG SEARCH NEW
LOG SEARCH NEXT
LOG SEARCH PREVIOUS
LOG SEARCH RESUME
LOG SEARCH STOP
MODIFY
MONITOR
MONITOR
MONITOR ADDRESSLIST
MONITOR ADDRESSLIST
MONITOR ADDRESSLIST ADD
MONITOR ADDRESSLIST SHOW
MONITOR AGG
MONITOR ALARM
MONITOR ALARM
MONITOR ALARM GET
MONITOR ANTIVIRUS
MONITOR AUTOBACKUP
MONITOR AUTOUPDATE
MONITOR AVP
MONITOR CONNECTION
MONITOR CRYPTOCARD
MONITOR DHCP
MONITOR FILTER
MONITOR FLUSH
MONITOR FLUSH
MONITOR FLUSH ADDRESSLIST
MONITOR FLUSH INFO
MONITOR FLUSH PVM
MONITOR FLUSH RULEMATCH
MONITOR FLUSH SA
MONITOR FLUSH STAT
MONITOR FLUSH STATE
MONITOR FLUSH USER
MONITOR GETSA
MONITOR GETSPD
MONITOR GPRS
MONITOR HOST
MONITOR INTERFACE
MONITOR LOG
MONITOR OPENVPN
MONITOR OPENVPN
MONITOR OPENVPN LIST
MONITOR OPENVPN REMOVE
MONITOR POLICY
MONITOR POWER
MONITOR PROXYCACHE
MONITOR PVM
MONITOR PVM
MONITOR PVM FORCE
MONITOR PVM FORCE
MONITOR PVM FORCE CHECK
MONITOR PVM FORCE LIST
MONITOR PVM FORCE SET
MONITOR PVM HOST
MONITOR PVM HOSTBYOS
MONITOR PVM HOSTBYPRODUCT
MONITOR PVM HOSTBYPVMID
MONITOR PVM HOSTBYSERVICE
MONITOR PVM HOSTDATA
MONITOR PVM INFO
MONITOR PVM OS
MONITOR PVM PRODUCT
MONITOR PVM SERVICE
MONITOR PVM STAT
MONITOR PVM VULN
MONITOR QOS
MONITOR RAID
MONITOR ROUTE
MONITOR SERVICES
MONITOR SMART
MONITOR STAT
MONITOR USER
NOP
PKI
PKI
PKI CA
PKI CA
PKI CA CHECK
PKI CA CHECKCRL
PKI CA CHECKCRL
PKI CA CHECKCRL ADD
PKI CA CHECKCRL REMOVE
PKI CA CHECKCRL SHOW
PKI CA CHECKCRL UPDATE
PKI CA CONFIG
PKI CA CONFIG
PKI CA CONFIG CRLDP
PKI CA CONFIG CRLDP
PKI CA CONFIG CRLDP ADD
PKI CA CONFIG CRLDP REMOVE
PKI CA CONFIG CRLDP SHOW
PKI CA CONFIG SHOW
PKI CA CONFIG UPDATE
PKI CA CREATE
PKI CA GET
PKI CA LIST
PKI CA PUBLISH
PKI CA PURGE
PKI CA RENAME
PKI CA REVOKE
PKI CA SHOW
PKI CERTIFICATE
PKI CERTIFICATE
PKI CERTIFICATE CHECK
PKI CERTIFICATE COMMENT
PKI CERTIFICATE CREATE
PKI CERTIFICATE DROPKEY
PKI CERTIFICATE GET
PKI CERTIFICATE LIST
PKI CERTIFICATE PUBLISH
PKI CERTIFICATE RENAME
PKI CERTIFICATE REVOKE
PKI CERTIFICATE SHOW
PKI CONFIG
PKI CONFIG
PKI CONFIG SHOW
PKI CONFIG UPDATE
PKI CRL
PKI CRL
PKI CRL CREATE
PKI CRL GET
PKI CRL PUBLISH
PKI CRL REMOVE
PKI CRL SHOW
PKI IMPORT
PKI REQUEST
PKI REQUEST
PKI REQUEST CREATE
PKI REQUEST GET
PKI REQUEST LIST
PKI REQUEST REMOVE
PKI REQUEST SHOW
PKI REQUEST SIGN
PKI SCEP
PKI SCEP
PKI SCEP CHECK
PKI SCEP QUERY
PKI SEARCH
QUIT
REPORT
REPORT
REPORT GET
REPORT GET
REPORT GET DAY
REPORT GET LAST30DAYS
REPORT GET LAST7DAYS
REPORT GET LASTHOUR
REPORT RESET
SYSTEM
SYSTEM
SYSTEM BACKUP
SYSTEM CLONE
SYSTEM DATE
SYSTEM DEFAULTCONFIG
SYSTEM HALT
SYSTEM IDENT
SYSTEM INFORMATION
SYSTEM INITIALIZE
SYSTEM LANGUAGE
SYSTEM LED
SYSTEM LICENCE
SYSTEM LICENCE
SYSTEM LICENCE DUMP
SYSTEM LICENCE UPDATER
SYSTEM LICENCE UPDATER
SYSTEM LICENCE UPDATER CONFIG
SYSTEM LICENCE UPDATER DIFF
SYSTEM LICENCE UPDATER GET
SYSTEM LICENCE UPDATER INSTALL
SYSTEM LICENCE UPDATER SHOW
SYSTEM LICENCE UPLOAD
SYSTEM LOGDISK
SYSTEM LOGDISK
SYSTEM LOGDISK FORMAT
SYSTEM LOGDISK LIST
SYSTEM LOGDISK SELECT
SYSTEM LOGDISK STATE
SYSTEM NSLOOKUP
SYSTEM PING
SYSTEM PROPERTY
SYSTEM REBOOT
SYSTEM REGISTER
SYSTEM RIGHT
SYSTEM RIGHT
SYSTEM RIGHT ACTIVATE
SYSTEM RIGHT INSERT
SYSTEM RIGHT LIST
SYSTEM RIGHT MOVE
SYSTEM RIGHT REMOVE
SYSTEM RIGHT UPDATE
SYSTEM SESSION
SYSTEM SETBOOT
SYSTEM SETBRANCH
SYSTEM STATUS
SYSTEM TIMEZONE
SYSTEM TIMEZONE
SYSTEM TIMEZONE GET
SYSTEM TIMEZONE LIST
SYSTEM TIMEZONE SET
SYSTEM TRACEROUTE
SYSTEM UPDATE
SYSTEM UPDATE
SYSTEM UPDATE ACTIVATE
SYSTEM UPDATE CHECK
SYSTEM UPDATE LOAD
SYSTEM UPDATE RESULT
SYSTEM UPDATE STATUS
SYSTEM UPDATE UPLOAD
SYSTEM WATCHDOG
USER
USER
USER ACCESS
USER ACCESS
USER ACCESS ACTIVATE
USER ACCESS DEFAULT
USER ACCESS DEFAULT
USER ACCESS DEFAULT SHOW
USER ACCESS DEFAULT UPDATE
USER ACCESS INSERT
USER ACCESS LIST
USER ACCESS MOVE
USER ACCESS REMOVE
USER ACCESS RIGHT
USER ACCESS RIGHT
USER ACCESS RIGHT INSERT
USER ACCESS RIGHT LIST
USER ACCESS RIGHT MOVE
USER ACCESS RIGHT REMOVE
USER ACCESS RIGHT UPDATE
USER ACCESS UPDATE
USER CERTIFICATE
USER CHECK
USER CREATE
USER GROUP
USER GROUP
USER GROUP ADDUSER
USER GROUP CHECK
USER GROUP CREATE
USER GROUP DELUSER
USER GROUP DESCRIPTION
USER GROUP LIST
USER GROUP REMOVE
USER GROUP SHOW
USER LIST
USER PASSWORD
USER REMOVE
USER REQUEST
USER REQUEST
USER REQUEST APPROVED
USER REQUEST FORMAT
USER REQUEST FORMAT
USER REQUEST FORMAT SET
USER REQUEST FORMAT SHOW
USER REQUEST LIST
USER REQUEST REMOVE
USER REQUEST SENDMAIL
USER REQUEST SHOW
USER REQUEST UPDATE
USER SEARCH
USER SHOW
USER UPDATE
VERSION
AUTH

Level

unknown

History

FORMAT Appears in 9.0.0impersonate id Appears in 9.0.0

Description

User authentication

Usage

auth <administrator id> [<random value> | <impersonate id>]

Format

raw

Returns

authentication result

Implementation notes

Used in SRP authenticationImpersonate id is specific for the service that perform the authentication with IHM web. In this case the service use a specific administrator id and must specifiy the real administrator id as impersonate id

Example

AUTH admin
CACHE

Level

unknown

Description

No description available

Usage

cache

Example

MONITOR PROXYCACHE
CHPWD

Level

unknown

Description

Return if it's necessary to update password or not

Usage

chpwd

Returns

UpdatePasswd=1 if factory password, 0 if the password already have been changed.

Example

CHPWD
UpdatePasswd=0

CONFIG

CONFIG

Level

base

Description

Firewall configuration functions

CONFIG ACTIVATE

Level

base+modify

Description

Activate a file, or cancel all pending changes when given argument is cancelall

Note

Additionnal rights may be needed to activate some files

Usage

config activate <filename>|cancelall

Implementation notes

execute "en file", like ennetwork,enfilter,...

Example

CONFIG ACTIVATE network
CONFIG ACTIVATE cancelall

CONFIG ANTISPAM

CONFIG ANTISPAM

Level

base

History

Appears in 6.0.0

Description

Anti-SPAM configuration

CONFIG ANTISPAM ACTIVATE

Level

contentfilter+modify

History

Appears in 6.2.0
level changes from other,modify to contentfilter,modify in 9.0.0

Description

Apply AntiSPAM configuration

Usage

config antispam activate

CONFIG ANTISPAM BLACKLIST

CONFIG ANTISPAM BLACKLIST

Level

base

History

Appears in 9.0.0

Description

Domain blacklist

CONFIG ANTISPAM BLACKLIST ADD

Level

contentfilter+modify

History

Appears in 9.0.0

Description

Add a wildcard domain to blacklist

Usage

config antispam blacklist add <domain>

Returns

Error code

Example

CONFIG ANTISPAM BLACKLIST ADD *netasq*.com
CONFIG ANTISPAM BLACKLIST LIST

Level

base

History

Appears in 9.0.0

Description

List domains wildcard

Usage

config antispam blacklist list [start=<int> [limit=<int>] [dir=(ASC|DESC)] [search=<pattern>] [sort=<token>] [refresh=(0|1)]]

Format

list

Returns

List of domains

Example

CONFIG ANTISPAM BLACKLIST LIST101 code=00a01000 msg="Begin"*netasq*.com100 code=00a00100 msg="Ok"
CONFIG ANTISPAM BLACKLIST REMOVE

Level

contentfilter+modify

History

Appears in 9.0.0

Description

Remove a wildcard domain from the blacklist

Usage

config antispam blacklist remove <domain>

Returns

Error code

Example

CONFIG ANTISPAM BLACKLIST REMOVE *netasq*.com

CONFIG ANTISPAM DNSBL

CONFIG ANTISPAM DNSBL

Level

base

History

Appears in 6.0.0

Description

Anti-SPAM DNS-based Blacklists

CONFIG ANTISPAM DNSBL ADD

Level

contentfilter+modify

History

Appears in 6.0.0
level changes from other,modify to contentfilter,modify in 9.0.0

Description

Define a new blacklist

Usage

config antispam dnsbl add Name=<name> DNSTarget=<dnstarget> SpamLevel=<1..3> [Desc=<description>]

Example

CONFIG ANTISPAM DNSBL ADD name=SPAMHAUSSBL dnstarget=sbl.spamhaus.org spamlevel=3
CONFIG ANTISPAM DNSBL EDIT

Level

contentfilter+modify

History

Appears in 6.0.0
level changes from other,modify to contentfilter,modify in 9.0.0

Description

Modify a user-defined blacklist

Usage

config antispam dnsbl edit Name=<name> DNSTarget=<dnstarget> SpamLevel=<level> [Desc=<description>]

CONFIG ANTISPAM DNSBL LIST

Level

base

History

Appears in 6.0.0

Description

List (user-)defined blacklists

Usage

config antispam dnsbl list Type=<User|Factory>

Example

CONFIG ANTISPAM DNSBL LIST TYPE=User
CONFIG ANTISPAM DNSBL REMOVE

Level

contentfilter+modify

History

Appears in 6.0.0
level changes from other,modify to contentfilter,modify in 9.0.0

Description

Remove a user-defined blacklist

Usage

config antispam dnsbl remove Name=<name>

CONFIG ANTISPAM DNSBL SET

Level

contentfilter+modify

History

Appears in 6.0.0
whitelist deprecated in 6.1.2
level changes from other,modify to contentfilter,modify in 9.0.0

Description

Set DNSBL parameters

Usage

config antispam dnsbl set [state=0|1] [active=<list>] [trusted=<trusted server>]

Example

CONFIG ANTISPAM DNSBL SET active=list1,list2,list3
CONFIG ANTISPAM DNSBL SET trusted="relais.netasq.com"

CONFIG ANTISPAM DNSBL SHOW

Level

base

History

Appears in 6.0.0

Description

Get DNSBL configuration

Usage

config antispam dnsbl show

Example

CONFIG ANTISPAM DNSBL SHOW
CONFIG ANTISPAM SET

Level

contentfilter+modify

History

Appears in 6.1.2
headers Appears in 6.1.4
whitelist disAppears in 9.0.0
warningads appears in 9.1.0
stateads appears in 9.1.0
level changes from other,modify to contentfilter,modify in 9.0.0

Description

Global Anti-SPAM settings

Usage

config antispam set warning=<string with a *> warningads=<string without *> stateads=1|0 maxfile=<size> headers=1|0 deletethreshold=<spamlevel>

Example

CONFIG ANTISPAM SET warning="(SPAM *)" maxfile=65534 headers=on deletethreshold=3
CONFIG ANTISPAM SET warningads="(ADS)" stateads=1 maxfile=50000 headers=on
CONFIG ANTISPAM SHOW

Level

base

History

Appears in 6.1.2

Description

Global Anti-SPAM settings

Usage

config antispam show

CONFIG ANTISPAM VR

CONFIG ANTISPAM VR

Level

base

Licence needed:

Proxy/SpamVendor

History

Appears in 6.1.2
licence check Appears in 6.2.0

Description

Vade Retro settings

CONFIG ANTISPAM VR SET

Level

contentfilter+modify

History

Appears in 6.1.2
level changes from other,modify to contentfilter,modify in 9.0.0
AllowCJK and AllowRussian appear in 9.1.2

Description

Vade Retro settings

Usage

config antispam vr set [State=0|1] [Threshold=<0-150>] [AllowCJK=0|1] [AllowRussian=0|1]

CONFIG ANTISPAM VR SHOW

Level

base

History

Appears in 6.1.2

Description

Vade Retro settings

Usage

config antispam vr show

CONFIG ANTISPAM WHITELIST

CONFIG ANTISPAM WHITELIST

Level

base

History

Appears in 9.0.0

Description

Domain whitelist

CONFIG ANTISPAM WHITELIST ADD

Level

contentfilter+modify

History

Appears in 9.0.0

Description

Add a wildcard domain to whitelist

Usage

config antispam whitelist add <domain>

Returns

Error code

Example

CONFIG ANTISPAM WHITELIST ADD *netasq*.com
CONFIG ANTISPAM WHITELIST LIST

Level

base

History

Appears in 9.0.0

Description

List domains wildcard

Usage

config antispam whitelist list [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [sort=<token>] [refresh=<0|1>]]

Format

list

Returns

List of domains

Example

CONFIG ANTISPAM WHITELIST LIST101 code=00a01000 msg="Begin"*netasq*.com100 code=00a00100 msg="Ok"
CONFIG ANTISPAM WHITELIST REMOVE

Level

contentfilter+modify

History

Appears in 9.0.0

Description

Remove a wildcard domain from the whitelist

Usage

config antispam whitelist remove <domain>

Returns

Error code

Example

CONFIG ANTISPAM WHITELIST REMOVE *netasq*.com

CONFIG ANTIVIRUS

CONFIG ANTIVIRUS

Level

base

History

Appears in 6.1.0

Description

AntiVirus configuration

CONFIG ANTIVIRUS ACTIVATE

Level

contentfilter+modify

History

Appears in 6.1.0
level maintenance deprecated in 6.1.4
level changes from other,modify to contentfilter,modify in 9.0.0

Description

Reload antivirus configuration

Usage

config antivirus activate

Returns

Error code
CONFIG ANTIVIRUS CLEANUP

Level

contentfilter+modify

History

Appears in 6.1.0
level changes from other,modify to contentfilter,modify in 9.0.0

Description

Remove antivirus database

Usage

config antivirus cleanup [config=<config_index>]

Returns

Error code

Example

CONFIG ANTIVIRUS CLEANUP
CONFIG ANTIVIRUS LICENCE

Level

contentfilter+modify

History

Appears in 6.1.0
level changes from other,modify to contentfilter,modify in 9.0.0

Description

Antivirus license

Usage

config antivirus licence [config=<config_index>]

Returns

[License]
Date

[VendorLicense]
Required		: Notify if a vendorLicense is required
Status			: status (Ok / NotFound / Expired / Invalid)
Expdate			: expiration date

CONFIG ANTIVIRUS LIST

Level

base

History

Appears in 6.1.0

Description

List installed antivirus

Usage

config antivirus list

Returns

Name and last modification date of each config

Example

101 code=00a01000 msg="Begin"
[00]
name="clamav"
lastmod="2006-05-11 16:51:31"
[01]
name="Kaspersky"
lastmod="2006-01-10 11:28:40"
100 code=00a00100 msg="Ok"

CONFIG ANTIVIRUS OBJECTS

Level

contentfilter+modify

History

Appears in 6.1.0
ScanOLE disappears in 9.0.0
level changes from other,modify to contentfilter,modify in 9.0.0
HeuristicAnalysis appears in 9.0.1

Description

Scanner options

Usage

config antivirus objects [config=<config_index>] [ScanArchives=(on|off)] [ScanPacked=(on|off)] [BlockEncrypted=(on|off)] [BlockUnsupported=(on|off)] [HeuristicAnalysis=(on|off)]

Returns

Error code
CONFIG ANTIVIRUS SELECT

Level

base

History

Appears in 7.0.0

Description

Switch the active antivirus if possible and starts the download of the new database.

Note

Contentfilter and Modify levels needed to switch antivirus

Usage

config antivirus select config=<config_index>

Returns

Error code.

Example

CONFIG ANTIVIRUS SELECT config=00

CONFIG ANTIVIRUS SERVICES

CONFIG ANTIVIRUS SERVICES

Level

base

History

Appears in 6.1.0

Description

Antivirus Services

CONFIG ANTIVIRUS SERVICES FTP

Level

contentfilter+modify

History

Appears in 8.0.0
level changes from other,modify to contentfilter,modify in 9.0.0

Description

Configure FTP service

Note

Ftp VirusCode restricted to the set [100;600[
Ftp VirusMsg is limited to 2048 characters

Usage

config antivirus services ftp VirusCode=<integer> VirusMsg=<message>

Returns

Error code
CONFIG ANTIVIRUS SERVICES POP3

Level

contentfilter+modify

History

Appears in 6.1.0
level changes from other,modify to contentfilter,modify in 9.0.0

Description

Configure POP3 service

Note

Pop3 Mail advisory is limited to 1000 characters

Usage

config antivirus services pop3 MailAdvisory=<message>

Returns

Error code
CONFIG ANTIVIRUS SERVICES SHOW

Level

base

History

Appears in 6.1.0

Description

Show antivirus services

Usage

config antivirus services show

Returns

[Smtp]
VirusCode		: smtp error code
VirusMsg		: viruscode error message

[Pop3]
MailAdvisory	: virus notification message

CONFIG ANTIVIRUS SERVICES SMTP

Level

contentfilter+modify

History

Appears in 6.1.0
level changes from other,modify to contentfilter,modify in 9.0.0

Description

Configure SMTP service

Note

Smtp Viruscode restricted to the set [400;600[
Smtp VirusMsg is limited to 1000 characters

Usage

config antivirus services smtp [VirusCode=<integer>] [VirusMsg=<message>]

Returns

Error code
CONFIG ANTIVIRUS SHOW

Level

base

History

Appears in 6.1.0

Description

Dump antivirus config

Usage

config antivirus show [config=<config_index>]

Returns

[Config]
State				: Antivirus status
Selected			: Selected antivirus
Name				: Antivirus name

[Base]
Date				: Date of the antiviral database

[Object]
ScanArchives_Capa	: scanarchives capacity
ScanArchives		: extracting engine status
ScanPacked_Capa		: scanpacked capacity
ScanPacked			: unpacking engine status
BlockEncrypted_Capa : blockencrypted capacity
BlockEncrypted		: block encrypted files
BlockUnsupported_Capa : blockunsupported capacity
BlockUnsupported	: block unsupported formats
HeuristicAnalysis_Capa : heuristicanalysis capacity
HeuristicAnalysis	: heuristic analysis

CONFIG AUTH

CONFIG AUTH

Level

base

Description

Authentication related functions

CONFIG AUTH ACTIVATE

Level

user+modify

History

CANCEL Appears in 6.0.0
NEXTBOOT Appears in 6.0.0
level changes from other,modify to user,modify in 9.0.0

Description

Reload authentication daemon with lastest configuration

Usage

config auth activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Implementation notes

Execute ensl

Example

CONFIG AUTH ACTIVATE
CONFIG AUTH ADVANCED

Level

user+modify

History

anonymised Appears in 6.0.0
realbind Appears in 6.0.0
userpriority Appears in 6.1.0
http deprecated on 6.1.0
UpdPwd deprecated on 6.1.0
level changes from other,modify to user,modify in 9.0.0
continueonerror appears in 9.1.0
userpriority deprecated in 9.1.0
httpport appears in 1.0.0
httpsport appears in 1.0.0

Description

Advanced parameters configuration

Note

anonymised : show/don't show the logo in authentication page
realbind : real ldap authentication
usedns : redirection in authentication use certificate name and DNS resolve
continueonerror : If an error was rise during authentication process, try the next one
httpport : http port for authentification
httpsport : https port for authentification

Usage

config auth advanced [anonymised=on|off] [realbind=on|off] [usedns=on|off] [continueonerror=on|off] [httpport=<port>] [httpsport=<port>]

Returns

Error Code

Example

CONFIG AUTH ADVANCED anonymised=on usedns=on
CONFIG AUTH AGENT

Level

user+modify

History

Appears in 9.1.0

Description

Configure the authentication agent. Rise an error if state will be activated but no agent ip/password or controller are defined. The domainName parameter setup an optional filter on received logon events. If domain is given, only users on this domain are logged in

Note

don't forget to activate the configuration

Usage

config auth agent [State=<on|off>]
[Mscontroller=<host,host,host>]
[MaxLogonTime=<seconds (60-86400)>]
[GroupRefresh=<seconds (0=disable 120-2592000)>]
[Probe=<on|off>]
[ProbeMethod=<ping|registery>]
[ProbeTimeout=<seconds (60-3600)>]
[agentAddr=<object>]
[agentPort=<object>]
[agentPassword=<password>]
[backupAddr=<object>]
[backupPort=<object>]
[backupPassword=<password>]
[domainName=<NETBIOS Domain>]

CONFIG AUTH AGENTIGNORE

CONFIG AUTH AGENTIGNORE

Level

base

History

Appears in 9.1.0

Description

Configure SSOAgent uid ignore list

CONFIG AUTH AGENTIGNORE ADD

Level

user+modify

History

Appears in 9.1.0

Description

Add an UID into the list

Usage

config auth agentignore add uid=<uid>

CONFIG AUTH AGENTIGNORE REMOVE

Level

user+modify

History

Appears in 9.1.0

Description

Remove an UID of the list

Usage

config auth agentignore remove uid=<uid>

CONFIG AUTH AGENTIGNORE SHOW

Level

base

History

Appears in 9.1.0
level changes from user to user,base in 1.0.0

Description

Display the list of ignored UID

Usage

config auth agentignore show

Format

list

CONFIG AUTH ALTRADIUS

Deprecated

Level

other+modify

History

deprecated in 6.1.0

Description

Configure alternate radius authentication server

Note

Authentication with radius can be used with unknown users (default method)
default value for port is 1812

Usage

config auth altradius host=<host ip> [port=<port number>] key=<sharedkey>

Example

CONFIG AUTH ALTRADIUS host=192.168.1.2 port=1812 key="shared secret"
CONFIG AUTH DEFAULT

Level

user+modify

History

Appears in 6.1.0
level changes from other,modify to user,modify in 9.0.0

Description

Restore authentication default configuration

Note

Remeber to activate the configuration

Usage

config auth default

Returns

Error Code

Example

CONFIG AUTH default
CONFIG AUTH ENROLMENT

Deprecated

Level

other+modify

History

deprecated in 6.1.0

Description

Managing ldap/pki web enrolment

Note

type :enable ldap or ldap/pki enrolment formular
mail : using mail to report new enrolment requests

Usage

config auth enrolment [type=<ldap|pki|none>] [mail=on|off]

Example

CONFIG AUTH ENROLMENT type=pki mail=on
CONFIG AUTH GUEST

Level

user+modify

History

Appears in 1.0.0

Description

Configure GUEST authentication method

Usage

config auth guest [state=<0|1>] [logontime=<seconds>] [disclaimertime=<seconds>]

Example

CONFIG AUTH GUEST state=1 logontime=600 disclaimertime=86400
CONFIG AUTH HTTPS

Level

user+modify

History

Appears in 6.1.0
level changes from other,modify to user,modify in 9.0.0
sslparanoiac appears in 9.1.0

Description

Advanced SSL parameters configuration

Note

Those values are also used by the SSL VPN. All lists use the coma separator.
certificate : private key and certificate used by server for SSL
ca_custom : ca certificate sent to client and 'ca_verify' used to trust client certificate.
cipherlist : list of supported ciphers
sslparanoiac : Paranoiac mode on ssl connection

Usage

config auth https [certificate=<name of privkey object>] [cipherlist=<supported cipher list>] [sslparanoiac=<0|1>]

Returns

Error Code

Example

CONFIG AUTH HTTPS certificate=mycertificate cipherlist="AES256-SHA,RC4-MD5"

CONFIG AUTH INTERFACE

CONFIG AUTH INTERFACE

Level

base

History

Appears in 6.1.0

Description

Interface authentication related functions

CONFIG AUTH INTERFACE ADVANCED

Level

user+modify

History

Appears in 6.1.0
wpad Appears in 8.0.0
level changes from other,modify to user,modify in 9.0.0
disclaimertime appears in 1.0.0

Description

Interface related configuration options

Note

config index : if not specified, default value is 0
http : start/stop the authentication daemon in HTTP
onlyonelogin : force only one login per user at the same time
usecookie : enable cookies
wpad : enable access to WPAD file
disclaimer : enable captive portal disclaimer
disclaimertime : Do not show the disclaimer until many seconds. (15 minutes to 1 year)
autocomp : enable autocompletion by the browser
SecondUser : Kick previous logged user or reject new user
VPNSSLMultiuser : Promote IP to multiuser if SSLVPN access can be made

Usage

config auth interface advanced [config=<config_index>] [http=on|off] [onlyonelogin=on|off] [usecookie=None|Session|Time] [wpad=on|off] [disclaimer=on|off] [autocomp=on|off] [SecondUser=kick|reject] [VPNSSLMultiuser=on|off] [disclaimertime=<900-31536000>]

Returns

Error Code

Example

CONFIG AUTH INTERFACE ADVANCED config=0
CONFIG AUTH INTERFACE CONNECT

Level

user+modify

History

Appears in 6.1.0
level changes from other,modify to user,modify in 9.0.0

Description

Interface related configuration options

Note

config index : if not specified, default value is 0
interface : use config_index on protected (internal) or not (external) interfaces

Usage

config auth interface connect [config=<config_index>] interface=internal|external

Returns

Error Code

Example

CONFIG AUTH INTERFACE CONNECT config=0 interface=internal
CONFIG AUTH INTERFACE ENROLMENT

Level

user+modify

History

Appears in 6.1.0
use mailgroup in 7.0.0
level changes from other,modify to user,modify in 9.0.0

Description

Managing ldap/pki web enrolment

Note

config index : if not specified, default value is 0
type : enable ldap or ldap/pki enrolment formular
mailgroup : using mailgroup to report new enrolment requests

Usage

config auth interface enrolment [config=<config_index>] [type=<ldap|pki|none>] [mailgroup=<mail_group_name>|none]

Returns

Error Code

Example

CONFIG AUTH INTERFACE ENROLMENT config=0 type=pki mailgroup=none
CONFIG AUTH INTERFACE ENROLMENT type=pki mailgroup=Administrators
CONFIG AUTH INTERFACE LIST

Level

base

History

Appears in 6.1.0
level changes from other,modify to base in 9.0.0

Description

List authentication interface configs

Usage

config auth interface list

Returns

101 code=00a01000 msg="Begin"
[00]
name="Internal"
lastmod="2006-04-05 03:18:24"
[01]
name="External"
lastmod="2006-04-05 03:18:24"
[02]
name="default02"
lastmod="2006-01-03 10:03:10"
[03]
name="default03"
lastmod="2006-01-03 10:03:10"
100 code=00a00100 msg="Ok"

Example

CONFIG AUTH INTERFACE LIST
CONFIG AUTH INTERFACE METHOD

Deprecated

Level

user+modify

History

Appears in 6.1.0
option srp for default Appears in 6.2.3
option plain for default Appears in 6.2.3
option default removed in 9.0.0
level changes from other,modify to user,modify in 9.0.0
command removed in 9.1.0

Description

No description available

Usage

config auth interface method

CONFIG AUTH INTERFACE PASSWORD

Level

user+modify

History

Appears in 6.1.0
level changes from other,modify to user,modify in 9.0.0

Description

Specify password related values period in seconds

Note

config index : if not specified, default value is 0
updpwd : update password
pwdexpire : password validity in days
Change period combo in the authentication web page
When not defined transparent authentication methods use maxtime

Usage

config auth interface password [config=<config_index>] [updpwd=No|Can|Must] [pwdexpire=<passwordexpirationtime>]

Returns

Error Code

Example

CONFIG AUTH INTERFACE PASSWORD config=0 updpwd=Must pwdexpire=60
CONFIG AUTH INTERFACE RENAME

Level

user+modify

History

Appears in 6.1.0
level changes from other,modify to user,modify in 9.0.0

Description

Rename an Authentication config

Note

config index : needs to be specified
name : name of the configuration slot

Usage

config auth interface rename index=<config_index> name=<config name>

Returns

Error Code

Example

CONFIG AUTH INTERFACE rename index=1 name=backup
CONFIG AUTH INTERFACE SHOW

Level

base

History

Appears in 6.1.0

Description

Show authentication config

Usage

config auth interface show [config=<index>]

Returns

[config]
state           : auth daemon state
HttpState       : activate http daemon
EnrolFormType   : enrolment form (none, user, pki)
EnrolFormMail   : using mail to report new enrolment requests
updpwd          : update password
UseCookie       : authentication cookies state
PswdExpire      : duration for password expiration
min             : Minimum authentication period
max             : Minimum authentication period
ssotime         : Authentication period for transparent methods (spnego and ssl)
proxyredirect   : method to redirect in transparent proxy mode
Seconduser	: What to do when a second user come from a single user IP.
VPNSSLMultiuser	: Auto-promote IP to multiuser is sslvpn can be used
CONFIG AUTH INTERFACE STATE

Level

base

History

Appears in 6.1.0

Description

Get/Set the status of the authentication server

Note

config index : if not specified, default value is 0
Changing state need user and modify levels

Usage

config auth interface state [config=<config_index>] [state=on|off]

Returns

Error Code

Example

CONFIG AUTH INTERFACE STATE state=on
CONFIG AUTH INTERFACE TIME

Level

user+modify

History

Appears in 6.1.0
level changes from other,modify to user,modify in 9.0.0

Description

Specify authentication period in seconds

Note

config index : if not specified, default value is 0
Change period combo in the authentication web page
When not defined transparent authentication methods use maxtime

Usage

config auth interface time [config=<config_index>] min=<MinTime> max=<MaxTime> [ssotime=<transparentmethodstime>]

Returns

Error Code

Example

CONFIG AUTH INTERFACE TIME config=0 mintime=900 maxtime=7200 ssotime=2400
CONFIG AUTH INTERFACE TIMERANGE

Deprecated

Level

user+modify

History

Appears in 6.1.0
Deprecated in 9.0.0

Description

Managing authentication timeranges

Note

config index : if not specified, default value is 0
action : action we will proceed when user calendar is not defined
calendarid : authd default calendar in ldap

Usage

config auth interface timerange [config=<config_index>] (action=<pass|block>) | (action=default defaultcal=<calendarid>)

Returns

Error Code

Example

CONFIG AUTH INTERFACE TIMERANGE config=1 action=pass
CONFIG AUTH KERBEROS

Level

user+modify

History

level changes from other,modify to user,modify in 9.0.0
status Appears in 9.1.0

Description

Configure kerberos authentication

Note

default value for kdc_port is 88

Usage

config auth kerberos [domain=<host domain name> host=<kdc hostname> [port=<kdc port>] [bhost=<backup kdc hostname> [bport=<backup kdc port>]]] | [state=<0|1>]

Returns

Error Code

Example

CONFIG AUTH KERBEROS host=10.0.0.125 domain="DOMAIN.LOCAL"
CONFIG AUTH METHOD

Deprecated

Level

other+modify

History

option spnego for allowed Appears in 6.0.0
option userpriority for allowed Appears in 6.0.0
deprecated in 6.1.0

Description

Specify authorized authentication methods

Note

Default Methods are used for unknown users (not in LDAP database).

