| Date April 2015 | Version V1.3 | Details Update |
Table of Contents
Level
unknown
History
FORMAT Appears in 9.0.0impersonate id Appears in 9.0.0
Description
User authentication
Usage
auth <administrator id> [<random value> | <impersonate id>]
Format
raw
Returns
authentication result
Implementation notes
Used in SRP authenticationImpersonate id is specific for the service that perform the authentication with IHM web. In this case the service use a specific administrator id and must specifiy the real administrator id as impersonate id
Example
AUTH admin
Level
unknown
Description
Return if it's necessary to update password or not
Usage
chpwd
Returns
UpdatePasswd=1 if factory password, 0 if the password already have been changed.
Example
CHPWD UpdatePasswd=0
Level
base+modify
Description
Activate a file, or cancel all pending changes when given argument is cancelall
Note
Additionnal rights may be needed to activate some files
Usage
config activate <filename>|cancelall
Implementation notes
execute "en file", like ennetwork,enfilter,...
Example
CONFIG ACTIVATE network CONFIG ACTIVATE cancelall
Level
contentfilter+modify
History
Appears in 6.2.0
level changes from other,modify to contentfilter,modify in 9.0.0
Description
Apply AntiSPAM configuration
Usage
config antispam activate
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Add a wildcard domain to blacklist
Usage
config antispam blacklist add <domain>
Returns
Error code
Example
CONFIG ANTISPAM BLACKLIST ADD *netasq*.com
Level
base
History
Appears in 9.0.0
Description
List domains wildcard
Usage
config antispam blacklist list [start=<int> [limit=<int>] [dir=(ASC|DESC)] [search=<pattern>] [sort=<token>] [refresh=(0|1)]]
Format
list
Returns
List of domains
Example
CONFIG ANTISPAM BLACKLIST LIST101 code=00a01000 msg="Begin"*netasq*.com100 code=00a00100 msg="Ok"
Level
contentfilter+modify
History
Appears in 6.0.0
level changes from other,modify to contentfilter,modify in 9.0.0
Description
Define a new blacklist
Usage
config antispam dnsbl add Name=<name> DNSTarget=<dnstarget> SpamLevel=<1..3> [Desc=<description>]
Example
CONFIG ANTISPAM DNSBL ADD name=SPAMHAUSSBL dnstarget=sbl.spamhaus.org spamlevel=3
Level
contentfilter+modify
History
Appears in 6.0.0
level changes from other,modify to contentfilter,modify in 9.0.0
Description
Modify a user-defined blacklist
Usage
config antispam dnsbl edit Name=<name> DNSTarget=<dnstarget> SpamLevel=<level> [Desc=<description>]
Level
base
History
Appears in 6.0.0
Description
List (user-)defined blacklists
Usage
config antispam dnsbl list Type=<User|Factory>
Example
CONFIG ANTISPAM DNSBL LIST TYPE=User
Level
contentfilter+modify
History
Appears in 6.0.0
level changes from other,modify to contentfilter,modify in 9.0.0
Description
Remove a user-defined blacklist
Usage
config antispam dnsbl remove Name=<name>
Level
contentfilter+modify
History
Appears in 6.0.0
whitelist deprecated in 6.1.2
level changes from other,modify to contentfilter,modify in 9.0.0
Description
Set DNSBL parameters
Usage
config antispam dnsbl set [state=0|1] [active=<list>] [trusted=<trusted server>]
Example
CONFIG ANTISPAM DNSBL SET active=list1,list2,list3 CONFIG ANTISPAM DNSBL SET trusted="relais.netasq.com"
Level
contentfilter+modify
History
Appears in 6.1.2
headers Appears in 6.1.4
whitelist disAppears in 9.0.0
warningads appears in 9.1.0
stateads appears in 9.1.0
level changes from other,modify to contentfilter,modify in 9.0.0
Description
Global Anti-SPAM settings
Usage
config antispam set warning=<string with a *> warningads=<string without *> stateads=1|0 maxfile=<size> headers=1|0 deletethreshold=<spamlevel>
Example
CONFIG ANTISPAM SET warning="(SPAM *)" maxfile=65534 headers=on deletethreshold=3 CONFIG ANTISPAM SET warningads="(ADS)" stateads=1 maxfile=50000 headers=on
Level
base
History
Appears in 6.1.2
Description
Global Anti-SPAM settings
Usage
config antispam show
Level
base
Licence needed:
Proxy/SpamVendor
History
Appears in 6.1.2
licence check Appears in 6.2.0
Description
Vade Retro settings
Level
contentfilter+modify
History
Appears in 6.1.2
level changes from other,modify to contentfilter,modify in 9.0.0
AllowCJK and AllowRussian appear in 9.1.2
Description
Vade Retro settings
Usage
config antispam vr set [State=0|1] [Threshold=<0-150>] [AllowCJK=0|1] [AllowRussian=0|1]
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Add a wildcard domain to whitelist
Usage
config antispam whitelist add <domain>
Returns
Error code
Example
CONFIG ANTISPAM WHITELIST ADD *netasq*.com
Level
base
History
Appears in 9.0.0
Description
List domains wildcard
Usage
config antispam whitelist list [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [sort=<token>] [refresh=<0|1>]]
Format
list
Returns
List of domains
Example
CONFIG ANTISPAM WHITELIST LIST101 code=00a01000 msg="Begin"*netasq*.com100 code=00a00100 msg="Ok"
Level
contentfilter+modify
History
Appears in 6.1.0
level maintenance deprecated in 6.1.4
level changes from other,modify to contentfilter,modify in 9.0.0
Description
Reload antivirus configuration
Usage
config antivirus activate
Returns
Error code
Level
contentfilter+modify
History
Appears in 6.1.0
level changes from other,modify to contentfilter,modify in 9.0.0
Description
Remove antivirus database
Usage
config antivirus cleanup [config=<config_index>]
Returns
Error code
Example
CONFIG ANTIVIRUS CLEANUP
Level
contentfilter+modify
History
Appears in 6.1.0
level changes from other,modify to contentfilter,modify in 9.0.0
Description
Antivirus license
Usage
config antivirus licence [config=<config_index>]
Returns
[License] Date [VendorLicense] Required : Notify if a vendorLicense is required Status : status (Ok / NotFound / Expired / Invalid) Expdate : expiration date
Level
base
History
Appears in 6.1.0
Description
List installed antivirus
Usage
config antivirus list
Returns
Name and last modification date of each config
Example
101 code=00a01000 msg="Begin" [00] name="clamav" lastmod="2006-05-11 16:51:31" [01] name="Kaspersky" lastmod="2006-01-10 11:28:40" 100 code=00a00100 msg="Ok"
Level
contentfilter+modify
History
Appears in 6.1.0
ScanOLE disappears in 9.0.0
level changes from other,modify to contentfilter,modify in 9.0.0
HeuristicAnalysis appears in 9.0.1
Description
Scanner options
Usage
config antivirus objects [config=<config_index>] [ScanArchives=(on|off)] [ScanPacked=(on|off)] [BlockEncrypted=(on|off)] [BlockUnsupported=(on|off)] [HeuristicAnalysis=(on|off)]
Returns
Error code
Level
base
History
Appears in 7.0.0
Description
Switch the active antivirus if possible and starts the download of the new database.
Note
Contentfilter and Modify levels needed to switch antivirus
Usage
config antivirus select config=<config_index>
Returns
Error code.
Example
CONFIG ANTIVIRUS SELECT config=00
Level
contentfilter+modify
History
Appears in 8.0.0
level changes from other,modify to contentfilter,modify in 9.0.0
Description
Configure FTP service
Note
Ftp VirusCode restricted to the set [100;600[
Ftp VirusMsg is limited to 2048 characters
Usage
config antivirus services ftp VirusCode=<integer> VirusMsg=<message>
Returns
Error code
Level
contentfilter+modify
History
Appears in 6.1.0
level changes from other,modify to contentfilter,modify in 9.0.0
Description
Configure POP3 service
Note
Pop3 Mail advisory is limited to 1000 characters
Usage
config antivirus services pop3 MailAdvisory=<message>
Returns
Error code
Level
base
History
Appears in 6.1.0
Description
Show antivirus services
Usage
config antivirus services show
Returns
[Smtp] VirusCode : smtp error code VirusMsg : viruscode error message [Pop3] MailAdvisory : virus notification message
Level
contentfilter+modify
History
Appears in 6.1.0
level changes from other,modify to contentfilter,modify in 9.0.0
Description
Configure SMTP service
Note
Smtp Viruscode restricted to the set [400;600[
Smtp VirusMsg is limited to 1000 characters
Usage
config antivirus services smtp [VirusCode=<integer>] [VirusMsg=<message>]
Returns
Error code
Level
base
History
Appears in 6.1.0
Description
Dump antivirus config
Usage
config antivirus show [config=<config_index>]
Returns
[Config] State : Antivirus status Selected : Selected antivirus Name : Antivirus name [Base] Date : Date of the antiviral database [Object] ScanArchives_Capa : scanarchives capacity ScanArchives : extracting engine status ScanPacked_Capa : scanpacked capacity ScanPacked : unpacking engine status BlockEncrypted_Capa : blockencrypted capacity BlockEncrypted : block encrypted files BlockUnsupported_Capa : blockunsupported capacity BlockUnsupported : block unsupported formats HeuristicAnalysis_Capa : heuristicanalysis capacity HeuristicAnalysis : heuristic analysis
Level
user+modify
History
CANCEL Appears in 6.0.0
NEXTBOOT Appears in 6.0.0
level changes from other,modify to user,modify in 9.0.0
Description
Reload authentication daemon with lastest configuration
Usage
config auth activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
Execute ensl
Example
CONFIG AUTH ACTIVATE
Level
user+modify
History
anonymised Appears in 6.0.0
realbind Appears in 6.0.0
userpriority Appears in 6.1.0
http deprecated on 6.1.0
UpdPwd deprecated on 6.1.0
level changes from other,modify to user,modify in 9.0.0
continueonerror appears in 9.1.0
userpriority deprecated in 9.1.0
httpport appears in 1.0.0
httpsport appears in 1.0.0
Description
Advanced parameters configuration
Note
anonymised : show/don't show the logo in authentication page
realbind : real ldap authentication
usedns : redirection in authentication use certificate name and DNS resolve
continueonerror : If an error was rise during authentication process, try the next one
httpport : http port for authentification
httpsport : https port for authentification
Usage
config auth advanced [anonymised=on|off] [realbind=on|off] [usedns=on|off] [continueonerror=on|off] [httpport=<port>] [httpsport=<port>]
Returns
Error Code
Example
CONFIG AUTH ADVANCED anonymised=on usedns=on
Level
user+modify
History
Appears in 9.1.0
Description
Configure the authentication agent. Rise an error if state will be activated but no agent ip/password or controller are defined. The domainName parameter setup an optional filter on received logon events. If domain is given, only users on this domain are logged in
Note
don't forget to activate the configuration
Usage
config auth agent [State=<on|off>]
[Mscontroller=<host,host,host>]
[MaxLogonTime=<seconds (60-86400)>]
[GroupRefresh=<seconds (0=disable 120-2592000)>]
[Probe=<on|off>]
[ProbeMethod=<ping|registery>]
[ProbeTimeout=<seconds (60-3600)>]
[agentAddr=<object>]
[agentPort=<object>]
[agentPassword=<password>]
[backupAddr=<object>]
[backupPort=<object>]
[backupPassword=<password>]
[domainName=<NETBIOS Domain>]
Level
base
History
Appears in 9.1.0
Description
Configure SSOAgent uid ignore list
Level
user+modify
History
Appears in 9.1.0
Description
Add an UID into the list
Usage
config auth agentignore add uid=<uid>
Level
user+modify
History
Appears in 9.1.0
Description
Remove an UID of the list
Usage
config auth agentignore remove uid=<uid>
Deprecated
Level
other+modify
History
deprecated in 6.1.0
Description
Configure alternate radius authentication server
Note
Authentication with radius can be used with unknown users (default method)
default value for port is 1812
Usage
config auth altradius host=<host ip> [port=<port number>] key=<sharedkey>
Example
CONFIG AUTH ALTRADIUS host=192.168.1.2 port=1812 key="shared secret"
Level
user+modify
History
Appears in 6.1.0
level changes from other,modify to user,modify in 9.0.0
Description
Restore authentication default configuration
Note
Remeber to activate the configuration
Usage
config auth default
Returns
Error Code
Example
CONFIG AUTH default
Deprecated
Level
other+modify
History
deprecated in 6.1.0
Description
Managing ldap/pki web enrolment
Note
type :enable ldap or ldap/pki enrolment formular
mail : using mail to report new enrolment requests
Usage
config auth enrolment [type=<ldap|pki|none>] [mail=on|off]
Example
CONFIG AUTH ENROLMENT type=pki mail=on
Level
user+modify
History
Appears in 1.0.0
Description
Configure GUEST authentication method
Usage
config auth guest [state=<0|1>] [logontime=<seconds>] [disclaimertime=<seconds>]
Example
CONFIG AUTH GUEST state=1 logontime=600 disclaimertime=86400
Level
user+modify
History
Appears in 6.1.0
level changes from other,modify to user,modify in 9.0.0
sslparanoiac appears in 9.1.0
Description
Advanced SSL parameters configuration
Note
Those values are also used by the SSL VPN. All lists use the coma separator.
certificate : private key and certificate used by server for SSL
ca_custom : ca certificate sent to client and 'ca_verify' used to trust client certificate.
cipherlist : list of supported ciphers
sslparanoiac : Paranoiac mode on ssl connection
Usage
config auth https [certificate=<name of privkey object>] [cipherlist=<supported cipher list>] [sslparanoiac=<0|1>]
Returns
Error Code
Example
CONFIG AUTH HTTPS certificate=mycertificate cipherlist="AES256-SHA,RC4-MD5"
Level
base
History
Appears in 6.1.0
Description
Interface authentication related functions
Level
user+modify
History
Appears in 6.1.0
wpad Appears in 8.0.0
level changes from other,modify to user,modify in 9.0.0
disclaimertime appears in 1.0.0
Description
Interface related configuration options
Note
config index : if not specified, default value is 0
http : start/stop the authentication daemon in HTTP
onlyonelogin : force only one login per user at the same time
usecookie : enable cookies
wpad : enable access to WPAD file
disclaimer : enable captive portal disclaimer
disclaimertime : Do not show the disclaimer until many seconds. (15 minutes to 1 year)
autocomp : enable autocompletion by the browser
SecondUser : Kick previous logged user or reject new user
VPNSSLMultiuser : Promote IP to multiuser if SSLVPN access can be made
Usage
config auth interface advanced [config=<config_index>] [http=on|off] [onlyonelogin=on|off] [usecookie=None|Session|Time] [wpad=on|off] [disclaimer=on|off] [autocomp=on|off] [SecondUser=kick|reject] [VPNSSLMultiuser=on|off] [disclaimertime=<900-31536000>]
Returns
Error Code
Example
CONFIG AUTH INTERFACE ADVANCED config=0
Level
user+modify
History
Appears in 6.1.0
level changes from other,modify to user,modify in 9.0.0
Description
Interface related configuration options
Note
config index : if not specified, default value is 0
interface : use config_index on protected (internal) or not (external) interfaces
Usage
config auth interface connect [config=<config_index>] interface=internal|external
Returns
Error Code
Example
CONFIG AUTH INTERFACE CONNECT config=0 interface=internal
Level
user+modify
History
Appears in 6.1.0
use mailgroup in 7.0.0
level changes from other,modify to user,modify in 9.0.0
Description
Managing ldap/pki web enrolment
Note
config index : if not specified, default value is 0
type : enable ldap or ldap/pki enrolment formular
mailgroup : using mailgroup to report new enrolment requests
Usage
config auth interface enrolment [config=<config_index>] [type=<ldap|pki|none>] [mailgroup=<mail_group_name>|none]
Returns
Error Code
Example
CONFIG AUTH INTERFACE ENROLMENT config=0 type=pki mailgroup=none CONFIG AUTH INTERFACE ENROLMENT type=pki mailgroup=Administrators
Level
base
History
Appears in 6.1.0
level changes from other,modify to base in 9.0.0
Description
List authentication interface configs
Usage
config auth interface list
Returns
101 code=00a01000 msg="Begin" [00] name="Internal" lastmod="2006-04-05 03:18:24" [01] name="External" lastmod="2006-04-05 03:18:24" [02] name="default02" lastmod="2006-01-03 10:03:10" [03] name="default03" lastmod="2006-01-03 10:03:10" 100 code=00a00100 msg="Ok"
Example
CONFIG AUTH INTERFACE LIST
Deprecated
Level
user+modify
History
Appears in 6.1.0
option srp for default Appears in 6.2.3
option plain for default Appears in 6.2.3
option default removed in 9.0.0
level changes from other,modify to user,modify in 9.0.0
command removed in 9.1.0
Description
No description available
Usage
config auth interface method
Level
user+modify
History
Appears in 6.1.0
level changes from other,modify to user,modify in 9.0.0
Description
Specify password related values period in seconds
Note
config index : if not specified, default value is 0
updpwd : update password
pwdexpire : password validity in days
Change period combo in the authentication web page
When not defined transparent authentication methods use maxtime
Usage
config auth interface password [config=<config_index>] [updpwd=No|Can|Must] [pwdexpire=<passwordexpirationtime>]
Returns
Error Code
Example
CONFIG AUTH INTERFACE PASSWORD config=0 updpwd=Must pwdexpire=60
Level
user+modify
History
Appears in 6.1.0
level changes from other,modify to user,modify in 9.0.0
Description
Rename an Authentication config
Note
config index : needs to be specified
name : name of the configuration slot
Usage
config auth interface rename index=<config_index> name=<config name>
Returns
Error Code
Example
CONFIG AUTH INTERFACE rename index=1 name=backup
Level
base
History
Appears in 6.1.0
Description
Show authentication config
Usage
config auth interface show [config=<index>]
Returns
[config] state : auth daemon state HttpState : activate http daemon EnrolFormType : enrolment form (none, user, pki) EnrolFormMail : using mail to report new enrolment requests updpwd : update password UseCookie : authentication cookies state PswdExpire : duration for password expiration min : Minimum authentication period max : Minimum authentication period ssotime : Authentication period for transparent methods (spnego and ssl) proxyredirect : method to redirect in transparent proxy mode Seconduser : What to do when a second user come from a single user IP. VPNSSLMultiuser : Auto-promote IP to multiuser is sslvpn can be used
Level
base
History
Appears in 6.1.0
Description
Get/Set the status of the authentication server
Note
config index : if not specified, default value is 0
Changing state need user and modify levels
Usage
config auth interface state [config=<config_index>] [state=on|off]
Returns
Error Code
Example
CONFIG AUTH INTERFACE STATE state=on
Level
user+modify
History
Appears in 6.1.0
level changes from other,modify to user,modify in 9.0.0
Description
Specify authentication period in seconds
Note
config index : if not specified, default value is 0
Change period combo in the authentication web page
When not defined transparent authentication methods use maxtime
Usage
config auth interface time [config=<config_index>] min=<MinTime> max=<MaxTime> [ssotime=<transparentmethodstime>]
Returns
Error Code
Example
CONFIG AUTH INTERFACE TIME config=0 mintime=900 maxtime=7200 ssotime=2400
Deprecated
Level
user+modify
History
Appears in 6.1.0
Deprecated in 9.0.0
Description
Managing authentication timeranges
Note
config index : if not specified, default value is 0
action : action we will proceed when user calendar is not defined
calendarid : authd default calendar in ldap
Usage
config auth interface timerange [config=<config_index>] (action=<pass|block>) | (action=default defaultcal=<calendarid>)
Returns
Error Code
Example
CONFIG AUTH INTERFACE TIMERANGE config=1 action=pass
Level
user+modify
History
level changes from other,modify to user,modify in 9.0.0
status Appears in 9.1.0
Description
Configure kerberos authentication
Note
default value for kdc_port is 88
Usage
config auth kerberos [domain=<host domain name> host=<kdc hostname> [port=<kdc port>] [bhost=<backup kdc hostname> [bport=<backup kdc port>]]] | [state=<0|1>]
Returns
Error Code
Example
CONFIG AUTH KERBEROS host=10.0.0.125 domain="DOMAIN.LOCAL"
Deprecated
Level
other+modify
History
option spnego for allowed Appears in 6.0.0
option userpriority for allowed Appears in 6.0.0
deprecated in 6.1.0
Description
Specify authorized authentication methods
Note
Default Methods are used for unknown users (not in LDAP database).