Usage

config auth method allowed=none|[ssl],[srp],[radius],[kerberos],[spnego],[userpriority],[plain] [default=(radius|kerberos)]

Example

CONFIG AUTH METHOD allowed=ssl,srp
CONFIG AUTH METHOD allowed=ssl,srp,ldap default=ldap

CONFIG AUTH MULTIUSER

CONFIG AUTH MULTIUSER

Level

base

History

Appears in 9.1.0

Description

Manage object as multiple user one

CONFIG AUTH MULTIUSER ADD

Level

user+modify

History

Appears in 9.1.0

Description

Add an object at the end of the list. keyword 'any' is granted

Usage

config auth multiuser add object=<name>

Returns

Error code

Example

CONFIG AUTH MULTIUSER ADD object='host'
CONFIG AUTH MULTIUSER LIST

Level

base

History

Appears in 9.1.0

Description

List the object marked as multiple user with the type of the object

Usage

config auth multiuser list

Format

list

Returns

[Result]host='host1'
host_2='host2'
range='range1'
network='network1'
interface='interface1'
group='group1'
internet='internet'

Example

CONFIG AUTH MULTIUSER LIST
CONFIG AUTH MULTIUSER REMOVE

Level

user+modify

History

Appears in 9.1.0

Description

Remove an object in the list

Usage

config auth multiuser remove object=<name>

Returns

Error code

Example

CONFIG AUTH MULTIUSER REMOVE object="host"
CONFIG AUTH RADIUS

Level

user+modify

History

bport Appears in 6.1.0
bhost Appears in 6.1.0
level changes from other,modify to user,modify in 9.0.0
status Appears in 9.1.0

Description

Configure radius authentication

Note

Authentication with radius can be used with unknown users (default method)
default value for port is 1812

Usage

config auth radius [state=<0|1>] | [host=<host> [port=<service>] key=<sharedkey>] [bhost=<host> [bport=<service>] bkey=<sharedkey>]

Returns

Error Code

Example

CONFIG AUTH RADIUS host=10.2.0.100 port=1812 key="shared secret"
CONFIG AUTH RADIUS host=radiussrv port=radius key="shared secret" bhost=radiussrv bport=radius bkey="other shared secret"

CONFIG AUTH SHOW

Level

base

History

guest authentication appears in 1.0.0

Description

Show authentication config

Note

radius preshared key is not displayed
agents password is not displayed

Usage

config auth show

Returns

[config]
anonymised      : show/don't show the logo in authentication page
SslCertificate  : refer key/certificate entry on 'key' file
realbind        : real ldap authentication
usedns          : redirection in authentication use certificate name and DNS resolve
internal        : internal interfaces configuration
external        : external interfaces configuration

[CAVerifyList]
Number=0

[radius]
state		: status of this method
host            : radius server hostname
port            : radius port
bhost           : radius backup server hostname
bport           : radius backup port

[ssl]
state		: status of this method
CertificateIdentifier	: field in certificate to match
LdapIdentifier		: field in LDAP to match

[kerberos]
state		: status of this method
domain          : Kerberos realm (domain) name
pkdc_host       : Primary KDC host adress
pkdc_port       : Primary KDC port (default 88)
bkdc_host       : Backup KDC host adress
bkdc_port       : Backup KDC port (default 88)

[spnego]
state		: status of this method
domain          : Windows domain name
principal       : Service Principal name

[agent]
State          : activate or not the agent
Mscontroler    : object name of the Microsoft domain controler
MsbackupControler : object name of the second Microsoft domain controler
Directory      : name of the ldap directory to use
MaxLogonTime   : maximum time in second of the authentication
Probe          : activate or not the user logout probing
ProbeMethod    : comma separated list of probing methods (arp, icmp, nbstat, registery, ...)
ProbeTimeout   : maximum time in second for no responding stations
BindAddr       : the ip of the source connection
BindPort       : the port of the source connection
AgentAddr      : the agent ip address
AgentPort      : the port of the agent
BackupAddr     : the ip of the backup agent
BackupPort     : the port of the backup agent
DomainName     : the filter to be applied on logon event

[guest]
state          : activate or not the guest method
LogonTime      : Time in seconds for re-authentication
Disclaimertime : Time in seconds for disclaimer revalidation
CONFIG AUTH SPNEGO

Level

user+modify

History

Appears in 6.0.0
level changes from other,modify to user,modify in 9.0.0
status Appears in 9.1.0

Description

Configure SPNEGO authentication

Usage

config auth spnego [principal=<service name> domain=<host domain name>] | [state=<0|1>]

Returns

Error code100

Example

CONFIG AUTH SPNEGO principal="HTTP/myfirewall" domain="DOMAIN.LOCAL"
CONFIG AUTH SPNEGO state=1

CONFIG AUTH SSL

CONFIG AUTH SSL

Level

base

History

ca_verify Appears in 6.1.0

Description

Configure SSL authentication

CONFIG AUTH SSL CAVERIFY
CONFIG AUTH SSL CAVERIFY

Level

user

History

ca_verify Appears in 9.0.0

Description

Configure SSL authority for the authentication

CONFIG AUTH SSL CAVERIFY ADD

Level

user+modify

History

caverify add Appears in 9.0.0

Description

Add a authority to the list of authentication authorities

Usage

config auth ssl caverify add caname : the name of the authority

Returns

Error Code

Example

CONFIG AUTH SSL CAVERIFY ADD caname=<authority name>
CONFIG AUTH SSL CAVERIFY REMOVE

Level

user+modify

History

caverify remove Appears in 9.0.0

Description

Remove an authority from the list

Usage

config auth ssl caverify remove id : An id of the list

Returns

Error Code

Example

CONFIG AUTH SSL CAVERIFY REMOVE id=1
CONFIG AUTH SSL CERTIDENTIFIER

Level

user+modify

History

appears in 9.0.1

Description

Set the certificate identifier field in common name. WARNING: the value is case sensitive. Do not wrote emailaddress but emailAddress

Usage

config auth ssl certidentifier name : the name of the field

Returns

Error Code

Example

CONFIG AUTH SSL CERTIDENTIFIER name="emailAddress"
CONFIG AUTH SSL LDAPIDENTIFIER

Level

user+modify

History

appears in 9.0.1

Description

Set the LDAP identifier field to match the certificate field

Usage

config auth ssl ldapidentifier name : the name of the field

Returns

Error Code

Example

CONFIG AUTH SSL LDAPIDENTIFIER name="Mail"
CONFIG AUTH SSL UPDATE

Level

user+modify

History

appears in 9.1.0

Description

Update the configuration of SSL method state is the status of the method

Usage

config auth ssl update [state=<0|1>]

Returns

Error Code

Example

CONFIG AUTH SSL UPDATE state=1
CONFIG AUTH STATE

Deprecated

Level

base

History

deprecated in 6.1.0

Description

Get/Set the status of the authentication server

Note

Changing state need admin and modify level

Usage

config auth state [On|Off]

CONFIG AUTH TIME

Deprecated

Level

other+modify

History

deprecated in 6.1.0

Description

Specify authentication period in seconds

Note

Change period combo in the authentifcation web page

Usage

config auth time <MinTime> <MaxTime>

Example

CONFIG AUTH TIME 900 7200

CONFIG AUTOBACKUP

CONFIG AUTOBACKUP

Level

base

History

Appears in 1.0.0

Description

Autobackup configuration

CONFIG AUTOBACKUP ACTIVATE

Level

maintenance+modify

History

Appears in 1.0.0

Description

Copy all clones in real profiles.

Usage

config autobackup activate [CANCEL]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded.

Returns

Error code

Example

CONFIG AUTOBACKUP ACTIVATE
CONFIG AUTOBACKUP ACTIVATE CANCEL
CONFIG AUTOBACKUP LAUNCH

Level

maintenance+modify

History

Appears in 1.0.0

Description

Launch autobackup manually.

Usage

config autobackup launch

Returns

Error code

Example

CONFIG AUTOBACKUP LAUNCH
CONFIG AUTOBACKUP RESTORE

Level

maintenance+modify

History

Appears in 1.0.0

Description

Restore last full configuration launched by autobackup.

Note

Autobackup must be enable and functional.

Usage

config autobackup restore [backuppassword=<backup password>] [fwserial=(all|local|<serial>)] [refresh=0|1]
- refresh : when set to 1, refresh all (except network) firewall configuration, and does not require user to reboot if services successfully restarted.

Returns

Error code

Example

CONFIG AUTOBACKUP RESTORE
CONFIG AUTOBACKUP SET

Level

maintenance+modify

History

Appears in 1.0.0

Description

Set autobackup configuration.

Note

Protocol http and mode post are incompatible

Usage

config autobackup set [state=<0|1>] [distantbackup=<0|1|2>] [period=<period as string>] [backuppassword=<backup password>]
[server=<server obj>] [port=<server port obj>] [path=<path>] [protocol=(http|https)] [mode=(basic|digest|post)]
[authusername=<authentication username>] [authpassword=<authentication password>] [controlname=<http control name>]
[servercertificate=<ca:cert>] [clientcertificate=<ca:cert>]
- period : time + unit (s,m,h,d,w);
- distantbackup : localbackup only (0), cloud netasq (1), custom server (2);
- protocol : protocol used (http,https);
- mode : webdav mode with authentication (basic,digest) or post request;
- controlname : name also used with html form (only with post mode);
- authusername : authentication username (only with basic and digest webdav modes);
- authpassword : authentication password (only with basic and digest webdav modes);
- path : path on the server;
- servercertificate : server certificate reference;
- clientcertificate : client certificate.

Returns

Error code

Example

CONFIG AUTOBACKUP SET state=1 server=backupserver port=http controlname=myfile path=/action.php period=10h password=mypassword
CONFIG AUTOBACKUP SHOW

Level

base

History

Appears in 1.0.0

Description

Show the autobackup config.

Usage

config autobackup show

Returns

[AUTOBACKUP]
State=<state>
DistantBackup=<distant backup enabled>
Server=<server obj name>
Port=<server port obj name>
Path=<path>
Period=<period>
BackupPassword=<backup password>
Protocol=<protocol used>
Mode=<mode used>
AuthUsername=<authentication username>
AuthPassword=<authentication password>
ControlName=<http control name>
servercertificate=<reference server certificate>
clientcertificate=<server client>

Example

CONFIG AUTOBACKUP SHOW

CONFIG AUTOUPDATE

CONFIG AUTOUPDATE

Level

base

History

Appears in 6.0.0

Description

Autoupdate (Content-Filtering Update)

CONFIG AUTOUPDATE ACTIVATE

Level

maintenance+modify

History

Appears in 6.1.0
level changes from modify,other to modify,maintenance in 9.0.0

Description

Reload AutoUpdate configuration

Usage

config autoupdate activate

Returns

Error code

Example

CONFIG AUTOUPDATE ACTIVATE
CONFIG AUTOUPDATE LIST

Level

base

History

Appears in 6.1.0

Description

List all available update

Usage

config autoupdate list

Returns

List=<list of available update comma separated>

Example

CONFIG AUTOUPDATE LIST
CONFIG AUTOUPDATE SERVER

Level

maintenance+modify

History

Appears in 6.0.0
state Appears in 6.1.0
update Appears in 6.1.0
secure Appears in 6.1.5
update options Kaspersky,Clamav,URLFiltering,Antispam-Vaderetro Appears in 6.2.0
start Appears in 7.0.0
update option Pvm Appears in 7.0.0
start Appears in 7.0.0
level changes from modify,other to modify,maintenance in 9.0.0
update option RootCertificates Appears in 9.1.0

Description

Set autoupdate parameters. If the update token is not specified, all services will be modified. The url token can take a maximum of 8 URL, separated by comma. retries=0 means no retry limit.

Usage

config autoupdate server [url=<url>] [start=<time>] [period=<period>] [retries=<n>] [state=(on|off|1|0)] [secure=(0|1)] [update=(Antispam|Patterns|Kaspersky|Clamav|URLFiltering|Antispam-Vaderetro|Pvm|RootCertificates)]

Returns

Error code

Example

CONFIG AUTOUPDATE SERVER url="http://www.netasq.com/autoupdate"
CONFIG AUTOUPDATE SERVER period=00M00w01d00h00m00s retries=3
CONFIG AUTOUPDATE SERVER start="10:00:00"

CONFIG AUTOUPDATE SHOW

Level

base

History

Appears in 6.0.0

Description

Dump the autoupdate config. The Run token represents the state of the last update (0=never started ; 1=up to date ; 2=failed ; 3=running ; 4=not available) and can be obtained by MONITOR AUTOUPDATE too. The update begins at 'start' time and will be repeated after each 'period'.

Usage

config autoupdate show

Returns

[Global]
Version=<autoupdate version>
[<available_update>]
Secure=(0|1)			: check sign
State=(0|1)  			: update active or not
URL=<url>    			: url to retreive update
Period=<period>			: period to perform update
Retries=<int>			: number of retry
Run=<int>			: state of the last update (0=never started ; 1=up to date ; 2=failed ; 3=running ; 4=not available). These information can be obtained by MONITOR AUTOUPDATE
Start=<time>			: time of the first update

Example

CONFIG AUTOUPDATE SHOW
CONFIG AUTOUPDATE STATE

Level

maintenance+modify

History

update Appears in 6.1.0
level changes from modify,other to modify,maintenance in 9.0.0

Description

Activate/Deactivate the autoupdate subsystem

Note

all available update are given by CONFIG AUTOUPDATE LIST

Usage

config autoupdate state state=<on|off> [update=<available_update>]

Returns

Error code

Example

CONFIG AUTOUPDATE STATE state=on
CONFIG BACKUP

Level

maintenance

History

level maintenance Appears in 6.0.0
level other deprecated in 6.0.0
option global for list Appears in 6.0.0
option urlgroup for list Appears in 6.0.2
option pattern for list Appears in 6.0.2
usb Appears in 6.1.0
option secure for list Appears in 6.2.0
option autoupdate for list Appears in 6.2.0
option proxies for list Appears in 6.2.0
option services for list Appears in 6.2.0
format appears in 9.0.0

Description

Backups full or partial configuration (complete list of available items is provided by SYSTEM BACKUP command)

Note

usb option required Modify level, and is used to push the backup on usb token instead of file

Usage

config backup list=<all|network|global|object|global_object|filter|filterslotxx|global_filter|global_filterslotxx|vpn|ldap|urlfiltering|sslfiltering|urlgroup|global|pattern|secure|autoupdate|services|mailfiltering|dhcp|ntp|dns|snmp|pvm|cert|securityinspection|vpn-ssl|vpn-pptp|event-rules|qos|auth|webadmin|statusweight|log|route|sysevent|bird|antispam|mailgroup|communication|system|serverd|reports> [usb=0|1] [password=<string>] [comment=<string>]

Format

raw

Returns

Error code

Implementation notes

Make an archive encrypted with generic key or given password. Add a plain header with date, model, version, serial, description, content and type (GENERIC or PASSWORD) Sign the file included the header with the firewall private key.

Example

CONFIG BACKUP list=all comment="sauvegarde tout" password=mypassword
CONFIG BACKUP list="pattern,network,global,network" usb=1

CONFIG COMMUNICATION

CONFIG COMMUNICATION

Level

base

Description

Command to configure external communication

CONFIG COMMUNICATION ACTIVATE

Level

base+modify

History

CANCEL/NEXTBOOT Appears in 9.0.0

Description

Activate/cancel modifications of communication and mail groups

Usage

config communication activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Implementation notes

run enlog, enasq, ensl -u, enproxy -u, ensl -u

Example

CONFIG COMMUNICATION ACTIVATE
CONFIG COMMUNICATION ACTIVATE cancel

CONFIG COMMUNICATION EMAIL

CONFIG COMMUNICATION EMAIL

Level

base

Description

Manage mail groups and templates

CONFIG COMMUNICATION EMAIL GROUP
CONFIG COMMUNICATION EMAIL GROUP

Level

base

Description

Manage mail groups

CONFIG COMMUNICATION EMAIL GROUP ACTIVATE

Level

log+modify

History

Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0

Description

Activate or discard latest changes of email groups configuration

Usage

config communication email group activate [CANCEL]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded.

Returns

Error code

Implementation notes

run enasq

Example

CONFIG COMMUNICATION EMAIL GROUP ACTIVATE
CONFIG COMMUNICATION EMAIL GROUP ADDRECIPIENT

Level

log+modify

History

Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0

Description

Add a new recipient to an email group

Usage

config communication email group addrecipient mailgroup=<mail_group_name> (mail=<mail_addr> | dn=<user|usergroup>)

Example

CONFIG COMMUNICATION EMAIL GROUP ADDRECIPIENT mailgroup=Administrators dn=james@nowhere.net
CONFIG COMMUNICATION EMAIL GROUP CHECK

Level

log

History

Appears in 7.0.0
level changes from other to log in 9.0.0
FORMAT Appears in 9.0.0

Description

Check email group

Usage

config communication email group check mailgroup=<mail_group_name>

Format

section_line

Example

CONFIG COMMUNICATION EMAIL GROUP CHECK mailgroup=Administrators
CONFIG COMMUNICATION EMAIL GROUP CREATE

Level

log+modify

History

Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0

Description

Create a new mail group

Usage

config communication email group create mailgroup=<mail_group_name> [comment=string]

Example

CONFIG COMMUNICATION EMAIL GROUP CREATE mailgroup=Administrators comment="here is a comment!"
CONFIG COMMUNICATION EMAIL GROUP DELRECIPIENT

Level

log+modify

History

Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0

Description

Delete a recipient from an email group

Usage

config communication email group delrecipient mailgroup=<mail_group_name> (mail=<mail_addr> | dn=<user|usergroup>)

Example

CONFIG COMMUNICATION EMAIL GROUP DELRECIPIENT mailgroup=Administrators mail=james@nowhere.net
CONFIG COMMUNICATION EMAIL GROUP EDIT

Level

log+modify

History

Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0

Description

Modify an email group

Usage

config communication email group edit mailgroup=<mail_group_name> comment=string

Example

CONFIG COMMUNICATION EMAIL GROUP EDIT mailgroup=Administrators comment="here is a comment!"
CONFIG COMMUNICATION EMAIL GROUP LIST

Level

base

History

Appears in 7.0.0
level changes from other to base in 9.0.0

Description

Dump the email groups

Usage

config communication email group list

Returns

[MailGroup1]
comment=this is a comment
email=a@b.com
email=c@b.com
cn=user
[MailGroup2]
...

Example

CONFIG COMMUNICATION EMAIL GROUP LIST
CONFIG COMMUNICATION EMAIL GROUP REMOVE

Level

log+modify

History

Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0

Description

Delete an email group

Usage

config communication email group remove mailgroup=<mail_group_name>

Example

CONFIG COMMUNICATION EMAIL GROUP REMOVE mailgroup=Administrators
CONFIG COMMUNICATION EMAIL GROUP RENAME

Level

log+modify

History

Appears in 9.0.0

Description

rename a mail group

Usage

config communication email group rename oldname=<mail_group_name> newname=<mail_group_name>

Example

CONFIG COMMUNICATION EMAIL GROUP RENAME oldname=Administrators newname=Admins
CONFIG COMMUNICATION EMAIL TEMPLATE
CONFIG COMMUNICATION EMAIL TEMPLATE

Level

base

History

Appears in 7.0.0

Description

Manage mail templates

CONFIG COMMUNICATION EMAIL TEMPLATE DEFAULT

Level

log+modify

History

Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0

Description

Reset a mail template to default

Note

Additionnal rights may be needed to write some templates

Usage

config communication email template default <template_id>

Returns

Reset to its default the requested template

Example

CONFIG COMMUNICATION EMAIL TEMPLATE DEFAULT pvm_detailed
CONFIG COMMUNICATION EMAIL TEMPLATE DOWNLOAD

Level

log

History

Appears in 7.0.0
default arg appears in 9.0.0
level changes from other to log in 9.0.0
FORMAT Appears in 9.0.0

Description

Download a mail template

Note

If default parameter is not specified, default value is 0
Additionnal rights may be needed to read some templates

Usage

config communication email template download <template_id> [default=<0|1>]

Format

raw

Returns

The requested template
if default=1, return the default value of the requested template

Example

CONFIG COMMUNICATION EMAIL TEMPLATE DOWNLOAD pvm_detailed
CONFIG COMMUNICATION EMAIL TEMPLATE LIST

Level

log

History

Appears in 7.0.0
level changes from other to log in 9.0.0
FORMAT Appears in 9.0.0

Description

List all mail templates

Usage

config communication email template list

Format

section_line

Returns

[Result]
id=pvm_detailed type=pvm name="Detailed Vulnerability Mail"
id=pvm_summary type=pvm name="Summary Vulnerability Mail"
id=app_cert_req type=cert_req name="Accept the certificate request"
id=rej_cert_req type=cert_req name="Reject the certificate request"

Example

CONFIG COMMUNICATION EMAIL TEMPLATE LIST
101 code=00a01000 msg="Début"
[Result]
id=pvm_detailed type=pvm name="Detailed Vulnerability Mail"
id=pvm_summary type=pvm name="Summary Vulnerability Mail"
id=app_cert_req type=cert_req name="Accept the certificate request"
id=rej_cert_req type=cert_req name="Reject the certificate request"
100 code=00a00100 msg="Ok"
CONFIG COMMUNICATION EMAIL TEMPLATE UPLOAD

Level

log+modify

History

Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0

Description

Upload a mail template

Note

Additionnal rights may be needed to write some templates

Usage

config communication email template upload <template_id>

Returns

Upload the requested template

Example

CONFIG COMMUNICATION EMAIL TEMPLATE UPLOAD pvm_detailed
CONFIG COMMUNICATION HTTPPROXY

Level

network+modify

History

level changes from other,modify to network,modify in 9.0.0

Description

Configure HTTP proxy

Usage

config communication httpproxy [host=<host_object> port=<obj_port>] [user=<string> auth=<string>] [exclude=<host_object_list>]

Returns

Error code

Implementation notes

write in /usr/Firewall/ConfigFiles/Communication/config the conf

Example

CONFIG COMMUNICATION HTTPPROXY host=myproxy.netasq.com port=http user=username auth=authpassword exclude=myserver.netasq.com,intranet

CONFIG COMMUNICATION SHOW

Level

base

Description

Dump the communication configuration

Usage

config communication show [smtp|syslog|httpproxy] : dump smtp, syslog or httpproxy configuration or all of these if no argument is specified

Returns

[SMTP]
State		:	State
Server		:	Smtp server
Domain		:	Domain name
Delay		:	Delay
[Syslog]
State		:	State
Server		:	Syslog server to send log
Port			:	Syslog port
ClearText	:	Specify if logs are sent in clear text to Syslog server
Key			:	Ciphering key
Facility	:	Facility number

Implementation notes

dump /usr/Firewall/ConfigFiles/communication

Example

CONFIG COMMUNICATION SHOW
CONFIG COMMUNICATION SMTP

Level

log+modify

History

port Appears in 6.0.0
option service_object for port Appears in 6.1.0
option State Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0
options username and password appear in 9.0.2

Description

Configure SMTP (domain and server)

Usage

config communication smtp state=(0|1) [server=<host_object>] [domain=<string>] (mandatory if state=1)
[port=<service_object|int>] [delay=<int>] [username=<string>] [password=<string>]

Returns

Error code

Implementation notes

write in /usr/Firewall/ConfigFiles/Communication/config the conf

Example

CONFIG COMMUNICATION SMTP state=1 server=smtp_server domain=netasq.local delay=900
CONFIG COMMUNICATION SMTP state=0
CONFIG COMMUNICATION SYSLOG

Level

log+modify

History

option group_object for Server Appears in 6.1.0
option service_object for Port Appears in 6.1.0
option State Appears in 7.0.0
logtypepos token appears in 8.1.3
level changes from other,modify to log,modify in 9.0.0
LegacyMode appears in 1.0.0

Description

Configure Syslog

Note

the command return a warning message if there's more hosts in the group or in the range than the max authorized value.

Usage

config communication syslog State=(1|0) [Server=<host_object>|<range_object>|<group_object>] [Port=<service_object|integer>] [ClearText=(0|1)] [key=128bits_key] [Facility=(0-8)] [LogtypePos=(0|1)] [LegacyMode=(0|1)]
where :
- LogtypePos=1 means that logtype token appears after startime token
- LegacyMode=1 means that it uses previous behaviour and LegacyMode=0 that Syslog packets are RFC5424 compliant

Returns

Error code

Implementation notes

write in /usr/Firewall/ConfigFiles/communication the conf

Example

CONFIG COMMUNICATION SYSLOG State=1 Server=Syslog_Server Port=512 ClearText=1 Facility=1
CONFIG COMMUNICATION SYSLOG State=0

CONFIG CONSOLE

CONFIG CONSOLE

Level

base

Description

Console configuration

CONFIG CONSOLE ACTIVATE

Level

admin+modify

History

Appears in 6.0.0

Description

Activates console configuration

Usage

config console activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Implementation notes

run enservice

Example

CONFIG CONSOLE ACTIVATE
CONFIG CONSOLE ACTIVATE NEXTBOOT
CONFIG CONSOLE GETHOSTKEY

Level

base

History

FORMAT Appears in 9.0.0

Description

Get firewall public key

Usage

config console gethostkey

Format

raw

Returns

the ssh firewall public key

Implementation notes

Download the /etc/ssh/ssh_host_dsa_key.pub

Example

CONFIG CONSOLE GETHOSTKEY
CONFIG CONSOLE GETKEY

Level

admin

History

FORMAT Appears in 9.0.0

Description

Get admin account private key

Usage

config console getkey

Format

raw

Returns

the ssh private key of admin

Implementation notes

Download ~/.ssh/id_dsa Private key is openssh format, so not compatible with ssh.com format. Admin private key are encrypted with admin password.

Example

CONFIG CONSOLE GETKEY
CONFIG CONSOLE REMOTEADMIN

Level

admin+modify

History

Appears in 9.0.0

Description

Authorized or not connection for 'admin' from remote IP

Usage

config console remoteadmin [on|off]

Returns

current status

Example

CONFIG CONSOLE REMOTEADMIN
CONFIG CONSOLE REMOTEADMIN off
CONFIG CONSOLE RESTOREPUBKEY

Deprecated

Level

admin+modify

History

Appears in 6.1.0
deprecated in 6.1.4

Description

Restore the original public key for authorized keys

Usage

config console restorepubkey

Implementation notes

Set the original public key on /usr/Firewall/.ssh/authorized_keys2

CONFIG CONSOLE SETPASSPHRASE

Level

admin+modify

Description

Generate and set admin key passphrase

Usage

config console setpassphrase <password>

Returns

Error code

Implementation notes

generate new key for ssh and change SRP password in /etc/tpasswd. Note key generation may take a while on F50.

Example

CONFIG CONSOLE SETPASSPHRASE "mypassword"
CONFIG CONSOLE SETPUBKEY

Deprecated

Level

admin+modify

History

Appears in 6.1.0
deprecated in 6.1.4

Description

Set and admin public key

Usage

config console setpubkey

Implementation notes

Add the public key on /usr/Firewall/.ssh/authorized_keys2

CONFIG CONSOLE SSH

Level

base

History

Userpass Appears in 6.0.0
Password deprecated in 6.0.0
Port Appears in 6.1.0

Description

Enable/disable SSH console access

Note

Admin and Modify levels are required to update configuration

Usage

config console ssh State=[0|1] Userpass=[0|1] Port=[number|object]

Returns

Error code (if parameter) or :
State=    : state of service
Userpass= : specify if password mode is on/off
Port=     : port used by service

Implementation notes

Start ou stop ssh daemon, flag is in "network" configuration file. SSHD only use sshv2 with public key but if Password is set the ssh connection will accept both key and password mode.

Example

CONFIG CONSOLE SSH State=1 Userpass=1 Port=gopher

CONFIG DDNSCLIENT

CONFIG DDNSCLIENT

Level

base

History

Appears in 6.0.0

Description

Dynamic DNS client administration

CONFIG DDNSCLIENT ACTIVATE

Level

network+modify

History

Appears in 9.0.0

Description

Activate/cancel modifications of DDNSCLIENT configuration

Usage

config ddnsclient activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Example

CONFIG DDNSCLIENT ACTIVATE
CONFIG DDNSCLIENT DELETE

Level

network+modify

History

Appears in 6.0.0

Description

Delete an existing dynamic DNS client configuration

Usage

config ddnsclient delete name=<name of configuration to be deleted>

Returns

Error code

Example

CONFIG DDNSCLIENT DELETE name=DynamicDNS
CONFIG DDNSCLIENT LIST

Level

base

History

Appears in 6.0.0
FORMAT Appears in 9.0.0

Description

List Dynamic DNS client configurations

Usage

config ddnsclient list

Format

list

Returns

list of Dynamic DNS client configurations

Example

CONFIG DDNSCLIENT LIST
DynamicDNS
CONFIG DDNSCLIENT NEW

Level

network+modify

History

Appears in 6.0.0
Added noip in 9.1.0

Description

Create a new dynamic DNS client configuration

Usage

config ddnsclient new name=<confname> provider=<dyndns|noip>

Returns

Error code

Example

CONFIG DDNSCLIENT NEW name=DynamicDNS provider=dyndns
CONFIG DDNSCLIENT RESETEVENT

Level

network+modify

History

Appears in 6.0.0

Description

Remove all event entry and set offline

Usage

config ddnsclient resetevent name=<conf name>

Returns

Error code

Example

CONFIG DDNSCLIENT RESETEVENT name=DynamicDNS
CONFIG DDNSCLIENT SET

Level

network+modify

History

Appears in 6.0.0

Description

Set a global or a configuration parameter

Usage

config ddnsclient set name=<conf name> (state=<0|1> | service=<provider service name> | server=<host object> | user=<username> | password=<pass> | hostname=<dns name>| protocol=<HTTP|HTTPS> | WildcardOption=<0|1> | OfflineOption=<0|1>| RenewInterval=<time in sec>)

Returns

Error code

Example

CONFIG DDNSCLIENT SET name=DynamicDNS state=1
CONFIG DDNSCLIENT SHOW

Level

base

History

Appears in 6.0.0

Description

Show all or specific dynamic DNS client configuration

Note

optional parameter "name" to show only one configuration

Usage

config ddnsclient show [name=<name of configuration>]

Returns

[Config]
Verbosity=(0|1)

[DynamicDNS]
State=(On|Off)
Provider=type of provider
Service=name of service
User=user name to login
Password=password to login
Hostname=registred hostname
Server=server of service
protocol=(HTTP|HTTPS)
WildcardOption=(0|1) : wilcard redirection
OfflineOption=(0|1) : offline redirection
RenewInterval=maximum interval between renewal

Example

CONFIG DDNSCLIENT SHOW
[Config]
Verbosity=0

[DynamicDNS]
State=On
Provider=dyndns
Service=dyndns
User=ddns_user
Password=ddns_passwd
Hostname=my_ddns.dnsalias.net
Server=members.dyndns.org
protocol=HTTP
WildcardOption=1
OfflineOption=0
RenewInterval=2419200
CONFIG DDNSCLIENT UNSET

Level

network+modify

History

Appears in 6.0.0

Description

Unset a global or a configuration parameter (restore default value)

Usage

config ddnsclient unset name=<conf name> param=[state|service|server|user|password|hostname|protocol|RenewInterval|OfflineOption|WildcardOption]

Returns

Error code

Example

CONFIG DDNSCLIENT UNSET name=DynamicDNS param=state

CONFIG DHCP

CONFIG DHCP

Level

base

Licence needed:

Service/DHCP

Description

Command to manage DHCP server.

CONFIG DHCP ACTIVATE

Level

network+modify

History

CANCEL Appears in 6.0.0
NEXTBOOT Appears in 6.0.0
level changes from other,modify to network,modify in 9.0.0

Description

Activate DHCP configuration.

Usage

config dhcp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Implementation notes

Run endhcpd script and start service depending on state field

Example

CONFIG DHCP ACTIVATE

CONFIG DHCP HOST

CONFIG DHCP HOST

Level

base

Description

Configure DHCP hosts

CONFIG DHCP HOST ADD

Level

network+modify

History

macaddr deprecated in 6.0.0
level changes from other,modify to network,modify in 9.0.0

Description

Add a host to DHCP server configuration

Usage

config dhcp host add name=<hostname> [gate=<gateway>]

Returns

Error code

Example

CONFIG DHCP HOST ADD name=host1
CONFIG DHCP HOST ADD name=host2 gate=gw1
CONFIG DHCP HOST LIST

Level

base

History

level base Appears in 6.0.0
level other deprecated in 6.0.0
FORMAT Appears in 9.0.0

Description

List DHCP server hosts

Usage

config dhcp host list

Format

section_line

Returns

list of hosts in the form :
pos=num host=host_object_name  macaddr=ethernet_address [ gate=host_object_name]

Example

CONFIG DHCP HOST LIST
pos=1 host=host1 macaddr=00:00:AA:BB:88:22 gate=gw1
CONFIG DHCP HOST REMOVE

Level

network+modify

History

pos deprecated in 6.0.0
level changes from other,modify to network,modify in 9.0.0

Description

Remove a host from DHCP server configuration

Usage

config dhcp host remove name=<hostname>

Returns

Error code

Example

CONFIG DHCP HOST REMOVE name=host1

CONFIG DHCP PARAMETERS

CONFIG DHCP PARAMETERS

Level

base

Description

Configure DHCP server global parameters

CONFIG DHCP PARAMETERS ADD

Level

network+modify

History

custom-option1 Appears in 6.1.0
custom-option2 Appears in 6.1.0
default-ltime deprecated in 6.1.0
iparray option for custom-option2 Appears in 6.1.3
hostgroup name option for custom-option2 Appears in 6.1.3
level changes from other,modify to network,modify in 9.0.0

Description

Add a global parameter to DHCP server

Usage

config dhcp parameters add domain-name=<name> | dns-update=Off|On | default-ltime=<seconds> | max-ltime=<seconds> | min-ltime=<seconds> | wpad=Off|On | custom-option1=<name>,<id>,(str|ip|iparray),(<string>|<host name>|<hostgroup name>) | custom-option2=<name>,<id>,(str|ip|iparray),(<string>|<host name>|<hostgroup name>)

Returns

Error code

Implementation notes

non documented parameters : port=number : fix another port for dhcp server (must be superior to 1024) authoritative=Off|On : act as an authoritative dhcp server.default valueis Off dns-update-hosts=Off|On : update fixed host entries in dns. by default, its value is the same as dns-update dns-use-hostname=Off|On : use dhcp name to update dns entry. by default its value is the same as dns-update ping-check=Off|On : send an icmp echo before attributing ip address. default is On wpad=Off|On : activate web proxy autoconfiguration discovery

Example

CONFIG DHCP PARAMETERS ADD domain-name=my.domain.com
CONFIG DHCP PARAMETERS LIST

Level

network

History

level changes from other to network in 9.0.0

Description

List DHCP server global parameters and options

Usage

config dhcp parameters list

Returns

[Parameters]
domain-name=domain name for clients
dns-update=Off|On : dynamic dns update
default-ltime=default lease time for clients
min-ltime=minimum lease time for clients
max-ltime=maximum lease time for clients

Implementation notes

non documented returns (printed only if thers is an entry in configuration file): port=number : listening port for dhcp server (superiore to 1024 if not default) authoritative=Off|On : act as an authoritative dhcp server.default valueis Off dns-update-hosts=Off|On : update fixed host entries in dns. by default, its value is the same as dns-update dns-use-hostname=Off|On : use dhcp name to update dns entry. by default its value is the same as dns-update ping-check=Off|On : send an icmp echo before attributing ip address. default is On

Example

CONFIG DHCP PARAMETERS LIST
[Parameters]
domain-name=my.domain.com
CONFIG DHCP PARAMETERS REMOVE

Level

network+modify

History

level changes from other,modify to network,modify in 9.0.0

Description

Remove a global parameter from DHCP server

Usage

config dhcp parameters remove domain-name
dns-update
default-ltime
min-ltime
max-ltime
wpad

Returns

Error code

Implementation notes

non documented parameters : authoritative dns-update-hosts dns-use-hostname ping-check port=number

Example

CONFIG DHCP PARAMETERS REMOVE domain-name

CONFIG DHCP RANGE

CONFIG DHCP RANGE

Level

base

Description

Configure ranges of IP addresses.

CONFIG DHCP RANGE ADD

Level

network+modify

History

begin deprecated in 6.0.0
end deprecated in 6.0.0
name Appears in 6.0.0
level changes from other,modify to network,modify in 9.0.0

Description

Add a range.

Usage

config dhcp range add name=<rangename> [gate=<hostname>]

Returns

Error code

Example

CONFIG DHCP RANGE ADD name=dhcp_range
CONFIG DHCP RANGE LIST

Level

base

History

level base Appears in 6.0.0
level other deprecated in 6.0.0
name Appears in 6.0.0
FORMAT Appears in 9.0.0

Description

List ranges.

Usage

config dhcp range list

Format

section_line

Returns

list of ranges in the form :
pos=num name=[<object name>|None] begin=ip end=ip[ gate=<hostname> | ip]

Example

CONFIG DHCP RANGE LIST
pos=1 name="dhcp_range" begin=10.2.20.21 end=10.2.20.254 gate=gw1
CONFIG DHCP RANGE REMOVE

Level

network+modify

History

pos deprecated in 6.0.0
name Appears in 6.0.0
level changes from other,modify to network,modify in 9.0.0

Description

Delete a DHCP range.

Usage

config dhcp range remove name=<object name> | begin=<ip address> only if name=None

Returns

Error code

Example

CONFIG DHCP RANGE REMOVE name=dhcp_range

CONFIG DHCP RELAY

CONFIG DHCP RELAY

Level

base

Description

Configure DHCP relay

CONFIG DHCP RELAY ADVANCED

Level

network+modify

History

Appears in 1.0.0

Description

Set advanced settings : bindaddr

Note

BindAddr must be an object which represents a local IPv4 address of the firewall

Usage

config dhcp relay advanced [BindAddr=(<firewall_ip object>|"")]

Returns

Error code

Example

CONFIG DHCP RELAY ADVANCED BindAddr=Firewall_in
CONFIG DHCP RELAY INTERFACE
CONFIG DHCP RELAY INTERFACE

Level

base

Description

Configure interfaces involved in DHCP relay

CONFIG DHCP RELAY INTERFACE ADD

Level

network+modify

History

Appears in 9.0.0

Description

Add an interface involved in DHCP traffic relaying

Usage

config dhcp relay interface add name=<Interface Name>

Returns

Error code

Example

CONFIG DHCP RELAY INTERFACE ADD name=out
CONFIG DHCP RELAY INTERFACE ALL

Level

network+modify

History

Appears in 9.0.0

Description

Configure DHCP relay to listen on all the interfaces or listen only on interfaces explicitly configured

Usage

config dhcp relay interface all state=(0|1|On|Off)

Returns

Error code

Example

CONFIG DHCP RELAY INTERFACE ALL state=1
CONFIG DHCP RELAY INTERFACE LIST

Level

base

History

Appears in 9.0.0

Description

List configured interfaces involved in DHCP traffic relaying

Usage

config dhcp relay interface list

Format

list

Returns

list all the interfaces involved in DHCP traffic relaying

Implementation notes

load section and print each value

Example

CONFIG DHCP RELAY INTERFACE LIST
In
Out
CONFIG DHCP RELAY INTERFACE REMOVE

Level

network+modify

History

Appears in 9.0.0

Description

Remove an interface involved in DHCP traffic relaying

Usage

config dhcp relay interface remove name=<Interface Name>

Returns

Error code

Example

CONFIG DHCP RELAY INTERFACE REMOVE name=out
CONFIG DHCP RELAY SERVER

Level

network+modify

History

Appears in 9.0.0

Description

Set the DHCP server(s) to which the dhcp requests will be forwarded.

Usage

config dhcp relay server name=<host|range|hostgroup|"">

Returns

Error code

Example

CONFIG DHCP RELAY SERVER name=myhost
CONFIG DHCP RELAY SHOW

Level

base

History

Appears in 9.0.0
BindAddr appears in 1.0.0

Description

Show DHCP relay configuration.

Usage

config dhcp relay show

Returns

[Config]
State=(On|Off)Server=(host|range|network|hostgroup)
InterfaceAll=(0|1)
BindAddr=<host>

Example

CONFIG DHCP RELAY SHOW
[Config]
State=On
Server=myhost
InterfaceAll=0
BindAddr=Firewall_in
CONFIG DHCP RELAY STATE

Level

base

History

Appears in 9.0.0

Description

Get/set DHCP relay state.

Note

Network and Modify level are required to update the state value

Usage

config dhcp relay state [On|Off]

Returns

State=(on|off)

Example

CONFIG DHCP RELAY STATE On
CONFIG DHCP RELAY STATE Off

CONFIG DHCP SERVERS

CONFIG DHCP SERVERS

Level

base

Description

Configure various servers for DHCP clients

CONFIG DHCP SERVERS ADD

Level

network+modify

History

Appears in 6.2.0
level changes from other,modify to network,modify in 9.0.0

Description

Add a server

Usage

config dhcp servers add defaultgateway=<hostname> | dns1=<hostname>| dns2=<hostname> | news=<hostname> | ntp=<hostname> | pop=<hostname> | smtp=<hostname> | tftp=<hostname> | wins=<hostname>

Returns

Error code

Example

CONFIG DHCP SERVERS ADD dns2=dns_2
CONFIG DHCP SERVERS LIST

Level

base

History

level base Appears in 6.0.0
level other deprecated in 6.0.0

Description

List configured servers for DHCP clients.