Usage
config auth method allowed=none|[ssl],[srp],[radius],[kerberos],[spnego],[userpriority],[plain] [default=(radius|kerberos)]
Example
CONFIG AUTH METHOD allowed=ssl,srp CONFIG AUTH METHOD allowed=ssl,srp,ldap default=ldap
Level
user+modify
History
Appears in 9.1.0
Description
Add an object at the end of the list. keyword 'any' is granted
Usage
config auth multiuser add object=<name>
Returns
Error code
Example
CONFIG AUTH MULTIUSER ADD object='host'
Level
base
History
Appears in 9.1.0
Description
List the object marked as multiple user with the type of the object
Usage
config auth multiuser list
Format
list
Returns
[Result]host='host1' host_2='host2' range='range1' network='network1' interface='interface1' group='group1' internet='internet'
Example
CONFIG AUTH MULTIUSER LIST
Level
user+modify
History
bport Appears in 6.1.0
bhost Appears in 6.1.0
level changes from other,modify to user,modify in 9.0.0
status Appears in 9.1.0
Description
Configure radius authentication
Note
Authentication with radius can be used with unknown users (default method)
default value for port is 1812
Usage
config auth radius [state=<0|1>] | [host=<host> [port=<service>] key=<sharedkey>] [bhost=<host> [bport=<service>] bkey=<sharedkey>]
Returns
Error Code
Example
CONFIG AUTH RADIUS host=10.2.0.100 port=1812 key="shared secret" CONFIG AUTH RADIUS host=radiussrv port=radius key="shared secret" bhost=radiussrv bport=radius bkey="other shared secret"
Level
base
History
guest authentication appears in 1.0.0
Description
Show authentication config
Note
radius preshared key is not displayed
agents password is not displayed
Usage
config auth show
Returns
[config] anonymised : show/don't show the logo in authentication page SslCertificate : refer key/certificate entry on 'key' file realbind : real ldap authentication usedns : redirection in authentication use certificate name and DNS resolve internal : internal interfaces configuration external : external interfaces configuration [CAVerifyList] Number=0 [radius] state : status of this method host : radius server hostname port : radius port bhost : radius backup server hostname bport : radius backup port [ssl] state : status of this method CertificateIdentifier : field in certificate to match LdapIdentifier : field in LDAP to match [kerberos] state : status of this method domain : Kerberos realm (domain) name pkdc_host : Primary KDC host adress pkdc_port : Primary KDC port (default 88) bkdc_host : Backup KDC host adress bkdc_port : Backup KDC port (default 88) [spnego] state : status of this method domain : Windows domain name principal : Service Principal name [agent] State : activate or not the agent Mscontroler : object name of the Microsoft domain controler MsbackupControler : object name of the second Microsoft domain controler Directory : name of the ldap directory to use MaxLogonTime : maximum time in second of the authentication Probe : activate or not the user logout probing ProbeMethod : comma separated list of probing methods (arp, icmp, nbstat, registery, ...) ProbeTimeout : maximum time in second for no responding stations BindAddr : the ip of the source connection BindPort : the port of the source connection AgentAddr : the agent ip address AgentPort : the port of the agent BackupAddr : the ip of the backup agent BackupPort : the port of the backup agent DomainName : the filter to be applied on logon event [guest] state : activate or not the guest method LogonTime : Time in seconds for re-authentication Disclaimertime : Time in seconds for disclaimer revalidation
Level
user+modify
History
Appears in 6.0.0
level changes from other,modify to user,modify in 9.0.0
status Appears in 9.1.0
Description
Configure SPNEGO authentication
Usage
config auth spnego [principal=<service name> domain=<host domain name>] | [state=<0|1>]
Returns
Error code100
Example
CONFIG AUTH SPNEGO principal="HTTP/myfirewall" domain="DOMAIN.LOCAL" CONFIG AUTH SPNEGO state=1
Level
user
History
ca_verify Appears in 9.0.0
Description
Configure SSL authority for the authentication
Level
user+modify
History
caverify add Appears in 9.0.0
Description
Add a authority to the list of authentication authorities
Usage
config auth ssl caverify add caname : the name of the authority
Returns
Error Code
Example
CONFIG AUTH SSL CAVERIFY ADD caname=<authority name>
Level
user+modify
History
appears in 9.0.1
Description
Set the certificate identifier field in common name. WARNING: the value is case sensitive. Do not wrote emailaddress but emailAddress
Usage
config auth ssl certidentifier name : the name of the field
Returns
Error Code
Example
CONFIG AUTH SSL CERTIDENTIFIER name="emailAddress"
Level
user+modify
History
appears in 9.0.1
Description
Set the LDAP identifier field to match the certificate field
Usage
config auth ssl ldapidentifier name : the name of the field
Returns
Error Code
Example
CONFIG AUTH SSL LDAPIDENTIFIER name="Mail"
Deprecated
Level
base
History
deprecated in 6.1.0
Description
Get/Set the status of the authentication server
Note
Changing state need admin and modify level
Usage
config auth state [On|Off]
Level
maintenance+modify
History
Appears in 1.0.0
Description
Copy all clones in real profiles.
Usage
config autobackup activate [CANCEL]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded.
Returns
Error code
Example
CONFIG AUTOBACKUP ACTIVATE CONFIG AUTOBACKUP ACTIVATE CANCEL
Level
maintenance+modify
History
Appears in 1.0.0
Description
Launch autobackup manually.
Usage
config autobackup launch
Returns
Error code
Example
CONFIG AUTOBACKUP LAUNCH
Level
maintenance+modify
History
Appears in 1.0.0
Description
Restore last full configuration launched by autobackup.
Note
Autobackup must be enable and functional.
Usage
config autobackup restore [backuppassword=<backup password>] [fwserial=(all|local|<serial>)] [refresh=0|1]
- refresh : when set to 1, refresh all (except network) firewall configuration, and does not require user to reboot if services successfully restarted.
Returns
Error code
Example
CONFIG AUTOBACKUP RESTORE
Level
maintenance+modify
History
Appears in 1.0.0
Description
Set autobackup configuration.
Note
Protocol http and mode post are incompatible
Usage
config autobackup set [state=<0|1>] [distantbackup=<0|1|2>] [period=<period as string>] [backuppassword=<backup password>]
[server=<server obj>] [port=<server port obj>] [path=<path>] [protocol=(http|https)] [mode=(basic|digest|post)]
[authusername=<authentication username>] [authpassword=<authentication password>] [controlname=<http control name>]
[servercertificate=<ca:cert>] [clientcertificate=<ca:cert>]
- period : time + unit (s,m,h,d,w);
- distantbackup : localbackup only (0), cloud netasq (1), custom server (2);
- protocol : protocol used (http,https);
- mode : webdav mode with authentication (basic,digest) or post request;
- controlname : name also used with html form (only with post mode);
- authusername : authentication username (only with basic and digest webdav modes);
- authpassword : authentication password (only with basic and digest webdav modes);
- path : path on the server;
- servercertificate : server certificate reference;
- clientcertificate : client certificate.
Returns
Error code
Example
CONFIG AUTOBACKUP SET state=1 server=backupserver port=http controlname=myfile path=/action.php period=10h password=mypassword
Level
base
History
Appears in 1.0.0
Description
Show the autobackup config.
Usage
config autobackup show
Returns
[AUTOBACKUP] State=<state> DistantBackup=<distant backup enabled> Server=<server obj name> Port=<server port obj name> Path=<path> Period=<period> BackupPassword=<backup password> Protocol=<protocol used> Mode=<mode used> AuthUsername=<authentication username> AuthPassword=<authentication password> ControlName=<http control name> servercertificate=<reference server certificate> clientcertificate=<server client>
Example
CONFIG AUTOBACKUP SHOW
Level
maintenance+modify
History
Appears in 6.1.0
level changes from modify,other to modify,maintenance in 9.0.0
Description
Reload AutoUpdate configuration
Usage
config autoupdate activate
Returns
Error code
Example
CONFIG AUTOUPDATE ACTIVATE
Level
base
History
Appears in 6.1.0
Description
List all available update
Usage
config autoupdate list
Returns
List=<list of available update comma separated>
Example
CONFIG AUTOUPDATE LIST
Level
maintenance+modify
History
Appears in 6.0.0
state Appears in 6.1.0
update Appears in 6.1.0
secure Appears in 6.1.5
update options Kaspersky,Clamav,URLFiltering,Antispam-Vaderetro Appears in 6.2.0
start Appears in 7.0.0
update option Pvm Appears in 7.0.0
start Appears in 7.0.0
level changes from modify,other to modify,maintenance in 9.0.0
update option RootCertificates Appears in 9.1.0
Description
Set autoupdate parameters. If the update token is not specified, all services will be modified. The url token can take a maximum of 8 URL, separated by comma. retries=0 means no retry limit.
Usage
config autoupdate server [url=<url>] [start=<time>] [period=<period>] [retries=<n>] [state=(on|off|1|0)] [secure=(0|1)] [update=(Antispam|Patterns|Kaspersky|Clamav|URLFiltering|Antispam-Vaderetro|Pvm|RootCertificates)]
Returns
Error code
Example
CONFIG AUTOUPDATE SERVER url="http://www.netasq.com/autoupdate" CONFIG AUTOUPDATE SERVER period=00M00w01d00h00m00s retries=3 CONFIG AUTOUPDATE SERVER start="10:00:00"
Level
base
History
Appears in 6.0.0
Description
Dump the autoupdate config. The Run token represents the state of the last update (0=never started ; 1=up to date ; 2=failed ; 3=running ; 4=not available) and can be obtained by MONITOR AUTOUPDATE too. The update begins at 'start' time and will be repeated after each 'period'.
Usage
config autoupdate show
Returns
[Global] Version=<autoupdate version> [<available_update>] Secure=(0|1) : check sign State=(0|1) : update active or not URL=<url> : url to retreive update Period=<period> : period to perform update Retries=<int> : number of retry Run=<int> : state of the last update (0=never started ; 1=up to date ; 2=failed ; 3=running ; 4=not available). These information can be obtained by MONITOR AUTOUPDATE Start=<time> : time of the first update
Example
CONFIG AUTOUPDATE SHOW
Level
maintenance+modify
History
update Appears in 6.1.0
level changes from modify,other to modify,maintenance in 9.0.0
Description
Activate/Deactivate the autoupdate subsystem
Note
all available update are given by CONFIG AUTOUPDATE LIST
Usage
config autoupdate state state=<on|off> [update=<available_update>]
Returns
Error code
Example
CONFIG AUTOUPDATE STATE state=on
Level
maintenance
History
level maintenance Appears in 6.0.0
level other deprecated in 6.0.0
option global for list Appears in 6.0.0
option urlgroup for list Appears in 6.0.2
option pattern for list Appears in 6.0.2
usb Appears in 6.1.0
option secure for list Appears in 6.2.0
option autoupdate for list Appears in 6.2.0
option proxies for list Appears in 6.2.0
option services for list Appears in 6.2.0
format appears in 9.0.0
Description
Backups full or partial configuration (complete list of available items is provided by SYSTEM BACKUP command)
Note
usb option required Modify level, and is used to push the backup on usb token instead of file
Usage
config backup list=<all|network|global|object|global_object|filter|filterslotxx|global_filter|global_filterslotxx|vpn|ldap|urlfiltering|sslfiltering|urlgroup|global|pattern|secure|autoupdate|services|mailfiltering|dhcp|ntp|dns|snmp|pvm|cert|securityinspection|vpn-ssl|vpn-pptp|event-rules|qos|auth|webadmin|statusweight|log|route|sysevent|bird|antispam|mailgroup|communication|system|serverd|reports> [usb=0|1] [password=<string>] [comment=<string>]
Format
raw
Returns
Error code
Implementation notes
Make an archive encrypted with generic key or given password. Add a plain header with date, model, version, serial, description, content and type (GENERIC or PASSWORD) Sign the file included the header with the firewall private key.
Example
CONFIG BACKUP list=all comment="sauvegarde tout" password=mypassword CONFIG BACKUP list="pattern,network,global,network" usb=1
Level
base+modify
History
CANCEL/NEXTBOOT Appears in 9.0.0
Description
Activate/cancel modifications of communication and mail groups
Usage
config communication activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
run enlog, enasq, ensl -u, enproxy -u, ensl -u
Example
CONFIG COMMUNICATION ACTIVATE CONFIG COMMUNICATION ACTIVATE cancel
Level
log+modify
History
Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Activate or discard latest changes of email groups configuration
Usage
config communication email group activate [CANCEL]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded.
Returns
Error code
Implementation notes
run enasq
Example
CONFIG COMMUNICATION EMAIL GROUP ACTIVATE
Level
log+modify
History
Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Add a new recipient to an email group
Usage
config communication email group addrecipient mailgroup=<mail_group_name> (mail=<mail_addr> | dn=<user|usergroup>)
Example
CONFIG COMMUNICATION EMAIL GROUP ADDRECIPIENT mailgroup=Administrators dn=james@nowhere.net
Level
log
History
Appears in 7.0.0
level changes from other to log in 9.0.0
FORMAT Appears in 9.0.0
Description
Check email group
Usage
config communication email group check mailgroup=<mail_group_name>
Format
section_line
Example
CONFIG COMMUNICATION EMAIL GROUP CHECK mailgroup=Administrators
Level
log+modify
History
Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Create a new mail group
Usage
config communication email group create mailgroup=<mail_group_name> [comment=string]
Example
CONFIG COMMUNICATION EMAIL GROUP CREATE mailgroup=Administrators comment="here is a comment!"
Level
log+modify
History
Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Delete a recipient from an email group
Usage
config communication email group delrecipient mailgroup=<mail_group_name> (mail=<mail_addr> | dn=<user|usergroup>)
Example
CONFIG COMMUNICATION EMAIL GROUP DELRECIPIENT mailgroup=Administrators mail=james@nowhere.net
Level
log+modify
History
Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Modify an email group
Usage
config communication email group edit mailgroup=<mail_group_name> comment=string
Example
CONFIG COMMUNICATION EMAIL GROUP EDIT mailgroup=Administrators comment="here is a comment!"
Level
base
History
Appears in 7.0.0
level changes from other to base in 9.0.0
Description
Dump the email groups
Usage
config communication email group list
Returns
[MailGroup1] comment=this is a comment email=a@b.com email=c@b.com cn=user [MailGroup2] ...
Example
CONFIG COMMUNICATION EMAIL GROUP LIST
Level
log+modify
History
Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Delete an email group
Usage
config communication email group remove mailgroup=<mail_group_name>
Example
CONFIG COMMUNICATION EMAIL GROUP REMOVE mailgroup=Administrators
Level
base
History
Appears in 7.0.0
Description
Manage mail templates
Level
log+modify
History
Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Reset a mail template to default
Note
Additionnal rights may be needed to write some templates
Usage
config communication email template default <template_id>
Returns
Reset to its default the requested template
Example
CONFIG COMMUNICATION EMAIL TEMPLATE DEFAULT pvm_detailed
Level
log
History
Appears in 7.0.0
default arg appears in 9.0.0
level changes from other to log in 9.0.0
FORMAT Appears in 9.0.0
Description
Download a mail template
Note
If default parameter is not specified, default value is 0
Additionnal rights may be needed to read some templates
Usage
config communication email template download <template_id> [default=<0|1>]
Format
raw
Returns
The requested template if default=1, return the default value of the requested template
Example
CONFIG COMMUNICATION EMAIL TEMPLATE DOWNLOAD pvm_detailed
Level
log
History
Appears in 7.0.0
level changes from other to log in 9.0.0
FORMAT Appears in 9.0.0
Description
List all mail templates
Usage
config communication email template list
Format
section_line
Returns
[Result] id=pvm_detailed type=pvm name="Detailed Vulnerability Mail" id=pvm_summary type=pvm name="Summary Vulnerability Mail" id=app_cert_req type=cert_req name="Accept the certificate request" id=rej_cert_req type=cert_req name="Reject the certificate request"
Example
CONFIG COMMUNICATION EMAIL TEMPLATE LIST 101 code=00a01000 msg="Début" [Result] id=pvm_detailed type=pvm name="Detailed Vulnerability Mail" id=pvm_summary type=pvm name="Summary Vulnerability Mail" id=app_cert_req type=cert_req name="Accept the certificate request" id=rej_cert_req type=cert_req name="Reject the certificate request" 100 code=00a00100 msg="Ok"
Level
log+modify
History
Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Upload a mail template
Note
Additionnal rights may be needed to write some templates
Usage
config communication email template upload <template_id>
Returns
Upload the requested template
Example
CONFIG COMMUNICATION EMAIL TEMPLATE UPLOAD pvm_detailed
Level
network+modify
History
level changes from other,modify to network,modify in 9.0.0
Description
Configure HTTP proxy
Usage
config communication httpproxy [host=<host_object> port=<obj_port>] [user=<string> auth=<string>] [exclude=<host_object_list>]
Returns
Error code
Implementation notes
write in /usr/Firewall/ConfigFiles/Communication/config the conf
Example
CONFIG COMMUNICATION HTTPPROXY host=myproxy.netasq.com port=http user=username auth=authpassword exclude=myserver.netasq.com,intranet
Level
base
Description
Dump the communication configuration
Usage
config communication show [smtp|syslog|httpproxy] : dump smtp, syslog or httpproxy configuration or all of these if no argument is specified
Returns
[SMTP] State : State Server : Smtp server Domain : Domain name Delay : Delay [Syslog] State : State Server : Syslog server to send log Port : Syslog port ClearText : Specify if logs are sent in clear text to Syslog server Key : Ciphering key Facility : Facility number
Implementation notes
dump /usr/Firewall/ConfigFiles/communication
Example
CONFIG COMMUNICATION SHOW
Level
log+modify
History
port Appears in 6.0.0
option service_object for port Appears in 6.1.0
option State Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0
options username and password appear in 9.0.2
Description
Configure SMTP (domain and server)
Usage
config communication smtp state=(0|1) [server=<host_object>] [domain=<string>] (mandatory if state=1)
[port=<service_object|int>] [delay=<int>] [username=<string>] [password=<string>]
Returns
Error code
Implementation notes
write in /usr/Firewall/ConfigFiles/Communication/config the conf
Example
CONFIG COMMUNICATION SMTP state=1 server=smtp_server domain=netasq.local delay=900 CONFIG COMMUNICATION SMTP state=0
Level
log+modify
History
option group_object for Server Appears in 6.1.0
option service_object for Port Appears in 6.1.0
option State Appears in 7.0.0
logtypepos token appears in 8.1.3
level changes from other,modify to log,modify in 9.0.0
LegacyMode appears in 1.0.0
Description
Configure Syslog
Note
the command return a warning message if there's more hosts in the group or in the range than the max authorized value.