Usage

config dhcp servers list

Returns

list of servers in the form of server_name=host_object_name pairs

Implementation notes

load section, get s->count and print each value

Example

CONFIG DHCP SERVERS LIST
DefaultGateway=gw2
dns1=dns_1
dns2=dns_2
CONFIG DHCP SERVERS REMOVE

Level

network+modify

History

level changes from other,modify to network,modify in 9.0.0

Description

Remove a server

Usage

config dhcp servers remove defaultgateway | dns1 | dns2 | news | ntp | pop | smtp | tftp | wins

Returns

Error code

Example

CONFIG DHCP SERVERS REMOVE dns2
CONFIG DHCP SHOW

Level

base

Description

Show DHCP configuration.

Usage

config dhcp show

Returns

[Config]
State=(On|Off)[Parameters]

Example

CONFIG DHCP SHOW
[Config]
State=On
[Parameters]
domain-name=my.domain.com
CONFIG DHCP STATE

Level

base

Description

Get/set DHCP state.

Note

Network and Modify level are required to update the state value

Usage

config dhcp state [On|Off]

Returns

State=(on|off)

Example

CONFIG DHCP STATE On
CONFIG DHCP STATE Off

CONFIG DHCP6

CONFIG DHCP6

Level

base

Licence needed:

Service/DHCP

History

Appears in 1.0.0

Description

Command to manage DHCPv6 server and relay.

CONFIG DHCP6 ACTIVATE

Level

network+modify

History

Appears in 1.0.0

Description

Activate DHCPv6 configuration.

Usage

config dhcp6 activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Implementation notes

Run endhcpd script and start service depending on state field

Example

CONFIG DHCP6 ACTIVATE

CONFIG DHCP6 HOST

CONFIG DHCP6 HOST

Level

base

Description

Configure DHCPv6 hosts

CONFIG DHCP6 HOST ADD

Level

network+modify

History

Appears in 1.0.0

Description

Add a host to DHCPv6 server configuration

Usage

config dhcp6 host add name=<hostname> duid=<duid-ll|duid-llt|duid-en>

Returns

Error code

Example

CONFIG DHCP6 HOST ADD name=host2 duid=0:1:0:1:16:61:e:c0:0:d:b4:2:6d:c3
CONFIG DHCP6 HOST LIST

Level

base

History

Appears in 1.0.0

Description

List DHCP server hosts

Usage

config dhcp6 host list

Format

section_line

Returns

list of hosts in the form :
pos=num host=host_object_name duid=<duid-ll|duid-llt|duid-en>

Example

CONFIG DHCP6 HOST LIST
pos=1 host=host6 duid=0:1:0:1:16:61:e:c0:0:d:b4:2:6d:c3
CONFIG DHCP6 HOST REMOVE

Level

network+modify

History

Appears in 1.0.0

Description

Remove a host from DHCPv6 server configuration

Usage

config dhcp6 host remove name=<hostname>

Returns

Error code

Example

CONFIG DHCP6 HOST REMOVE name=host1

CONFIG DHCP6 PARAMETERS

CONFIG DHCP6 PARAMETERS

Level

base

Description

Configure DHCPv6 server global parameters

CONFIG DHCP6 PARAMETERS ADD

Level

network+modify

History

Appears in 1.0.0

Description

Add a global parameter to DHCPv6 server

Usage

config dhcp6 parameters add domain-name=<name> | default-ltime=<seconds> | max-ltime=<seconds> | min-ltime=<seconds> | wpad=Off|On | custom-option1=<name>,<id>,(str|ip|ipv6|iparray|ipv6array),(<string>|<host name>|<host6 name>|<hostgroup name>|<hostgroup6 name>) | custom-option2=<name>,<id>,(str|ip|ipv6|iparray|ipv6array),(<string>|<host name>|<host6 name>|<hostgroup name>|<hostgroup6 name>)

Returns

Error code

Implementation notes

non documented parameters : port=number : fix another port for dhcp server (must be superior to 1024) authoritative=Off|On : act as an authoritative dhcp server.default valueis Off ping-check=Off|On : send an icmp echo before attributing ip address. default is On wpad=Off|On : activate web proxy autoconfiguration discovery

Example

CONFIG DHCP6 PARAMETERS ADD domain-name=my.domain.com
CONFIG DHCP6 PARAMETERS LIST

Level

network

History

Appears in 1.0.0

Description

List DHCPv6 server global parameters and options

Usage

config dhcp6 parameters list

Returns

[Parameters]
domain-name=domain name for clients
default-ltime=default lease time for clients
min-ltime=minimum lease time for clients
max-ltime=maximum lease time for clients

Implementation notes

non documented returns (printed only if thers is an entry in configuration file): port=number : listening port for dhcp server (superiore to 1024 if not default) authoritative=Off|On : act as an authoritative dhcp server.default valueis Off ping-check=Off|On : send an icmp echo before attributing ip address. default is On

Example

CONFIG DHCP PARAMETERS LIST
[Parameters]
domain-name=my.domain.com
CONFIG DHCP6 PARAMETERS REMOVE

Level

network+modify

History

Appears in 1.0.0

Description

Remove a global parameter from DHCPv6 server

Usage

config dhcp6 parameters remove domain-name
default-ltime
min-ltime
max-ltime
wpad

Returns

Error code

Implementation notes

non documented parameters : authoritative ping-check port=number

Example

CONFIG DHCP6 PARAMETERS REMOVE domain-name

CONFIG DHCP6 RANGE

CONFIG DHCP6 RANGE

Level

base

Description

Configure ranges of IPv6 addresses.

CONFIG DHCP6 RANGE ADD

Level

network+modify

History

Appears in 1.0.0

Description

Add a DHCP IPv6 range.

Usage

config dhcp6 range add name=<rangename>

Returns

Error code

Example

CONFIG DHCP6 RANGE ADD name=dhcp6_range
CONFIG DHCP6 RANGE LIST

Level

base

History

Appears in 1.0.0

Description

List DHCP IPv6 ranges.

Usage

config dhcp6 range list

Format

section_line

Returns

list of ranges in the form :
pos=num name=<object name> begin=ipv6 end=ipv6

Example

CONFIG DHCP6 RANGE LIST
pos=1 name="dhcp_range" begin=2001:deca::10 end=2001:deca::20
CONFIG DHCP6 RANGE REMOVE

Level

network+modify

History

Appears in 1.0.0

Description

Delete a DHCP6 range.

Usage

config dhcp6 range remove name=<object name>

Returns

Error code

Example

CONFIG DHCP6 RANGE REMOVE name=dhcp6_range

CONFIG DHCP6 RELAY

CONFIG DHCP6 RELAY

Level

base

Description

Configure DHCPv6 relay

CONFIG DHCP6 RELAY FWDINTERFACE
CONFIG DHCP6 RELAY FWDINTERFACE

Level

base

Description

Configure DHCPv6 servers side interfaces

CONFIG DHCP6 RELAY FWDINTERFACE ADD

Level

network+modify

History

Appears in 1.0.0

Description

Add a server side interface involved in DHCPv6 traffic relaying

Usage

config dhcp6 relay fwdinterface add name=<Interface Name>

Returns

Error code

Example

CONFIG DHCP6 RELAY FWDINTERFACE ADD name=in
CONFIG DHCP6 RELAY FWDINTERFACE LIST

Level

base

History

Appears in 1.0.0

Description

List configured server side interfaces involved in DHCPv6 traffic relaying

Usage

config dhcp6 relay fwdinterface list

Format

list

Returns

list all the server side interfaces involved in DHCPv6 traffic relaying

Implementation notes

load section and print each value

Example

CONFIG DHCP6 RELAY FWDINTERFACE LIST
In
Out
CONFIG DHCP6 RELAY FWDINTERFACE REMOVE

Level

network+modify

History

Appears in 1.0.0

Description

Remove a server side interface involved in DHCPv6 traffic relaying

Usage

config dhcp6 relay fwdinterface remove name=<Interface Name>

Returns

Error code

Example

CONFIG DHCP6 RELAY FWDINTERFACE REMOVE name=in
CONFIG DHCP6 RELAY RCVINTERFACE
CONFIG DHCP6 RELAY RCVINTERFACE

Level

base

Description

Configure DHCPv6 clients side interfaces

CONFIG DHCP6 RELAY RCVINTERFACE ADD

Level

network+modify

History

Appears in 1.0.0

Description

Add a client side interface involved in DHCPv6 traffic relaying

Usage

config dhcp6 relay rcvinterface add name=<Interface Name>

Returns

Error code

Example

CONFIG DHCP6 RELAY RCVINTERFACE ADD name=in
CONFIG DHCP6 RELAY RCVINTERFACE LIST

Level

base

History

Appears in 1.0.0

Description

List configured client side interfaces involved in DHCPv6 traffic relaying

Usage

config dhcp6 relay rcvinterface list

Format

list

Returns

list all the client side interfaces involved in DHCPv6 traffic relaying

Implementation notes

load section and print each value

Example

CONFIG DHCP6 RELAY RCVINTERFACE LIST
In
Out
CONFIG DHCP6 RELAY RCVINTERFACE REMOVE

Level

network+modify

History

Appears in 1.0.0

Description

Remove a client side interface involved in DHCPv6 traffic relaying

Usage

config dhcp6 relay rcvinterface remove name=<Interface Name>

Returns

Error code

Example

CONFIG DHCP6 RELAY RCVINTERFACE REMOVE name=in
CONFIG DHCP6 RELAY SERVER

Level

network+modify

History

Appears in 1.0.0

Description

Set the DHCPv6 server(s) to which the dhcp requests will be forwarded.

Usage

config dhcp6 relay server name=<host6|range6|hostgroup6|"">

Returns

Error code

Example

CONFIG DHCP6 RELAY SERVER name=myhost
CONFIG DHCP6 RELAY SHOW

Level

base

History

Appears in 1.0.0

Description

Show DHCPv6 relay configuration.

Usage

config dhcp6 relay show

Returns

[Config]
State=(On|Off)Server=(host|range|network|hostgroup)

Example

CONFIG DHCP6 RELAY SHOW
[Config]
State=On
Server=myhost
CONFIG DHCP6 RELAY STATE

Level

base

History

Appears in 1.0.0

Description

Get/set DHCPv6 relay state.

Note

Network and Modify level are required to update the state value

Usage

config dhcp6 relay state [On|Off]

Returns

State=(on|off)

Example

CONFIG DHCP6 RELAY STATE On
CONFIG DHCP6 RELAY STATE Off

CONFIG DHCP6 SERVERS

CONFIG DHCP6 SERVERS

Level

base

Description

Configure various servers for DHCPv6 clients

CONFIG DHCP6 SERVERS ADD

Level

network+modify

History

Appears in 1.0.0

Description

Add a server

Usage

config dhcp6 servers add dns1=<hostname>| dns2=<hostname>

Returns

Error code

Example

CONFIG DHCP6 SERVERS ADD dns2=dns_2
CONFIG DHCP6 SERVERS LIST

Level

base

History

Appears in 1.0.0

Description

List configured servers for DHCPv6 clients.

Usage

config dhcp6 servers list

Returns

list of servers in the form of server_name=host_object_name pairs

Example

CONFIG DHCP6 SERVERS LIST
dns1=dns_1
dns2=dns_2
CONFIG DHCP6 SERVERS REMOVE

Level

network+modify

History

Appears in 1.0.0

Description

Remove a server

Usage

config dhcp6 servers remove name=dns1 | dns2

Returns

Error code

Example

CONFIG DHCP6 SERVERS REMOVE dns2
CONFIG DHCP6 SHOW

Level

base

History

Appears in 1.0.0

Description

Show DHCPv6 configuration.

Usage

config dhcp6 show

Returns

[Config]
State=(On|Off)[Parameters]

Example

CONFIG DHCP6 SHOW
[Config]
State=On
[Parameters]
domain-name=my.domain.com
CONFIG DHCP6 STATE

Level

base

History

Appears in 1.0.0

Description

Get/set DHCPv6 state.

Note

Network and Modify level are required to update the state value

Usage

config dhcp6 state [On|Off]

Returns

State=(on|off)

Example

CONFIG DHCP6 STATE On
CONFIG DHCP6 STATE Off

CONFIG DNS

CONFIG DNS

Level

base

History

LICENCE deprecated in 6.0.0

Description

Command to manage DNS cache.

CONFIG DNS ACTIVATE

Level

network+modify

History

CANCEL Appears in 6.0.0
NEXTBOOT Appears in 6.0.0
level changes from other,modify to network,modify in 9.0.0

Description

Activate DNS configuration.

Usage

config dns activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Implementation notes

Run endns script and start service depending on state field

Example

CONFIG DNS ACTIVATE
CONFIG DNS ADVANCED

Level

network+modify

Licence needed:

Service/DNS

History

LICENCE Appears in 6.0.0
randomServerOrder Appears in 6.1.0
level changes from other,modify to network,modify in 9.0.0
ipsend appears in 9.1.0

Description

Set advanced settings : automatic redirect, and cache size.

Usage

config dns advanced [redirect=On|Off] [randomServerOrder=On|Off] [cacheSize=size of cache in bytes] [ipsend=ip|firewall host object]

Returns

Error code

Implementation notes

Redirect add nat rules like tproxyd

Example

CONFIG DNS ADVANCED redirect=On

CONFIG DNS CLIENT

CONFIG DNS CLIENT

Level

base

Licence needed:

Service/DNS

History

LICENCE Appears in 6.0.0

Description

Configure clients.

CONFIG DNS CLIENT ADD

Level

network+modify

History

level changes from other,modify to network,modify in 9.0.0

Description

Add a DNS cache single client or many clients IP addresses.

Usage

config dns client add <host | range | network | hostgroup>

Returns

Error code

Example

CONFIG DNS CLIENT ADD Network_in
CONFIG DNS CLIENT LIST

Level

base

History

level changes from other to base in 9.0.0

Description

List authorized clients.

Usage

config dns client list

Returns

list of authorized clients in the form :
position=host_object_name

Implementation notes

Client might be a host, range, network or group. At least, it can be an ip or part of an ip address. Position is here only to facilitate removal of clients. Note that 127.0.0.1 is an implicit client.

Example

CONFIG DNS CLIENT LIST
1="Network_in"
2="Network_dmz"
CONFIG DNS CLIENT REMOVE

Level

network+modify

History

pos deprecated in 6.0.0
level changes from other,modify to network,modify in 9.0.0

Description

Delete a DNS cache client.

Usage

config dns client remove <object name>

Returns

Error code

Example

CONFIG DNS CLIENT REMOVE Network_in

CONFIG DNS SERVER

CONFIG DNS SERVER

Level

base

Description

Configure servers which will receive request from firewall.

CONFIG DNS SERVER ADD

Level

network+modify

History

ip deprecated in 6.0.0
hostname Appears in 6.0.0
level changes from other,modify to network,modify in 9.0.0

Description

Add a DNS cache server (default position is end of list).

Usage

config dns server add <hostname> [pos=<position>]

Returns

Error code

Implementation notes

server might be an host or an hostgroup.

Example

CONFIG DNS SERVER ADD dns_1
CONFIG DNS SERVER LIST

Level

base

History

level changes from other to base in 9.0.0

Description

List DNS cache servers.

Usage

config dns server list

Returns

list of servers in the form :
position=host_object_name

Implementation notes

load section, get s->count and print each value

Example

CONFIG DNS SERVER LIST
[Server]
1="dns_1"
2="dns_2"
CONFIG DNS SERVER REMOVE

Level

network+modify

History

ip deprecated in 6.0.0
hostname Appears in 6.0.0
level changes from other,modify to network,modify in 9.0.0

Description

Remove a DNS cache server from list.

Usage

config dns server remove <hostname>

Returns

Error code

Example

CONFIG DNS SERVER REMOVE dns_1
CONFIG DNS SHOW

Level

base

Description

Show DNS configuration.

Usage

config dns show

Returns

[Config]
State=on|off[Advanced]
redirect=on|offcacheSize=sizecacheMaxSize=size

Example

CONFIG DNS SHOW
[Config]
State=On
[Advanced]
redirect=Off
cacheSize=999424
cacheMaxSize=5000000
randomServerOrder=On
ipsend=Firewall_in
CONFIG DNS STATE

Level

base

Licence needed:

Service/DNS

Description

Get/set DNS state.

Note

Network and Modify levels are required to update the state value

Usage

config dns state [On|Off]

Returns

State=(on|off)

Example

CONFIG DNS STATE On
CONFIG DNS STATE Off
CONFIG DOWNLOAD

Level

base

Description

Download a file from firewall

Note

Additionnal rights may be needed to read files:
wpad.dat: contentfilter
app_user_req, rej_user_req, ldapmaps, keytab: user
app_cert_req, rej_cert_req: pki
custom_disclaimer.html, disclaimer.pdf: admin
index-logo.jpg, custom.css: admin
httpproxy_blockpage0,httpproxy_blockpage1,httpproxy_blockpage2,httpproxy_blockpage3

Usage

config download <custom.css|index-logo.jpg|httpproxy_blockpage0|httpproxy_blockpage1|httpproxy_blockpage2|httpproxy_blockpage3|algorithm|vpntunnel|ldapmaps|app_user_req|rej_user_req|app_cert_req|rej_cert_req|keytab|wpad.dat|custom_disclaimer.html|disclaimer.pdf>

Returns

The requested file

Implementation notes

Only allowed files can be downloaded

Example

CONFIG DOWNLOAD httpproxy_blockpage2

CONFIG FILTER

CONFIG FILTER

Level

base

Description

Managing filtering rules

CONFIG FILTER ACTIVATE

Level

filter|globalfilter+modify

History

level globalfilter added in 9.0.0

Description

Activate current filter slot

Usage

config filter activate

CONFIG FILTER CHECK

Level

filter_read

History

Appears in 9.0.0

Description

Check the current (non-activated) filtering rules

Usage

config filter check type=(filter|nat) index=<policy_idx> [output=(plain|xml)] [global=(0|1)]

Format

section_line

CONFIG FILTER DEFAULT

Level

filter|globalfilter+modify

History

Appears in 9.0.0

Description

Reset a filtering/NAT policy to its default settings

Usage

config filter default index=<policy_idx> type=(filter|nat) [global=(0|1)]

CONFIG FILTER EXPLICIT

Level

filter_read

History

'output' appears in 9.0.0
'type' appears in 9.0.0
'global' appears in 9.0.0
Pagination appears in 9.0.0
level changes from filter to filter_read in 9.0.0

Description

List explicit rules

Usage

config filter explicit index=<policy_idx> type=(filter|nat) [output=(plain|xml)] [global=(0|1)] [useclone=(0|1)] [start=<int> [limit=<int>] [dir=(ASC|DESC)] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=(0|1)]]

Format

list

CONFIG FILTER IMPLICIT

Level

filter_read

History

'output' appears in 9.0.0
level changes from filter to filter_read in 9.0.0

Description

List implicit rules

Usage

config filter implicit [output=(plain|xml)]

Format

list

CONFIG FILTER MANAGE

Level

filter+modify

History

plugin Appears in 6.0.0
implicit Appears in 6.0.0
fwdefault Appears in 6.0.0
option authd_int for services Appears in 6.0.0
option authd_ext for services Appears in 6.0.0
option httpproxy for services Appears in 6.0.0
option smtpproxy for services Appears in 6.0.0
option pop3proxy for services Appears in 6.0.0
option Xvpnd_int for services Appears in 6.0.0
option Xvpnd_ext for services Appears in 6.0.0
option authd for services deprecated in 6.0.0
option proxy for services deprecated in 6.0.0
option webserver for services deprecated in 7.0.0
option sshd for services Appears in 7.0.0
option httpproxy for services removed in 9.0.0
option smtpproxy for services removed in 9.0.0
option pop3proxy for services removed in 9.0.0
option ftpproxy for services removed in 9.0.0
option xvpnd_int for services removed in 9.0.0
option xvpnd_ext for services removed in 9.0.0
option webadmin for services appears in 9.0.0
checkroute appears in 9.1.0
option Bootps for services appears in 1.0.0
option SslVPN for services appears in 1.0.0
option Rtadv for services appears in 1.0.0
option DHCP6 for services appears in 1.0.0
ipstate appears in 1.0.0
plugin and fwdefault become optional in 1.0.0

Description

Buildfilter config

Usage

config filter manage implicit=(0|1) [plugin=(0|1)] [fwdefault=(0|1)] [ipstate=(0|1)] [checkroute=(0|1)] [services=[authd_int],[authd_ext],[dns],[dialup],[ha],[ident],[pptp],[serverd],[sshd],[vpn],[webadmin],[bootps],[sslvpn],[rtadv],[dhcp6]]

Implementation notes

plugin : attach/unattach plugins on firewall outgoing connections implicit : enable/disable firewall services rules fwdefault : enable/disable firewall outgoing default rules checkroute: enable/disable checking online status of PBR routers ipstate : enable/disable ipstate flag on outgoing rules

Example

CONFIG FILTER MANAGE plugin=1 implicit=1 fwdefault=1 ipstate=1 checkroute=1 services=dialup,dns,ha,ident,pptp,serverd,sshd,vpn,authd_int,webadmin,bootps,sslvpn

CONFIG FILTER RULE

CONFIG FILTER RULE

Level

filter|globalfilter

History

Appears in 9.0.0

Description

Filtering rule handling

CONFIG FILTER RULE ADDSEP

Level

filter|globalfilter+modify

History

Appears in 9.0.0

Description

Add/update separator

Usage

config filter rule addsep index=<policy_idx> type=(filter|nat) color=<hex> comment=<string> collapse=(0|1)
[position=<digit>] (default: end of list)
[global=(0|1)] (default: 0)
[update=(0|1)] (default: 0)

CONFIG FILTER RULE COLLAPSE

Level

filter|globalfilter+modify

History

Appears in 9.0.0

Description

Collapse/uncollapse all separators

Usage

config filter rule collapse index=<policy idx> type=(filter|nat) action=(all|none)
[global=(0|1)] (default: 0)

CONFIG FILTER RULE COPY

Level

filter|globalfilter+modify

History

Appears in 9.0.0

Description

Copy one or many rule(s)

Usage

config filter rule copy index=<policy idx> type=(filter|nat) position=<line>
[global=(0|1)] (default: 0)
[to=<rule id>] (default: end of list)
[nb=<number of rules to copy>] (default: 1)

CONFIG FILTER RULE INSERT

Level

filter|globalfilter+modify

History

Appears in 9.0.0

Description

Insert a new rule before the rule with the given position

Usage

config filter rule insert index=<policy idx> type=(filter|nat) state=(on|off) action=(pass|block|deleg|reset|log|decrypt|nat)
srctarget=(any|<objectname>[,<objectname>[,...]]) dsttarget=(any|<objectname>[,<objectname>[,...]])
[global=(0|1)] (default: 0)
[position=<digit>] (default: insert at the end of the rule list)
[output=(plain|xml)]
And any rule tokens accepted by CONFIG FILTER RULE UPDATE.

Format

section_line

CONFIG FILTER RULE MOVE

Level

filter|globalfilter+modify

History

Appears in 9.0.0

Description

Move one or many rule(s)

Usage

config filter rule move index=<policy idx> type=(filter|nat) position=<line>
[global=(0|1)] (default: 0)
[to=<rule id>] (default: end of list)
[nb=<number of rules to move>] (default: 1)

CONFIG FILTER RULE REMOVE

Level

filter|globalfilter+modify

History

Appears in 9.0.0

Description

Remove one or all filtering rule(s)

Usage

config filter rule remove index=<policy idx> type=(filter|nat) position=(all|<digit>)
[global=(0|1)] (default: 0)

CONFIG FILTER RULE UPDATE

Level

filter|globalfilter+modify

History

Appears in 9.0.0
ipstate appears in 9.0.2

Description

Update a filtering rule

Usage

config filter rule update index=<policy idx> type=(filter|nat) position=<digit>
[output=(plain|xml)] (default: plain)
[global=(0|1)] (default: 0)
[state=(on|off)]
[action=(pass|block|deleg|reset|log|decrypt|nat)]
[loglevel=(none|log|minor|major)]
[count=(on|off)]
[rate=(""|<tcp>,<udp>,<icmp>,<request>)]
[synproxy=(on|off)]
[settos=(""|<1-254>)]
[qosid=(""|<qid name>)]
[qosfairness=(""|state|user|host)]
[route=(""|<hostname>|<ipaddr>)]
[inspection=(firewall|ids|ips)]
[antivirus=(on|off)]
[antispam=(on|off)]
[proxycache=(on|off)]
[ftpfiltering=(on|off)]
[urlfiltering=(""|<0-9>)] (URL policy index)
[mailfiltering=(""|<0-9>)] (Mail policy index)
[sslfiltering=(""|<0-9>)] (SSL policy index)
[fwservice=(""|httpproxy|webportal)]
[webportalexcept=(""|urlgroup[,urlgroup[,urlgroup[,...]]])]
[schedule=(anytime|<time object>)]
[securityinspection=(""|<0-9>)] (ASQ config index)
[tos=(""|<1-254>)]
[ipstate=(on|off)]
[ipproto=(any|<IP protocol name>)] (for instance, TCP, UDP, ICMP, etc)
[icmptype=(""|<0-255>)][icmpcode=(""|<0-255>)][proto=(auto|none|<app protocol name>)] (for instance, HTTP, FTP, etc)
[srcuser=(""|any|unknown|[!]<user>|[!]<usergroup>)]
[srctarget=(any|[!]<objectname>[,<objectname>[,<objectname>[,...]]])]
[srcportop=(eq|ne|gt|lt)]
[srcport=(any|<objectservice>[,<objectservice>[,<objectservice>[,...]]])]
[srcif=(any|<interface name>)]
[via=(any|sslvpn|httpproxy|ipsec|sslproxy|none)]
[dsttarget=(any|[!]<objectname>[,<objectname>[,<objectname>[,...]]])]
[dstportop=(eq|ne|gt|lt)]
[dstport=(any|<objectservice>[,<objectservice>[,<objectservice>[,...]]])]
[dstif=(any|<interface name>)]
[natsrctarget=(""|original|<object name>)] (empty value to disable nat on source)
[natsrclb=(none|roundrobin|srchash|connhash|random)]
[natsrcarp=(on|off)]
[natsrcportop=(eq|ne|gt|lt)]
[natsrcport=(original|<objectservice>|<port range>)]
[natsrcportlb=(none|random)]
[natdsttarget=(""|original|<object name>)] (empty value to disable nat on destination)
[natdstlb=(none|roundrobin|srchash|connhash|random)]
[natdstarp=(on|off)]
[natdstportop=(eq|ne|gt|lt)]
[natdstport=(original|<objectservice>|<port range>)]
[natdstportlb=(none|roundrobin|srchash|connhash|random)]
[beforevpn=(on|off)]
[comment=<string>]
[rulename=<string>]

Format

section_line

CONFIG FILTER SHOW

Level

filter_read

History

sshd config Appears in 7.0.0
level changes from filter to filter_read in 9.0.0

Description

Dump buildfilter config

Usage

config filter show [output=xml]

Returns

[Config]
Plugin=0|1
Implicit=0|1
FwDefault=0|1
CheckRoute=0|1
Ipstate=0|1

[Services]
Pptp=0|1
HA=0|1
Vpn=0|1
Dns=0|1
Dialup=0|1
Ident=0|1
Serverd=0|1
Sshd=0|1
Authd_int=0|1
Authd_ext=0|1
WebAdmin=0|1
Bootps=0|1
SslVPN=0|1
Rtadv=0|1
DHCP6=0|1

[Plugin]
DNS=0|1
FTP=0|1
HTTP=0|1
IMAP4=0|1
POP3=0|1
SMTP=0|1
SSH=0|1
Telnet=0|1
NNTP=0|1
SSL=0|1

[Global]
StrictUsers=0|1

CONFIG GLOBAL

CONFIG GLOBAL

Level

base

History

Appears in 6.0.0

Description

Global configuration

CONFIG GLOBAL OBJECT

CONFIG GLOBAL OBJECT

Level

base

History

Appears in 6.0.0

Description

Global object administration

Note

most of the code is shared with CONFIG.OBJECT

Invalid name for objects are:
Firewall_*
Network_*
broadcast
anonymous
any

object commands update object configuration files and serverd memory structure

CONFIG GLOBAL OBJECT GET

Level

base

History

Appears in 9.0.0

Description

Return a unique global object from its name

Usage

config global object get type=<host|range|network|group|protocol|time|service|servicegroup> name=<objname>

Format

section_line

Returns

Return one line with the global object properties:
[Object]
type=host modify=<0|1> global=<0|1> comment=<comment> name=<hostname> ip=<ip> ipv6=<ipv6> resolve=<static|dynamic>
type=range modify=<0|1> global=<0|1> comment=<comment> name=<rangename> begin=<firstip> end=<lastip> beginv6=<firstipv6> endv6=<lastipv6>
type=network modify=<0|1> global=<0|1> comment=<comment> name=<rangename> ip=<ip> mask=<netmask> prefixlen=<ipv4 prefix len> ipv6=<ipv6> prefixlenv6=<ipv6 prefix len>
type=protocol modify=<0|1> global=<0|1> comment=<comment> name=<protocolname> protonumber=<ip protocol number>
type=service modify=<0|1> global=<0|1> comment=<comment> name=<servicename> port=<port> toport=<""|lastport> proto=<protocolname>
type=time modify=<0|1> global=<0|1> comment=<comment> name=<timename> time=<time> weekday=<weekdays> yearday=<yearday> date=<date>
type=group modify=<0|1> global=<0|1> comment=<comment> name=<groupname>
type=servicegroup modify=<0|1> global=<0|1> comment=<comment> name=<groupname>
...

Example

config global object get type=host name=mycomputer
[Object]
type=host modify=1 global=1 comment="" name=mycomputer ip=10.0.0.0 ipv6=fe80::1 resolve=static

CONFIG GLOBAL OBJECT GROUP
CONFIG GLOBAL OBJECT GROUP

Level

base

History

Appears in 6.0.0

Description

Global object groups administration

Note

most of the code is shared with CONFIG.GLOBAL.OBJECT.SERVICEGROUP

CONFIG GLOBAL OBJECT GROUP ADDTO

Level

globalobject+modify

History

Appears in 6.0.0added position arg in 9.0.0

Description

Add object to global group

Note

node might be an object or a group
this command returns an error if:
"group" or "node" don't exist
"node" is an object already included in "group"
"node" is an object included in a subgroup of "group"
"node" is a group and contains common element(s) with "group"
"node" is a group and contains an other group which contains "group"(it creates a loop)
"node" is a group and contains an other group which has common element(s) with "group" or another node

Usage

config global object group addto group=<groupname> node=<node to add name> [pos=<position>]

Example

CONFIG GLOBAL OBJECT GROUP ADDTO group=group1 node=host1
CONFIG GLOBAL OBJECT GROUP CHECK

Level

globalobject

History

Appears in 6.1.0
level globalobject Appears in 6.1.3
level object deprecated in 6.1.3
FORMAT Appears in 9.0.0

Description

Check global object group

Usage

config global object group check name=<group name>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

CONFIG GLOBAL OBJECT GROUP CHECK name=group1
[Configuration]
module=Filter slot=04 line=1
CONFIG GLOBAL OBJECT GROUP DELETE

Level

globalobject+modify

History

force Appears in 6.1.0

Description

Delete global object group

Note

returns an error if no group with this name exists

Usage

config global object group delete name=<groupname> [force=1]

Example

CONFIG GLOBAL OBJECT GROUP DELETE name=group1
CONFIG GLOBAL OBJECT GROUP NEW

Level

globalobject+modify

History

Appears in 6.0.0

Description

Create new empty object group

Note

returns an error if a group with identical name exists

Usage

config global object group new name=<groupname> [comment=<group comment>] [update=<0|1>]

Example

CONFIG GLOBAL OBJECT GROUP NEW name=group1
CONFIG GLOBAL OBJECT GROUP REMOVEFROM

Level

globalobject+modify

History

Appears in 6.0.0

Description

Remove global object from group

Note

node might be an object or a group
this command returns an error if :
"group" or "node" don't exist
"node" is not in "group"

Usage

config global object group removefrom group=<groupname> node=<node to remove name>

Example

CONFIG GLOBAL OBJECT GROUP REMOVEFROM group=group1 node=host1
CONFIG GLOBAL OBJECT GROUP SHOW

Level

base

History

Appears in 6.0.0
FORMAT Appears in 9.0.0
all disapears in 9.0.0

Description

Show one object group

Usage

config global object group show name=<groupname> [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]

Format

section_line

Returns

[<groupname>]
name=<nodename>...

Example

CONFIG GLOBAL OBJECT GROUP SHOW name=group1
[group1]
name=host1
CONFIG GLOBAL OBJECT HOST
CONFIG GLOBAL OBJECT HOST

Level

base

History

Appears in 6.0.0

Description

Global host object administration

CONFIG GLOBAL OBJECT HOST CHECK

Level

globalobject

History

Appears in 6.1.0
level globalobject Appears in 6.1.3
level object deprecated in 6.1.3
FORMAT Appears in 9.0.0

Description

Check global host object

Usage

config global object host check name=<hostname>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

CONFIG GLOBAL OBJECT HOST CHECK name=host1
[Configuration]
module=DNS section=Servers
module=Filter slot=04 line=1
module=DHCP section=Server
CONFIG GLOBAL OBJECT HOST DELETE

Level

globalobject+modify

History

force Appears in 6.1.0

Description

Remove global host object

Note

command returns an error code if :
no object is found.
object is in a group

Usage

config global object host delete name=<hostname> [force=1]

Example

CONFIG GLOBAL OBJECT HOST DELETE name=host1
CONFIG GLOBAL OBJECT HOST NEW

Level

globalobject+modify

History

Appears in 6.0.0

Description

Add global host object

Note

For single host at least one ip (v4 or v6) must be specified
For range at least one begin and end (v4 or v6) must be specified
Without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.

Usage

config global object host new name=<hostname> [ip=<ipaddress>] [ipv6=<ipv6address>] [type=router|server|host] [resolve=static|dynamic|manual] [mac=xx:xx:xx:xx:xx:xx] [color=xxxxxx] [localfirst=0|1] [comment=<comment>] [update=<0|1|2>]
name=<rangename> [begin=<range first ip> end=<range last ip>] [beginv6=<range first ipv6> endv6=<range last ipv6>] [color=xxxxxx] [localfirst=0|1] [comment=<comment>] [update=<0|1|2>]

Example

CONFIG GLOBAL OBJECT HOST NEW name=host4 ip=10.0.0.1 resolve=static comment="Global IPv4 only host" mac=11:22:33:44:55:66
CONFIG GLOBAL OBJECT HOST NEW name=host6 ipv6=fe80::1 resolve=static comment="Global IPv6 only host"
CONFIG GLOBAL OBJECT HOST NEW name=host46 ip=10.0.0.1 ipv6=fe80::1 resolve=static comment="Global IPv4v6 host"
CONFIG GLOBAL OBJECT HOST NEW name=range4 begin=10.0.0.1 end=10.0.0.10 comment="Global IPv4 only range"
CONFIG GLOBAL OBJECT HOST NEW name=range6 beginv6=fe80::1 endv6=fe80::10 comment="Global IPv6 only range"
CONFIG GLOBAL OBJECT HOST NEW name=range46 begin=10.0.0.1 end=10.0.0.10 beginv6=fe80::1 endv6=fe80::10 comment="Global IPv4v6 range"
CONFIG GLOBAL OBJECT NETWORK
CONFIG GLOBAL OBJECT NETWORK

Level

base

History

Appears in 6.0.0

Description

Global network object administration

CONFIG GLOBAL OBJECT NETWORK CHECK

Level

globalobject

History

Appears in 6.1.0
level globalobject Appears in 6.1.3
level object deprecated in 6.1.3
FORMAT Appears in 9.0.0

Description

Check global network object

Usage

config global object network check name=<network name>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

CONFIG GLOBAL OBJECT NETWORK CHECK name=network1
[Configuration]
module=DNS section=Clients
module=Filter slot=04 line=1
CONFIG GLOBAL OBJECT NETWORK DELETE

Level

globalobject+modify

History

force Appears in 6.1.0

Description

Remove global network object

Note

command returns an error code if :
no object is found.
object is in a group

Usage

config global object network delete name=<netname> [force=1]

Example

CONFIG GLOBAL OBJECT NET DELETE name=net1
CONFIG GLOBAL OBJECT NETWORK NEW

Level

globalobject+modify

History

Appears in 6.0.0

Description

Add global network object

Note

at least one ip (v4 or v6) must be specified
without update parameter, command will return an error if an object with the same name exists.
0.0.0.0 and 255.255.255.255 IPv4 netmasks are not allowed
/0 and /32 IPv4 prefix len are not allowed
/0 and /128 IPv6 prefix len are not allowed
With update=2, modules which use the object are not reloaded.