Usage
config communication syslog State=(1|0) [Server=<host_object>|<range_object>|<group_object>] [Port=<service_object|integer>] [ClearText=(0|1)] [key=128bits_key] [Facility=(0-8)] [LogtypePos=(0|1)] [LegacyMode=(0|1)]
where :
- LogtypePos=1 means that logtype token appears after startime token
- LegacyMode=1 means that it uses previous behaviour and LegacyMode=0 that Syslog packets are RFC5424 compliant
Returns
Error code
Implementation notes
write in /usr/Firewall/ConfigFiles/communication the conf
Example
CONFIG COMMUNICATION SYSLOG State=1 Server=Syslog_Server Port=512 ClearText=1 Facility=1 CONFIG COMMUNICATION SYSLOG State=0
Level
admin+modify
History
Appears in 6.0.0
Description
Activates console configuration
Usage
config console activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
run enservice
Example
CONFIG CONSOLE ACTIVATE CONFIG CONSOLE ACTIVATE NEXTBOOT
Level
base
History
FORMAT Appears in 9.0.0
Description
Get firewall public key
Usage
config console gethostkey
Format
raw
Returns
the ssh firewall public key
Implementation notes
Download the /etc/ssh/ssh_host_dsa_key.pub
Example
CONFIG CONSOLE GETHOSTKEY
Level
admin
History
FORMAT Appears in 9.0.0
Description
Get admin account private key
Usage
config console getkey
Format
raw
Returns
the ssh private key of admin
Implementation notes
Download ~/.ssh/id_dsa Private key is openssh format, so not compatible with ssh.com format. Admin private key are encrypted with admin password.
Example
CONFIG CONSOLE GETKEY
Level
admin+modify
History
Appears in 9.0.0
Description
Authorized or not connection for 'admin' from remote IP
Usage
config console remoteadmin [on|off]
Returns
current status
Example
CONFIG CONSOLE REMOTEADMIN CONFIG CONSOLE REMOTEADMIN off
Deprecated
Level
admin+modify
History
Appears in 6.1.0
deprecated in 6.1.4
Description
Restore the original public key for authorized keys
Usage
config console restorepubkey
Implementation notes
Set the original public key on /usr/Firewall/.ssh/authorized_keys2
Level
admin+modify
Description
Generate and set admin key passphrase
Usage
config console setpassphrase <password>
Returns
Error code
Implementation notes
generate new key for ssh and change SRP password in /etc/tpasswd. Note key generation may take a while on F50.
Example
CONFIG CONSOLE SETPASSPHRASE "mypassword"
Deprecated
Level
admin+modify
History
Appears in 6.1.0
deprecated in 6.1.4
Description
Set and admin public key
Usage
config console setpubkey
Implementation notes
Add the public key on /usr/Firewall/.ssh/authorized_keys2
Level
base
History
Userpass Appears in 6.0.0
Password deprecated in 6.0.0
Port Appears in 6.1.0
Description
Enable/disable SSH console access
Note
Admin and Modify levels are required to update configuration
Usage
config console ssh State=[0|1] Userpass=[0|1] Port=[number|object]
Returns
Error code (if parameter) or : State= : state of service Userpass= : specify if password mode is on/off Port= : port used by service
Implementation notes
Start ou stop ssh daemon, flag is in "network" configuration file. SSHD only use sshv2 with public key but if Password is set the ssh connection will accept both key and password mode.
Example
CONFIG CONSOLE SSH State=1 Userpass=1 Port=gopher
Level
network+modify
History
Appears in 9.0.0
Description
Activate/cancel modifications of DDNSCLIENT configuration
Usage
config ddnsclient activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Example
CONFIG DDNSCLIENT ACTIVATE
Level
network+modify
History
Appears in 6.0.0
Description
Delete an existing dynamic DNS client configuration
Usage
config ddnsclient delete name=<name of configuration to be deleted>
Returns
Error code
Example
CONFIG DDNSCLIENT DELETE name=DynamicDNS
Level
base
History
Appears in 6.0.0
FORMAT Appears in 9.0.0
Description
List Dynamic DNS client configurations
Usage
config ddnsclient list
Format
list
Returns
list of Dynamic DNS client configurations
Example
CONFIG DDNSCLIENT LIST DynamicDNS
Level
network+modify
History
Appears in 6.0.0
Added noip in 9.1.0
Description
Create a new dynamic DNS client configuration
Usage
config ddnsclient new name=<confname> provider=<dyndns|noip>
Returns
Error code
Example
CONFIG DDNSCLIENT NEW name=DynamicDNS provider=dyndns
Level
network+modify
History
Appears in 6.0.0
Description
Remove all event entry and set offline
Usage
config ddnsclient resetevent name=<conf name>
Returns
Error code
Example
CONFIG DDNSCLIENT RESETEVENT name=DynamicDNS
Level
network+modify
History
Appears in 6.0.0
Description
Set a global or a configuration parameter
Usage
config ddnsclient set name=<conf name> (state=<0|1> | service=<provider service name> | server=<host object> | user=<username> | password=<pass> | hostname=<dns name>| protocol=<HTTP|HTTPS> | WildcardOption=<0|1> | OfflineOption=<0|1>| RenewInterval=<time in sec>)
Returns
Error code
Example
CONFIG DDNSCLIENT SET name=DynamicDNS state=1
Level
base
History
Appears in 6.0.0
Description
Show all or specific dynamic DNS client configuration
Note
optional parameter "name" to show only one configuration
Usage
config ddnsclient show [name=<name of configuration>]
Returns
[Config] Verbosity=(0|1) [DynamicDNS] State=(On|Off) Provider=type of provider Service=name of service User=user name to login Password=password to login Hostname=registred hostname Server=server of service protocol=(HTTP|HTTPS) WildcardOption=(0|1) : wilcard redirection OfflineOption=(0|1) : offline redirection RenewInterval=maximum interval between renewal
Example
CONFIG DDNSCLIENT SHOW [Config] Verbosity=0 [DynamicDNS] State=On Provider=dyndns Service=dyndns User=ddns_user Password=ddns_passwd Hostname=my_ddns.dnsalias.net Server=members.dyndns.org protocol=HTTP WildcardOption=1 OfflineOption=0 RenewInterval=2419200
Level
network+modify
History
Appears in 6.0.0
Description
Unset a global or a configuration parameter (restore default value)
Usage
config ddnsclient unset name=<conf name> param=[state|service|server|user|password|hostname|protocol|RenewInterval|OfflineOption|WildcardOption]
Returns
Error code
Example
CONFIG DDNSCLIENT UNSET name=DynamicDNS param=state
Level
network+modify
History
CANCEL Appears in 6.0.0
NEXTBOOT Appears in 6.0.0
level changes from other,modify to network,modify in 9.0.0
Description
Activate DHCP configuration.
Usage
config dhcp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
Run endhcpd script and start service depending on state field
Example
CONFIG DHCP ACTIVATE
Level
network+modify
History
macaddr deprecated in 6.0.0
level changes from other,modify to network,modify in 9.0.0
Description
Add a host to DHCP server configuration
Usage
config dhcp host add name=<hostname> [gate=<gateway>]
Returns
Error code
Example
CONFIG DHCP HOST ADD name=host1 CONFIG DHCP HOST ADD name=host2 gate=gw1
Level
base
History
level base Appears in 6.0.0
level other deprecated in 6.0.0
FORMAT Appears in 9.0.0
Description
List DHCP server hosts
Usage
config dhcp host list
Format
section_line
Returns
list of hosts in the form : pos=num host=host_object_name macaddr=ethernet_address [ gate=host_object_name]
Example
CONFIG DHCP HOST LIST pos=1 host=host1 macaddr=00:00:AA:BB:88:22 gate=gw1
Level
network+modify
History
custom-option1 Appears in 6.1.0
custom-option2 Appears in 6.1.0
default-ltime deprecated in 6.1.0
iparray option for custom-option2 Appears in 6.1.3
hostgroup name option for custom-option2 Appears in 6.1.3
level changes from other,modify to network,modify in 9.0.0
Description
Add a global parameter to DHCP server
Usage
config dhcp parameters add domain-name=<name> | dns-update=Off|On | default-ltime=<seconds> | max-ltime=<seconds> | min-ltime=<seconds> | wpad=Off|On | custom-option1=<name>,<id>,(str|ip|iparray),(<string>|<host name>|<hostgroup name>) | custom-option2=<name>,<id>,(str|ip|iparray),(<string>|<host name>|<hostgroup name>)
Returns
Error code
Implementation notes
non documented parameters : port=number : fix another port for dhcp server (must be superior to 1024) authoritative=Off|On : act as an authoritative dhcp server.default valueis Off dns-update-hosts=Off|On : update fixed host entries in dns. by default, its value is the same as dns-update dns-use-hostname=Off|On : use dhcp name to update dns entry. by default its value is the same as dns-update ping-check=Off|On : send an icmp echo before attributing ip address. default is On wpad=Off|On : activate web proxy autoconfiguration discovery
Example
CONFIG DHCP PARAMETERS ADD domain-name=my.domain.com
Level
network
History
level changes from other to network in 9.0.0
Description
List DHCP server global parameters and options
Usage
config dhcp parameters list
Returns
[Parameters] domain-name=domain name for clients dns-update=Off|On : dynamic dns update default-ltime=default lease time for clients min-ltime=minimum lease time for clients max-ltime=maximum lease time for clients
Implementation notes
non documented returns (printed only if thers is an entry in configuration file): port=number : listening port for dhcp server (superiore to 1024 if not default) authoritative=Off|On : act as an authoritative dhcp server.default valueis Off dns-update-hosts=Off|On : update fixed host entries in dns. by default, its value is the same as dns-update dns-use-hostname=Off|On : use dhcp name to update dns entry. by default its value is the same as dns-update ping-check=Off|On : send an icmp echo before attributing ip address. default is On
Example
CONFIG DHCP PARAMETERS LIST [Parameters] domain-name=my.domain.com
Level
network+modify
History
level changes from other,modify to network,modify in 9.0.0
Description
Remove a global parameter from DHCP server
Usage
config dhcp parameters remove domain-name
dns-update
default-ltime
min-ltime
max-ltime
wpad
Returns
Error code
Implementation notes
non documented parameters : authoritative dns-update-hosts dns-use-hostname ping-check port=number
Example
CONFIG DHCP PARAMETERS REMOVE domain-name
Level
network+modify
History
begin deprecated in 6.0.0
end deprecated in 6.0.0
name Appears in 6.0.0
level changes from other,modify to network,modify in 9.0.0
Description
Add a range.
Usage
config dhcp range add name=<rangename> [gate=<hostname>]
Returns
Error code
Example
CONFIG DHCP RANGE ADD name=dhcp_range
Level
base
History
level base Appears in 6.0.0
level other deprecated in 6.0.0
name Appears in 6.0.0
FORMAT Appears in 9.0.0
Description
List ranges.
Usage
config dhcp range list
Format
section_line
Returns
list of ranges in the form : pos=num name=[<object name>|None] begin=ip end=ip[ gate=<hostname> | ip]
Example
CONFIG DHCP RANGE LIST pos=1 name="dhcp_range" begin=10.2.20.21 end=10.2.20.254 gate=gw1
Level
network+modify
History
pos deprecated in 6.0.0
name Appears in 6.0.0
level changes from other,modify to network,modify in 9.0.0
Description
Delete a DHCP range.
Usage
config dhcp range remove name=<object name> | begin=<ip address> only if name=None
Returns
Error code
Example
CONFIG DHCP RANGE REMOVE name=dhcp_range
Level
network+modify
History
Appears in 1.0.0
Description
Set advanced settings : bindaddr
Note
BindAddr must be an object which represents a local IPv4 address of the firewall
Usage
config dhcp relay advanced [BindAddr=(<firewall_ip object>|"")]
Returns
Error code
Example
CONFIG DHCP RELAY ADVANCED BindAddr=Firewall_in
Level
network+modify
History
Appears in 9.0.0
Description
Add an interface involved in DHCP traffic relaying
Usage
config dhcp relay interface add name=<Interface Name>
Returns
Error code
Example
CONFIG DHCP RELAY INTERFACE ADD name=out
Level
network+modify
History
Appears in 9.0.0
Description
Configure DHCP relay to listen on all the interfaces or listen only on interfaces explicitly configured
Usage
config dhcp relay interface all state=(0|1|On|Off)
Returns
Error code
Example
CONFIG DHCP RELAY INTERFACE ALL state=1
Level
base
History
Appears in 9.0.0
Description
List configured interfaces involved in DHCP traffic relaying
Usage
config dhcp relay interface list
Format
list
Returns
list all the interfaces involved in DHCP traffic relaying
Implementation notes
load section and print each value
Example
CONFIG DHCP RELAY INTERFACE LIST In Out
Level
network+modify
History
Appears in 9.0.0
Description
Set the DHCP server(s) to which the dhcp requests will be forwarded.
Usage
config dhcp relay server name=<host|range|hostgroup|"">
Returns
Error code
Example
CONFIG DHCP RELAY SERVER name=myhost
Level
base
History
Appears in 9.0.0
BindAddr appears in 1.0.0
Description
Show DHCP relay configuration.
Usage
config dhcp relay show
Returns
[Config] State=(On|Off)Server=(host|range|network|hostgroup) InterfaceAll=(0|1) BindAddr=<host>
Example
CONFIG DHCP RELAY SHOW [Config] State=On Server=myhost InterfaceAll=0 BindAddr=Firewall_in
Level
network+modify
History
Appears in 6.2.0
level changes from other,modify to network,modify in 9.0.0
Description
Add a server
Usage
config dhcp servers add defaultgateway=<hostname> | dns1=<hostname>| dns2=<hostname> | news=<hostname> | ntp=<hostname> | pop=<hostname> | smtp=<hostname> | tftp=<hostname> | wins=<hostname>
Returns
Error code
Example
CONFIG DHCP SERVERS ADD dns2=dns_2
Level
base
History
level base Appears in 6.0.0
level other deprecated in 6.0.0
Description
List configured servers for DHCP clients.
Usage
config dhcp servers list
Returns
list of servers in the form of server_name=host_object_name pairs
Implementation notes
load section, get s->count and print each value
Example
CONFIG DHCP SERVERS LIST DefaultGateway=gw2 dns1=dns_1 dns2=dns_2
Level
base
Description
Show DHCP configuration.
Usage
config dhcp show
Returns
[Config] State=(On|Off)[Parameters]
Example
CONFIG DHCP SHOW [Config] State=On [Parameters] domain-name=my.domain.com
Level
base
Licence needed:
Service/DHCP
History
Appears in 1.0.0
Description
Command to manage DHCPv6 server and relay.
Level
network+modify
History
Appears in 1.0.0
Description
Activate DHCPv6 configuration.
Usage
config dhcp6 activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
Run endhcpd script and start service depending on state field
Example
CONFIG DHCP6 ACTIVATE
Level
network+modify
History
Appears in 1.0.0
Description
Add a host to DHCPv6 server configuration
Usage
config dhcp6 host add name=<hostname> duid=<duid-ll|duid-llt|duid-en>
Returns
Error code
Example
CONFIG DHCP6 HOST ADD name=host2 duid=0:1:0:1:16:61:e:c0:0:d:b4:2:6d:c3
Level
base
History
Appears in 1.0.0
Description
List DHCP server hosts
Usage
config dhcp6 host list
Format
section_line
Returns
list of hosts in the form : pos=num host=host_object_name duid=<duid-ll|duid-llt|duid-en>
Example
CONFIG DHCP6 HOST LIST pos=1 host=host6 duid=0:1:0:1:16:61:e:c0:0:d:b4:2:6d:c3
Level
network+modify
History
Appears in 1.0.0
Description
Add a global parameter to DHCPv6 server
Usage
config dhcp6 parameters add domain-name=<name> | default-ltime=<seconds> | max-ltime=<seconds> | min-ltime=<seconds> | wpad=Off|On | custom-option1=<name>,<id>,(str|ip|ipv6|iparray|ipv6array),(<string>|<host name>|<host6 name>|<hostgroup name>|<hostgroup6 name>) | custom-option2=<name>,<id>,(str|ip|ipv6|iparray|ipv6array),(<string>|<host name>|<host6 name>|<hostgroup name>|<hostgroup6 name>)
Returns
Error code
Implementation notes
non documented parameters : port=number : fix another port for dhcp server (must be superior to 1024) authoritative=Off|On : act as an authoritative dhcp server.default valueis Off ping-check=Off|On : send an icmp echo before attributing ip address. default is On wpad=Off|On : activate web proxy autoconfiguration discovery
Example
CONFIG DHCP6 PARAMETERS ADD domain-name=my.domain.com
Level
network
History
Appears in 1.0.0
Description
List DHCPv6 server global parameters and options
Usage
config dhcp6 parameters list
Returns
[Parameters] domain-name=domain name for clients default-ltime=default lease time for clients min-ltime=minimum lease time for clients max-ltime=maximum lease time for clients
Implementation notes
non documented returns (printed only if thers is an entry in configuration file): port=number : listening port for dhcp server (superiore to 1024 if not default) authoritative=Off|On : act as an authoritative dhcp server.default valueis Off ping-check=Off|On : send an icmp echo before attributing ip address. default is On
Example
CONFIG DHCP PARAMETERS LIST [Parameters] domain-name=my.domain.com
Level
network+modify
History
Appears in 1.0.0
Description
Remove a global parameter from DHCPv6 server
Usage
config dhcp6 parameters remove domain-name
default-ltime
min-ltime
max-ltime
wpad
Returns
Error code
Implementation notes
non documented parameters : authoritative ping-check port=number
Example
CONFIG DHCP6 PARAMETERS REMOVE domain-name
Level
network+modify
History
Appears in 1.0.0
Description
Add a DHCP IPv6 range.
Usage
config dhcp6 range add name=<rangename>
Returns
Error code
Example
CONFIG DHCP6 RANGE ADD name=dhcp6_range
Level
base
History
Appears in 1.0.0
Description
List DHCP IPv6 ranges.
Usage
config dhcp6 range list
Format
section_line
Returns
list of ranges in the form : pos=num name=<object name> begin=ipv6 end=ipv6
Example
CONFIG DHCP6 RANGE LIST pos=1 name="dhcp_range" begin=2001:deca::10 end=2001:deca::20
Level
network+modify
History
Appears in 1.0.0
Description
Add a server side interface involved in DHCPv6 traffic relaying
Usage
config dhcp6 relay fwdinterface add name=<Interface Name>
Returns
Error code
Example
CONFIG DHCP6 RELAY FWDINTERFACE ADD name=in
Level
base
History
Appears in 1.0.0
Description
List configured server side interfaces involved in DHCPv6 traffic relaying
Usage
config dhcp6 relay fwdinterface list
Format
list
Returns
list all the server side interfaces involved in DHCPv6 traffic relaying
Implementation notes
load section and print each value
Example
CONFIG DHCP6 RELAY FWDINTERFACE LIST In Out
Level
network+modify
History
Appears in 1.0.0
Description
Add a client side interface involved in DHCPv6 traffic relaying
Usage
config dhcp6 relay rcvinterface add name=<Interface Name>
Returns
Error code
Example
CONFIG DHCP6 RELAY RCVINTERFACE ADD name=in
Level
base
History
Appears in 1.0.0
Description
List configured client side interfaces involved in DHCPv6 traffic relaying
Usage
config dhcp6 relay rcvinterface list
Format
list
Returns
list all the client side interfaces involved in DHCPv6 traffic relaying
Implementation notes
load section and print each value
Example
CONFIG DHCP6 RELAY RCVINTERFACE LIST In Out
Level
network+modify
History
Appears in 1.0.0
Description
Set the DHCPv6 server(s) to which the dhcp requests will be forwarded.