Usage

config global object network new name=<netname> [ip=<network IPV4 address> mask=<netmask>|prefixlen=<prefixlen>] [ipv6=<network IPv6 address> prefixlenv6=<prefixlen>] [localfirst=0|1] [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]

Example

CONFIG GLOBAL OBJECT NETWORK NEW name=net0 ip=10.0.0.0 prefixlen=16 localfirst=1 comment="Global IPv4 only network"
CONFIG GLOBAL OBJECT NETWORK NEW name=net1 ip=10.0.0.0 mask=255.0.0.0 localfirst=1 comment="Global IPv4 only network"
CONFIG GLOBAL OBJECT NETWORK NEW name=net2 ipv6=fe80:: prefixlenv6=64 localfirst=1 comment="Global IPv6 only network"
CONFIG GLOBAL OBJECT NETWORK NEW name=net3 ip=10.0.0.0 mask=255.0.0.0 ipv6=fe80:: prefixlenv6=64 localfirst=1 comment="Global IPv4v6 network"
CONFIG GLOBAL OBJECT PROTOCOL
CONFIG GLOBAL OBJECT PROTOCOL

Level

base

History

Appears in 6.0.0

Description

Global protocol object administration

Note

most of the code is shared with CONFIG.GLOBAL.OBJECT.NETWORK and CONFIG OBJECT.HOST

CONFIG GLOBAL OBJECT PROTOCOL CHECK

Level

globalobject

History

Appears in 6.1.0
level globalobject Appears in 6.1.3
level object deprecated in 6.1.3
FORMAT Appears in 9.0.0

Description

Check global protocol object

Usage

config global object protocol check name=<protocol name>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

CONFIG GLOBAL OBJECT PROTOCOL CHECK name=proto1
[Configuration]
module=Filter slot=04 line=1
CONFIG GLOBAL OBJECT PROTOCOL DELETE

Level

globalobject+modify

History

force Appears in 6.1.0

Description

Delete global protocol object

Note

this command returns an error code if :
no object is found.
object is in a group

Usage

config global object protocol delete name=<protocolname> [force=1]

Example

CONFIG GLOBAL OBJECT PROTOCOL DELETE name=chaos
CONFIG GLOBAL OBJECT PROTOCOL NEW

Level

globalobject+modify

History

Appears in 6.0.0
value replaced by protonumber in 9.0.0

Description

Add global protocol object

Note

Without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.

Usage

config global object protocol new name=<protocolname> protonumber=<IP protocol number> [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]

Example

CONFIG GLOBAL OBJECT PROTOCOL NEW name=chaos protonumber=16 color=123456 comment="CHAOS protocol"
CONFIG GLOBAL OBJECT RENAME

Level

globalobject+modify

History

Appears in 9.0.0

Description

Rename global objects

Note

rename all the occurences of old_objname to new_objname in the configuration files
this command returns an error code if :
old objname is not found.
new objname already exists.

Usage

config global object rename type=<host|range|network|service|time|group|servicegroup> oldname=<old_objname> newname=<new_objname>

Example

config global object rename type=host oldname=foo newname=bar
CONFIG GLOBAL OBJECT SERVICE
CONFIG GLOBAL OBJECT SERVICE

Level

base

History

Appears in 6.0.0

Description

Global service object administration

Note

most of the code is shared with CONFIG.GLOBAL.OBJECT.NETWORK and CONFIG OBJECT.HOST

CONFIG GLOBAL OBJECT SERVICE CHECK

Level

globalobject

History

Appears in 6.1.0
level globalobject Appears in 6.1.3
level object deprecated in 6.1.3
FORMAT Appears in 9.0.0

Description

Check global service object

Usage

config global object service check name=<service name>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

CONFIG GLOBAL OBJECT SERVICE CHECK name=service1
[Configuration]
module=Filter slot=04 line=1
CONFIG GLOBAL OBJECT SERVICE DELETE

Level

globalobject+modify

History

force Appears in 6.1.0

Description

Delete global service object

Note

this command returns an error code if :
no object is found.
object is in a group

Usage

config global object service delete name=<servicename> [force=1]

Example

CONFIG GLOBAL OBJECT SERVICE DELETE name=dns
CONFIG GLOBAL OBJECT SERVICE NEW

Level

globalobject+modify

History

Appears in 6.0.0
Removed plugin attribute in 9.0.0

Description

Add global service object

Note

Without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.

Usage

config global object service new name=<servicename> port=<port number> proto=<tcp|udp|any> [toport=<porthigh>] [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]

Example

CONFIG GLOBAL OBJECT SERVICE NEW name=dns port=53 proto=tcp comment="DNS service"
CONFIG GLOBAL OBJECT SERVICEGROUP
CONFIG GLOBAL OBJECT SERVICEGROUP

Level

base

History

Appears in 6.0.0

Description

Global service groups administration

Note

most of the code is shared with CONFIG.GLOBAL.OBJECT.OBJECTGROUP

CONFIG GLOBAL OBJECT SERVICEGROUP ADDTO

Level

globalobject+modify

History

Appears in 6.0.0

Description

Add service object to global service group

Note

node must be a service
this command returns an error if:
"group" or "node" don't exist
"node" is an object already included in "group"

Usage

config global object servicegroup addto group=<servicegroup name> node=<node to add name>

Example

CONFIG OBJECT SERVICEGROUP ADDTO group=group1 node=dns
CONFIG GLOBAL OBJECT SERVICEGROUP CHECK

Level

globalobject

History

Appears in 6.1.0
level globalobject Appears in 6.1.3
level object deprecated in 6.1.3
FORMAT Appears in 9.0.0

Description

Check global service group

Usage

config global object servicegroup check name=<service group name>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

CONFIG GLOBAL OBJECT SERVICEGROUP CHECK name=servicegroup1
[Configuration]
module=Filter slot=04 line=1
CONFIG GLOBAL OBJECT SERVICEGROUP DELETE

Level

globalobject+modify

History

force Appears in 6.1.0

Description

Remove service group

Note

returns an error if no group with this name exist

Usage

config global object servicegroup delete name=<servicegroup name> [force=1]

Example

CONFIG GLOBAL OBJECT SERVICEGROUP DELETE name=servicegroup1
CONFIG GLOBAL OBJECT SERVICEGROUP NEW

Level

globalobject+modify

History

Appears in 6.0.0

Description

Create new empty global service group

Note

returns an error if a service group with identical name exists

Usage

config global object servicegroup new name=<servicegroupname> [comment=<servicegroup comment>] [update=<0|1>]

Example

CONFIG GLOBAL OBJECT SERVICEGROUP NEW name=servicegroup1
CONFIG GLOBAL OBJECT SERVICEGROUP REMOVEFROM

Level

globalobject+modify

History

Appears in 6.0.0

Description

Remove service object from global service group

Note

node must be a service
this command returns an error if :
"group" or "node" don't exist
"node" is not in "group"

Usage

config global object servicegroup removefrom group=<servicegroup name> node=<node to remove name>

Example

CONFIG OBJECT GLOBAL SERVICEGROUP REMOVEFROM group=servcegroup1 node=dns
CONFIG GLOBAL OBJECT SERVICEGROUP SHOW

Level

base

History

Appears in 6.0.0
FORMAT Appears in 9.0.0
all disappears in 9.0.0

Description

Show global service group

Usage

config global object servicegroup show name=<servicegroup name> [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]

Format

section_line

Returns

[<servicegroup name>]
name=<nodename>...

Example

CONFIG GLOBAL OBJECT SERVICEGROUP SHOW name=web
[web]
name=dns_udp
name=http
name=https

CONFIG GLOBAL OBJECT TIME
CONFIG GLOBAL OBJECT TIME

Level

base

History

Appears in 9.0.0

Description

Global Time object administration

CONFIG GLOBAL OBJECT TIME CHECK

Level

globalobject

History

Appears in 9.0.0

Description

Check global time object

Usage

config global object time check name=<timeobject name>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

config global object host check name=daysoff
[Configuration]
module=Filter slot=04 line=1
CONFIG GLOBAL OBJECT TIME DELETE

Level

globalobject+modify

History

Appears in 9.0.0

Description

Remove global time object

Note

command returns an error code if :
no object is found.

Usage

config global object time delete name=<timeobject name> [force=1]

Example

config global object host delete name=daysoff
CONFIG GLOBAL OBJECT TIME NEW

Level

globalobject+modify

History

Appears in 9.0.0

Description

Add a global time object

Note

Without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.

Usage

config global object time new name=<timeobject name> time=(""|hh:mm-hh:mm[;hh:mm-hh:mm]...) weekday=(""|dow[-dow][;dow[-dow]]...) yearday=(""|mm:dd[-mm:dd][;mm:dd[-mm:dd]]...) date=(""|yyyy:mm:dd[:hh:mm][-yyyy:mm:dd[:hh:mm]]) [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]

Example

config global object time new name=work time=08:00-12:00;14:00-19:00 weekday=1;3;5-7 comment="working hours"
config global object time new name=daysoff yearday=01:01;05:01;05:08;07:14;08:15;11:11;12:25

CONFIG HA

CONFIG HA

Level

base

Description

Configure HA functions

CONFIG HA ACTIVATE

Level

maintenance+modify

Description

Activate HA configuration

Note

May start a full config file sync in order to apply changes also on peers at the same time

Usage

config ha activate

Returns

Error code

Example

CONFIG HA ACTIVATE

CONFIG HA CREATE

Level

maintenance+modify

History

sendarp Appears in 9.0.0
interfaceslipflop appears in 9.0.1
tokentimeout appears in 9.0.4

Description

Initialize an HA cluster

Note

Interfaces are expected to be ethernet or vlan interfaces.

Argument "forward" specifies what list of connected elements must be keptsynchronized between firewalls.
Value "connections" for the argument "forward" means TCP/UDP connections.
Default value for "forward" is All.

Argument "peer_waiting_timeout" indicates how long each firewall must wait at bootbefore considering their peer as offline. is given in seconds.
Default value for "peer_waiting_timeout" is 10s.

Argument "purge_arp" indicates if the ARP table must be purged when the firewallbecomes active (default is 0).

send_arp and send_arp_period defines if an ARP packet must be send periodically by the activefirewall as a reminder for other machines (default: 0, default period: 5s).

If secure is set to 1, connections sync packets will be encrypted. However you may experience reduced performances (default is 0)

nbping indicates how many ICMP requests must be sent once Corosync consider the peer to be dead. This is used to confirm that the Corosync notification wasn't a false-positive due to an overload on the peer. ICMP requests are sent with an interval of 50ms. Set this value to 0 to disable the confirmation mechanism.
interfacesflipflop indicates how long, in milliseconds, non-HA interfaces must go down when the firewall becomes passive. This is intended to reduce issues with the ARP tables of switchs during user-requested HA swaps when using a bridged network configuration. Bringing non-HA interfaces down should force the switchs to flush their ARP tables. This approach does not work with all switchs. (default is 1000, 0 to disable)
tokentimeout indicates how long Corosync must wait when it doesn't get any message from the peer(s). Once this delay is passed, Corosync will notify Stated. Stated will then try to ping the peer. If Stated doesn't get any reply either, the local firewall will become active.

Usage

config ha create password=<ha password> ifname=<interface user name> [ifname2=<interface user name>]
[priority=<0-9999>] [forward=<All|None|Connections|Hosts|Users>]
[waitingpeertimeout=<0-9999>] [purgearp=<0|1>] [sendarp=<0|1>]
[sendarpperiod=<1-9999>] [secure=<0|1>] [nbping=(0-300)]
[interfacesflipflop=<0-20000>] [tokentimeout=<1-99999>]

Returns

Error code

Example

CONFIG HA CREATE password=password ifname=vlan0
CONFIG HA CREATE password=karamba ifname=ethernet3 forward=Connection,Users

CONFIG HA JOIN

Level

maintenance+modify

History

Command appears in 9.0.0

Description

Make the firewall joins an existing HA cluster

Usage

config ha join password=<ha password> ip=<ip master> [priority=<0-9999>]

Returns

Error code

Example

CONFIG HA JOIN password=password ip=192.168.0.1

CONFIG HA SHOW

Level

base

Description

Display firewall HA configuration

Usage

config ha show

Returns

[Global]
State=0|1                     : Is HA activated ?
Initialized=0|1               : HA initialization
Forward=All|None|Connections|Hosts|Users|SIP : synchronized data types (separated by comas)
SendARP=0|1                   : SendARP state
SendARPPeriod=<sec>             : delay (sec) between 2 ARP
Secure=0|1					: Crypto state on the HA link
InterfacesFlipFlop=<0-20000> : How long, in milliseconds, non-HA interfaces must go down when the firewall become passive (0=disabled)

[Communication]
ifname=<interf>              : HA interface
ifname2=<interf>             : HA backup interface

[ICMP]
NbPing=(0-300)               : Number of death confirmation pings
[Corosync]
TokenTimeout=2000            : Timeout for peer loss detection by Corosync (in milliseconds)

Example

CONFIG HA SHOW

CONFIG HA STATE

Level

base

Description

Get/set firewall HA state

Note

Changing state need Ha or Mainteance and Modify levels

Usage

config ha state [on|off]

Returns

Error code

Example

CONFIG HA STATE on

CONFIG HA UPDATE

Level

maintenance|ha+modify

History

sendarp Appears in 9.0.0
sendarpperiod Appears in 9.0.0
purgearp Appears in 9.0.0
forward Appears in 9.0.0
nbping appears in 9.0.0
ip and ip2 removed in 9.0.0
timeout removed in 9.0.0
period removed in 9.0.0
foperiod removed in 9.0.0
level maintenance Appears in 6.0.0
level admin deprecated in 6.0.0
interf2 deprecated in 6.1.0
interf2 Appears in 6.1.2
option serial0 for interf deprecated in 6.1.2
limit removed in 9.0.0
interfacesflipflop appears in 9.0.1
tokentimeout appears in 9.0.4

Description

Update HA configuration

Usage

config ha update [password=<ha password>]
[ifname=<ethernet|vlan>]
[ifname2=(""|<ethernet|vlan>)]
[forward=<All|None|Connections|Hosts|Users>]
[waitingpeertimeout=<0-9999>]
[purgearp=<0-1>]
[sendarp=<0|1>]
[sendarpperiod=<1-9999>]
[secure=<0|1>]
[nbping=(0-300)]
[interfacesflipflop=<0-20000>][tokentimeout=<1-99999>]

Returns

Error code

Example

CONFIG HA UPDATE password=newpassword

CONFIG HA WEIGHT

CONFIG HA WEIGHT

Level

base

Description

Change HA weights on each network interface to influence HA quality computation

CONFIG HA WEIGHT ACTIVATE

Level

maintenance+modify

Description

Activate changes on weights

Usage

config ha weight activate

Returns

Error code

Example

CONFIG HA WEIGHT ACTIVATE
CONFIG HA WEIGHT SHOW

Level

base

Description

Display current weights on network interfaces

Usage

config ha weight show

Returns

[Weights]
ethernet<X>=<0-9999>
ethernet<Y>=<0-9999>
[...]

Example

CONFIG HA WEIGHT SHOW
[Weights]
ethernet0=0
ethernet1=0
ethernet2=100
ethernet3=100
CONFIG HA WEIGHT UPDATE

Level

maintenance+modify

Description

Update a weight on a specific interface

Usage

config ha weight update ifname=<user name> weight=<0-9999>

Returns

Error code

Example

CONFIG HA WEIGHT UPDATE ifname=dmz3 weight=0

CONFIG IPSEC

CONFIG IPSEC

Level

base

History

Appears in 9.0.0

Description

IPsec management

CONFIG IPSEC ACTIVATE

Level

vpn+modify

History

Appears in 9.0.0

Description

Activate/cancel modifications of IPsec configuration

Usage

config ipsec activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Example

CONFIG IPSEC ACTIVATE

CONFIG IPSEC CA

CONFIG IPSEC CA

Level

base

History

Appears in 9.0.0

Description

CA management

CONFIG IPSEC CA ADD

Level

vpn+modify

History

Appears in 9.0.0

Description

Add trusted certificate authority.

Usage

config ipsec ca add name=<caname> [global=<0|1>]

Example

CONFIG IPSEC CA ADD name=myca
CONFIG IPSEC CA LIST

Level

vpn_read

History

Appears in 9.0.0

Description

List trusted certificate authorities

Usage

config ipsec ca list [global=<0|1>]

Format

section_line

Example

CONFIG IPSEC CA LIST
CONFIG IPSEC CA REMOVE

Level

vpn+modify

History

Appears in 9.0.0

Description

Remove trusted certificate authority.

Usage

config ipsec ca remove name=<caname> [global=<0|1>]

Example

CONFIG IPSEC CA REMOVE name=myca

CONFIG IPSEC PEER

CONFIG IPSEC PEER

Level

base

History

Appears in 9.0.0

Description

IPsec peers

CONFIG IPSEC PEER CHECK

Level

vpn_read

History

Appears in 9.0.0

Description

Check if peer is used by policies

Usage

config ipsec peer check name=<profilename> [global=<0|1>]

Example

CONFIG IPSEC PEER CHECK name=mypeer
CONFIG IPSEC PEER LIST

Level

vpn_read

History

Appears in 9.0.0

Description

List IPsec peers

Usage

config ipsec peer list [type=<anonymous|gateway|all>] [global=<0|1>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [sort=<0|1>] [refresh=<0|1>]]

Format

section_line

Example

CONFIG IPSEC PEER LIST type=anonymous
CONFIG IPSEC PEER NEW

Level

vpn+modify

History

Appears in 9.0.0auto mode appears in 9.0.1

Description

Create a new peer

Usage

config ipsec peer new name=<peername> method=<psk|pki|xauth|xauth_pki> [mode=<auto|main|aggressive>] dst=<host|any> src=<host|any> conf=<phase1profile> [comment=<str>] [backuppeer=<peername>] [global=<0|1>] [responderonly=<0|1>] [natt=<none|auto|force>] [checkmode=<strict|claim|obey|exact>] [(dpd_mode=<off|passive|low|high>) | (dpd_mode=manual dpd_delay=<num> dpd_retry=<num> dpd_maxfail=<num>)] [ike_frag=<0|1>] [sharedsa=<0|1>] [backupmode=<temporary|permanent>] [specific mandatory/optionnal tokens for this peer type]
PSK TOKEN
[identifier=<user_fqdn|fqdn|ip>] [psk=<[peerid,]key>]
psk is forbiden for anonymous peer.
psk can be specified in roadwarrior psks instead of here.
PKI TOKEN
cert=<certname> [peercert=<certname>] [sendcert=<0|1>] [sendcr=<0|1>]
XAUTH/XAUTH_PKI TOKEN
cert=<certname>

Implementation notes

If mode is not defined, it is calculated automatically according to type and identifier.

Example

CONFIG IPSEC PEER NEW name=mypeer type=pki dst=host1 src=Firewall_Out conf=myph1 cert=mycert
CONFIG IPSEC PEER REMOVE

Level

vpn+modify

History

Appears in 9.0.0

Description

Remove IPsec peer if not used

Usage

config ipsec peer remove name=<profilename> [global=<0|1>]

Example

CONFIG IPSEC PEER name=mypeer
CONFIG IPSEC PEER SHOW

Level

vpn_read

History

Appears in 9.0.0

Description

Show information about peer

Usage

config ipsec peer show name=<peername> [global=<0|1>]

Example

CONFIG IPSEC PEER SHOW name=mypeer
CONFIG IPSEC PEER UPDATE

Level

vpn+modify

History

Appears in 9.0.0auto mode appears in 9.0.1

Description

Update a peer

Usage

config ipsec peer update name=<peername> [method=<psk|pki|xauth|xauth_pki>] [mode=<auto|main|aggressive>] [dst=<host|any>] [src=<host|any>] [responderonly=<0|1>] [natt=<none|auto|force>] [checkmode=<strict|claim|obey|exact>] [(dpd_mode=<off|passive|low|high>) | (dpd_mode=manual dpd_delay=<num> dpd_retry=<num> dpd_maxfail=<num>)] [ike_frag=<0|1>] [sharedsa=<0|1>] [identifier=<user_fqdn|fqdn|ip>] [peercert=<certname>] [cert=<certname>] [sendcert=<0|1>] [sendcr=<0|1>] [psk=<[id_peer,]key>] [conf=<phase1profile>] [comment=<str>] [backuppeer=<peername>] [backupmode=<temporary|permanent>][global=<0|1>]

Implementation notes

If token 'peer' is any, it can't be changed to a host and vice versa. Modification of identifier can change automatically mode. Anonymous peers have responderonly set to 1.

Example

CONFIG IPSEC PEER UPDATE name=mypeer natt=force

CONFIG IPSEC POLICY

CONFIG IPSEC POLICY

Level

base

History

Appears in 9.0.0

Description

IPsec policy

CONFIG IPSEC POLICY GATEWAY
CONFIG IPSEC POLICY GATEWAY

Level

base

History

Appears in 9.0.0

Description

IPsec gateway policy

CONFIG IPSEC POLICY GATEWAY ADD

Level

vpn+modify

History

Appears in 9.0.0

Description

Add gateway-gateway policy. To add bypass policy, peer must be 'none'.

Usage

config ipsec policy gateway add slot=<1-10> state=<on|off> local=<object|all> remote=<object|all> (peer=<peername> conf=<phase2profile> | peer=none) [proto=<any|tcp|udp|icmp>] [keepalive=<0|30|60|120|300|600>] [comment=<str>] [position=<pos>] [global=<0|1>]

Example

CONFIG IPSEC POLICY GATEWAY ADD slot=01 state=on local=net_remote remote=host_remote peer=mypeer conf=myph2
CONFIG IPSEC POLICY GATEWAY ADDSEP

Level

vpn+modify

History

Appears in 9.0.0

Description

Add/update separator

Usage

config ipsec policy gateway addsep slot=<1-10> color=<hexa color> collapse=<0|1> comment=<str> [update=<0|1>] [position=<pos>] [global=<0|1>]

Example

CONFIG IPSEC POLICY GATEWAY ADDSEP slot=01 position=5 color="#557788" collapse=0 comment="a comment"
CONFIG IPSEC POLICY GATEWAY COLLAPSE

Level

vpn+modify

History

Appears in 9.0.0

Description

Collapse/uncollapse all separators

Usage

config ipsec policy gateway collapse slot=<1-10> action=<all|none> [global=<0|1>]

Example

CONFIG IPSEC POLICY GATEWAY COLLAPSE slot=01 action=all
CONFIG IPSEC POLICY GATEWAY LIST

Level

vpn_read

History

Appears in 9.0.0

Description

List gateway-gateway policies and separators

Usage

config ipsec policy gateway list slot=<1-10> [useclone=<0|1>] [global=<0|1>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]

Format

section_line

Example

CONFIG IPSEC POLICY GATEWAY LIST slot=01
CONFIG IPSEC POLICY GATEWAY MOVE

Level

vpn+modify

History

Appears in 9.0.0

Description

Move gateway-gateway policy or seperator

Usage

config ipsec policy gateway move slot=<1-10> position=<pos> offset=<+/-num> [global=<0|1>]

Example

CONFIG IPSEC POLICY GATEWAY MOVE slot=01 position=1 offset=-1
CONFIG IPSEC POLICY GATEWAY REMOVE

Level

vpn+modify

History

Appears in 9.0.0

Description

Remove gateway-gateway policy or separator

Usage

config ipsec policy gateway remove slot=<1-10> position=<pos> [global=<0|1>]

Example

CONFIG IPSEC POLICY GATEWAY REMOVE slot=01 position=1
CONFIG IPSEC POLICY GATEWAY UPDATE

Level

vpn+modify

History

Appears in 9.0.0

Description

Update gateway-gateway policy

Usage

config ipsec policy gateway update slot=<1-10> position=<pos> [state=<on|off>] [local=<object|all>] [remote=<object|all>] [peer=<peername|none>] [conf=<phase2profile>] [proto=<any|tcp|udp|icmp>] [keepalive=<0|30|60|120|300|600>] [comment=<str>] [global=<0|1>]

Example

CONFIG IPSEC POLICY GATEWAY UPDATE slot=01 position=1 proto=tcp
CONFIG IPSEC POLICY MOBILE
CONFIG IPSEC POLICY MOBILE

Level

base

History

Appears in 9.0.0

Description

IPsec mobile policy

CONFIG IPSEC POLICY MOBILE ADD

Level

vpn+modify

History

Appears in 9.0.0

Description

Add mobile policy. All mobile policies must have the same anonymous peer. Only one mobile policy can use mode config.

Usage

config ipsec policy mobile add slot=<1-10> state=<on|off> local=<object|all|any> remote=<object|all|any> peer=<peername> conf=<phase2profile> [proto=<any|tcp|udp|icmp>] [keepalive=<0|30|60|120|300|600>] [modeconfig=<0|1>] [comment=<str>] [position=<pos>] [global=<0|1>]

Example

CONFIG IPSEC POLICY MOBILE ADD slot=01 state=on local=net_remote remote=any peer=myanonymouspeer conf=myph2
CONFIG IPSEC POLICY MOBILE ADDSEP

Level

vpn+modify

History

Appears in 9.0.0

Description

Add/update separator

Usage

config ipsec policy mobile addsep slot=<1-10> color=<hexa color> collapse=<0|1> comment=<str> [update=<0|1>] [position=<pos>] [global=<0|1>]

Example

CONFIG IPSEC POLICY MOBILE ADDSEP slot=01 position=5 color="#557788" collapse=0 comment="a comment"
CONFIG IPSEC POLICY MOBILE COLLAPSE

Level

vpn+modify

History

Appears in 9.0.0

Description

Collapse/uncollapse all separators

Usage

config ipsec policy mobile collapse slot=<1-10> action=<all|none> [global=<0|1>]

Example

CONFIG IPSEC POLICY MOBILE COLLAPSE slot=01 action=all
CONFIG IPSEC POLICY MOBILE GETPEER

Level

vpn_read

History

Appears in 9.0.0

Description

Get peer used by all mobile policies

Usage

config ipsec policy mobile getpeer slot=<1-10> [global=<0|1>]

CONFIG IPSEC POLICY MOBILE LIST

Level

vpn_read

History

Appears in 9.0.0

Description

List mobile policies and separators

Usage

config ipsec policy mobile list slot=<1-10> [global=<0|1>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]

Format

section_line

Example

CONFIG IPSEC POLICY MOBILE LIST slot=01
CONFIG IPSEC POLICY MOBILE MOVE

Level

vpn+modify

History

Appears in 9.0.0

Description

Move mobile policy or separator

Usage

config ipsec policy mobile move slot=<1-10> position=<pos> offset=<+/-num> [global=<0|1>]

Example

CONFIG IPSEC POLICY MOBILE MOVE slot=01 position=1 offset=-1
CONFIG IPSEC POLICY MOBILE REMOVE

Level

vpn+modify

History

Appears in 9.0.0

Description

Remove mobile policy or seperator

Usage

config ipsec policy mobile remove slot=<1-10> position=<pos> [global=<0|1>]

Example

CONFIG IPSEC POLICY MOBILE REMOVE slot=01 position=1
CONFIG IPSEC POLICY MOBILE SETPEER

Level

vpn+modify

History

Appears in 9.0.0

Description

Update peer used by all mobile policies

Usage

config ipsec policy mobile setpeer slot=<1-10> peer=<peername> [global=<0|1>]

Example

CONFIG IPSEC POLICY MOBILE SETPEER slot=01 peer=peerx
CONFIG IPSEC POLICY MOBILE UPDATE

Level

vpn+modify

History

Appears in 9.0.0

Description

Update mobile policy

Usage

config ipsec policy mobile update slot=<1-10> position=<pos> [state=<on|off>] [local=<object|all|any>] [remote=<object|all|any>] [peer=<peername>] [conf=<phase2profile>] [proto=<any|tcp|udp|icmp>] [keepalive=<0|30|60|120|300|600>] [modeconfig=<0|1>] [comment=<str>] [global=<0|1>]

Example

CONFIG IPSEC POLICY MOBILE UPDATE slot=01 position=1 proto=tcp

CONFIG IPSEC PROFILE

CONFIG IPSEC PROFILE

Level

base

History

Appears in 9.0.0

Description

IPsec profiles

CONFIG IPSEC PROFILE PHASE1
CONFIG IPSEC PROFILE PHASE1

Level

base

History

Appears in 9.0.0

Description

IPsec phase 1 profiles

CONFIG IPSEC PROFILE PHASE1 ADDPROP

Level

vpn+modify

History

Appears in 9.0.0

Description

Add a proposition

Usage

config ipsec profile phase1 addprop name=<profilename> enc=<algo[/size]> auth=<algo[/size]> [dh=<dh>] [position=<pos>] [update=<0|1>] [global=<0|1>]

Implementation notes

no position => add at the endposition == 1 => add a the beginning

Example

CONFIG IPSEC PROFILE PHASE1 ADDPROP name=myp1 enc=aes/256 auth=sha1 dh=3
CONFIG IPSEC PROFILE PHASE1 CHECK

Level

vpn_read

History

Appears in 9.0.0

Description

Check if profile is used by peers

Usage

config ipsec profile phase1 check name=<profilename> [global=<0|1>]

Example

CONFIG IPSEC PROFILE PHASE1 CHECK name=myp1
CONFIG IPSEC PROFILE PHASE1 GETDEFAULT

Level

vpn_read

History

Appears in 9.0.0

Description

Get default phase1 profile

Usage

config ipsec profile phase1 getdefault [global=<0|1>]

Example

CONFIG IPSEC PROFILE PHASE1 GETDEFAULT
CONFIG IPSEC PROFILE PHASE1 LIST

Level

vpn_read

History

Appears in 9.0.0

Description

List phase 1 profiles

Usage

config ipsec profile phase1 list [global=<0|1>]

Format

section_line

Example

CONFIG IPSEC PROFILE PHASE1 LIST
CONFIG IPSEC PROFILE PHASE1 MOVEPROP

Level

vpn+modify

History

Appears in 9.0.0

Description

Move a proposition

Usage

config ipsec profile phase1 moveprop name=<profilename> position=<pos> offset=<+/-num> [global=<0|1>]

Example

CONFIG IPSEC PROFILE PHASE1 REMOVEPROP name=myp1 position=2 offset=+1
CONFIG IPSEC PROFILE PHASE1 NEW

Level

vpn+modify

History

Appears in 9.0.0

Description

Create IPsec phase 1 profile

Usage

config ipsec profile phase1 new name=<profilename> defaultdh=<dh> [lifetime=<seconds>] enc=<algo[/size]> auth=<algo[/size]> [dh=<dh>] [comment=<str>] [global=<0|1>]

Example

CONFIG IPSEC PROFILE PHASE1 NEW name=myph1 defaultdh=1 enc=aes/128 auth=md5
CONFIG IPSEC PROFILE PHASE1 REMOVE

Level

vpn+modify

History

Appears in 9.0.0

Description

Remove IPsec phase 1 profile if not used

Usage

config ipsec profile phase1 remove name=<profilename> [global=<0|1>]

Example

CONFIG IPSEC PROFILE PHASE1 REMOVE name=myph1
CONFIG IPSEC PROFILE PHASE1 REMOVEPROP

Level

vpn+modify

History

Appears in 9.0.0

Description

Remove a proposition

Usage

config ipsec profile phase1 removeprop name=<profilename> position=<pos> [global=<0|1>]

Example

CONFIG IPSEC PROFILE PHASE1 REMOVEPROP name=myp1 position=2
CONFIG IPSEC PROFILE PHASE1 SETDEFAULT

Level

vpn+modify

History

Appears in 9.0.0

Description

Set default phase1 profile

Usage

config ipsec profile phase1 setdefault name=<profilename> [global=<0|1>]

Example

CONFIG IPSEC PROFILE PHASE1 SETDEFAULT name=myp1
CONFIG IPSEC PROFILE PHASE1 SHOW

Level

vpn_read

History

Appears in 9.0.0

Description

Show information about phase 1

Usage

config ipsec profile phase1 show name=<profilename> [global=<0|1>]

Format

section_line

Example

CONFIG IPSEC PROFILE PHASE1 SHOW name=myph1
CONFIG IPSEC PROFILE PHASE1 UPDATE

Level

vpn+modify

History

Appears in 9.0.0

Description

Update default dh, lifetime or comment

Usage

config ipsec profile phase1 update name=<profilename> [defaultdh=<dh>] [lifetime=<seconds>] [comment=<str>] [global=<0|1>]

Implementation notes

lifetime == 0 => remove lifetime

Example

CONFIG IPSEC PROFILE PHASE1 UPDATE name=myp1 lifetime=21600
CONFIG IPSEC PROFILE PHASE2
CONFIG IPSEC PROFILE PHASE2

Level

base

History

Appears in 9.0.0

Description

IPsec phase 2 profiles

CONFIG IPSEC PROFILE PHASE2 CHECK

Level

vpn_read

History

Appears in 9.0.0

Description

Check if profile is used by peers

Usage

config ipsec profile phase2 check name=<profilename> [global=<0|1>]

Example

CONFIG IPSEC PROFILE PHASE2 CHECK name=myph2
CONFIG IPSEC PROFILE PHASE2 GETDEFAULT

Level

vpn_read

History

Appears in 9.0.0

Description

Get default phase2 profile

Usage

config ipsec profile phase2 getdefault [global=<0|1>]

Example

CONFIG IPSEC PROFILE PHASE2 GETDEFAULT
CONFIG IPSEC PROFILE PHASE2 LIST

Level

vpn_read

History

Appears in 9.0.0

Description

List phase 2 profiles

Usage

config ipsec profile phase2 list [global=<0|1>]

Format

section_line

Example

CONFIG IPSEC PROFILE PHASE2 LIST
CONFIG IPSEC PROFILE PHASE2 NEW

Level

vpn+modify

History

Appears in 9.0.0
replaywsize appears in 9.0.5

Description

Create IPsec phase 2 profile

Usage

config ipsec profile phase2 new name=<profilename> enc=<algo[/size],algo[/size],...> auth=<algo[/size],algo[/size],...> [pfs=<dh>] [lifetime=<seconds>] [replaywsize=<from 0 to 524280 in steps of 8>] [comment=<str>] [global=<0|1>]

replaywsize: 0 deactivate anti-replay protection

Example

CONFIG IPSEC PROFILE PHASE2 NEW name=myph2 pfs=1 enc=aes/256,aes/128 auth=md5
CONFIG IPSEC PROFILE PHASE2 REMOVE

Level

vpn+modify

History

Appears in 9.0.0

Description

Remove IPsec phase 2 profile if not used

Usage

config ipsec profile phase2 remove name=<profilename> [global=<0|1>]

Example

CONFIG IPSEC PROFILE PHASE2 REMOVE name=myph2
CONFIG IPSEC PROFILE PHASE2 SETDEFAULT

Level

vpn+modify

History

Appears in 9.0.0

Description

Set default phase2 profile

Usage

config ipsec profile phase2 setdefault name=<profilename> [global=<0|1>]

Example

CONFIG IPSEC PROFILE PHASE2 SETDEFAULT name=myp1
CONFIG IPSEC PROFILE PHASE2 SHOW

Level

vpn_read

History

Appears in 9.0.0

Description

Show information about phase 2

Usage

config ipsec profile phase2 show name=<profilename> [global=<0|1>]

Example

CONFIG IPSEC PROFILE PHASE2 SHOW name=myph2
CONFIG IPSEC PROFILE PHASE2 UPDATE

Level

vpn+modify

History

Appears in 9.0.0
replaywsize appears in 9.0.5

Description

Update phase 2 profile

Usage

config ipsec profile phase2 update name=<profilename> [enc=<algo[/size],algo[/size],...>] [auth=<algo[/size],algo[/size],...>] [pfs=<dh>] [lifetime=<seconds>] [replaywsize=<from 0 to 524280 in steps of 8>] [comment=<str>] [global=<0|1>]
replaywsize: 0 deactivate anti-replay protection

Example

CONFIG IPSEC PROFILE PHASE2 UPDATE name=myph2 lifetime=21600
CONFIG IPSEC PROPERTY

Level

vpn_read

History

Appears in 9.0.0

Description

Display global information about IPsec for this firewall.

Usage

config ipsec property

Format

section_line

Example

CONFIG IPSEC PROPERTY

CONFIG IPSEC PSK

CONFIG IPSEC PSK

Level

base

History

Appears in 9.0.0

Description

Preshared keys management

CONFIG IPSEC PSK ADD

Level

vpn+modify

History

Appears in 9.0.0

Description

Adds a key of update it if exists

Usage

config ipsec psk add id=<id> psk=<hex value> [global=<0|1>]

Returns

Error code

Example

CONFIG IPSEC PSK ADD id=toto psk=0x01010101 global=1
CONFIG IPSEC PSK LIST

Level

vpn_read

History

Appears in 9.0.0

Description

Lists keys

Usage

config ipsec psk list [global=<0|1>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [sort=<0|1>] [refresh=<0|1>]]

Format

section_line

Returns

id=<id> psk=<hex value> global=<0|1>

Example

CONFIG IPSEC PSK LIST
id="10.60.3.101" psk="0x61646D696E61646D696E"
id="admin@global.conf" psk="0x61646D696E61646D696E"
CONFIG IPSEC PSK REMOVE

Level

vpn+modify

History

Appears in 9.0.0

Description

Dels a key

Usage

config ipsec psk remove id=<id> [global=<0|1>]

Returns

Error code

Example

CONFIG IPSEC PSK REMOVE id=testkey
CONFIG IPSEC SHOW

Level

vpn_read

History

Appears in 9.0.0

Description

Display global information about a slot

Usage

config ipsec show slot=<1-10> [global=<0|1>]

Example

CONFIG IPSEC SHOW slot=01
CONFIG IPSEC UPDATE

Level

vpn+modify

History

Appears in 9.0.0
CRLrequired appears in 9.0.1
cfg_domain appears in 9.0.1

Description

Update global information about a slot

Usage

config ipsec update slot=<1-10> [cfg_dns=<host>] [cfg_domain=<domain1,domain2,...>] [useoldsa=<0|1>] [retry=<num>] [interval=<num>] [ph1delay=<num>] [ph2delay=<num>] [bindall=<0|1>] [certNID=<num>] [LdapField=<str>] [CRLrequired=<0|1>] [UACServCert=<0|1>][global=<0|1>]
- cfg_domain: 32 domains max

Example

CONFIG IPSEC UPDATE slot=01 dnscfg=host5

CONFIG KEY

CONFIG KEY

Deprecated

Level

base

History

Appears in 6.0.0
deprecated in 9.0.0

Description

Keys management

CONFIG KEY ADD

Deprecated

Level

vpn+modify

History

Appears in 6.0.0
deprecated in 9.0.0

Description

Adds a key

Usage

config key add (type=psk name=<keyname> (fqdn=<fqdn>|user_fqdn=<user_fqdn>|address=<address>) psk=<Hexadecimal presharedkey>) | (type=static name=<keyname> key=<Hexadecimal statickey>)

Returns

Error code

Example

CONFIG KEY ADD type=psk name=testkey fqdn=toto.netasq.com psk=0x63646364
CONFIG KEY LIST

Deprecated

Level

vpn

History

Appears in 6.0.0
deprecated in 9.0.0

Description

Lists keys with type filter (optional)

Usage

config key list [type=psk|static]

Returns

[PSK]
Id=[ADDRESS|FQDN|USER_FQDN],<identifier>,<hex value>
[Static_VPN]

Example

CONFIG KEY LIST type=psk
[PSK]
fw_peer=ADDRESS,fwpeer_obj,0x61616161
fw_other=ADDRESS,192.168.2.2,0x666F6F626172
otherpeer=FQDN,other.example.com,0x6364636463646364
CONFIG KEY REMOVE

Deprecated

Level

vpn+modify

History

Appears in 6.0.0
deprecated in 9.0.0

Description

Dels a key

Usage

config key remove type=psk|static name=<keyname>

Returns

Error code

Example

CONFIG KEY REMOVE type=psk name=testkey

CONFIG LDAP

CONFIG LDAP

Level

base

Description

LDAP management functions

CONFIG LDAP ACTIVATE

Level

admin+modify

History

Appears in 9.0.0

Description

Activate the LDAP server with lastest configuration

Note

You can not do a "ACTIVATE NEXTBOOT" if you initialize a local or remote server

Usage

config ldap activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Implementation notes

Execute ensl

Example

CONFIG LDAP ACTIVATE
CONFIG LDAP CHECK

Level

base

History

add possibility to check any LDAP server in 9.0.0

Description

Try to connect to the LDAP server, but perform no operation. If there are no argument, this command checks the ldap configuration on firewall, else checks ldap server specified by arguments.

Usage

config ldap check [host=<Host IP> basedn=<Base DN> [port=<Port>] [user=<LDAP User> [password=<LDAP password>] [auth=Simple|SSL] [version=2|3]]]

Returns

Error code

Implementation notes

Just try to bind by libfwldap, and return the error code.

Example

CONFIG LDAP CHECK
CONFIG LDAP CHECK host="ldap.intranet.int" basedn="o=netasq,dc=fr" user="cn=NetasqAdmin" password="LDAPadmin"
CONFIG LDAP DELMAP

Level

admin+modify

Description

Delete LDAP attributes maps.

Note

All maps will be deleted if no attribute is given.

Usage

config ldap delmap [attribute]

Returns

Error code

Example

CONFIG LDAP DELMAP mail
CONFIG LDAP DELMAP
CONFIG LDAP EXTERNAL

Level

admin+modify

History

firewallid Appears in 6.0.0
cndn Appears in 6.2.3
protectchars Appears in 6.3.0
readonly Appears in 9.0.0
serversdn and serversfilter Appears in 9.0.0
GroupSchema appears in 1.2.0

Description

Specify parameters for an external LDAP server

Note

Internal LDAP base will be destroyed if exists.
usersdn, groupsdn and confdn are required for (resp) users, groups and configs creation.
cacert use external CA to check the LDAP server certificate (in SSL mode)
With SSL mode, the server host name MUST exist in DNS and match certifcate subject name.
Default value for GroupSchema is GroupOfMember.

Usage

config ldap external basedn=<Base DN> host=<Host IP> [port=<Port>] [backuphost=<host IP> [backupport=<Port>]]
[user=<LDAP User> [password=<LDAP password>]] [auth=Simple|SSL] [cacert=<certname>]
[usersdn=<users dn>] [serversdn=<servers dn>] [groupsdn=<groups dn>] [confdn=<config dn>]
[usersfilter=<LDAP filter for users>] [serversfilter=<LDAP filter for servers>]
[groupsfilter=<LDAP filter for groups>] [firewallid=<fwid>] [protectchars=<chars>]
[cndn=0|1] [readonly=0|1] [groupschema=groupofmember|posixgroup]

Returns

Error code

Example

CONFIG LDAP EXTERNAL basedn="o=netasq,dc=fr" host="ldap.intranet.int" user="cn=NetasqAdmin" password="LDAPadmin"
CONFIG LDAP EXTERNAL basedn="o=netasq,dc=fr" host="ldap.intranet.int" user="cn=NetasqAdmin" password="LDAPadmin" auth=SSL cacert="trust_ca"
CONFIG LDAP INITIALIZE

Level

admin+modify

History

firewallid Appears in 6.0.0
db disAppears in 9.0.0

Description

Initialize the local LDAP server

Note

Generate a new internal LDAP database in /usr/Firewall/Data/Ldapbase
Create an database administrator with login "cn=NetasqAdmin" and password valueThe backend is BDB.

Usage

config ldap initialize o=<Organization name> dc=<Domain Country> password=<adminpassword> [firewallid=<fwid>]

Returns

Error code

Example

CONFIG LDAP INITIALIZE o=netasq dc=france password="LDAPAdmin"
CONFIG LDAP PASSWORD

Level

admin+modify

History

firewallid Appears in 6.0.0

Description

Updates the LDAP password

Note

Update password of administrator (NetasqAdmin)

Usage

config ldap password <password>

Returns

Error code

Example

CONFIG LDAP PASSWORD "LdapAdmin"
CONFIG LDAP PUBLIC

Level

admin+modify

Description

Modify local server's access.

Note

Configure LDAP server to public access with SSL or not.
Keyname is a couple key and cert in external certificate list.
Send token "serverkey" empty to disable SSL.

Usage

config ldap public [plain=0|1] [serverkey=<keyname>]

Returns

Error code

Example

The server key is a certificat with its private key present in the PKI.
The name is like : 'authority name:certificate name' 
CONFIG LDAP PUBLIC serverkey='authority:certificate_with_privkey'
CONFIG LDAP SETMAP

Level

base

History

FORMAT Appears in 9.0.0

Description

Set LDAP attributes maps, or shows mappable attributes list if no map given.

Note

Admin and modify flags needed to set a map.

Usage

config ldap setmap <attribute>=<value>

Format

list

Returns

Error code

Example

CONFIG LDAP SETMAP mail=emailaddress
CONFIG LDAP SHOW

Level

base

History

cndn Appears in 6.2.3
readonly Appears in 9.0.0
FORMAT Appears in 9.0.0
GroupSchema appears in 1.2.0

Description

Show the LDAP configuration

Usage

config ldap show

Format

section_line

Returns

The LDAP configuration for internal server:
[LDAP]
o               : Organization.
dc		: Domain country.
state           : ldap daemon state.
method		: Authentication method for new user.
hash		: Hash method for new user password.

firewallid	: optionnal FirewallID for per firewall attributes.
Plain       : Plain acces from network
ServerKey   : X509 Certificate for SSL network access
The LDAP configuration for external server:
[EXT_LDAP]
host		: Server host name.
port		: Server port (default 389 and 636 with SSL).
basedn		: Base dn of LDAP hierarchy.
user		: Login use by Firewall to manage LDAP external server.
fwca		: Distinguished name of the CA certificat use in PKI.
auth		: LDAP protocol (LDAP or LDAPS).
state           : ldap daemon state.
method		: Authentication method for new user.
hash		: Hash method for new user password.
firewallid	: optionnal FirewallID for per firewall attributes.
cndn		: 1 if CN must be used in DNs for config entries.
readonly	: 1 if configuration restricts LDAP access to read only mode.
groupschema	: groupofmember or posixgroup

Example

CONFIG LDAP SHOW
[LDAP]
O=EXAMPLE
Dc=COM
Plain=1
State=1
Method=None
Hash=SSHA
CONFIG LDAP STATE

Level

base

Description

Get/set the status of the LDAP server

Note

Changing state need admin and modify level

Usage

config ldap state [On|Off]

Returns

The state of the server

Example

CONFIG LDAP STATE off
CONFIG LDAP UPDATE

Level

admin+modify

Description

Update the LDAP configuration

Note

method and hash are method used for a new user.
fwca is the path of the CA certificat (Only in an EXTERNAL LDAP database)
FirewallID update does NOT updates LDAP existing objects !

Usage

config ldap update internal LDAP:
[HASH=<hash>] [FWCA=<fwca>] [FirewallID=<firewallid>]
external LDAP:
[HASH=<hash>] [FWCA=<fwca>] [FirewallID=<firewallid>]
[basedn=<Base DN>] [host=<Host IP>] [port=<Port>] [backuphost=<host IP> [backupport=<Port>]]
[user=<LDAP User> [password=<LDAP password>]] [auth=Simple|SSL] [cacert=<certname>]
[usersdn=<users dn>] [serversdn=<servers dn>] [groupsdn=<groups dn>] [confdn=<config dn>]
[usersfilter=<LDAP filter for users>] [serversfilter=<LDAP filter for servers>]
[groupsfilter=<LDAP filter for groups>] [protectchars=<chars>] [cndn=0|1] [ReadOnly=<0|1>]
[groupschema=groupofmember|posixgroup]

Returns

Error code

Example

CONFIG LDAP UPDATE hash=SSHA
CONFIG LDAP UPDATE fwca="cn=autority, ou=cas, o=netasq, dc=fr"
CONFIG LDAP UPDATE FWID=Main_Firewall

CONFIG LOG

CONFIG LOG

Level

base

Description

Log Configuration

CONFIG LOG ACTIVATE

Level

log+modify

History

CANCEL Appears in 6.0.0
NEXTBOOT Appears in 6.0.0
level changes from other,modify to log,modify in 9.0.0

Description

Reload logd configuration

Usage

config log activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Implementation notes

write in ConfigFiles/log and run enasq

Example

CONFIG LOG ACTIVATE
CONFIG LOG ALARM

Level

log+modify

History

BlockOverFlow Appears in 6.1.0
BlockOverFlow moved to CONFIG ASQ LOG ALARM in 9.0.0
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure alarm log

Usage

config log alarm [Full=(0|1|2)] [MaxSize=<Integer>] [Delay=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG ALARM Full=1 MaxSize=13 Delay=3 Syslog=1
CONFIG LOG AUTH

Level

log+modify

History

Full Appears in 6.0.0
MaxSize Appears in 6.0.0
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure authentication log

Usage

config log auth [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG AUTH syslog=1 full=0 maxsize=10
CONFIG LOG AUTH syslog=0 full=0 maxsize=10

CONFIG LOG COMMUNICATION

CONFIG LOG COMMUNICATION

Level

base

Description

Specify if log are sent by SMTP and/or snmp

CONFIG LOG COMMUNICATION EMAIL

Level

log+modify

History

Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0

Description

Specify if log are sent by mail and specify mail recipient

Usage

config log communication email Event=(sysevent|asq) State=(0|1) [SendMinor=(0|1)] [MailGroup=<Mail_Group_Name>]

Returns

Error code

Example

CONFIG LOG COMMUNICATION EMAIL Event=asq State=0 SendMinor=1 MailGroup=MyMailGroup
CONFIG LOG COMMUNICATION SNMP

Level

log+modify

History

Appears in 8.0.0
level changes from other,modify to log,modify in 9.0.0

Description

Specify which log are sent by SNMP (according to the level and the type)

Usage

config log communication snmp Event=(sysevent|asq) State=(0|1) [SendMinor=(0|1)]

Returns

Error code

Example

CONFIG LOG COMMUNICATION SNMP Event=asq State=0 SendMinor=1
CONFIG LOG CONNECTION

Level

log+modify

History

level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure connection log

Usage

config log connection [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG CONNECTION FULL=0 MAXSIZE=20
CONFIG LOG FILTER

Level

log+modify

History

level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure filter log

Usage

config log filter [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG FILTER Full=1 MaxSize=13 Syslog=1
CONFIG LOG FTP

Level

log+modify

History

level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure FTP proxy log

Usage

config log ftp [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG FTP Full=1 MaxSize=15 Syslog=1
CONFIG LOG MONITOR

Level

log+modify

History

Appears in 6.1.0
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure statistical monitoring log

Usage

config log monitor [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG MONITOR syslog=1 full=0 maxsize=12
CONFIG LOG MONITOR syslog=0 full=2 maxsize=12
CONFIG LOG PLUGIN

Level

log+modify

History

level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure Plugins ASQ log

Usage

config log plugin [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG PLUGIN Full=1 MaxSize=12 Syslog=0
CONFIG LOG POP3

Level

log+modify

History

Appears in 6.0.0
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure Pop3 proxy log

Usage

config log pop3 [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG POP3 Full=0 MaxSize=10 Syslog=0
CONFIG LOG PVM

Level

log+modify

History

level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure PVM log

Usage

config log pvm [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG PVM Full=0 MaxSize=12 Syslog=1
CONFIG LOG SERVER

Level

log+modify

History

Full Appears in 6.0.0
MaxSize Appears in 6.0.0
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure server log

Usage

config log server [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG SERVER syslog=1 full=0 maxsize=2
CONFIG LOG SHOW

Level

base

History

Output changed in 7.0.0 to take in account the mail groups
nat statistic disappears in 9.0.0

Description

Dump the log configuration

Usage

config log show

Returns

[EmailSysEvent]
State=1
SendMinor=1
MailGroup=AdminsSys
[EmailASQ]
State=1
SendMinor=1
MailGroup=AdminSecu
[LogConnection]
Full=1
MaxSize=25
Udp=1
Syslog=0
[LogSystem]
Full=0
MaxSize=2
Syslog=0
[LogAlarm]
Full=0
MaxSize=40
Delay=0
Syslog=0
[LogWeb]
Full=1
MaxSize=10
Syslog=0
[LogPlugin]
Full=0
MaxSize=15
Syslog=0
[LogSmtp]
Full=0
MaxSize=8
Syslog=0
[LogFilter]
Full=2
MaxSize=5
Syslog=0
[LogVPN]
Full=1
MaxSize=5
Syslog=0
[LogXVPN]
Full=0
MaxSize=5
Syslog=0
[LogMonitor]
Full=0
MaxSize=1
Syslog=0
[LogPvm]
Full=0
MaxSize=10
Syslog=0
[Statistic]
Filter=15m
Count=15m
Monitor=5m
[LogSsl]
Full=0
MaxSize=4
Syslog=0

Example

CONFIG LOG SHOW
CONFIG LOG SMTP

Level

log+modify

History

level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure Smtp proxy log

Usage

config log smtp [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG SMTP Full=0 MaxSize=12 Syslog=1
CONFIG LOG SSL

Level

log+modify

History

level changes from other,modify to log,modify in 9.0.0
appears in 9.0.0

Description

Configure ssl proxy log

Usage

config log ssl [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG SSL Full=2 MaxSize=14 Syslog=0
CONFIG LOG STAT

Level

log+modify

History

monitor Appears in 6.1.0
nat disappears in 9.0.0
level changes from other,modify to log,modify in 9.0.0

Description

Configure the filter statistic

Usage

config log stat [filter=<string>] [count=<string>] [monitor=<string>]

Returns

Error code

Example

CONFIG LOG STAT filter=1d count=30m monitor=5m
CONFIG LOG SYSTEM

Level

log+modify

History

level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure system log

Usage

config log system [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG SYSTEM Full=1 MaxSize=12 Syslog=0
CONFIG LOG VPN

Level

log+modify

History

level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure VPN log

Usage

config log vpn [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG VPN Full=1 MaxSize=5 Syslog=0
CONFIG LOG WEB

Level

log+modify

History

level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure Web proxy log

Usage

config log web [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG WEB Full=2 MaxSize=14 Syslog=0
CONFIG LOG XVPN

Level

log+modify

History

Appears in 6.0.0
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0

Description

Configure VPN-SSL log

Usage

config log xvpn [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).

Returns

Error code

Example

CONFIG LOG XVPN syslog=1 full=0 maxsize=12
CONFIG LOG XVPN syslog=0 full=2 maxsize=12

CONFIG MAILFILTERING

CONFIG MAILFILTERING

Level

base|contentfilter

History

Appears in 9.0.0

Description

MAIL rules and profile files management

CONFIG MAILFILTERING ACTIVATE

Level

contentfilter+modify

History

Appears in 9.0.0

Description

Activate : Copy all clones in real profiles.

Usage

config mailfiltering activate [CANCEL]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded.

Returns

Error code

Example

CONFIG MAILFILTERING ACTIVATE
CONFIG MAILFILTERING ACTIVATE cancel
CONFIG MAILFILTERING COPY

Level

contentfilter+modify

History

Appears in 9.0.0

Description

Copy profile X to Y

Usage

config mailfiltering copy index=<profile_idx> to=<profile_idx>

Returns

Error code

Example

CONFIG MAILFILTERING COPY index=2 to=3
CONFIG MAILFILTERING DEFAULT

Level

contentfilter+modify

History

Appears in 9.0.0

Description

Set profile X with the default rules

Usage

config mailfiltering default index=<profile_idx>

Returns

Error code

Example

CONFIG MAILFILTERING DEFAULT index=9
CONFIG MAILFILTERING LIST

Level

base

History

Appears in 9.0.0

Description

List the specified profile of MAIL filtering rules. If profile is not specified, then list all the profiles.

Usage

config mailfiltering list [index=<profile_idx>]

Returns

Error code

Example

[index]
name=<policy_name>
lastmod=<last modified date>
comment=blabla

CONFIG MAILFILTERING RULE

CONFIG MAILFILTERING RULE

Level

base|contentfilter

History

Appears in 9.0.0

Description

Manage mailfiltering rules of a profile

CONFIG MAILFILTERING RULE INSERT

Level

contentfilter+modify

History

Appears in 9.0.0

Description

Insert new rule at given line or Insert at the end if no ruleid is define.

Note

ruleid : insert a rule before the line index 'ruleid'

Usage

config mailfiltering rule insert index=<profile_idx> [ruleid=<digit>] state=on|off action=pass|block from=<sender> to=<recipient> [comment=<string>]
Insert at the end if no ruleid is define.
state : enable or disable the rule
index : profile number
ruleid : rule line number
action : action to apply
from : address mail of the sender
to : address mail of the recipient
comment : comment for the rule

Returns

Error code

Example

CONFIG MAILFILTERING RULE INSERT index=0 ruleid=3 action=pass from=*@netasq.com to=* comment="Pass all mail from NETASQ"
CONFIG MAILFILTERING RULE INSERT index=0 ruleid=3 action=block from=*@*spam.com to=*
CONFIG MAILFILTERING RULE MOVE

Level

contentfilter+modify

History

Appears in 9.0.0

Description

Move rule from an line to another line

Usage

config mailfiltering rule move index=<profile_idx> ruleid=<digit> to=<digit>
index : profile number
ruleid : rule line number to move from
to : rule line number to move to

Example

CONFIG MAILFILTERING RULE MOVE index=0 ruleid=2 to=3
CONFIG MAILFILTERING RULE REMOVE

Level

contentfilter+modify

History

Appears in 9.0.0

Description

Remove a rule.

Usage

config mailfiltering rule remove config=<profile_idx>
index : profile number
ruleid : (all|<digit>)

Example

CONFIG MAILFILTERING RULE REMOVE index=0 ruleid=3
CONFIG MAILFILTERING RULE SHOW

Level

contentfilter

History

Appears in 9.0.0

Description

Show all rules of a profile.

Usage

config mailfiltering rule show index=<profile_idx>

Format

section_line

Returns

index=<profile_idx> [ruleid=<digit>] state=on|off action=pass|block from=<sender> to=<recipient> [comment=<string>]

Example

CONFIG MAILFILTERING RULE SHOW index=9
101 code=00a01000 msg="Begin" format="section_line"
ruleid=1 state=on action=pass from=*@netasq.com to=*  comment="bla bla bla ..."
ruleid=2 state=on action=block from=*@*spam* to=* comment=""
100 code=00a01000 msg="Ok"
CONFIG MAILFILTERING RULE UPDATE

Level

contentfilter+modify

History

Appears in 9.0.0

Description

Modify a rule in configuration file at given line.

Usage

config mailfiltering rule update index=<profile_idx> ruleid=<digit> [state=on|off] [action=pass|block] [from=<sender>] [to=<recipient>] [comment=<string>]
state : enable or disable the rule
index : profile number
ruleid : rule line number
action : action to apply
from : address mail of the sender
to : address mail of the recipient
comment : comment for the rule

Example

CONFIG MAILFILTERING RULE UPDATE index=0 ruleid=3 action=block
CONFIG MAILFILTERING RULE UPDATE index=0 ruleid=3 to=*@netasq.com
CONFIG MAILFILTERING UPDATE

Level

contentfilter+modify

History

Appears in 9.0.0

Description

Change name and comment of profile X

Usage

config mailfiltering update index=<profile_idx> [name=<profile name>] [comment=<profile description>]

Returns

Error code

Example

CONFIG MAILFILTERING UPDATE index=9 name="pass all" comment="Just a pass all"

CONFIG NETWORK

CONFIG NETWORK

Level

base

Description

Command to manage network

CONFIG NETWORK ACTIVATE

Level

network+modify

History

Appears in 6.0.0

Description

Activates all network configuration

Usage

config network activate [CANCEL|NEXTBOOT|RESET]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot;
- RESET: changes are activated immediately and resets the protected and activated interface.

Returns

Error code

Implementation notes

Calls ennetwork

Example

CONFIG NETWORK ACTIVATE
CONFIG NETWORK ACTIVATE Reset
CONFIG NETWORK ACTIVATE Cancel
CONFIG NETWORK ACTIVATE Nextboot

CONFIG NETWORK GATEWAY

CONFIG NETWORK GATEWAY

Level

base

History

Appears in 7.0.0

Description

Command to manage gateways

CONFIG NETWORK GATEWAY ACTIVATE

Level

route+modify

History

Appears in 7.0.0

Description

Flush and reload gateways configuration

Usage

config network gateway activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Implementation notes

run enevent

Example

CONFIG NETWORK GATEWAY ACTIVATE
CONFIG NETWORK GATEWAY ADD

Level

route+modify

History

Appears in 7.0.0
Check Appears in 7.0.4
Force appears in 9.0.2
Force deprecated in 9.0.5

Description

Add a new gateway in the corresponding list (principal or backup)

Usage

config network gateway add Host=<Host> Type=(PrincipalGateway|BackupGateway)
[Check=<Host|Group>] [pos=<position> (default: end of list)] [comment=<comment>]

Returns

Error Code

Example

CONFIG NETWORK GATEWAY ADD Host=HOST_ROUTER_NEXT_2 Type=PrincipalGateway Check=HOST_BEHIND_ROUTER_NEXT_2
CONFIG NETWORK GATEWAY IPV6
CONFIG NETWORK GATEWAY IPV6

Level

base

History

Appears in 9.0.1

Description

Command to manage IPv6 gateway

CONFIG NETWORK GATEWAY IPV6 ADD

Level

route+modify

History

Appears in 9.0.1
Type, Check, Pos and Comment appear in 1.0.0

Description

Add an IPv6 gateway

Usage

config network gateway ipv6 add Host=<Host> Type=(PrincipalGateway|BackupGateway)
[Check=<Host|Group>] [pos=<position> (default: end of list)] [comment=<comment>]

Returns

Error code
CONFIG NETWORK GATEWAY IPV6 REMOVE

Level

route+modify

History

Appears in 9.0.1
Host and Type appear in 1.0.0

Description

Remove an IPv6 gateway

Usage

config network gateway ipv6 remove Host=(<Host>|Any) Type=(PrincipalGateway|BackupGateway)

Returns

Error code
CONFIG NETWORK GATEWAY IPV6 SET

Level

route+modify

History

Appears in 1.0.0

Description

Change IPv6 gateway configuration

Usage

config network gateway ipv6 set [Tries=<int>] [Wait=<seconds>] [Frequency=<seconds>] [GatewayThreshold=<int>] [ActivateallBackup=(on|off)]

Returns

Error Code

Example

CONFIG NETWORK GATEWAY IPV6 SET Tries=1 Wait=5 Frequency=10 GatewayThreshold=3 ActivateallBackup=On
CONFIG NETWORK GATEWAY IPV6 SHOW

Level

base

History

Appears in 9.0.1
Format changes in 1.0.0

Description

Show IPv6 gateways and their configuration

Usage

config network gateway ipv6 show

Format

section_line

Returns

[Config]
State=1
GatewayThreshold=1
Tries=3
Wait=5
Frequency=60
ActivateAllBackup=0

[PrincipalGateway]
Pos=1 Host=Host_Default_IPv6Router Check=Host_Behind_Default_Router Comment="default"
Pos=2 Host=Host_Router_Next Comment=""

[BackupGateway]
Pos=1 Host=Host_Bkp_Router Comment=""
Pos=2 Host=Host_Bkp_Router_Next Comment=""
CONFIG NETWORK GATEWAY IPV6 UPDATE

Level

route+modify

History

Appears in 1.0.0

Description

Update a gateway in the list

Usage

config network gateway ipv6 update pos=<position nb> type=(PrincipalGateway|BackupGateway)
[Host=<Host>] [Check=<Host|Group>] [comment=<comment>]

Returns

Error Code

Example

CONFIG NETWORK GATEWAY IPV6 UPDATE pos=3 type=PrincipalGateway Host=HOST_ROUTER_NEXT_2
CONFIG NETWORK GATEWAY REMOVE

Level

route+modify

History

Appears in 7.0.0

Description

Remove a gateway anywhere in the list

Usage

config network gateway remove Host=(<Host>|Any) Type=(PrincipalGateway|BackupGateway)

Returns

Error Code

Example

CONFIG NETWORK GATEWAY REMOVE Host=HOST_ROUTER_NEXT_2 Type=PrincipalGateway
CONFIG NETWORK GATEWAY SET

Level

route+modify

History

Appears in 7.0.0
State deprecated in 9.1.0

Description

Change gateway configuration

Usage

config network gateway set [Tries=<int>] [Wait=<seconds>] [Frequency=<seconds>] [GatewayThreshold=<int>] [ActivateallBackup=(on|off)]

Returns

Error Code

Example

CONFIG NETWORK GATEWAY SET Tries=1 Wait=5 Frequency=10 GatewayThreshold=3 ActivateallBackup=On
CONFIG NETWORK GATEWAY SHOW

Level

base

History

Appears in 7.0.0
Check Appears in 7.0.4

Description

Show complete gateway configuration

Usage

config network gateway show

Format

section_line

Returns

[Config]
State=1
GatewayThreshold=1
Tries=3
Wait=5
Frequency=60
ActivateAllBackup=0

[PrincipalGateway]
Pos=1 Host=Host_Default_Router Check=Host_Behind_Default_Router Comment="default"
Pos=2 Host=Host_Router_Next Comment=""

[BackupGateway]
Pos=1 Host=Host_Bkp_Router Comment=""
Pos=2 Host=Host_Bkp_Router_Next Comment=""
CONFIG NETWORK GATEWAY UPDATE

Level

route+modify

History

Force appears in 9.0.2
Force deprecated in 9.0.5

Description

Update a gateway in the list

Usage

config network gateway update pos=<position nb> type=(PrincipalGateway|BackupGateway)
[Host=<Host>] [Check=<Host|Group>] [comment=<comment>]

Returns

Error Code

Example

CONFIG NETWORK GATEWAY UPDATE pos=3 type=PrincipalGateway Host=HOST_ROUTER_NEXT_2

CONFIG NETWORK INTERFACE

CONFIG NETWORK INTERFACE

Level

base

History

Appears in 6.0.0

Description

Commands to manage interfaces

CONFIG NETWORK INTERFACE ACTIVATE

Level

network+modify

History

Appears in 6.1.0

Description

Activates interfaces configuration

Usage

config network interface activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Implementation notes

Sync clone file then calls ennetwork -i

Example

CONFIG NETWORK INTERFACE ACTIVATE
CONFIG NETWORK INTERFACE ACTIVATE Cancel
CONFIG NETWORK INTERFACE ACTIVATE Nextboot
CONFIG NETWORK INTERFACE ADDRESS
CONFIG NETWORK INTERFACE ADDRESS

Level

base

History

Appears in 6.0.0

Description

Commands to manage interfaces addresses

CONFIG NETWORK INTERFACE ADDRESS ADD

Level

network+modify

History

Appears in 6.0.0
RequestDNS Appears in 6.1.0

Description

Adds an address/mask to an interface

Note

All existing interface addresses and all existing DHCP options will be deleted if address=DHCP specified
Mask must not be specified if address=DHCP
DHCP options will NOT be parsed if address=DHCP is not specified (even if already in DHCP mode)

Usage

config network interface address add ifname=<interface name> (address=<address> mask=<mask> [addresscomment=<comment>] |address=DHCP [dhcpleasetime=<lease time>] [DHCPHostName=<name>] [RequestDNS=<0|1>])

Returns

Error code

Example

CONFIG NETWORK INTERFACE ADDRESS ADD ifname=bridge5 address=192.168.1.1 mask=255.255.255.0
CONFIG NETWORK INTERFACE ADDRESS ADD ifname=bridge5 address=192.168.1.1 mask=255.255.255.0 addresscomment="My Address"
CONFIG NETWORK INTERFACE ADDRESS ADD ifname=bridge5 address=DHCP DHCPLeaseTime=3600 DHCPHostname=netasq
CONFIG NETWORK INTERFACE ADDRESS REMOVE

Level

network+modify

History

Appears in 6.0.0

Description

Removes an address/mask to an interface

Note

Addresses with an higher number will be updated (address5=>address4, etc...).

Usage

config network interface address remove ifname=<interface name> address=<address>

Returns

Error code

Example

CONFIG NETWORK INTERFACE ADDRESS REMOVE ifname=bridge5 address=192.168.1.1
CONFIG NETWORK INTERFACE ADDRESS UPDATE

Level

network+modify

History

Appears in 6.0.0

Description

Updates an address/mask of an interface

Note

Only "real" addresses are allowed. DHCP mode must be set with CONFIG NETWORK INTERFACE ADDRESS ADD command.

Usage

config network interface address update ifname=<interface name> addrnb=<address number> address=<new address> mask=<new mask> [addresscomment=<comment>]

Returns

Error code

Example

CONFIG NETWORK INTERFACE ADDRESS UPDATE ifname=bridge5 addrnb=2 address=192.168.1.2 mask=255.255.255.128
CONFIG NETWORK INTERFACE ADDRESS UPDATE ifname=bridge5 addrnb=2 address=192.168.1.2 mask=255.255.255.128 addresscomment="My Address"
CONFIG NETWORK INTERFACE AGGREGATE

Level

network+modify

History

Appears in 1.0.0

Description

Create an Agg interface from an Ethernet interface

Usage

config network interface aggregate ifname=<Ethernet interface name>

Returns

The new section for the Ethernet interface

Example

[Ethernet1]
State=1
Name=Ethernet_1
Media=0
Color=408080
Agg=agg1
CONFIG NETWORK INTERFACE CAPABILITIES

Level

base

History

Appears in 9.0.4

Description

Indicates what the interfaces are capable of.

Usage

config network interface capabilities

Format

list

Returns

For each interface, indicates a list of capabilities.

Example

[Ethernet1]

[Ethernet2]
EEE

CONFIG NETWORK INTERFACE CHECK

Level

network

History

Appears in 6.2.0
FORMAT Appears in 9.0.0

Description

Checks all generated objects for an interface

Note

if parameter IgnoreGeneratedGroupMembership is set to 1 (default is 0) the usage of the interface through generated groups (Firewall_all, Network_internals) won't be returned

Usage

config network interface check ifname=<interface name> [IgnoreGeneratedGroupMembership=(0|1)]

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

CONFIG NETWORK INTERFACE CHECK ifname=bridge0
CONFIG NETWORK INTERFACE CREATE

Level

network+modify

History

Appears in 6.0.0
DHCPRequestGW and dialdefault deprecated in 7.0.0
Dialtype GPRS appears in 9.0.1
LocalARP (for bridges only) appears in 9.1.2
Interface Agg appears in 1.0.0

Description

Create a new interface

Usage

config network interface create ifname=<interface name> name=<username>
[comment=<comment>] [color=<color>] [type=(0|1|2)]
[DynamicDNS=<existing DynDNS conf>] (if Address=DHCP)
+ specific mandatory/optional tokens=values for interface type

* PARAMETERS FOR VLAN AND AGG INTERFACES:
Protected=(0|1)
[Address=(<IPv4 address>|DHCP) [Mask=<IPv4 mask>]]
[IPv6Address=<IPv6 address|DHCP|SLAAC> [IPv6Mask=(1-128) [eui64=(0|1)]]]
[gateway=<gateway>] [State=(0|1)] [Bridge=<bridge name>]
[FastRoute=(0|1) [KeepVLAN=(0|1)]] (if interface is in a bridge)
[ForwardIPX=(0|1)] (if interface is in a bridge)
[ForwardNetbios=(0|1)] (if interface is in a bridge)
[ForwardAppletalk=(0|1)] (if interface is in a bridge)
[ForwardPPPoE=(0|1)] (if interface is in a bridge)
[ForwardIPv6=(0|1)] (if interface is in a bridge)
[ForwardCustomLLC=0-65535[,0-65535]*] (if interface is in a bridge)
[ForwardCustomEther=0-65535[,0-65535]*] (if interface is in a bridge)
[MTU=(140-MTUmax)] (if interface is NOT in a bridge; MTUmax displayed by SYSTEM PROPERTY)

* PARAMETERS FOR VLAN INTERFACES:
Physical=<eth/wifi/vlan interface name> Tag=(1-4094) [MaxThroughput=<int>]

* PARAMETERS FOR AGG INTERFACES:
Interfaces=<list of aggregated ethernet interfaces>
[MACAddress=xx:xx:xx:xx:xx:xx] (if agg is NOT in a bridge)

* PARAMETERS FOR BRIDGE INTERFACES:
Interfaces=<list of bridged interfaces> [Address=(<IPv4 address>|DHCP) [Mask=<IPv4 mask>]] [IPv6Address=<IPv6 address|DHCP|SLAAC> [IPv6Mask=(1-128)] [eui64=(0|1)]]
[MACAddress=xx:xx:xx:xx:xx:xx] [AddressComment=<comment>] [gateway=<gateway>]
[LocalARP=(0|1)]
[MaxThroughput=<int>]
[MTU=(140-MTUmax)] (MTUmax is displayed by SYSTEM PROPERTY)

* PARAMETERS FOR DIALUP INTERFACES:
DialAuthName=<login> DialAuthKey=<passwd> DialMode=(ddial|auto) DialType=(PPP|L2TP|PPTP|PPPoE|GPRS)
[State=(0|1)] [RequestDNS=(0|1)] [DynamicDNS=<existing DynDNS conf>] [DialIdle=<int>]
[MaxThroughput=<int>]
DialType=PPP DialPhone=<dial number> [DialString=<dial string>]
DialType=L2TP DialL2TPLNS=<server> [DialL2TPSecret=<passwd>] [DialL2TPBackupLNS=<server>] [DialL2TPRedialTimeout=<int>] [DialL2TPMaxRedial=<int>] [DialL2TPLengthBit=(0|1)] [DialL2TPHiddenAVP=(0|1)] [DialL2TPChallengeAuth=<int>]
DialType=PPTP DialModemIP=<ip>
DialType=PPPoE DialInterface=<eth/vlan interface username> [DialService=<service>]
DialType=GPRS DialPhone=<dial number> DialAPN=<string> DialDefPeer=<IP> [DialAPNum=<int>] [DialSimPin=<PIN code>] [DialSimWait=<int>]


Returns

Error code

Implementation notes

INTERFACE GENERIC TOKENS RequestDNS: retrieve the DNS from the remote host MTU: value ... DIALUP GENERIC TOKENS DialAuthname: account login DialAuthkey: account password DialIdle: idle timeout before hang up DialMode: auto/ddial DialType: PPP|PPTP|PPPOE|L2TP DIALUP PPP TOKENS All interface generic and dialup generic tokens apply for PPP dialups DialPhone: phone number DialString: modem initialisation string DIALUP PPTP TOKENS All interface generic and dialup generic tokens apply for PPTP dialups DialModemIP: ip address of the PPTP modem DIALUP PPPOE TOKENS All interface generic and dialup generic tokens apply for PPPOE dialups DialInterface: name of the interface to use to send PPPOE packets DialService: service field (use by ISP to identify group of users)>] DIALUP L2TP TOKENS All interface generic, dialup generic and PPP tokens apply for L2TP dialups DialL2TPLNS: LNS server objectDialL2TPSecret: tunnel shared secret DialL2TPBackupLNS: backup LNS server object DialL2TPRedialTimeout: time between two redials DialL2TPMaxRedial: number of redials DialL2TPLengthBit: use the Length BIT in L2TP packets DialL2TPHiddenAvp: enforce the exchange of sensible data (required a shared secret) DialL2TPChallengeAuth: challenge the authentication of the peer

Example

CONFIG NETWORK INTERFACE CREATE ifname=Vlan0 Name=VLANNetwork Address=DHCP DHCPLeaseTime=3600 Tag=123 MTU=1496 Physical=Ethernet1 Color=C0C0C0 Protected=1 Type=0 Comment="VLAN Network"
CONFIG NETWORK INTERFACE CREATE ifname=bridge0 Name=Bridge Address=192.168.1.1 Mask=255.255.255.0 Interfaces=Ethernet0,VLANNetwork
CONFIG NETWORK INTERFACE CREATE ifname=dialup0 Name=Test DialAuthName=test DialAuthKey=test DialMode=auto DialType=L2TP DialL2TPLNS=lns_host DialL2TPSecret=secret DialL2TPBackupLNS=bckp_lns_host

CONFIG NETWORK INTERFACE IPSEC

Level

network+modify

History

Appears in 9.0.0

Description

Set ipsec networks as internal or not

Note

This command replaces old "InternalPeers" token used in VPN configuration file.