Usage
config dhcp6 relay server name=<host6|range6|hostgroup6|"">
Returns
Error code
Example
CONFIG DHCP6 RELAY SERVER name=myhost
Level
base
History
Appears in 1.0.0
Description
Show DHCPv6 relay configuration.
Usage
config dhcp6 relay show
Returns
[Config] State=(On|Off)Server=(host|range|network|hostgroup)
Example
CONFIG DHCP6 RELAY SHOW [Config] State=On Server=myhost
Level
network+modify
History
Appears in 1.0.0
Description
Add a server
Usage
config dhcp6 servers add dns1=<hostname>| dns2=<hostname>
Returns
Error code
Example
CONFIG DHCP6 SERVERS ADD dns2=dns_2
Level
base
History
Appears in 1.0.0
Description
List configured servers for DHCPv6 clients.
Usage
config dhcp6 servers list
Returns
list of servers in the form of server_name=host_object_name pairs
Example
CONFIG DHCP6 SERVERS LIST dns1=dns_1 dns2=dns_2
Level
base
History
Appears in 1.0.0
Description
Show DHCPv6 configuration.
Usage
config dhcp6 show
Returns
[Config] State=(On|Off)[Parameters]
Example
CONFIG DHCP6 SHOW [Config] State=On [Parameters] domain-name=my.domain.com
Level
network+modify
History
CANCEL Appears in 6.0.0
NEXTBOOT Appears in 6.0.0
level changes from other,modify to network,modify in 9.0.0
Description
Activate DNS configuration.
Usage
config dns activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
Run endns script and start service depending on state field
Example
CONFIG DNS ACTIVATE
Level
network+modify
Licence needed:
Service/DNS
History
LICENCE Appears in 6.0.0
randomServerOrder Appears in 6.1.0
level changes from other,modify to network,modify in 9.0.0
ipsend appears in 9.1.0
Description
Set advanced settings : automatic redirect, and cache size.
Usage
config dns advanced [redirect=On|Off] [randomServerOrder=On|Off] [cacheSize=size of cache in bytes] [ipsend=ip|firewall host object]
Returns
Error code
Implementation notes
Redirect add nat rules like tproxyd
Example
CONFIG DNS ADVANCED redirect=On
Level
base
Licence needed:
Service/DNS
History
LICENCE Appears in 6.0.0
Description
Configure clients.
Level
network+modify
History
level changes from other,modify to network,modify in 9.0.0
Description
Add a DNS cache single client or many clients IP addresses.
Usage
config dns client add <host | range | network | hostgroup>
Returns
Error code
Example
CONFIG DNS CLIENT ADD Network_in
Level
base
History
level changes from other to base in 9.0.0
Description
List authorized clients.
Usage
config dns client list
Returns
list of authorized clients in the form : position=host_object_name
Implementation notes
Client might be a host, range, network or group. At least, it can be an ip or part of an ip address. Position is here only to facilitate removal of clients. Note that 127.0.0.1 is an implicit client.
Example
CONFIG DNS CLIENT LIST 1="Network_in" 2="Network_dmz"
Level
network+modify
History
ip deprecated in 6.0.0
hostname Appears in 6.0.0
level changes from other,modify to network,modify in 9.0.0
Description
Add a DNS cache server (default position is end of list).
Usage
config dns server add <hostname> [pos=<position>]
Returns
Error code
Implementation notes
server might be an host or an hostgroup.
Example
CONFIG DNS SERVER ADD dns_1
Level
base
History
level changes from other to base in 9.0.0
Description
List DNS cache servers.
Usage
config dns server list
Returns
list of servers in the form : position=host_object_name
Implementation notes
load section, get s->count and print each value
Example
CONFIG DNS SERVER LIST [Server] 1="dns_1" 2="dns_2"
Level
network+modify
History
ip deprecated in 6.0.0
hostname Appears in 6.0.0
level changes from other,modify to network,modify in 9.0.0
Description
Remove a DNS cache server from list.
Usage
config dns server remove <hostname>
Returns
Error code
Example
CONFIG DNS SERVER REMOVE dns_1
Level
base
Description
Show DNS configuration.
Usage
config dns show
Returns
[Config] State=on|off[Advanced] redirect=on|offcacheSize=sizecacheMaxSize=size
Example
CONFIG DNS SHOW [Config] State=On [Advanced] redirect=Off cacheSize=999424 cacheMaxSize=5000000 randomServerOrder=On ipsend=Firewall_in
Level
base
Description
Download a file from firewall
Note
Additionnal rights may be needed to read files:
wpad.dat: contentfilter
app_user_req, rej_user_req, ldapmaps, keytab: user
app_cert_req, rej_cert_req: pki
custom_disclaimer.html, disclaimer.pdf: admin
index-logo.jpg, custom.css: admin
httpproxy_blockpage0,httpproxy_blockpage1,httpproxy_blockpage2,httpproxy_blockpage3
Usage
config download <custom.css|index-logo.jpg|httpproxy_blockpage0|httpproxy_blockpage1|httpproxy_blockpage2|httpproxy_blockpage3|algorithm|vpntunnel|ldapmaps|app_user_req|rej_user_req|app_cert_req|rej_cert_req|keytab|wpad.dat|custom_disclaimer.html|disclaimer.pdf>
Returns
The requested file
Implementation notes
Only allowed files can be downloaded
Example
CONFIG DOWNLOAD httpproxy_blockpage2
Level
filter|globalfilter+modify
History
level globalfilter added in 9.0.0
Description
Activate current filter slot
Usage
config filter activate
Level
filter_read
History
Appears in 9.0.0
Description
Check the current (non-activated) filtering rules
Usage
config filter check type=(filter|nat) index=<policy_idx> [output=(plain|xml)] [global=(0|1)]
Format
section_line
Level
filter|globalfilter+modify
History
Appears in 9.0.0
Description
Reset a filtering/NAT policy to its default settings
Usage
config filter default index=<policy_idx> type=(filter|nat) [global=(0|1)]
Level
filter_read
History
'output' appears in 9.0.0
'type' appears in 9.0.0
'global' appears in 9.0.0
Pagination appears in 9.0.0
level changes from filter to filter_read in 9.0.0
Description
List explicit rules
Usage
config filter explicit index=<policy_idx> type=(filter|nat) [output=(plain|xml)] [global=(0|1)] [useclone=(0|1)] [start=<int> [limit=<int>] [dir=(ASC|DESC)] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=(0|1)]]
Format
list
Level
filter_read
History
'output' appears in 9.0.0
level changes from filter to filter_read in 9.0.0
Description
List implicit rules
Usage
config filter implicit [output=(plain|xml)]
Format
list
Level
filter+modify
History
plugin Appears in 6.0.0
implicit Appears in 6.0.0
fwdefault Appears in 6.0.0
option authd_int for services Appears in 6.0.0
option authd_ext for services Appears in 6.0.0
option httpproxy for services Appears in 6.0.0
option smtpproxy for services Appears in 6.0.0
option pop3proxy for services Appears in 6.0.0
option Xvpnd_int for services Appears in 6.0.0
option Xvpnd_ext for services Appears in 6.0.0
option authd for services deprecated in 6.0.0
option proxy for services deprecated in 6.0.0
option webserver for services deprecated in 7.0.0
option sshd for services Appears in 7.0.0
option httpproxy for services removed in 9.0.0
option smtpproxy for services removed in 9.0.0
option pop3proxy for services removed in 9.0.0
option ftpproxy for services removed in 9.0.0
option xvpnd_int for services removed in 9.0.0
option xvpnd_ext for services removed in 9.0.0
option webadmin for services appears in 9.0.0
checkroute appears in 9.1.0
option Bootps for services appears in 1.0.0
option SslVPN for services appears in 1.0.0
option Rtadv for services appears in 1.0.0
option DHCP6 for services appears in 1.0.0
ipstate appears in 1.0.0
plugin and fwdefault become optional in 1.0.0
Description
Buildfilter config
Usage
config filter manage implicit=(0|1) [plugin=(0|1)] [fwdefault=(0|1)] [ipstate=(0|1)] [checkroute=(0|1)] [services=[authd_int],[authd_ext],[dns],[dialup],[ha],[ident],[pptp],[serverd],[sshd],[vpn],[webadmin],[bootps],[sslvpn],[rtadv],[dhcp6]]
Implementation notes
plugin : attach/unattach plugins on firewall outgoing connections implicit : enable/disable firewall services rules fwdefault : enable/disable firewall outgoing default rules checkroute: enable/disable checking online status of PBR routers ipstate : enable/disable ipstate flag on outgoing rules
Example
CONFIG FILTER MANAGE plugin=1 implicit=1 fwdefault=1 ipstate=1 checkroute=1 services=dialup,dns,ha,ident,pptp,serverd,sshd,vpn,authd_int,webadmin,bootps,sslvpn
Level
filter|globalfilter
History
Appears in 9.0.0
Description
Filtering rule handling
Level
filter|globalfilter+modify
History
Appears in 9.0.0
Description
Add/update separator
Usage
config filter rule addsep index=<policy_idx> type=(filter|nat) color=<hex> comment=<string> collapse=(0|1)
[position=<digit>] (default: end of list)
[global=(0|1)] (default: 0)
[update=(0|1)] (default: 0)
Level
filter|globalfilter+modify
History
Appears in 9.0.0
Description
Collapse/uncollapse all separators
Usage
config filter rule collapse index=<policy idx> type=(filter|nat) action=(all|none)
[global=(0|1)] (default: 0)
Level
filter|globalfilter+modify
History
Appears in 9.0.0
Description
Copy one or many rule(s)
Usage
config filter rule copy index=<policy idx> type=(filter|nat) position=<line>
[global=(0|1)] (default: 0)
[to=<rule id>] (default: end of list)
[nb=<number of rules to copy>] (default: 1)
Level
filter|globalfilter+modify
History
Appears in 9.0.0
Description
Insert a new rule before the rule with the given position
Usage
config filter rule insert index=<policy idx> type=(filter|nat) state=(on|off) action=(pass|block|deleg|reset|log|decrypt|nat)
srctarget=(any|<objectname>[,<objectname>[,...]]) dsttarget=(any|<objectname>[,<objectname>[,...]])