Usage

config network interface ipsec protected=<0|1>

Returns

Error code
CONFIG NETWORK INTERFACE IPV6
CONFIG NETWORK INTERFACE IPV6

Level

base

Description

Commands to manage IPv6 on interfaces

CONFIG NETWORK INTERFACE IPV6 ADDRESS
CONFIG NETWORK INTERFACE IPV6 ADDRESS

Level

base

History

Appears in 9.0.1

Description

Commands to manage IPv6 addresses on interfaces

CONFIG NETWORK INTERFACE IPV6 ADDRESS ADD

Level

network+modify

History

Appears in 9.0.1
dhcpleasetime, DHCPHostName and RequestDNS appear in 1.0.0

Description

Adds an IPv6 address to an interface

Usage

config network interface ipv6 address add ifname=<interface name> (address=<IPv6 address> mask=(1-128) [eui64=(0|1)]
| address=<DHCP|SLAAC> [dhcpleasetime=<lease time>] [DHCPHostName=<name>] [RequestDNS=<0|1>]) [addresscomment=<comment>]

Returns

Error code
CONFIG NETWORK INTERFACE IPV6 ADDRESS REMOVE

Level

network+modify

History

Appears in 9.0.1

Description

Removes an IPv6 address from an interface

Usage

config network interface ipv6 address remove ifname=<interface name> address=<IPv6 address>

Returns

Error code
CONFIG NETWORK INTERFACE IPV6 ADDRESS UPDATE

Level

network+modify

History

Appears in 9.0.1
dhcpleasetime, DHCPHostName and RequestDNS appear in 1.0.0

Description

Updates an IPv6 address of an interface

Usage

config network interface ipv6 address update ifname=<interface name> addrnb=<address number> (address=<new IPv6 address> mask=(1-128) [eui64=(0|1)]
| address=<DHCP|SLAAC> [dhcpleasetime=<lease time>] [DHCPHostName=<name>] [RequestDNS=<0|1>]) [addresscomment=<comment>]

Returns

Error code
CONFIG NETWORK INTERFACE IPV6 ROUTERADV
CONFIG NETWORK INTERFACE IPV6 ROUTERADV

Level

base

History

Appears in 9.0.1

Description

Commands to configure Router Advertisement

CONFIG NETWORK INTERFACE IPV6 ROUTERADV CONFIG

Level

network+modify

History

Appears in 9.0.1
sendprefix and RouterPreference appear in 1.0.0

Description

Configure general parameters for Router Advertisement

Note

if SendPrefix is 0 or not specified, no prefix will be sent at all (even if some IPv6 prefixes are configured)
if RouterPreference is not specified or empty, the default router preference is medium

Usage

config network interface ipv6 routeradv config ifname=<interface name> [state=(on|off|auto)] [sendprefix=(0|1)][MinInterval=<int>] [MaxInterval=[4-1800]] [CurHopLimit=<int>]
[ManagedFlag=(0|1)] [OtherConfigFlag=(0|1)] [RouterLifetime=<int>] [ReachableTime=<int>] [RetransTimer=<int>]
[MTU=<int>] [RDNSSLifetime=<int>] [RDNSS1=<first dns ipv6 object>] [RDNSS2=<second dns ipv6 object>]
[DNSSLLifetime=<int>] [DNSSL=<domain name>] [RouterPreference=""|low|medium|high|]

Returns

Error code
CONFIG NETWORK INTERFACE IPV6 ROUTERADV PREFIX
CONFIG NETWORK INTERFACE IPV6 ROUTERADV PREFIX

Level

base

Description

Commands to configure IPv6 prefixes to advertise

CONFIG NETWORK INTERFACE IPV6 ROUTERADV PREFIX ADD

Level

network+modify

History

Appears in 9.0.1

Description

Add a prefix on interface

Usage

config network interface ipv6 routeradv prefix add ifname=<interface name> address=<prefix address>
[AutonomousFlag=0|1] [OnlinkFlag=0|1] [ValidLifetime=<seconds>] [PreferredLifetime=<seconds>] [comment=<comment>]

Returns

Error code
CONFIG NETWORK INTERFACE IPV6 ROUTERADV PREFIX REMOVE

Level

network+modify

History

Appears in 9.0.1

Description

Remove a prefix on interface

Usage

config network interface ipv6 routeradv prefix remove ifname=<interface name> address=<prefix address>

Returns

Error code
CONFIG NETWORK INTERFACE IPV6 ROUTERADV PREFIX UPDATE

Level

network+modify

History

Appears in 9.0.1

Description

Update a prefix on interface

Usage

config network interface ipv6 routeradv prefix update ifname=<interface name> prefixnb=<int> [address=<prefix address>] [AutonomousFlag=0|1] [OnlinkFlag=0|1]
[ValidLifetime=<seconds>] [PreferredLifetime=<seconds>] [comment=<comment>]

Returns

Error code
CONFIG NETWORK INTERFACE LIMIT
CONFIG NETWORK INTERFACE LIMIT

Level

base

Description

Commands to configure various limits related to network interfaces like number of vlans and pptps

CONFIG NETWORK INTERFACE LIMIT SET

Level

network+modify

History

Appears in 8.0.0
9.1.0: now needs a ACTIVATE to be taken into account

Description

Set interface network limits (needs ACTIVATE)

Usage

config network interface limit set type=[Vlan|Pptp] [CurrentMax=<value>]

Returns

Error code

Example

CONFIG NETWORK INTERFACE LIMIT SET type=Vlan CurrentMax=12
CONFIG NETWORK INTERFACE LIMIT SHOW

Level

base

History

Appears in 8.0.0

Description

Show interface network limits

Usage

config network interface limit show

Returns

One section for each interface limits with its values

Example

CONFIG NETWORK INTERFACE LIMIT SHOW
[Vlan]
ModelLimit=32
CurrentMax=10
Step=1
[Pptp]
ModelLimit=32
CurrentMax=6
Step=5
CONFIG NETWORK INTERFACE REMOVE

Level

network+modify

History

Appears in 6.0.0

Description

Removes an interface

Note

Interfaces of the same type with an higher number will be updated (bridge6=>bridge5, etc.).
Parameter 'force' is useful only to remove a VLAN used by a PPPoE dialup.

Usage

config network interface remove ifname=<interface name> [force=(0|1)]

Returns

Error code

Example

CONFIG NETWORK INTERFACE REMOVE ifname=bridge5
CONFIG NETWORK INTERFACE RENAME

Level

network+modify

History

Appears in 9.0.2

Description

Rename an interface

Note

Change is made immediately: there must be no clone file in use.

Usage

config network interface rename ifname=<interface name> name=<string>

Returns

Error code

Example

CONFIG NETWORK INTERFACE RENAME ifname=dialup0 name=modem
CONFIG NETWORK INTERFACE SHOW

Level

base

History

Appears in 6.0.0

Description

Show an interface, or all interfaces if no name specified

Usage

config network interface show [ifname=<interface name>]

Returns

One section for each interface, with its parameters

Implementation notes

Dumps sections from NETWORK_FN

Example

CONFIG NETWORK INTERFACE SHOW ifname=ethernet0
[ethernet0]
Name="out"
State="1"
Protected="0"
Gateway=""
Media="0"
Type="0"
Color="111111"
Bridge="bridge0"
comment="Out interface"
CONFIG NETWORK INTERFACE UPDATE

Level

network+modify

History

Appears in 6.0.0
Dialtype GPRS appears in 9.0.1
Name deprecated in 9.0.2: use CONFIG NETWORK INTERFACE RENAME instead
LocalARP (for bridges only) appears in 9.1.2
Interface Agg appears in 1.0.0

Description

Updates an interface

Note

Addresses (including DHCP and DHCP options, and SLAAC) must be updated via ADDRESS ADD and ADDRESS DEL
Dialup parameters specific to a dialtype will only be parsed if this dialtype is specified on the command
All addresses will be removed if a bridge is specified
All configuration (except Name, Color, State, Media and MaxThroughput) will be removed if an Agg is specified

Usage

config network interface update ifname=<interface name> [comment=<comment>] [color=<color>]
[type=(0|1|2)] (0=unknown, 1=machine, 2=server)

* PARAMETERS FOR ETHERNET, AGG, VLAN AND WIFI INTERFACES:
[gateway=<gateway>] [Protected=(0|1)] [State=(0|1)] [Bridge=<bridge name>]
[FastRoute=(0|1) [KeepVLAN=(0|1)]] (if interface is in a bridge)
[ForwardIPX=(0|1)] (if interface is in a bridge)
[ForwardNetbios=(0|1)] (if interface is in a bridge)
[ForwardAppletalk=(0|1)] (if interface is in a bridge)
[ForwardPPPoE=(0|1)] (if interface is in a bridge)
[ForwardIPv6=(0|1)] (if interface is in a bridge)
[ForwardCustomLLC=0-65535[,0-65535]*] (if interface is in a bridge)
[ForwardCustomEther=0-65535[,0-65535]*] (if interface is in a bridge)
[MTU=(140-MTUmax)] (MTUmax is displayed by SYSTEM PROPERTY)
[DynamicDNS=<existing DynDNS conf>] (if interface is NOT in a bridge and has Address=DHCP)

* PARAMETERS FOR ETHERNET INTERFACES:
[Media=(0-6)]
[MaxThroughput=<int>]
[MACAddress=xx:xx:xx:xx:xx:xx] (if interface is NOT in a bridge and NOT in Agg)
[EEE=(0|1)] [FlowControl=(0|1)]

* PARAMETERS FOR AGG INTERFACES:
[Interfaces=<list of aggregated interfaces>]

* PARAMETERS FOR VLAN INTERFACES:
[Physical=<eth/wifi/vlan interface name>] [Tag=(1-4094)]
[MaxThroughput=<int>]

* PARAMETERS FOR BRIDGE INTERFACES:
[Interfaces=<list of bridged interfaces>] [MACAddress=xx:xx:xx:xx:xx:xx] [gateway=<gateway>]
[LocalARP=(0|1)]
[MaxThroughput=<int>]
[MTU=(140-MTUmax)] (MTUmax is displayed by SYSTEM PROPERTY)
[DynamicDNS=<existing DynDNS conf>] (if Address=DHCP)

* PARAMETERS FOR DIALUP INTERFACES:
[State=(0|1)] [RequestDNS=(0|1)] [DynamicDNS=<existing DynDNS conf>] [MaxThroughput=<int>]
[DialAuthName=<login>] [DialAuthKey=<passwd>] [DialMode=(ddial|auto)] [DialIdle=<int>]
[DialType=PPP [DialPhone=<dial number>] [DialString=<dial string>]]
[DialType=L2TP [DialL2TPLNS=<server>] [DialL2TPSecret=<passwd>] [DialL2TPBackupLNS=<server>] [DialL2TPRedialTimeout=<int>] [DialL2TPMaxRedial=<int>] [DialL2TPLengthBit=(0|1)] [DialL2TPHiddenAVP=(0|1)] [DialL2TPChallengeAuth=<int>]]
[DialType=PPTP [DialModemIP=<ip>]]
[DialType=PPPoE DialInterface=<eth/vlan interface username> [DialService=<service>]]
[DialType=GPRS DialPhone=<dial number> DialAPN=<string> [DialAPNum=<int>] [DialDefPeer=<IP>] [DialSimPin=<PIN code>] [DialSimWait=<int>]]

* PARAMETERS FOR WIFI INTERFACES:
[WifiSSID=<ssid>] [WifiStationName=<station>] [WifiChannel=(0-14)] [WifiHostAP=(0|1)]
[MaxThroughput=<int>]
[MACAddress=xx:xx:xx:xx:xx:xx] (if interface is NOT in a bridge)

Returns

Error code

Example

CONFIG NETWORK INTERFACE UPDATE ifname=bridge3 gateway=net_host2 color=AB12E3 maxthroughput=1234567
CONFIG NETWORK INTERFACE UPDATE ifname=Dialup4 DialType="PPP" DialPhone="0123456789" DialAuthName="name@provider"
CONFIG NETWORK INTERFACE UPDATE ifname=Dialup4 DialType="PPTP" DialModemIP=10.2.9.223
CONFIG NETWORK INTERFACE UPDATE ifname=Dialup4 DialType="PPPoE" DialInterface=in DialService="mod_str"
CONFIG NETWORK INTERFACE UPDATE ifname=Dialup4 DialType="L2TP" DialL2TPLNS="LNS1" DialL2TPChallengeAuth="1"
CONFIG NETWORK INTERFACE UPDATE ifname=ethernet3 name="my_eth" color=AB12E3 DynamicDNS="dyndns_network" state=1
CONFIG NETWORK INTERFACE UPDATE ifname=vlan0 ForwardCustomLLC=5,0,65535 ForwardPPPoE=1 ForwardIPv6=1
CONFIG NETWORK INTERFACE UPDATE ifname=vlan3 tag=44 physical=ethernet3 name="my_vlan" gateway=10.2.9.10

CONFIG NETWORK IPV6

CONFIG NETWORK IPV6

Level

base

Description

Commands for global IPv6 configuration

CONFIG NETWORK IPV6 STATE

Level

base

History

Appears in 9.0.1

Description

Change or display IPv6 activation state

Note

Changing state requires levels network and modify

Usage

config network ipv6 state [ON|OFF]
- no argument: display status
- ON: enables IPv6
- OFF: disables IPv6

Returns

State=on|off or error code

Example

CONFIG NETWORK IPV6 STATE on
CONFIG NETWORK IPV6 STATE off
CONFIG NETWORK IPV6 STATE

CONFIG NETWORK ROUTE

CONFIG NETWORK ROUTE

Level

base

Description

Command to manage routing

CONFIG NETWORK ROUTE ACTIVATE

Level

route+modify

Description

Flush and reload routing configuration

Usage

config network route activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Implementation notes

call ennetwork with -r flag

Example

CONFIG NETWORK ROUTE ACTIVATE
CONFIG NETWORK ROUTE ACTIVATE Cancel
CONFIG NETWORK ROUTE ACTIVATE Nextboot
CONFIG NETWORK ROUTE ADD

Level

route+modify

History

Appears in 6.0.0
option remote=default removed in 9.0.0
state appears in 9.1.0

Description

Adds an IPv4 static route

Usage

config network route add remote=<remote object> interface=<ifname> [gateway=<gateway>] [color=<color>] [comment=<comment>] [state=(0|1)]

Returns

Error code

Example

CONFIG NETWORK ROUTE ADD remote=net-remote-1 gateway=router1 interface=in color=acc0ac comment="route to remote network 1"
CONFIG NETWORK ROUTE IPV6
CONFIG NETWORK ROUTE IPV6

Level

base

History

Appears in 9.0.1

Description

Commands to manage IPv6 routing

CONFIG NETWORK ROUTE IPV6 ADD

Level

route+modify

History

Appears in 9.0.1
state appears in 9.1.0

Description

Add a static IPv6 route

Usage

config network route ipv6 add remote=<remote object> interface=<ifname> [gateway=<host>] [color=<color>] [comment=<comment>] [state=(0|1)]

Returns

Error code
CONFIG NETWORK ROUTE IPV6 REMOVE

Level

route+modify

History

Appears in 9.0.1

Description

Remove a static IPv6 route

Usage

config network route ipv6 remove remote=<remote object>

Returns

Error code
CONFIG NETWORK ROUTE IPV6 SHOW

Level

base

History

Appears in 9.0.1

Description

Show static IPv6 routes

Usage

config network route ipv6 show

Format

section_line

Returns

[StaticRoutes]
Remote=<remote_object> Interface=<ifname> [Gateway=<host>] [Color=<color>] Protected=0|1 State=0|1 Comment="<comment>"
CONFIG NETWORK ROUTE IPV6 UPDATE

Level

route+modify

History

Appears in 9.0.1
state appears in 9.1.0

Description

Update a static IPv6 route

Usage

config network route ipv6 update remote=<remote object> [newRemote=<remote object>] [interface=<ifname>] [gateway=<host>] [color=<color>] [comment=<comment>] [state=(0|1)]

Returns

Error code
CONFIG NETWORK ROUTE REMOVE

Level

route+modify

History

Appears in 6.0.0
option remote=default removed in 9.0.0

Description

Removes a route

Usage

config network route remove remote=<remote object>

Returns

Error code

Example

CONFIG NETWORK ROUTE REMOVE remote=net-remote-1
CONFIG NETWORK ROUTE REMOVE remote=192.168.200.0/255.255.255.0
CONFIG NETWORK ROUTE SHOW

Level

base

History

Appears in 6.0.0
[Router] removed in 9.0.0
FORMAT appears in 9.0.0
pagination appears in 9.0.0

Description

Shows IPv4 static routes

Usage

config network route show [useclone=<0|1>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]

Format

section_line

Returns

[StaticRoutes]
Remote=host Address=ip Interface=name [Gateway=gw] [Color=color] Protected=0|1 State=0|1 Comment="comment"
Remote=range Begin=start End=end Interface=name [Gateway=gw] [Color=color] Protected=0|1 State=0|1 Comment="comment"
Remote=network Address=ip/prefix Interface=name [Gateway=gw] [Color=color] Protected=0|1 State=0|1 Comment="comment"
Remote=ip/mask Interface=name [Gateway=gw] [Color=color] Protected=0|1 State=0|1 Comment="comment"

Example

CONFIG NETWORK ROUTE SHOW
101 code=00a01000 msg="Début"
[StaticRoutes]
Remote=mynet Address=172.168.100.0/24 Interface=out Gateway=10.2.0.1 Color=000c0a Protected=0 State=0 Comment=""
Remote=192.168.100.0/255.255.255.0 Interface=in Gateway=10.2.2.1 Color=0a0c0a Protected=1 State=1 Comment="test route"
100 code=00a00100 msg="Ok"
CONFIG NETWORK ROUTE UPDATE

Level

route+modify

Description

Updates a route

Usage

config network route update remote=<remote object> [newRemote=<remote object>] [interface=<ifname>] [gateway=<gateway>] [color=<color>] [comment=<comment>] [state=(0|1)]

Returns

Error code

Example

CONFIG NETWORK ROUTE UPDATE remote=net-remote-1 newRemote=net-remote-2 gateway=router1 interface=in color=acc0ac comment="route updated"

CONFIG NETWORK SWITCH

CONFIG NETWORK SWITCH

Deprecated

Level

base

History

Appears in 7.0.3.1Removed in 9.0.2

Description

Commands to manage switch configuration

CONFIG NETWORK SWITCH ACTIVATE

Deprecated

Level

network+modify

History

Appears in 7.0.3.1Removed in 9.0.2

Description

Flush and reload switch configuration

Usage

config network switch activate [CANCEL]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded.

Returns

Error code

Implementation notes

call enswitch

Example

CONFIG NETWORK SWITCH ACTIVATE
CONFIG NETWORK SWITCH ACTIVATE Cancel
CONFIG NETWORK SWITCH ADD

Deprecated

Level

network+modify

History

Appears in 7.0.3.1Removed in 9.0.2

Description

Configure ports used by given interface

Usage

config network switch add ifname=<interface name> ports=<number or range of numbers (min-max) separated by commas>

Returns

Error code

Example

CONFIG NETWORK SWITCH ADD ifname="Ethernet0" ports="1,3-5"
CONFIG NETWORK SWITCH MODIFY

Deprecated

Level

network+modify

History

Appears in 7.0.3.1Removed in 9.0.2

Description

Modify ports used by given interface

Usage

config network switch modify ifname=<interface name> ports=<number or range of numbers (min-max) separated by commas>

Returns

Error code

Example

CONFIG NETWORK SWITCH MODIFY ifname="Ethernet0" ports="1-6"
CONFIG NETWORK SWITCH SHOW

Deprecated

Level

base

History

Appears in 7.0.3.1Removed in 9.0.2

Description

Display current switch configuration

Usage

config network switch show

CONFIG NTP

CONFIG NTP

Level

base

History

LICENCE deprecated in 9.0.0

Description

Command to manage NTP client

CONFIG NTP ACTIVATE

Level

maintenance+modify

History

CANCEL/NEXTBOOT Appears in 9.0.0
level changes from other,modify to maintenance,modify in 9.0.0

Description

Activate NTP configuration.

Usage

config ntp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Implementation notes

Run enntp script and start service depending on state field

Example

CONFIG NTP ACTIVATECONFIG NTP ACTIVATE cancel
CONFIG NTP ADVANCED

Level

base

Description

Get/set NTP advanced settings : allow unauthenticated servers

Note

Maintenance and Modify levels are required to update the value

Usage

config ntp advanced [allowUnauth=on|off]

Returns

allowUnauth=(on|off)
nb_nokey_server=number

Example

CONFIG NTP ADVANCED
CONFIG NTP ADVANCED allowUnauth=on

CONFIG NTP KEY

CONFIG NTP KEY

Level

base

Description

Configure NTP keys

CONFIG NTP KEY ADD

Level

maintenance+modify

History

level changes from other,modify to maintenance,modify in 9.0.0

Description

Add a NTP key in md5 ascii format.

Usage

config ntp key add md5-ascii=<key data> keynum=<unique key number>

Returns

Error code

Example

CONFIG NTP KEY ADD md5-ascii=AA keynum=1
CONFIG NTP KEY LIST

Level

maintenance

History

FORMAT Appears in 9.0.0
level changes from other to maintenance in 9.0.0

Description

List NTP keys.

Usage

config ntp key list

Format

section_line

Returns

keynum=<key id>  keytype=<key type> data=<key data>

Implementation notes

load section, get s->count and print each value

Example

CONFIG NTP KEY LIST
keynum=1  keytype=md5-ascii data="AA"
CONFIG NTP KEY REMOVE

Level

maintenance+modify

History

level changes from other,modify to maintenance,modify in 9.0.0

Description

Remove a NTP key from list.

Usage

config ntp key remove <key number>

Returns

Error code

Example

CONFIG NTP KEY REMOVE 1

CONFIG NTP SERVER

CONFIG NTP SERVER

Level

base

Description

Configure NTP servers

CONFIG NTP SERVER ADD

Level

maintenance+modify

History

option groupname for name Appears in 6.0.0
level changes from other,modify to maintenance,modify in 9.0.0

Description

Add a NTP server.

Usage

config ntp server add name=<hostname| groupname> keynum=authentication key number for this server

Returns

Error code

Example

CONFIG NTP SERVER ADD name=ntp_1 keynum=1
CONFIG NTP SERVER ADD name=ntp_2
CONFIG NTP SERVER LIST

Level

maintenance

History

type Appears in 6.0.0
FORMAT Appears in 9.0.0
level changes from other to maintenance in 9.0.0

Description

List NTP servers.

Usage

config ntp server list

Format

section_line

Returns

list of servers in the form :
name=<name of server> keynum=[1-16]|none type=<host|range|group>

Implementation notes

load section, get s->count and print each value

Example

CONFIG NTP SERVER LIST
name=ntp_1 keynum=1 type=host
name=ntp_2 keynum=none type=host
CONFIG NTP SERVER REMOVE

Level

maintenance+modify

History

option groupname for name Appears in 6.0.0
level changes from other,modify to maintenance,modify in 9.0.0

Description

Remove a NTP server from list.

Usage

config ntp server remove <hostname|groupname>

Returns

Error code

Example

CONFIG NTP SERVER REMOVE name=ntp_1
CONFIG NTP SHOW

Level

base

Description

Show NTP configuration.

Usage

config ntp show

Returns

[Config]
State=(on|off)
allowUnauth=(on|off)

Example

CONFIG NTP SHOW
[Config]
State=on
allowUnauth=off
CONFIG NTP STATE

Level

base

Description

Get/set NTP daemon state.

Note

Maintenance and Modify levels are required to update the state value

Usage

config ntp state [On|Off]

Returns

State=(on|off)

Example

CONFIG NTP STATE On
CONFIG NTP STATE Off

CONFIG OBJECT

CONFIG OBJECT

Level

base

History

Appears in 6.0.0

Description

Object administration

Note

Invalid name for objects are (case unsensitive):
Firewall*
Network*
Global*
ephemeral*
broadcast
anonymous
any

object commands update object configuration files and serverd memory structure

CONFIG OBJECT ACTIVATE

Level

object|globalobject+modify

History

Appears in 6.0.0

Description

Update object resolution file

Usage

config object activate

CONFIG OBJECT CNCATEGORYGROUP

CONFIG OBJECT CNCATEGORYGROUP

Level

base

History

Appears in 9.1.0

Description

Cn group category administration

Note

most of the code is shared with CONFIG.OBJECT.OBJECTGROUP

CONFIG OBJECT CNCATEGORYGROUP ADDTO

Level

object+modify

History

Appears in 9.1.0

Description

Add service object to cn group category

Note

node must be a cn group
this command returns an error if:
"group" or "node" don't exist
"node" is an object already included in "group"

Usage

config object cncategorygroup addto group=<cncategorygroup name> node=<node to add name>

Example

CONFIG OBJECT CNCATEGORYGROUP ADDTO group=group1 node=cngroup1
CONFIG OBJECT CNCATEGORYGROUP CHECK

Level

object

History

Appears in 9.1.0

Description

Check cn group category

Usage

config object cncategorygroup check name=<cncategorygroupname>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

CONFIG OBJECT CNCATEGORYGROUP CHECK name=cncategorygroup1
[Configuration]
module=Filter slot=04 line=1
CONFIG OBJECT CNCATEGORYGROUP DELETE

Level

object+modify

History

Appears in 9.1.0

Description

Remove an cn category group

Note

returns an error if no group with this name exist

Usage

config object cncategorygroup delete name=<cngroup category name> [force=1]

Example

CONFIG OBJECT CNCATEGORYGROUP DELETE name=cncategorygroup1
CONFIG OBJECT CNCATEGORYGROUP NEW

Level

object+modify

History

Appears in 9.1.0

Description

Create new empty cn group category

Note

returns an error if an cn category group with identical name exists

Usage

config object cncategorygroup new name=<cncategorygroupname> [comment=<cncategorygroup comment>] [update=<0|1>]

Example

CONFIG OBJECT SERVICEGROUP NEW name=cncategorygroup1
CONFIG OBJECT CNCATEGORYGROUP REMOVEFROM

Level

object+modify

History

Appears in 9.1.0

Description

Remove service object from cn group category

Note

node must be a cn group or a cn group category
this command returns an error if :
"group" or "node" don't exist
"node" is not in "group"

Usage

config object cncategorygroup removefrom group=<cncategorygroupname> node=<node to remove name>

Example

CONFIG OBJECT CNCATEGORYGROUP REMOVEFROM group=cncategorygroup1 node=cngroup1
CONFIG OBJECT CNCATEGORYGROUP SHOW

Level

base

History

Appears in 9.1.0

Description

Show cn group category

Usage

config object cncategorygroup show name=<cncategorygroupname> [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]

Format

section_line

Returns

[<cncategorygroup name>]
name=<nodename>
...

Example

CONFIG OBJECT CNCATEGORYGROUP SHOW name=web
[web]
name=cngroup1
name=cngroup2
name=cncategorygroup3

CONFIG OBJECT GET

Level

base

History

appears in 9.0.0

Description

Return a unique object from its name

Usage

config object get type=<host|range|network|group|protocol|service|time|servicegroup|urlgroup|cngroup|oemgroup> name=<objname>

Format

section_line

Returns

Return one line with the object properties:
[Object]
type=host modify=<0|1> global=<0|1> comment=<comment> name=<hostname> ip=<ip> ipv6=<ipv6> resolve=<static|dynamic>
type=range modify=<0|1> global=<0|1> comment=<comment> name=<rangename> begin=<firstip> end=<lastip> beginv6=<firstipv6> endv6=<lastipv6>
type=network modify=<0|1> global=<0|1> comment=<comment> name=<rangename> ip=<ip> mask=<netmask> prefixlen=<ipv4 prefix len> ipv6=<ipv6> prefixlenv6=<ipv6 prefix len>
type=protocol modify=<0|1> global=<0|1> comment=<comment> name=<protocolname> protonumber=<ip protocol number>
type=service modify=<0|1> global=<0|1> comment=<comment> name=<servicename> port=<port> toport=<""|lastport> proto=<protocolname>
type=time modify=<0|1> global=<0|1> comment=<comment> name=<timename> time=<time> weekday=<weekdays> yearday=<yearday> date=<date>
type=group modify=<0|1> global=<0|1> comment=<comment> name=<groupname>
type=servicegroup modify=<0|1> global=<0|1> comment=<comment> name=<groupname>
type=urlgroup modify=1 global=0 comment=<comment> name=<groupname>
type=cngroup modify=1 global=0 comment=<comment> name=<groupname>
type=oemgroup modify=0 global=0 comment=<comment> name=<groupname>
...

Example

config object get type=host name=mycomputer
[Object]
type=host modify=1 global=0 comment="" name=mycomputer ip=10.0.0.0 ipv6=fe80::1 resolve=static

CONFIG OBJECT GROUP

CONFIG OBJECT GROUP

Level

base

History

Appears in 6.0.0

Description

Object groups administration

Note

most of the code is shared with CONFIG.OBJECT.SERVICEGROUP

CONFIG OBJECT GROUP ADDTO

Level

object+modify

History

Appears in 6.0.0added position arg in 9.0.0

Description

Add object to group

Note

node might be an object or a group
this command returns an error if:
"group" or "node" don't exist
"node" is an object already included in "group"
"node" is an object included in a subgroup of "group"
"node" is a group and contains common element(s) with "group"
"node" is a group and contains an other group which contains "group"(it creates a loop)
"node" is a group and contains an other group which has common element(s) with "group" or another node

Usage

config object group addto group=<groupname> node=<node to add name> [pos=<position>]

Example

CONFIG OBJECT GROUP ADDTO group=group1 node=host1
CONFIG OBJECT GROUP CHECK

Level

object

History

Appears in 6.1.0
FORMAT Appears in 9.0.0

Description

Check object group

Usage

config object group check name=<group name>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

CONFIG OBJECT GROUP CHECK name=group1
[Configuration]
module=Filter slot=04 line=1
CONFIG OBJECT GROUP DELETE

Level

object+modify

History

Appears in 6.0.0
force Appears in 6.1.0

Description

Delete object group

Note

returns an error if no group with this name exist

Usage

config object group delete name=<groupname> [force=1]

Example

CONFIG OBJECT GROUP DELETE name=group1
CONFIG OBJECT GROUP NEW

Level

object+modify

History

Appears in 6.0.0

Description

Create new empty object group

Note

returns an error if a group with identical name exists

Usage

config object group new name=<groupname> [comment=<group comment>] [update=<0|1>]

Example

CONFIG OBJECT GROUP NEW name=group1
CONFIG OBJECT GROUP REMOVEFROM

Level

object+modify

History

Appears in 6.0.0

Description

Remove object from group

Note

node might be an object or a group
this command returns an error if :
"group" or "node" don't exist
"node" is not in "group"

Usage

config object group removefrom group=<groupname> node=<node to remove name>

Example

CONFIG OBJECT GROUP REMOVEFROM group=group1 node=host1
CONFIG OBJECT GROUP SHOW

Level

base

History

Appears in 6.0.0
FORMAT Appears in 9.0.0
all disappears in 9.0.0

Description

Show one object group

Usage

config object group show name=<groupname> [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]

Format

section_line

Returns

[<groupname>]
name=<nodename>
...

Example

CONFIG OBJECT GROUP SHOW name=group1
[group1]
name=host1

CONFIG OBJECT HOST

CONFIG OBJECT HOST

Level

base

History

Appears in 6.0.0

Description

Host object administration

Note

most of the code is shared with CONFIG.OBJECT.NETWORK and CONFIG OBJECT.SERVICE

CONFIG OBJECT HOST CHECK

Level

object

History

Appears in 6.1.0
FORMAT Appears in 9.0.0

Description

Check host object

Usage

config object host check name=<hostname>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

config object host check name=host1
[Configuration]
module=DNS section=Servers
module=Filter slot=04 line=1
module=DHCP section=Server
CONFIG OBJECT HOST DELETE

Level

object+modify

History

force Appears in 6.1.0

Description

Remove host object

Note

command returns an error code if :
no object is found.
object is in a group

Usage

config object host delete name=<hostname> [force=1]

Example

config object host delete name=host1
CONFIG OBJECT HOST NEW

Level

object+modify

History

Appears in 6.0.0

Description

Add host object

Note

For single host at least one ip (v4 or v6) must be specified
For range at least one begin and end (v4 or v6) must be specified
Without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.

Usage

config object host new name=<hostname> [ip=<ipaddress>] [ipv6=<ipv6address>] [type=router|server|host] [resolve=static|dynamic|manual] [mac=xx:xx:xx:xx:xx:xx] [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]
name=<rangename> [begin=<range first ip> end=<range last ip>] [beginv6=<range first ipv6> endv6=<range last ipv6>] [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]

Example

CONFIG OBJECT HOST NEW name=host4 ip=10.0.0.1 resolve=static comment="IPv4 only host" mac=11:22:33:44:55:66
CONFIG OBJECT HOST NEW name=host6 ipv6=fe80::1 resolve=static comment="IPv6 only host"
CONFIG OBJECT HOST NEW name=host46 ip=10.0.0.1 ipv6=fe80::1 resolve=static comment="IPv4v6 host"
CONFIG OBJECT HOST NEW name=range4 begin=10.0.0.1 end=10.0.0.10 comment="IPv4 only range"
CONFIG OBJECT HOST NEW name=range6 beginv6=fe80::1 endv6=fe80::10 comment="IPv6 only range"
CONFIG OBJECT HOST NEW name=range46 begin=10.0.0.1 end=10.0.0.10 beginv6=fe80::1 endv6=fe80::10 comment="IPv4v6 range"

CONFIG OBJECT INTERNET

CONFIG OBJECT INTERNET

Level

base

History

Appears in 9.0.0

Description

handling of the object 'Internet'

CONFIG OBJECT INTERNET SHOW

Level

base

History

Appears in 9.0.0

Description

Show to which object the object 'internet' points to

Usage

config object internet show

Returns

[Internet]
operator=(ne|eq)
object=(host|range|net|group)

Example

CONFIG OBJECT INTERNET SHOW[Internet]
operator=ne
object=Network_internals
CONFIG OBJECT INTERNET UPDATE

Level

object+modify

History

Appears in 9.0.0

Description

Update the object 'internet'

Usage

config object internet update [operator=(ne|eq)][object=(host|range|net|group)]

Example

CONFIG OBJECT INTERNET UPDATE operator=ne object=Network_internals
CONFIG OBJECT LIST

Level

base

History

appears in 9.0.0
havingipversion appears in 1.0.0

Description

List and search objects

Usage

config object list type=<all|[host][,range][,network][,group][,protocol][,service][,time][,servicegroup][,urlgroup][,cngroup][,oemgroup][,urlcategorygroup][,cncategorygroup]> [havingipversion=<4|6|any>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]

Format

section_line

Returns

[Object]
type=host modify=<0|1> global=<0|1> comment=<comment> name=<hostname> ip=<ip> ipv6=<ipv6> resolve=<static|dynamic>
type=range modify=<0|1> global=<0|1> comment=<comment> name=<rangename> begin=<firstip> end=<lastip> beginv6=<firstipv6> endv6=<lastipv6>
type=network modify=<0|1> global=<0|1> comment=<comment> name=<rangename> ip=<ip> mask=<netmask> prefixlen=<ipv4 prefix len> ipv6=<ipv6> prefixlenv6=<ipv6 prefix len>
type=protocol modify=<0|1> global=<0|1> comment=<comment> name=<protocolname> protonumber=<ip protocol number>
type=service modify=<0|1> global=<0|1> comment=<comment> name=<servicename> port=<port> toport=<""|lastport> proto=<protocolname>
type=time modify=<0|1> global=<0|1> comment=<comment> name=<timename> time=<time> weekday=<weekdays> yearday=<yearday> date=<date>
type=group modify=<0|1> global=<0|1> comment=<comment> name=<groupname>
type=servicegroup modify=<0|1> global=<0|1> comment=<comment> name=<groupname>
type=urlgroup modify=1 global=0 comment=<comment> name=<groupname>
type=cngroup modify=1 global=0 comment=<comment> name=<groupname>
type=oemgroup modify=0 global=0 comment=<comment> name=<groupname>
...

Example

CONFIG OBJECT LIST type=host,range start=1 search=*com* searchfield=name
[Object]
type=host modify=1 global=0 comment="" name=mycomputer ip=10.0.0.1 resolve=static

CONFIG OBJECT NETWORK

CONFIG OBJECT NETWORK

Level

base

History

Appears in 6.0.0

Description

Network object administration

Note

most of the code is shared with CONFIG.OBJECT.HOST and CONFIG OBJECT.SERVICE

CONFIG OBJECT NETWORK CHECK

Level

object

History

Appears in 6.1.0
FORMAT Appears in 9.0.0

Description

Check network object

Usage

config object network check name=<network name>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

config object network check name=network1
[Configuration]
module=DNS section=Clients
module=Filter slot=04 line=1
CONFIG OBJECT NETWORK DELETE

Level

object+modify

History

force Appears in 6.1.0

Description

Remove network object

Note

command returns an error code if :
no object is found.
object is in a group

Usage

config object network delete name=<netname> [force=1]

Example

config object net delete name=net1
CONFIG OBJECT NETWORK NEW

Level

object+modify

History

Appears in 6.0.0

Description

Add network object

Note

at least one ip (v4 or v6) must be specified
Without update parameter, command will return an error if an object with the same name exists.
0.0.0.0 and 255.255.255.255 IPv4 netmasks are not allowed
/0 and /32 IPv4 prefix len are not allowed
/0 and /128 IPv6 prefix len are not allowed
With update=2, modules which use the object are not reloaded.

Usage

config object network new name=<netname> [ip=<network IPV4 address> mask=<netmask>|prefixlen=<prefixlen>] [ipv6=<network IPv6 address> prefixlenv6=<prefixlen>] [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]

Example

CONFIG OBJECT NETWORK NEW name=net0 ip=10.0.0.0 prefixlen=16 comment="IPv4 only network"
CONFIG OBJECT NETWORK NEW name=net1 ip=10.0.0.0 mask=255.0.0.0 comment="IPv4 only network"
CONFIG OBJECT NETWORK NEW name=net2 ipv6=fe80:: prefixlenv6=64 comment="IPv6 only network"
CONFIG OBJECT NETWORK NEW name=net3 ip=10.0.0.0 mask=255.0.0.0 ipv6=fe80:: prefixlenv6=64 comment="IPv4v6 network"

CONFIG OBJECT PROTOCOL

CONFIG OBJECT PROTOCOL

Level

base

History

Appears in 6.0.0

Description

Protocol object administration

Note

most of the code is shared with CONFIG.OBJECT.NETWORK and CONFIG OBJECT.HOST

CONFIG OBJECT PROTOCOL CHECK

Level

object

History

Appears in 6.1.0
FORMAT Appears in 9.0.0

Description

Check protocol object

Usage

config object protocol check name=<protocol name>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

CONFIG OBJECT PROTOCOL CHECK name=proto1
[Configuration]
module=Filter slot=04 line=1
CONFIG OBJECT PROTOCOL DELETE

Level

object+modify

History

force Appears in 6.1.0

Description

Remove protocol object

Note

this command returns an error code if :
no object is found.
object is in a group

Usage

config object protocol delete name=<protocolname> [force=1]

Example

CONFIG OBJECT PROTOCOL DELETE name=chaos
CONFIG OBJECT PROTOCOL NEW

Level

object+modify

History

Appears in 6.0.0
value replaced by protonumber in 9.0.0

Description

Add protocol object

Note

Without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.

Usage

config object protocol new name=<protocolname> protonumber=<IP protocol number> [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]

Example

CONFIG GLOBAL OBJECT PROTOCOL NEW name=chaos protonumber=16 color=123456 comment="CHAOS protocol"

CONFIG OBJECT QOS

CONFIG OBJECT QOS

Level

base

History

Appears in 6.1.0

Description

QoS configuration

CONFIG OBJECT QOS ACTIVATE

Level

filter+modify

History

Appears in 6.2.0
level changes from object,globalobject,modify to filter,modify in 9.0.0

Description

Update active rules

Usage

config object qos activate

Returns

Error code
CONFIG OBJECT QOS DROP

Level

base

History

Appears in 6.1.0

Description

List drop policies

Usage

config object qos drop

Returns

<inc.number>=<policy name>

Example

101 code=00a01000 msg="Begin"
[Drop]
0=TailDrop
1=BLUE
100 code=00a00100 msg="Ok"

CONFIG OBJECT QOS QID
CONFIG OBJECT QOS QID

Level

base

History

Appears in 6.1.0

Description

QoS qid management

CONFIG OBJECT QOS QID ADD

Level

filter+modify

History

Appears in 6.1.0
level filter Appears in 6.1.4
level network deprecated in 6.1.4
level other deprecated in 6.1.4

Description

Add a qid

Note

In order to use a percentage as bandwidth for CBQ, a reference bandwidth must be set using CONFIG OBJECT QOS SET

Usage

config object qos qid add qid=<qid> [comment=<comment>] (type=CBQ min=<min> min_rev=<minrev> max=<max> max_rev=<maxrev>) | (type=<PRIQ> pri=<pri>) [color=<color>] [length=<queue_length>] [prioritize_ack=<on|off>] [prioritize_lowdelay=<on|off>] [update=<on|off>]

Example

CONFIG OBJECT QOS QID ADD qid=HTTP comment="web" type=CBQ min="65536" min_rev="16384" max="0" max_rev="0"
CONFIG OBJECT QOS QID ADD qid=SSH comment="ssh" type=PRIQ pri=1
CONFIG OBJECT QOS QID ADD qid=SMTP comment="mail" type=CBQ min="131072" max="262144" min_rev="0" max_rev="0"
CONFIG OBJECT QOS QID CHECK

Level

base

History

Appears in 6.1.0
FORMAT Appears in 9.0.0

Description

Check a qid

Usage

config object qos qid check name=<qid>

Format

section_line

CONFIG OBJECT QOS QID LIST

Level

base

History

Appears in 6.1.0

Description

List qids

Usage

config object qos qid list

CONFIG OBJECT QOS QID REMOVE

Level

filter+modify

History

Appears in 6.1.0
level filter Appears in 6.1.4
level network deprecated in 6.1.4
level other deprecated in 6.1.4

Description

Remove a qid

Usage

config object qos qid remove qid=<qid> [force=1]

Returns

Error code
CONFIG OBJECT QOS QID RENAME

Level

filter+modify

History

Appears in 9.0.0

Description

Rename a qid

Note

rename all the occurences of old_qidname to new_qidname in the configuration files
this command returns an error code if :
old qidname is not found.
new qidname already exists.

Usage

config object qos qid rename oldname=<old_qidname> newname=<new_qidname>

Returns

Error code
CONFIG OBJECT QOS SET

Level

filter+modify

History

Appears in 6.1.0
level filter Appears in 6.1.4
level network deprecated in 6.1.4
level other deprecated in 6.1.4
defaultqueue Appears in 9.0.0

Description

Set global QoS parameters

Usage

config object qos set [bandwidth=<bw> drop=<0|1> defaultqueue=<qid|bypass>]

Returns

Error code
CONFIG OBJECT QOS SHOW

Level

base

History

Appears in 6.1.0

Description

Show global QoS parameters

Usage

config object qos show

Example

CONFIG QOS SHOW101 code=00a01000 msg="Begin"
[QoS]
Bandwidth=0
Drop=0
Max_Qids=98
Default_QLen=200
Max_QLen=500
100 code=00a00100 msg="Ok"

CONFIG OBJECT RENAME

Level

object+modify

History

Appears in 9.0.0

Description

Rename objects

Note

rename all the occurences of old_objname to new_objname in the configuration files
this command returns an error code if :
old objname is not found.
new objname already exists.

Usage

config object rename type=<host|range|network|service|time|group|servicegroup|urlgroup|cngroup|urlcategorygroup|cncategorygroup> oldname=<old_objname> newname=<new_objname>

Example

config object rename type=host oldname=foo newname=bar

CONFIG OBJECT SERVICE

CONFIG OBJECT SERVICE

Level

base

History

Appears in 6.0.0

Description

Service object administration

Note

most of the code is shared with CONFIG.OBJECT.NETWORK and CONFIG OBJECT.HOST

CONFIG OBJECT SERVICE CHECK

Level

object

History

Appears in 6.1.0
FORMAT Appears in 9.0.0

Description

Check service object

Usage

config object service check name=<service name>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

config object service check name=service1
[Configuration]
module=Filter slot=04 line=1
CONFIG OBJECT SERVICE DELETE

Level

object+modify

History

force Appears in 6.1.0

Description

Remove service object

Note

this command returns an error code if :
no object is found.
object is in a group

Usage

config object service delete name=<servicename> [force=1]

Example

config object service delete name=dns
CONFIG OBJECT SERVICE NEW

Level

object+modify

History

Appears in 6.0.0
Removed plugin attribute in 9.0.0

Description

Add service object

Note

without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.

Usage

config object service new name=<servicename> port=<port number> proto=<tcp|udp|any> [toport=<porthigh>] [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]

Example

CONFIG OBJECT SERVICE NEW name=dns port=53 proto=tcp comment="DNS service"

CONFIG OBJECT SERVICEGROUP

CONFIG OBJECT SERVICEGROUP

Level

base

History

Appears in 6.0.0

Description

Service groups administration

Note

most of the code is shared with CONFIG.OBJECT.OBJECTGROUP

CONFIG OBJECT SERVICEGROUP ADDTO

Level

object+modify

History

Appears in 6.0.0

Description

Add service object to service group

Note

node must be a service
this command returns an error if:
"group" or "node" don't exist
"node" is an object already included in "group"

Usage

config object servicegroup addto group=<servicegroup name> node=<node to add name>

Example

CONFIG OBJECT SERVICEGROUP ADDTO group=group1 node=dns
CONFIG OBJECT SERVICEGROUP CHECK

Level

object

History

Appears in 6.1.0
FORMAT Appears in 9.0.0

Description

Check service group

Usage

config object servicegroup check name=<service group name>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

CONFIG OBJECT SERVICEGROUP CHECK name=servicegroup1
[Configuration]
module=Filter slot=04 line=1
CONFIG OBJECT SERVICEGROUP DELETE

Level

object+modify

History

force Appears in 6.1.0

Description

Remove service group

Note

returns an error if no group with this name exist

Usage

config object servicegroup delete name=<servicegroup name> [force=1]

Example

CONFIG OBJECT SERVICEGROUP DELETE name=servicegroup1
CONFIG OBJECT SERVICEGROUP NEW

Level

object+modify

History

Appears in 6.0.0

Description

Create new empty service group

Note

returns an error if a service group with identical name exists

Usage

config object servicegroup new name=<servicegroupname> [comment=<servicegroup comment>] [update=<0|1>]

Example

CONFIG OBJECT SERVICEGROUP NEW name=servicegroup1
CONFIG OBJECT SERVICEGROUP REMOVEFROM

Level

object+modify

History

Appears in 6.0.0

Description

Remove service object from service group

Note

node must be a service
this command returns an error if :
"group" or "node" don't exist
"node" is not in "group"

Usage

config object servicegroup removefrom group=<servicegroup name> node=<node to remove name>

Example

CONFIG OBJECT SERVICEGROUP REMOVEFROM group=servcegroup1 node=dns
CONFIG OBJECT SERVICEGROUP SHOW

Level

base

History

Appears in 6.0.0
FORMAT Appears in 9.0.0
all disappears in 9.0.0

Description

Show service group

Usage

config object servicegroup show name=<servicegroup name> [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]

Format

section_line

Returns

[<servicegroup name>]
name=<nodename>
...

Example

CONFIG OBJECT SERVICEGROUP SHOW name=web
[web]
name=dns_udp
name=http
name=https

CONFIG OBJECT TIME

CONFIG OBJECT TIME

Level

base

History

Appears in 9.0.0

Description

Time object administration

CONFIG OBJECT TIME CHECK

Level

object

History

Appears in 9.0.0

Description

Check time object

Usage

config object time check name=<timeobject name>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

config object host check name=daysoff
[Configuration]
module=Filter slot=04 line=1
CONFIG OBJECT TIME DELETE

Level

object+modify

History

force Appears in 9.0.0

Description

Remove time object

Note

command returns an error code if :
no object is found.

Usage

config object time delete name=<timeobject name> [force=1]

Example

config object host delete name=daysoff
CONFIG OBJECT TIME NEW

Level

object+modify

History

Appears in 9.0.0

Description

Add a time object

Note

Without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.

Usage

config object time new name=<timeobject name> time=(""|hh:mm-hh:mm[;hh:mm-hh:mm]...) weekday=(""|dow[-dow][;dow[-dow]]...) yearday=(""|mm:dd[-mm:dd][;mm:dd[-mm:dd]]...) date=(""|yyyy:mm:dd[:hh:mm][-yyyy:mm:dd[:hh:mm]]) [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]

Example

config object time new name=work time=08:00-12:00;14:00-19:00 weekday="1;3;5-7" yearday="" date="" comment="working hours"
config object time new name=daysoff time="" weekday="" yearday="01:01;05:01;05:08;07:14;08:15;11:11;12:25" date=""

CONFIG OBJECT URLCATEGORYGROUP

CONFIG OBJECT URLCATEGORYGROUP

Level

base

History

Appears in 9.1.0

Description

Url category groups administration

Note

most of the code is shared with CONFIG.OBJECT.OBJECTGROUP

CONFIG OBJECT URLCATEGORYGROUP ADDTO

Level

object+modify

History

Appears in 9.1.0

Description

Add url group object to url group category

Note

node must be an url group
this command returns an error if:
"group" or "node" don't exist
"node" is an object already included in "group"

Usage

config object urlcategorygroup addto group=<urlcategorygroup name> node=<node to add name>

Example

CONFIG OBJECT URLCATEGORYGROUP ADDTO group=group1 node=dns
CONFIG OBJECT URLCATEGORYGROUP CHECK

Level

object

History

Appears in 9.1.0

Description

Check url group category

Usage

config object urlcategorygroup check name=<urlcategorygroupname>

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

CONFIG OBJECT URLCATEGORYGROUP CHECK name=urlcategorygroup1
[Configuration]
module=Filter slot=04 line=1
CONFIG OBJECT URLCATEGORYGROUP DELETE

Level

object+modify

History

Appears in 9.1.0

Description

Remove an url group category

Note

returns an error if no group with this name exist

Usage

config object urlcategorygroup delete name=<servicegroup name> [force=1]

Example

CONFIG OBJECT URLCATEGORYGROUP DELETE name=urlcategorygroup1
CONFIG OBJECT URLCATEGORYGROUP NEW

Level

object+modify

History

Appears in 9.1.0

Description

Create new empty url group category

Note

returns an error if an url category group with identical name exists

Usage

config object urlcategorygroup new name=<urlcategorygroupname> [comment=<urlcategorygroup comment>] [update=<0|1>]

Example

CONFIG OBJECT SERVICEGROUP NEW name=urlcategorygroup1
CONFIG OBJECT URLCATEGORYGROUP REMOVEFROM

Level

object+modify

History

Appears in 9.1.0

Description

Remove service object from url group category

Note

node must be a service
this command returns an error if :
"group" or "node" don't exist
"node" is not in "group"

Usage

config object urlcategorygroup removefrom group=<urlcategorygroupname> node=<node to remove name>

Example

CONFIG OBJECT URLCATEGORYGROUP REMOVEFROM group=urlcategorygroup1 node=dns
CONFIG OBJECT URLCATEGORYGROUP SHOW

Level

base

History

Appears in 9.1.0

Description

Show url group category

Usage

config object urlcategorygroup show name=<urlcategorygroupname> [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]

Format

section_line

Returns

[<urlcategorygroup name>]
name=<nodename>
...

Example

CONFIG OBJECT URLCATEGORYGROUP SHOW name=web
[web]
name=dns_udp
name=http
name=https

CONFIG OBJECT URLGROUP

CONFIG OBJECT URLGROUP

Level

base

History

appears on 9.0.0

Description

URL and CN groups administration

CONFIG OBJECT URLGROUP ADDTO

Level

contentfilter+modify

History

appears on 9.0.0
comment and update appear in Sicilia

Description

Add an url to an URL/CN group

Usage

config object urlgroup addto group=<groupname> type=(urlgroup|cngroup) url=<url> [comment=<comment>] [update=<0|1>]
group : group name to use for filter
type : type of urlgroup (urlgroup or cngroup)
url : url to add to urlgroup
comment : comment for the url
update : indicate if the commment should be updated

Returns

Error code

Example

CONFIG OBJECT URLGROUP ADDTO group=antivirus_bypass type=urlgroup url=*.netasq.com/*
CONFIG OBJECT URLGROUP ADDTO group=antivirus_bypass type=urlgroup url=*.netasq.com/* comment="NETASQ" update=1
CONFIG OBJECT URLGROUP ADDTO group=bank_bypass type=cngroup url=www.bank.com
CONFIG OBJECT URLGROUP CHECK

Level

base

History

appears in 9.0.0

Description

Check an URL/CN/OEM group object

Usage

config object urlgroup check name=<groupname> type=(urlgroup|cngroup|oemgroup)

Format

section_line

Returns

[Configuration]
module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)

Example

CONFIG OBJECT URLGROUP CHECK name=antivirus_bypass type=urlgroup
CONFIG OBJECT URLGROUP CHECK name=bank_bypass type=cngroup
CONFIG OBJECT URLGROUP CHECK name=ads type=oemgroup
CONFIG OBJECT URLGROUP CLASSIFY

Level

base

History

appears in 9.1

Description

Show which groups the specified URL belongs to

Usage

config object urlgroup classify url=<url_to_check>

Format

section

Returns

[groups]
<oemgroup|urlgroup>=group1
<oemgroup|urlgroup>=group2
...
<oemgroup|urlgroup>=groupN

Example

CONFIG OBJECT URLGROUP CLASSIFY url=www.netasq.com
CONFIG OBJECT URLGROUP DELETE

Level

contentfilter+modify

History

appears on 9.0.0

Description

Delete an URL/CN group

Usage

config object urlgroup delete name=<groupname> type=(urlgroup|cngroup) [force=1]

Returns

Error code

Example

CONFIG OBJECT URLGROUP DELETE name=antivirus_bypass type=urlgroup
CONFIG OBJECT URLGROUP DELETE name=bank_bypass type=cngroup
CONFIG OBJECT URLGROUP NEW

Level

contentfilter+modify

History

appears on 9.0.0

Description

Create a new empty URL/CN group

Usage

config object urlgroup new name=<groupname> type=(urlgroup|cngroup) [comment=<comment>] [update=<0|1>]

Returns

Error code

Example

CONFIG OBJECT URLGROUP NEW name=antivirus_bypass type=urlgroup
CONFIG OBJECT URLGROUP NEW name=bank_bypass type=cngroup
CONFIG OBJECT URLGROUP REMOVEFROM

Level

contentfilter+modify

History

appears on 9.0.0

Description

Delete an url from an URL/CN group

Usage

config object urlgroup removefrom group=<groupname> type=(urlgroup|cngroup) url=<url>

Returns

Error code

Example

CONFIG OBJECT URLGROUP REMOVEFROM group=antivirus_bypass type=urlgroup url=*.netasq.com/*
CONFIG OBJECT URLGROUP REMOVEFROM group=antivirus_bypass type=cngroup url=www.bank.com
CONFIG OBJECT URLGROUP SETBASE

Level

base

History

FORMAT appears in 9.0.0
modify name on 9.0.0
was CONFIG.OBJECT.URL.SETBASE
appears in 6.2.0

Description

Switch the OEM group database used by URL/SSL Filtering, or display the actual used one.

Note

contentfilter and modify levels needed to set a base

Usage

config object urlgroup setbase [base=<NONE|NETASQ|CLOUDURL>]

Format

section

Returns

Without args:
[Config]
URLFiltering=<base name>
When setting a base: Error code.

Implementation notes

URL and SSL Filtering databases are the same.

Example

CONFIG OBJECT URLGROUP SETBASE base=NETASQ
CONFIG OBJECT URLGROUP SHOW

Level

base

History

modify on 9.0.0
FORMAT appears on 9.0.0
appears in 6.0.0

Description

Show one or all custom URL/CN groups

Usage

config object urlgroup show name=<groupname> type=(urlgroup|cngroup) [start=<int> [limit=<int>] [dir=<ASC|DESC>] [refresh=<0|1>]]

Format

section_line

Returns

A list of URLs/CNs of matching custom group
[<groupname>]
<url>
<url>

Example

CONFIG OBJECT URLGROUP SHOW name=antivirus_bypass type=urlgroup
[antivirus_bypass]
*.windowsupdate.com/*
*.windowsupdate.microsoft.com/*

CONFIG OPENVPN

CONFIG OPENVPN

Level

base

History

Appears in 1.0.0

Description

Openvpn related functions

CONFIG OPENVPN ACTIVATE

Level

vpn|network+modify

History

Appears in 1.0.0

Description

Apply openvpn configuration and reload openvpn service with this new configuration

Usage

config openvpn activate [CANCEL] : changes are discarded

Returns

Error code
CONFIG OPENVPN DEFAULT

Level

vpn|network+modify

History

Appears in 1.0.0

Description

Set the default configuration (in clone file) for openvpn server

Usage

config openvpn default

Returns

Error code
CONFIG OPENVPN SHOW

Level

base

History

Appears in 1.0.0

Description

Display openvpn information

Usage

config openvpn show [[useclone=0|1]|[crypto=authAlgo|cipher|tlsCipher]]
useclone : specify if displayed configuration comes from clone file or not
crypto=authAlgo : display available Auth algorithms
crypto=cipher : display available Cipher algorithms
crypto=tlsCipher : display available TLS algorithms

Returns

[Config]
state=			: openvpn activation state
pool=			: IP addresses pool
Port=			: public listening port for the service
route=			: pushed routes on openvpn client
serverPublicAddr=	: public address to contact openvpn server
timeout=		: renegociation time of channel
serverCertificate=	: server certificate
clientCertificate=	: client certificate
cipher=		: used encrypt algorithm
tlsCipher=		: used encrypt algorithm for tls
authAlgo=		: message digest algorithm
persist=		: client IP persistency
primaryDns=		: pushed primary dns on openvpn client
secondaryDns=		: pushed secondary dns on openvpn client
domainName=		: pushed domain name on openvpn client
verbose=		: verbose activation level
verboseFile=		: used verbose file

Example

CONFIG OPENVPN SHOW 
CONFIG OPENVPN SHOW useclone=1 
CONFIG OPENVPN SHOW crypto=authAlgo
CONFIG OPENVPN UPDATE

Level

vpn|network+modify

History

Appears in 1.0.0

Description

Update OpenVPN configuration (in clone file) for openvpn server

Usage

config openvpn update [state=0|1] : openvpn server state
[pool=<network_object>] : IP pool allocated to openvpn clients
[route=<any|host|network|group_object>] : Networks pushed on openvpn clients
[timeout=<seconds>] : period of data channel renegociation
[serverCertificate=<cert_name>] : certificate of server
[clientCertificate=<cert_name>] : certificate of client
[cipher=<algo>] : specify algorithm to encrypt packets
[tlsCipher=<algo>] : specify algorithm to encrypt packets for tls
[authAlgo=<algo>] : specify algorithm for message digest
[persistIp=0|1] : client IP address persistency
[serverPublicAddr=<ip> or <hostname>] : public address to contact openvpn server
[port=<port>] : public listening port for the service
[primaryDns=<host_object>] : pushed primary dns on openvpn client
[secondaryDns=<host_object>] : pushed secondary dns on openvpn client
[domainName=<domain name>] : pushed domain name on openvpn client

Returns

Error code

CONFIG PPTP

CONFIG PPTP

Level

base

Description

PPTP server configuration

CONFIG PPTP ACTIVATE

Level

vpn+modify

History

CANCEL/NEXTBOOT Appears in 9.0.0
level changes from other,modify to vpn,modify in 9.0.0

Description

Reload PPTP server with lastest configuration or cancel modifications

Note

check licence PPTP flag before activate

Usage

config pptp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Implementation notes

Execute endialup

Example

CONFIG PPTP ACTIVATE
CONFIG PPTP ACTIVATE cancel
CONFIG PPTP ADVANCED

Level

vpn+modify

History

level changes from other,modify to vpn,modify in 9.0.0
ReloadFilteringPolicy appears in 9.1.0

Description

Advanced parameters configuration

Note

DNS and NBDNS should be empty

Usage

config pptp advanced [DNS=<ip address>] [NBDNS=<ip address>] [ReloadFilteringPolicy=0|1]

Returns

Error code

Example

CONFIG PPTP ADVANCED dns=dns_1
CONFIG PPTP ADVANCED dns= ReloadFilteringPolicy=1
CONFIG PPTP METHOD

Level

vpn+modify

History

level changes from other,modify to vpn,modify in 9.0.0

Description

Specify authorized encryption methods

Note

check licence VPN flag for MPPE 128 bits encryption

Usage

config pptp method allowed=none|[mppe40],[mppe56],[mppe128],[mppesl]

Returns

Error code

Implementation notes

if none set cryptorequired=0, else set cryptorequired=1 AND MPPE choosed keysize flags

Example

CONFIG PPTP METHOD allowed=mppe40,mppe128
CONFIG PPTP POOL

Level

vpn+modify

History

level changes from other,modify to vpn,modify in 9.0.0

Description

Specify Ip address pool used in client IP allocation

Note

You must set an IP address pool to activate PPTP server

Usage

config pptp pool <hostgroupname>

Returns

Error code

Implementation notes

Pool can be an host, a range, an host/range group name

Example

CONFIG PPTP POOL pptp_add
CONFIG PPTP SHOW

Level

vpn_read

History

level changes from base to vpn_read in 9.0.0

Description

Show PPTP server config

Usage

config pptp show

Returns

[Global]
State=0|1		: PPTP server state
Pool=<hostgroup>	: Host group name
CryptoRequired=0|1	: Accept only request with encryption
MPPE40=0|1		: Accept MPPE 40 bits proposition
MPPE56=0|1		: Accept MPPE 56 bits proposition
MPPE128=0|1		: Accept MPPE 128 bits proposition
MPPESL=0|1		: Accept MPPE stateless proposition
DNS=<ip address>	: DNS IP address sent to the client
NBDNS=<ip address>	: WINS IP address sent to the client
ReloadFilteringPolicy=0|1: reload policy when a client connects or disconnects

Example

CONFIG PPTP SHOW
[Global]
Pool=pptp_add
State=1
CryptoRequired=1
MPPE40=0
MPPE56=0
MPPE128=1
MPPESL=1
DNS=
NBDNS=
ReloadFilteringPolicy=0
CONFIG PPTP STATE

Level

vpn_read

History

level changes from base to vpn_read in 9.0.0

Description

Get/set the status of the PPTP server

Note

check licence PPTP flag before activate
Vpn level needed to update state value

Usage

config pptp state [On|Off]

Returns

The state of the server

Implementation notes

Change ConfigFiles/pptpserver state boolean value

Example

CONFIG PPTP STATE on
CONFIG PPTP STATE off
CONFIG PPTP USER

Level

base

History

Appears in 9.0.0

Description

PPTP user configuration

Usage

config pptp user

CONFIG PPTP USER ACTIVATE

Level

vpn+modify

History

Appears in 9.0.0

Description

Reload PPTP users with lastest configuration or cancel modifications

Note

check licence PPTP flag before activate

Usage

config pptp user activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Implementation notes

Execute endialup

Example

CONFIG PPTP USERS ACTIVATECONFIG PPTP USERS ACTIVATE cancel
CONFIG PPTP USER ADD

Level

vpn+modify

History

Appears in 9.0.0

Description

Allow a user to connect pptp

Usage

config pptp user add user=<username> password=<password>

CONFIG PPTP USER LIST

Level

vpn_read

History

Appears in 9.0.0

Description

List PPTP users how have access to PPTP

Usage

config pptp user list

CONFIG PPTP USER REMOVE

Level

vpn+modify

History

Appears in 9.0.0

Description

Denied a user to connect PPTP

Usage

config pptp user remove <username>

CONFIG PROTOCOL

CONFIG PROTOCOL

Level

base|asq

History

Appears in 9.0.0

Description

Commands to configure protocol profiles

CONFIG PROTOCOL ACTIVATE

Level

asq+modify

History

Appears in 9.0.0

Description

Activate the protocol's configuration

Usage

config protocol activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code

Example

CONFIG PROTOCOL <protocol name> ACTIVATE

CONFIG PROTOCOL COMMON

CONFIG PROTOCOL COMMON

Level

base|asq

History

Appears in 9.0.0

Description

Protocol's common settings

CONFIG PROTOCOL COMMON CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

Set protocol's common settings

Usage

config protocol common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]

Returns

Error code
CONFIG PROTOCOL COMMON DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset protocol's common settings to default

Usage

config protocol common default

Returns

Error code
CONFIG PROTOCOL COMMON SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show protocol's common settings

Usage

config protocol common show

Returns

Error code

CONFIG PROTOCOL DNS

CONFIG PROTOCOL DNS

Level

base|asq

History

Appears in 9.0.0

Description

Command for DNS protocol

CONFIG PROTOCOL DNS ACTIVATE

Level

asq+modify

History

Appears in 9.0.0

Description

Activate configuration for DNS protocol

Usage

config protocol dns activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code
CONFIG PROTOCOL DNS COMMON
CONFIG PROTOCOL DNS COMMON

Level

base|asq

History

Appears in 9.0.0

Description

Common command for DNS protocol

CONFIG PROTOCOL DNS COMMON CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

Set DNS protocol's common setting

Usage

config protocol dns common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]

Returns

Error code
CONFIG PROTOCOL DNS COMMON DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for DNS protocol

Usage

config protocol dns common default

Returns

Error code
CONFIG PROTOCOL DNS COMMON SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for DNS protocol

Usage

config protocol dns common show index=<profile_idx>

Returns

[Common]
Defaultport=service
SSLDefaultPort=sslservice

[IPS]
...
CONFIG PROTOCOL DNS PROFILE
CONFIG PROTOCOL DNS PROFILE

Level

base|asq

History

Appears in 9.0.0

Description

Profile setting for DNS protocol

CONFIG PROTOCOL DNS PROFILE ALARM
CONFIG PROTOCOL DNS PROFILE ALARM

Level

base|asq

History

Appears in 9.0.0

Description

Common commands for DNS

CONFIG PROTOCOL DNS PROFILE ALARM DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for DNS protocol

Usage

config protocol dns profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]

Returns

Error code
CONFIG PROTOCOL DNS PROFILE ALARM SHOW

Level

base|asq

History

Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0

Description

Show profile's settings for DNS protocol

Usage

config protocol dns profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]

Returns

context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
CONFIG PROTOCOL DNS PROFILE ALARM UPDATE

Level

asq+modify

History

Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0

Description

Configure ASQ alarm for DNS protocol (IPS alarm)

Usage

config protocol dns profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]

Returns

Error code
CONFIG PROTOCOL DNS PROFILE COPY

Level

asq+modify

History

Appears in 9.0.0

Description

Copy DNS protocol profile

Usage

config protocol dns profile copy index=<profile_idx> to=<0..9>

Returns

Error code
CONFIG PROTOCOL DNS PROFILE DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for DNS protocol

Usage

config protocol dns profile default index=<profile_idx>

Returns

Error code
CONFIG PROTOCOL DNS PROFILE IPS
CONFIG PROTOCOL DNS PROFILE IPS

Level

base|asq

History

Appears in 9.0.0

Description

IPS commands for DNS

CONFIG PROTOCOL DNS PROFILE IPS CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

IPS settings for DNS protocol

Usage

config protocol dns profile ips config index=<profile_idx> [InternalDomain=<string>] [NameBuffer=<10..2048>] [Probe=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]

Returns

Error code
CONFIG PROTOCOL DNS PROFILE LIST

Level

base|asq

History

Appears in 9.0.0

Description

List all profiles or a specific profile for DNS protocol

Usage

config protocol dns profile list [index=<profile_idx>]

Returns

[00]
name="default"
lastmod="2011-02-23 10:47:45"
...
CONFIG PROTOCOL DNS PROFILE SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for DNS protocol

Usage

config protocol dns profile show index=<profile_idx>

Returns

[Common]

[IPS]
State=1
Log=1
Probe=1
...
CONFIG PROTOCOL DNS PROFILE UPDATE

Level

asq+modify

History

Appears in 9.0.0

Description

Update profile's informations for DNS protocol

Usage

config protocol dns profile update index=<profile_idx> [name=<string>] [comment=<string>]

Returns

Error code

CONFIG PROTOCOL EDONKEY

CONFIG PROTOCOL EDONKEY

Level

base|asq

History

Appears in 9.0.0

Description

Command for EDONKEY protocol

CONFIG PROTOCOL EDONKEY ACTIVATE

Level

asq+modify

History

Appears in 9.0.0

Description

Activate configuration for EDONKEY protocol

Usage

config protocol edonkey activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code
CONFIG PROTOCOL EDONKEY COMMON
CONFIG PROTOCOL EDONKEY COMMON

Level

base|asq

History

Appears in 9.0.0

Description

Common command for EDONKEY protocol

CONFIG PROTOCOL EDONKEY COMMON CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

Set EDONKEY protocol's common setting

Usage

config protocol edonkey common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]

Returns

Error code
CONFIG PROTOCOL EDONKEY COMMON DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for EDONKEY protocol

Usage

config protocol edonkey common default

Returns

Error code
CONFIG PROTOCOL EDONKEY COMMON SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for EDONKEY protocol

Usage

config protocol edonkey common show index=<profile_idx>

Returns

[Common]
Defaultport=service
SSLDefaultPort=sslservice

[IPS]
...
CONFIG PROTOCOL EDONKEY PROFILE
CONFIG PROTOCOL EDONKEY PROFILE

Level

base|asq

History

Appears in 9.0.0

Description

Profile setting for EDONKEY protocol

CONFIG PROTOCOL EDONKEY PROFILE ALARM
CONFIG PROTOCOL EDONKEY PROFILE ALARM

Level

base|asq

History

Appears in 9.0.0

Description

Common commands for EDONKEY

CONFIG PROTOCOL EDONKEY PROFILE ALARM DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for EDONKEY protocol

Usage

config protocol edonkey profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]

Returns

Error code
CONFIG PROTOCOL EDONKEY PROFILE ALARM SHOW

Level

base|asq

History

Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0

Description

Show profile's settings for EDONKEY protocol

Usage

config protocol edonkey profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]

Returns

context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
CONFIG PROTOCOL EDONKEY PROFILE ALARM UPDATE

Level

asq+modify

History

Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0

Description

Configure ASQ alarm for EDONKEY protocol (IPS alarm)

Usage

config protocol edonkey profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]

Returns

Error code
CONFIG PROTOCOL EDONKEY PROFILE COPY

Level

asq+modify

History

Appears in 9.0.0

Description

Copy EDONKEY protocol profile

Usage

config protocol edonkey profile copy index=<profile_idx> to=<0..9>

Returns

Error code
CONFIG PROTOCOL EDONKEY PROFILE DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for EDONKEY protocol

Usage

config protocol edonkey profile default index=<profile_idx>

Returns

Error code
CONFIG PROTOCOL EDONKEY PROFILE IPS
CONFIG PROTOCOL EDONKEY PROFILE IPS

Level

base|asq

History

Appears in 9.0.0

Description

IPS commands for EDONKEY

CONFIG PROTOCOL EDONKEY PROFILE IPS CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

IPS settings for EDONKEY protocol

Usage

config protocol edonkey profile ips config index=<profile_idx> [AllowTCPUrg=On|Off] [Log=On|Off] [Probe=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]

Returns

Error code
CONFIG PROTOCOL EDONKEY PROFILE LIST

Level

base|asq

History

Appears in 9.0.0

Description

List all profiles or a specific profile for EDONKEY protocol

Usage

config protocol edonkey profile list [index=<profile_idx>]

Returns

[00]
name="default"
lastmod="2011-02-23 10:47:45"
...
CONFIG PROTOCOL EDONKEY PROFILE SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for EDONKEY protocol

Usage

config protocol edonkey profile show index=<profile_idx>

Returns

[Common]

[IPS]
State=1
Log=1
Probe=1
...
CONFIG PROTOCOL EDONKEY PROFILE UPDATE

Level

asq+modify

History

Appears in 9.0.0

Description

Update profile's informations for EDONKEY protocol

Usage

config protocol edonkey profile update index=<profile_idx> [name=<string>] [comment=<string>]

Returns

Error code

CONFIG PROTOCOL FTP

CONFIG PROTOCOL FTP

Level

base|asq

History

Appears in 9.0.0

Description

Command for FTP protocol

CONFIG PROTOCOL FTP ACTIVATE

Level

asq+modify

History

Appears in 9.0.0

Description

Activate configuration for FTP protocol

Usage

config protocol ftp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code
CONFIG PROTOCOL FTP COMMON
CONFIG PROTOCOL FTP COMMON

Level

base|asq

History

Appears in 9.0.0

Description

Common command for FTP protocol

CONFIG PROTOCOL FTP COMMON CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

Set FTP protocol's common setting

Usage

config protocol ftp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]

Returns

Error code
CONFIG PROTOCOL FTP COMMON DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for FTP protocol

Usage

config protocol ftp common default

Returns

Error code
CONFIG PROTOCOL FTP COMMON PROXY
CONFIG PROTOCOL FTP COMMON PROXY

Level

base|asq

History

Appears in 9.0.4

Description

FTP common proxy configuration

CONFIG PROTOCOL FTP COMMON PROXY CONFIG

Level

asq+modify

History

Appears in 9.0.4

Description

Common parameters configuration

Usage

config protocol ftp common proxy config ApplyNat=<0|1>
ApplyNat : Allow outbound connections from proxies to match any NAT rule instead of just dst-only

Returns

Error code

Example

CONFIG PROTOCOL FTP COMMON PROXY CONFIG ApplyNat=0
CONFIG PROTOCOL FTP COMMON SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for FTP protocol

Usage

config protocol ftp common show index=<profile_idx>

Returns

[Common]
Defaultport=service
SSLDefaultPort=sslservice

[IPS]
...
CONFIG PROTOCOL FTP PROFILE
CONFIG PROTOCOL FTP PROFILE

Level

base|asq

History

Appears in 9.0.0

Description

Profile setting for FTP protocol

CONFIG PROTOCOL FTP PROFILE ALARM
CONFIG PROTOCOL FTP PROFILE ALARM

Level

base|asq

History

Appears in 9.0.0

Description

Common commands for FTP

CONFIG PROTOCOL FTP PROFILE ALARM DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for FTP protocol

Usage

config protocol ftp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]

Returns

Error code
CONFIG PROTOCOL FTP PROFILE ALARM SHOW

Level

base|asq

History

Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0

Description

Show profile's settings for FTP protocol

Usage

config protocol ftp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]

Returns

context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
CONFIG PROTOCOL FTP PROFILE ALARM UPDATE

Level

asq+modify

History

Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0

Description

Configure ASQ alarm for FTP protocol (IPS alarm)

Usage

config protocol ftp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]

Returns

Error code
CONFIG PROTOCOL FTP PROFILE COPY

Level

asq+modify

History

Appears in 9.0.0

Description

Copy FTP protocol profile

Usage

config protocol ftp profile copy index=<profile_idx> to=<0..9>

Returns

Error code
CONFIG PROTOCOL FTP PROFILE DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for FTP protocol

Usage

config protocol ftp profile default index=<profile_idx>

Returns

Error code
CONFIG PROTOCOL FTP PROFILE IPS
CONFIG PROTOCOL FTP PROFILE IPS

Level

base|asq

History

Appears in 9.0.0

Description

IPS commands for FTP

CONFIG PROTOCOL FTP PROFILE IPS CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

IPS settings for FTP protocol

Usage

config protocol ftp profile ips config index=<profile_idx> [AllowOp=<string>] [AllowTCPUrg=On|Off] [AuthSSL=On|Off] [DenyOp=<string>] [LineBuffer=<10..2048>] [Log=On|Off] [NoAuth=On|Off] [PassBuffer=<10..2048>] [PathBuffer=<10..2048>] [Probe=On|Off] [RFC775=On|Off] [SiteBuffer=<10..2048>] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>] [UserBuffer=<10..2048>]

Returns

Error code
CONFIG PROTOCOL FTP PROFILE LIST

Level

base|asq

History

Appears in 9.0.0

Description

List all profiles or a specific profile for FTP protocol

Usage

config protocol ftp profile list [index=<profile_idx>]

Returns

[00]
name="default"
lastmod="2011-02-23 10:47:45"
...
CONFIG PROTOCOL FTP PROFILE PROXY
CONFIG PROTOCOL FTP PROFILE PROXY

Level

base

History

Appears in 9.0.0

Description

Commands to configure ftp profile settings

CONFIG PROTOCOL FTP PROFILE PROXY ANTIVIRUS

Level

asq+modify

History

Appears in 9.0.0

Description

Configure the antivirus part of the ftp profile

Usage

config protocol ftp profile proxy antivirus index=<profile index> [OnInfectedPolicy=<pass|block>] [OnFailedPolicy=<pass|block>] [ftpAvMode=<upload|download|both>]

Returns

Error code

Example

CONFIG PROTOCOL FTP PROFILE PROXY ANTIVIRUS index=1 OnInfectedPolicy=pass OnFailedPolicy=pass ftpAvMode=both
CONFIG PROTOCOL FTP PROFILE PROXY CMD

Level

asq+modify

History

Appears in 9.0.0

Description

Configure the authorized cmd of the ftp profile

Usage

config protocol ftp profile proxy cmd index=<profile index> <ABOR|ACCT|ADAT|ALLO|APPE|AUTH|CCC|CDUP|CONF|CWD|DELE|ENC|EPRT|EPSV|FEAT|HELP|LIST|MDTM|MIC|MKD|MLSD|MLST|MODE|NLST|NOOP|OPTS|PASS|PASV|PBSZ|PORT|PROT|PWD|QUIT|REIN|REST|RETR|RMD|RNFR|RNTO|SITE|SIZE|SMNT|STAT|STOR|STOU|STRU|SYST|TYPE|USER|XCUP|XCWD|XMKD|XPWD|XRMD>=<block|pass|filter>

Returns

Error code

Example

CONFIG PROTOCOL FTP PROFILE PROXY CMD index=1 ABOR=filter ACCT=block ADAT=pass
CONFIG PROTOCOL FTP PROFILE PROXY CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

Configure the ftp profile

Usage

config protocol ftp profile proxy config index=<profile index> [BindAddr=<binding ip addr>] [WelcomeMsgFiltering=on|off] [ClientMode=any|active|passive] [ServerMode=any|active|passive] [BounceCheck=on|off] [FullTransparent=on|off]

Returns

Error code

Example

CONFIG PROTOCOL FTP PROFILE PROXY CONFIG index=1 BindAddr=MyObject WelcomeMsgFiltering=off
ClientMode=any ServerMode=any BounceCheck=on=on
CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD
CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD

Level

base|asq

History

Appears in 9.0.0

Description

Commands to configure extracmd profile settings

CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD ADD

Level

asq+modify

History

Appears in 9.0.0

Description

Add additional authorized cmd of the ftp profile

Usage

config protocol ftp profile proxy extracmd add index=<profile index> <commandname>

Returns

Error code

Example

CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD ADD index=1 NEWCOMMAND
CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD LIST

Level

base|asq

History

Appears in 9.0.0

Description

List additional authorized cmd of the ftp profile

Usage

config protocol ftp profile proxy extracmd list index=<profile index>

Format

list

Returns

List of all authorized cmds

Example

CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD LIST index=1
CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD REMOVE

Level

asq+modify

History

Appears in 9.0.0

Description

Remove additional authorized cmd of the ftp profile

Usage

config protocol ftp profile proxy extracmd remove index=<profile index> <commandname>

Returns

Error code

Example

CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD REMOVE index=1 NEWCOMMAND
CONFIG PROTOCOL FTP PROFILE PROXY POSTPROC

Level

asq+modify

History

Appears in 9.0.0

Description

Configure post processing of the ftp profile

Usage

config protocol ftp profile proxy postproc index=<profile index> [policy=<block|pass>] [size=<MaxDataSize in Ko>] [keepalive=<nb of seconds>]

Returns

Error code

Example

CONFIG PROTOCOL FTP PROFILE PROXY POSTPROC index=1 policy=pass size=4000 keepalive=20
CONFIG PROTOCOL FTP PROFILE SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for FTP protocol

Usage

config protocol ftp profile show index=<profile_idx>

Returns

[Common]

[IPS]
State=1
Log=1
Probe=1
...
CONFIG PROTOCOL FTP PROFILE UPDATE

Level

asq+modify

History

Appears in 9.0.0

Description

Update profile's informations for FTP protocol

Usage

config protocol ftp profile update index=<profile_idx> [name=<string>] [comment=<string>]

Returns

Error code

CONFIG PROTOCOL H323

CONFIG PROTOCOL H323

Level

base|asq

History

Appears in 9.0.0

Description

Command for H323 protocol

CONFIG PROTOCOL H323 ACTIVATE

Level

asq+modify

History

Appears in 9.0.0

Description

Activate configuration for H323 protocol

Usage

config protocol h323 activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code
CONFIG PROTOCOL H323 COMMON
CONFIG PROTOCOL H323 COMMON

Level

base|asq

History

Appears in 9.0.0

Description

Common command for H323 protocol

CONFIG PROTOCOL H323 COMMON CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

Set H323 protocol's common setting

Usage

config protocol h323 common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]

Returns

Error code
CONFIG PROTOCOL H323 COMMON DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for H323 protocol

Usage

config protocol h323 common default

Returns

Error code
CONFIG PROTOCOL H323 COMMON SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for H323 protocol

Usage

config protocol h323 common show index=<profile_idx>

Returns

[Common]
Defaultport=service
SSLDefaultPort=sslservice

[IPS]
...
CONFIG PROTOCOL H323 PROFILE
CONFIG PROTOCOL H323 PROFILE

Level

base|asq

History

Appears in 9.0.0

Description

Profile setting for H323 protocol

CONFIG PROTOCOL H323 PROFILE ALARM
CONFIG PROTOCOL H323 PROFILE ALARM

Level

base|asq

History

Appears in 9.0.0

Description

Common commands for H323

CONFIG PROTOCOL H323 PROFILE ALARM DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for H323 protocol

Usage

config protocol h323 profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]

Returns

Error code
CONFIG PROTOCOL H323 PROFILE ALARM SHOW

Level

base|asq

History

Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0

Description

Show profile's settings for H323 protocol

Usage

config protocol h323 profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]

Returns

context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
CONFIG PROTOCOL H323 PROFILE ALARM UPDATE

Level

asq+modify

History

Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0

Description

Configure ASQ alarm for H323 protocol (IPS alarm)

Usage

config protocol h323 profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]

Returns

Error code
CONFIG PROTOCOL H323 PROFILE COPY

Level

asq+modify

History

Appears in 9.0.0

Description

Copy H323 protocol profile

Usage

config protocol h323 profile copy index=<profile_idx> to=<0..9>

Returns

Error code
CONFIG PROTOCOL H323 PROFILE DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for H323 protocol

Usage

config protocol h323 profile default index=<profile_idx>

Returns

Error code
CONFIG PROTOCOL H323 PROFILE IPS
CONFIG PROTOCOL H323 PROFILE IPS

Level

base|asq

History

Appears in 9.0.0

Description

IPS commands for H323

CONFIG PROTOCOL H323 PROFILE IPS CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

IPS settings for H323 protocol

Usage

config protocol h323 profile ips config index=<profile_idx> [AllowTCPUrg=On|Off] [Probe=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]

Returns

Error code
CONFIG PROTOCOL H323 PROFILE LIST

Level

base|asq

History

Appears in 9.0.0

Description

List all profiles or a specific profile for H323 protocol

Usage

config protocol h323 profile list [index=<profile_idx>]

Returns

[00]
name="default"
lastmod="2011-02-23 10:47:45"
...
CONFIG PROTOCOL H323 PROFILE SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for H323 protocol

Usage

config protocol h323 profile show index=<profile_idx>

Returns

[Common]

[IPS]
State=1
Log=1
Probe=1
...
CONFIG PROTOCOL H323 PROFILE UPDATE

Level

asq+modify

History

Appears in 9.0.0

Description

Update profile's informations for H323 protocol

Usage

config protocol h323 profile update index=<profile_idx> [name=<string>] [comment=<string>]

Returns

Error code

CONFIG PROTOCOL HTTP

CONFIG PROTOCOL HTTP

Level

base|asq

History

Appears in 9.0.0

Description

Commands for HTTP protocol

CONFIG PROTOCOL HTTP ACTIVATE

Level

asq+modify

History

Appears in 9.0.0

Description

Activate configuration for HTTP protocol

Usage

config protocol http activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

CONFIG PROTOCOL HTTP COMMON
CONFIG PROTOCOL HTTP COMMON

Level

base|asq

History

Appears in 9.0.0

Description

Common commands for HTTP protocol

CONFIG PROTOCOL HTTP COMMON CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

Set HTTP protocol's common settings

Usage

config protocol http common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]

CONFIG PROTOCOL HTTP COMMON DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset common settings to default for HTTP protocol

Usage

config protocol http common default

CONFIG PROTOCOL HTTP COMMON PROXY
CONFIG PROTOCOL HTTP COMMON PROXY

Level

base|asq

History

Appears in 9.0.4

Description

HTTP common proxy configuration

CONFIG PROTOCOL HTTP COMMON PROXY CONFIG

Level

asq+modify

History

Appears in 9.0.4

Description

Common parameters configuration

Usage

config protocol http common proxy config ApplyNat=<0|1>
ApplyNat : Allow outbound connections from proxies to match any NAT rule instead of just dst-only

Returns

Error code

Example

CONFIG PROTOCOL HTTP COMMON PROXY CONFIG ApplyNat=0
CONFIG PROTOCOL HTTP COMMON SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show common settings for HTTP protocol

Usage

config protocol http common show

CONFIG PROTOCOL HTTP PROFILE
CONFIG PROTOCOL HTTP PROFILE

Level

base|asq

History

Appears in 9.0.0

Description

Profile settings for HTTP protocol

CONFIG PROTOCOL HTTP PROFILE ALARM
CONFIG PROTOCOL HTTP PROFILE ALARM

Level

base|asq

History

Appears in 9.0.0

Description

Alarm commands for HTTP protocol

CONFIG PROTOCOL HTTP PROFILE ALARM DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset to a default template alarms for HTTP protocol

Note

if reset=0 or not specified, the command will not reset alarms already user defined

Usage

config protocol http profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]

Returns

Error code
CONFIG PROTOCOL HTTP PROFILE ALARM SHOW

Level

base|asq

History

Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0

Description

Dump the alarm configuration for HTTP protocol

Usage

config protocol http profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]

Format

section_line

Returns

context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]

Example

config protocol http profile alarm show index=1
[Alarm]
context=http:url:decoded id=48 action=block level=major dump=0 new=1 origin=profile_template msg="Windows : cmd.exe use or access attempt" modify=1 sensible=0 category="" comment=""
context=protocol id=53 action=block level=major dump=0 new=0 origin=profile_template msg="Invalid HTTP protocol" modify=1 sensible=1 category="" comment=""
context=http:client id=49 action=block level=major dump=0 new=1 origin=profile_template msg="Malware : PonyDOS botnet detected" modify=1 sensible=0 category="" comment=""
CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE

Level

asq+modify

History

Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0

Description

Configure ASQ alarm for HTTP protocol (IPS alarm)

Usage

config protocol http profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]

Format

section_line

Returns

Error code

Example

CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=0 context=http:css:raw id=8 action=block level=minor
CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=0 context=protocol id=249 dump=1
CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=1 context=http:client:header id=10 email=off
CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=1 context=http:client:header id=11 email=on emailduration=20 emailcount=10
CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=1 context=http:client:header id=12 blacklist=on blduration=20
CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=1 context=http:url:raw id=13 level=minor email=off blacklist=on blduration=20
CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=1 context=http:url:raw id=14 email=on emailduration=20 emailcount=10 blacklist=on blduration=20
CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=1 context=http:url:raw id=15 action=pass comment="mycomment"
CONFIG PROTOCOL HTTP PROFILE COPY

Level

asq+modify

History

Appears in 9.0.0

Description

Copy http protocol profile

Usage

config protocol http profile copy index=<profile_idx> to=<0..9>

CONFIG PROTOCOL HTTP PROFILE DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for HTTP protocol

Usage

config protocol http profile default index=<profile_idx>

CONFIG PROTOCOL HTTP PROFILE IPS
CONFIG PROTOCOL HTTP PROFILE IPS

Level

base|asq

History

Appears in 9.0.0

Description

IPS for HTTP protocol

CONFIG PROTOCOL HTTP PROFILE IPS CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

IPS settings for HTTP protocol

Usage

config protocol http profile ips config index=<profile_idx> [State=On|Off] [Log=On|Off] [Probe=On|Off] [AllowTCPUrg=On|Off] [TemplateAlarm=<low|medium|high|internet>] [Allow8bit=<string>] [AllowOp=<string>] [DenyOp=<string>] [HTMLAttrValueBuffer=<128..65536>] [ArgumentBuffer=<128..4096>] [ArgumentCount=<128..512>] [AuthorizationBuffer=<128..4096>] [AuthorizationBearerBuffer=<128..4096>] [AuthorizationNegotiateBuffer=<128..4096>] [BodyBuffer=<128..4096>] [ContentTypeBuffer=<128..4096>] [CookieBuffer=<128..65535>] [HTMLCleaning=On|Off] [HTMLContext=On|Off] [HTMLDebug=On|Off] [HostBuffer=<128..4096>] [JavascriptContext=On|Off] [MaxClientHeader=<16..512>] [MaxServerHeader=<16..512>] [QueryBuffer=<128..4096>] [RequestTimeout=<1..600>] [Shoutcast=On|Off] [UAForce10=<string>] [UrlBuffer=<128..4096>] [WebDAV=On|Off] [MaxRanges=<0..1024>]

CONFIG PROTOCOL HTTP PROFILE LIST

Level

base|asq

History

Appears in 9.0.0

Description

List all profiles or a specific profile for HTTP protocol

Usage

config protocol http profile list [index=<profile_idx>]

CONFIG PROTOCOL HTTP PROFILE PROXY
CONFIG PROTOCOL HTTP PROFILE PROXY

Level

base|asq

History

Appears in 9.0.0

Description

Commands to configure proxy settings for HTTP protocol

CONFIG PROTOCOL HTTP PROFILE PROXY ANTIVIRUS

Level

asq+modify

History

Appears in 9.0.0

Description

Configure the antivirus part of the http profile

Usage

config protocol http profile proxy antivirus index=<profile index> [OnInfectedPolicy=<pass|block>] [OnFailedPolicy=<pass|block>]

Returns

Error code

Example

CONFIG PROTOCOL HTTP PROFILE PROXY ANTIVIRUS index=1 OnInfectedPolicy=pass OnFailedPolicy=pass
CONFIG PROTOCOL HTTP PROFILE PROXY CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

Configure the http profile

Usage

config protocol http profile proxy config index=<profile index>
[BindAddr=<binding ip addr>]
[CheckEncoding=<on|off>]
[Connect=<on|off>]
[ConnectPort=<service>]
[KeepAlive=<on|off>]
[MaxDataSize=<maximum download data size (0=unlimited)>]
[PartialDownload=<block|filter|pass>]
[ProxyAuth=<on|off>]
[WebDAV=<on|off>]
[EncodingFilter=<on|off>]
[TimeoutConnectSrv=<int>]
[FullTransparent=on|off]
[Proxy407=on|off]
[BypassAuthOnConnect=on|off]

Returns

Error code

Example

CONFIG PROTOCOL HTTP PROFILE PROXY CONFIG index=1 BindAddr=addr CheckEncoding=on Connect=off
ConnectPort=port KeepAlive=off MaxDataSize=0 PartialDownload=off
ProxyAuth=on WebDAV=off EncodingFilter=on TimeoutConnectSrv=20 
Proxy407=off BypassAuthOnConnect=off
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE

Level

base|asq

History

Appears in 9.0.0

Description

Commands for protocol HTTP ICAPEXCLUDE

CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE ADD

Level

asq+modify

Description

Add a host/range/network in the exclude list

Usage

config protocol http profile proxy icapexclude add index=<profile index> host=<host|range|network>

Returns

Error code

Example

CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE ADD index=0 host=hostname
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE LIST

Level

base|asq

History

Appears in 9.0.0

Description

dump the icap exclude list

Usage

config protocol http profile proxy icapexclude list index=<profile index>

Returns

The list

Example

CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE LIST index=0
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE REMOVE

Level

asq+modify

History

Appears in 9.0.0

Description

Remove a host/range/network from the exclude list

Usage

config protocol http profile proxy icapexclude remove index=<profile index> host=<host|range|network>

Returns

Error code

Example

CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE REMOVE index=0 host=hostname
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPREQMOD

Level

asq+modify

History

Appears in 9.0.0

Description

Configure icap reqmod service

Usage

config protocol http profile proxy icapreqmod index=<profile index> state=<on|off> host=<hostname|hostgroup> port=<reqmod port service> [loadbalancing=<roundrobin|random|srchash>] service=<string> LdapAuth=<on|off> IPAuth=<on|off> [HttpPost=<on|off>]

Returns

Error code

Example

CONFIG PROTOCOL HTTP PROFILE PROXY ICAPREQMOD index=0 state=on host=hostname port=icap
loadbalancing=roundrobin service=string LdapAuth=off IPAuth=off HttpPost=on
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPRESPMOD

Level

asq+modify

History

Appears in 9.0.0

Description

Configure icap respmod service

Usage

config protocol http profile proxy icaprespmod index=<profile index> state=<on|off> host=<hostname|hostgroup> port=<respmod port service> [loadbalancing=<roundrobin|random|srchash>] service=<string> LdapAuth=<on|off> IPAuth=<on|off>

Returns

Error code

Example

CONFIG PROTOCOL HTTP PROFILE PROXY ICAPRESPMOD index=0 state=on host=hostname port=icap
loadbalancing=roundrobin service=string LdapAuth=off IPAuth=off
CONFIG PROTOCOL HTTP PROFILE PROXY MIME
CONFIG PROTOCOL HTTP PROFILE PROXY MIME

Level

base|asq

History

Appears in 9.0.0

Description

Commands for protocol HTTP MIME

CONFIG PROTOCOL HTTP PROFILE PROXY MIME INSERT

Level

asq+modify

History

Appears in 9.0.0

Description

add a mime in the mime list

Usage

config protocol http profile proxy mime insert index=<profile index> [ruleid=<nb>] [state=on|off] [action=pass|block|checkvirus] [mime=<string>] [comment=<string>]

Returns

Error code

Example

CONFIG PROTOCOL HTTP PROFILE PROXY MIME INSERT index=0 ruleid=1 state=on action=checkvirus mime="text/plain"
CONFIG PROTOCOL HTTP PROFILE PROXY MIME MOVE

Level

asq+modify

History

Appears in 9.0.0

Description

move a mime in the mime list

Usage

config protocol http profile proxy mime move index=<profile index> ruleid=<nb> to=<nb>

Returns

Error code

Example

CONFIG PROTOCOL HTTP PROFILE PROXY MIME MOVE index=0 rule=1 to=5
CONFIG PROTOCOL HTTP PROFILE PROXY MIME REMOVE

Level

asq+modify

History

Appears in 9.0.0

Description

remove mime rules in the mime list

Usage

config protocol http profile proxy mime remove index=<profile index> ruleid=(<nb>|all)

Returns

Error code

Example

CONFIG PROTOCOL HTTP PROFILE PROXY MIME REMOVE index=0 rule=1
CONFIG PROTOCOL HTTP PROFILE PROXY MIME SHOW

Level

base|asq

History

Appears in 9.0.0

Description

dump the mime list

Usage

config protocol http profile proxy mime show index=<profile index>

Format

section_line

Returns

the list in the format : rule=nb state=on|off action=pass|block|checkvirus mime=<string>

Example

CONFIG PROTOCOL HTTP PROFILE PROXY MIME SHOW index=0
CONFIG PROTOCOL HTTP PROFILE PROXY MIME UPDATE

Level

asq+modify

History

Appears in 9.0.0

Description

update a mime in the mime list

Usage

config protocol http profile proxy mime update index=<profile index> ruleid=<nb> [state=on|off] [action=pass|block|checkvirus] [mime=<string>] [comment=<string>]

Returns

Error code

Example

CONFIG PROTOCOL HTTP PROFILE PROXY MIME UPDATE index=0 rule=1 state=on action=checkvirus mime="text/plain"
CONFIG PROTOCOL HTTP PROFILE PROXY POSTPROC

Level

asq+modify

History

Appears in 9.0.0

Description

Configure post processing limit, policy and bypass

Usage

config protocol http profile proxy postproc index=<profile index> [policy=<block|pass>] [size=<MaxDataSize in Ko>] [keepalive=<nb of seconds>] [bypass=<urlgroup name>]

Returns

Error code

Example

CONFIG PROTOCOL HTTP PROFILE PROXY POSTPROC index=1 policy=pass size=4000 keepalive=20 bypass=antivirus_bypass
CONFIG PROTOCOL HTTP PROFILE PROXY URLFILTERING

Level

asq+modify

History

Appears in 9.1.0
AllowIP appears in 1.0.0

Description

Configure the URLFiltering part of the HTTP proxy

Usage

config protocol http profile proxy urlfiltering index=<profile index> [OnFailedPolicy=<pass|block>] [CheckHostHeader=<0|1>] [AllowIP=<0|1>]

Returns

Error code

Example

CONFIG PROTOCOL HTTP PROFILE PROXY URLFILTERING index=1 OnFailedPolicy=block CheckHostHeader=1 AllowIP=0
CONFIG PROTOCOL HTTP PROFILE SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for HTTP protocol

Usage

config protocol http profile show index=<profile_idx>

CONFIG PROTOCOL HTTP PROFILE UPDATE

Level

asq+modify

History

Appears in 9.0.0

Description

Update profile's informations for HTTP protocol

Usage

config protocol http profile update index=<profile_idx> [name=<string>] [comment=<string>]

CONFIG PROTOCOL ICMP

CONFIG PROTOCOL ICMP

Level

base|asq

History

Appears in 9.0.0

Description

Command for ICMP protocol

CONFIG PROTOCOL ICMP ACTIVATE

Level

asq+modify

History

Appears in 9.0.0

Description

Activate configuration for ICMP protocol

Usage

config protocol icmp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code
CONFIG PROTOCOL ICMP COMMON
CONFIG PROTOCOL ICMP COMMON

Level

base|asq

History

Appears in 9.0.0

Description

Common command for ICMP protocol

CONFIG PROTOCOL ICMP COMMON CONFIG

Level

asq+modify

History

Appears in 9.0.0
DefaultPort disappears in 1.0.0

Description

Set ICMP protocol's common setting

Usage

config protocol icmp common config

Returns

Error code
CONFIG PROTOCOL ICMP COMMON DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for ICMP protocol

Usage

config protocol icmp common default

Returns

Error code
CONFIG PROTOCOL ICMP COMMON SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for ICMP protocol

Usage

config protocol icmp common show index=<profile_idx>

Returns

[Common]
[IPS]
...
CONFIG PROTOCOL ICMP PROFILE
CONFIG PROTOCOL ICMP PROFILE

Level

base|asq

History

Appears in 9.0.0

Description

Profile setting for ICMP protocol

CONFIG PROTOCOL ICMP PROFILE ALARM
CONFIG PROTOCOL ICMP PROFILE ALARM

Level

base|asq

History

Appears in 9.0.0

Description

Common commands for ICMP

CONFIG PROTOCOL ICMP PROFILE ALARM DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for ICMP protocol

Usage

config protocol icmp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]

Returns

Error code
CONFIG PROTOCOL ICMP PROFILE ALARM SHOW

Level

base|asq

History

Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0

Description

Show profile's settings for ICMP protocol

Usage

config protocol icmp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]

Returns

context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
CONFIG PROTOCOL ICMP PROFILE ALARM UPDATE

Level

asq+modify

History

Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0

Description

Configure ASQ alarm for ICMP protocol (IPS alarm)

Usage

config protocol icmp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]

Returns

Error code
CONFIG PROTOCOL ICMP PROFILE COPY

Level

asq+modify

History

Appears in 9.0.0

Description

Copy ICMP protocol profile

Usage

config protocol icmp profile copy index=<profile_idx> to=<0..9>

Returns

Error code
CONFIG PROTOCOL ICMP PROFILE DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for ICMP protocol

Usage

config protocol icmp profile default index=<profile_idx>

Returns

Error code
CONFIG PROTOCOL ICMP PROFILE IPS
CONFIG PROTOCOL ICMP PROFILE IPS

Level

base|asq

History

Appears in 9.0.0

Description

IPS commands for ICMP

CONFIG PROTOCOL ICMP PROFILE IPS CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

IPS settings for ICMP protocol

Usage

config protocol icmp profile ips config index=<profile_idx> [AutoICMP=On|Off] [StateTimeout=<2..60>] [TemplateAlarm=<low|medium|high|internet>]

Returns

Error code
CONFIG PROTOCOL ICMP PROFILE LIST

Level

base|asq

History

Appears in 9.0.0

Description

List all profiles or a specific profile for ICMP protocol

Usage

config protocol icmp profile list [index=<profile_idx>]

Returns

[00]
name="default"
lastmod="2011-02-23 10:47:45"
...
CONFIG PROTOCOL ICMP PROFILE SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for ICMP protocol

Usage

config protocol icmp profile show index=<profile_idx>

Returns

[Common]

[IPS]
State=1
Log=1
Probe=1
...
CONFIG PROTOCOL ICMP PROFILE UPDATE

Level

asq+modify

History

Appears in 9.0.0

Description

Update profile's informations for ICMP protocol

Usage

config protocol icmp profile update index=<profile_idx> [name=<string>] [comment=<string>]

Returns

Error code

CONFIG PROTOCOL IGMP

CONFIG PROTOCOL IGMP

Level

base|asq

History

Appears in 9.0.0

Description

Command for IGMP protocol

CONFIG PROTOCOL IGMP ACTIVATE

Level

asq+modify

History

Appears in 9.0.0

Description

Activate configuration for IGMP protocol

Usage

config protocol igmp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code
CONFIG PROTOCOL IGMP COMMON
CONFIG PROTOCOL IGMP COMMON

Level

base|asq

History

Appears in 9.0.0

Description

Common command for IGMP protocol

CONFIG PROTOCOL IGMP COMMON CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

Set IGMP protocol's common setting

Usage

config protocol igmp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]

Returns

Error code
CONFIG PROTOCOL IGMP COMMON DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for IGMP protocol

Usage

config protocol igmp common default

Returns

Error code
CONFIG PROTOCOL IGMP COMMON SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for IGMP protocol

Usage

config protocol igmp common show index=<profile_idx>

Returns

[Common]
Defaultport=service
SSLDefaultPort=sslservice

[IPS]
...
CONFIG PROTOCOL IGMP PROFILE
CONFIG PROTOCOL IGMP PROFILE

Level

base|asq

History

Appears in 9.0.0

Description

Profile setting for IGMP protocol

CONFIG PROTOCOL IGMP PROFILE ALARM
CONFIG PROTOCOL IGMP PROFILE ALARM

Level

base|asq

History

Appears in 9.0.0

Description

Common commands for IGMP

CONFIG PROTOCOL IGMP PROFILE ALARM DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for IGMP protocol

Usage

config protocol igmp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]

Returns

Error code
CONFIG PROTOCOL IGMP PROFILE ALARM SHOW

Level

base|asq

History

Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0

Description

Show profile's settings for IGMP protocol

Usage

config protocol igmp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]

Returns

context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
CONFIG PROTOCOL IGMP PROFILE ALARM UPDATE

Level

asq+modify

History

Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0

Description

Configure ASQ alarm for IGMP protocol (IPS alarm)

Usage

config protocol igmp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]

Returns

Error code
CONFIG PROTOCOL IGMP PROFILE COPY

Level

asq+modify

History

Appears in 9.0.0

Description

Copy IGMP protocol profile

Usage

config protocol igmp profile copy index=<profile_idx> to=<0..9>

Returns

Error code
CONFIG PROTOCOL IGMP PROFILE DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for IGMP protocol

Usage

config protocol igmp profile default index=<profile_idx>

Returns

Error code
CONFIG PROTOCOL IGMP PROFILE IPS
CONFIG PROTOCOL IGMP PROFILE IPS

Level

base|asq

History

Appears in 9.0.0

Description

IPS commands for IGMP

CONFIG PROTOCOL IGMP PROFILE IPS CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

IPS settings for IGMP protocol

Usage

config protocol igmp profile ips config index=<profile_idx> [Log=On|Off] [Probe=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]

Returns

Error code
CONFIG PROTOCOL IGMP PROFILE LIST

Level

base|asq

History

Appears in 9.0.0

Description

List all profiles or a specific profile for IGMP protocol

Usage

config protocol igmp profile list [index=<profile_idx>]

Returns

[00]
name="default"
lastmod="2011-02-23 10:47:45"
...
CONFIG PROTOCOL IGMP PROFILE SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for IGMP protocol

Usage

config protocol igmp profile show index=<profile_idx>

Returns

[Common]

[IPS]
State=1
Log=1
Probe=1
...
CONFIG PROTOCOL IGMP PROFILE UPDATE

Level

asq+modify

History

Appears in 9.0.0

Description

Update profile's informations for IGMP protocol

Usage

config protocol igmp profile update index=<profile_idx> [name=<string>] [comment=<string>]

Returns

Error code

CONFIG PROTOCOL IMAP4

CONFIG PROTOCOL IMAP4

Level

base|asq

History

Appears in 9.0.0

Description

Command for IMAP4 protocol

CONFIG PROTOCOL IMAP4 ACTIVATE

Level

asq+modify

History

Appears in 9.0.0

Description

Activate configuration for IMAP4 protocol

Usage

config protocol imap4 activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code
CONFIG PROTOCOL IMAP4 COMMON
CONFIG PROTOCOL IMAP4 COMMON

Level

base|asq

History

Appears in 9.0.0

Description

Common command for IMAP4 protocol

CONFIG PROTOCOL IMAP4 COMMON CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

Set IMAP4 protocol's common setting

Usage

config protocol imap4 common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]

Returns

Error code
CONFIG PROTOCOL IMAP4 COMMON DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for IMAP4 protocol

Usage

config protocol imap4 common default

Returns

Error code
CONFIG PROTOCOL IMAP4 COMMON SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for IMAP4 protocol

Usage

config protocol imap4 common show index=<profile_idx>

Returns

[Common]
Defaultport=service
SSLDefaultPort=sslservice

[IPS]
...
CONFIG PROTOCOL IMAP4 PROFILE
CONFIG PROTOCOL IMAP4 PROFILE

Level

base|asq

History

Appears in 9.0.0

Description

Profile setting for IMAP4 protocol

CONFIG PROTOCOL IMAP4 PROFILE ALARM
CONFIG PROTOCOL IMAP4 PROFILE ALARM

Level

base|asq

History

Appears in 9.0.0

Description

Common commands for IMAP4

CONFIG PROTOCOL IMAP4 PROFILE ALARM DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for IMAP4 protocol

Usage

config protocol imap4 profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]

Returns

Error code
CONFIG PROTOCOL IMAP4 PROFILE ALARM SHOW

Level

base|asq

History

Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0

Description

Show profile's settings for IMAP4 protocol

Usage

config protocol imap4 profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]

Returns

context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
CONFIG PROTOCOL IMAP4 PROFILE ALARM UPDATE

Level

asq+modify

History

Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0

Description

Configure ASQ alarm for IMAP4 protocol (IPS alarm)

Usage

config protocol imap4 profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]

Returns

Error code
CONFIG PROTOCOL IMAP4 PROFILE COPY

Level

asq+modify

History

Appears in 9.0.0

Description

Copy IMAP4 protocol profile

Usage

config protocol imap4 profile copy index=<profile_idx> to=<0..9>

Returns

Error code
CONFIG PROTOCOL IMAP4 PROFILE DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for IMAP4 protocol

Usage

config protocol imap4 profile default index=<profile_idx>

Returns

Error code
CONFIG PROTOCOL IMAP4 PROFILE IPS
CONFIG PROTOCOL IMAP4 PROFILE IPS

Level

base|asq

History

Appears in 9.0.0

Description

IPS commands for IMAP4

CONFIG PROTOCOL IMAP4 PROFILE IPS CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

IPS settings for IMAP4 protocol

Usage

config protocol imap4 profile ips config index=<profile_idx> [AllowTCPUrg=On|Off] [Probe=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]

Returns

Error code
CONFIG PROTOCOL IMAP4 PROFILE LIST

Level

base|asq

History

Appears in 9.0.0

Description

List all profiles or a specific profile for IMAP4 protocol

Usage

config protocol imap4 profile list [index=<profile_idx>]

Returns

[00]
name="default"
lastmod="2011-02-23 10:47:45"
...
CONFIG PROTOCOL IMAP4 PROFILE SHOW

Level

base|asq

History

Appears in 9.0.0

Description

Show profile's settings for IMAP4 protocol

Usage

config protocol imap4 profile show index=<profile_idx>

Returns

[Common]

[IPS]
State=1
Log=1
Probe=1
...
CONFIG PROTOCOL IMAP4 PROFILE UPDATE

Level

asq+modify

History

Appears in 9.0.0

Description

Update profile's informations for IMAP4 protocol

Usage

config protocol imap4 profile update index=<profile_idx> [name=<string>] [comment=<string>]

Returns

Error code

CONFIG PROTOCOL IP

CONFIG PROTOCOL IP

Level

base|asq

History

Appears in 9.0.0

Description

Command for IP protocol

CONFIG PROTOCOL IP ACTIVATE

Level

asq+modify

History

Appears in 9.0.0

Description

Activate configuration for IP protocol

Usage

config protocol ip activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.

Returns

Error code
CONFIG PROTOCOL IP COMMON
CONFIG PROTOCOL IP COMMON

Level

base|asq

History

Appears in 9.0.0

Description

Common command for IP protocol

CONFIG PROTOCOL IP COMMON CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

Set IP protocol's common setting

Usage

config protocol ip common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]

Returns

Error code
CONFIG PROTOCOL IP COMMON DEFAULT

Level

asq+modify

History

Appears in 9.0.0

Description

Reset profile's settings to default for IP protocol

Usage

config protocol ip common default

Returns

Error code
CONFIG PROTOCOL IP COMMON IPS CONFIG

Level

asq+modify

History

Appears in 9.0.0

Description

Configure common settings for ip

Usage

config protocol ip common ips config [MTULimit=<0|140..65535>] [OptimizeLargeTable=<0..2>]

Returns

Error code

Example

CON