[global=(0|1)] (default: 0)
[position=<digit>] (default: insert at the end of the rule list)
[output=(plain|xml)]
And any rule tokens accepted by CONFIG FILTER RULE UPDATE.
Format
section_line
Level
filter|globalfilter+modify
History
Appears in 9.0.0
Description
Move one or many rule(s)
Usage
config filter rule move index=<policy idx> type=(filter|nat) position=<line>
[global=(0|1)] (default: 0)
[to=<rule id>] (default: end of list)
[nb=<number of rules to move>] (default: 1)
Level
filter|globalfilter+modify
History
Appears in 9.0.0
Description
Remove one or all filtering rule(s)
Usage
config filter rule remove index=<policy idx> type=(filter|nat) position=(all|<digit>)
[global=(0|1)] (default: 0)
Level
filter|globalfilter+modify
History
Appears in 9.0.0
ipstate appears in 9.0.2
Description
Update a filtering rule
Usage
config filter rule update index=<policy idx> type=(filter|nat) position=<digit>
[output=(plain|xml)] (default: plain)
[global=(0|1)] (default: 0)
[state=(on|off)]
[action=(pass|block|deleg|reset|log|decrypt|nat)]
[loglevel=(none|log|minor|major)]
[count=(on|off)]
[rate=(""|<tcp>,<udp>,<icmp>,<request>)]
[synproxy=(on|off)]
[settos=(""|<1-254>)]
[qosid=(""|<qid name>)]
[qosfairness=(""|state|user|host)]
[route=(""|<hostname>|<ipaddr>)]
[inspection=(firewall|ids|ips)]
[antivirus=(on|off)]
[antispam=(on|off)]
[proxycache=(on|off)]
[ftpfiltering=(on|off)]
[urlfiltering=(""|<0-9>)] (URL policy index)
[mailfiltering=(""|<0-9>)] (Mail policy index)
[sslfiltering=(""|<0-9>)] (SSL policy index)
[fwservice=(""|httpproxy|webportal)]
[webportalexcept=(""|urlgroup[,urlgroup[,urlgroup[,...]]])]
[schedule=(anytime|<time object>)]
[securityinspection=(""|<0-9>)] (ASQ config index)
[tos=(""|<1-254>)]
[ipstate=(on|off)]
[ipproto=(any|<IP protocol name>)] (for instance, TCP, UDP, ICMP, etc)
[icmptype=(""|<0-255>)][icmpcode=(""|<0-255>)][proto=(auto|none|<app protocol name>)] (for instance, HTTP, FTP, etc)
[srcuser=(""|any|unknown|[!]<user>|[!]<usergroup>)]
[srctarget=(any|[!]<objectname>[,<objectname>[,<objectname>[,...]]])]
[srcportop=(eq|ne|gt|lt)]
[srcport=(any|<objectservice>[,<objectservice>[,<objectservice>[,...]]])]
[srcif=(any|<interface name>)]
[via=(any|sslvpn|httpproxy|ipsec|sslproxy|none)]
[dsttarget=(any|[!]<objectname>[,<objectname>[,<objectname>[,...]]])]
[dstportop=(eq|ne|gt|lt)]
[dstport=(any|<objectservice>[,<objectservice>[,<objectservice>[,...]]])]
[dstif=(any|<interface name>)]
[natsrctarget=(""|original|<object name>)] (empty value to disable nat on source)
[natsrclb=(none|roundrobin|srchash|connhash|random)]
[natsrcarp=(on|off)]
[natsrcportop=(eq|ne|gt|lt)]
[natsrcport=(original|<objectservice>|<port range>)]
[natsrcportlb=(none|random)]
[natdsttarget=(""|original|<object name>)] (empty value to disable nat on destination)
[natdstlb=(none|roundrobin|srchash|connhash|random)]
[natdstarp=(on|off)]
[natdstportop=(eq|ne|gt|lt)]
[natdstport=(original|<objectservice>|<port range>)]
[natdstportlb=(none|roundrobin|srchash|connhash|random)]
[beforevpn=(on|off)]
[comment=<string>]
[rulename=<string>]
Format
section_line
Level
filter_read
History
sshd config Appears in 7.0.0
level changes from filter to filter_read in 9.0.0
Description
Dump buildfilter config
Usage
config filter show [output=xml]
Returns
[Config] Plugin=0|1 Implicit=0|1 FwDefault=0|1 CheckRoute=0|1 Ipstate=0|1 [Services] Pptp=0|1 HA=0|1 Vpn=0|1 Dns=0|1 Dialup=0|1 Ident=0|1 Serverd=0|1 Sshd=0|1 Authd_int=0|1 Authd_ext=0|1 WebAdmin=0|1 Bootps=0|1 SslVPN=0|1 Rtadv=0|1 DHCP6=0|1 [Plugin] DNS=0|1 FTP=0|1 HTTP=0|1 IMAP4=0|1 POP3=0|1 SMTP=0|1 SSH=0|1 Telnet=0|1 NNTP=0|1 SSL=0|1 [Global] StrictUsers=0|1
Level
base
History
Appears in 6.0.0
Description
Global object administration
Note
most of the code is shared with CONFIG.OBJECT
Invalid name for objects are:
Firewall_*
Network_*
broadcast
anonymous
any
object commands update object configuration files and serverd memory structure
Level
base
History
Appears in 9.0.0
Description
Return a unique global object from its name
Usage
config global object get type=<host|range|network|group|protocol|time|service|servicegroup> name=<objname>
Format
section_line
Returns
Return one line with the global object properties: [Object] type=host modify=<0|1> global=<0|1> comment=<comment> name=<hostname> ip=<ip> ipv6=<ipv6> resolve=<static|dynamic> type=range modify=<0|1> global=<0|1> comment=<comment> name=<rangename> begin=<firstip> end=<lastip> beginv6=<firstipv6> endv6=<lastipv6> type=network modify=<0|1> global=<0|1> comment=<comment> name=<rangename> ip=<ip> mask=<netmask> prefixlen=<ipv4 prefix len> ipv6=<ipv6> prefixlenv6=<ipv6 prefix len> type=protocol modify=<0|1> global=<0|1> comment=<comment> name=<protocolname> protonumber=<ip protocol number> type=service modify=<0|1> global=<0|1> comment=<comment> name=<servicename> port=<port> toport=<""|lastport> proto=<protocolname> type=time modify=<0|1> global=<0|1> comment=<comment> name=<timename> time=<time> weekday=<weekdays> yearday=<yearday> date=<date> type=group modify=<0|1> global=<0|1> comment=<comment> name=<groupname> type=servicegroup modify=<0|1> global=<0|1> comment=<comment> name=<groupname> ...
Example
config global object get type=host name=mycomputer [Object] type=host modify=1 global=1 comment="" name=mycomputer ip=10.0.0.0 ipv6=fe80::1 resolve=static
Level
base
History
Appears in 6.0.0
Description
Global object groups administration
Note
most of the code is shared with CONFIG.GLOBAL.OBJECT.SERVICEGROUP
Level
globalobject+modify
History
Appears in 6.0.0added position arg in 9.0.0
Description
Add object to global group
Note
node might be an object or a group
this command returns an error if:
"group" or "node" don't exist
"node" is an object already included in "group"
"node" is an object included in a subgroup of "group"
"node" is a group and contains common element(s) with "group"
"node" is a group and contains an other group which contains "group"(it creates a loop)
"node" is a group and contains an other group which has common element(s) with "group" or another node
Usage
config global object group addto group=<groupname> node=<node to add name> [pos=<position>]
Example
CONFIG GLOBAL OBJECT GROUP ADDTO group=group1 node=host1
Level
globalobject
History
Appears in 6.1.0
level globalobject Appears in 6.1.3
level object deprecated in 6.1.3
FORMAT Appears in 9.0.0
Description
Check global object group
Usage
config global object group check name=<group name>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
CONFIG GLOBAL OBJECT GROUP CHECK name=group1 [Configuration] module=Filter slot=04 line=1
Level
globalobject+modify
History
force Appears in 6.1.0
Description
Delete global object group
Note
returns an error if no group with this name exists
Usage
config global object group delete name=<groupname> [force=1]
Example
CONFIG GLOBAL OBJECT GROUP DELETE name=group1
Level
globalobject+modify
History
Appears in 6.0.0
Description
Create new empty object group
Note
returns an error if a group with identical name exists
Usage
config global object group new name=<groupname> [comment=<group comment>] [update=<0|1>]
Example
CONFIG GLOBAL OBJECT GROUP NEW name=group1
Level
globalobject+modify
History
Appears in 6.0.0
Description
Remove global object from group
Note
node might be an object or a group
this command returns an error if :
"group" or "node" don't exist
"node" is not in "group"
Usage
config global object group removefrom group=<groupname> node=<node to remove name>
Example
CONFIG GLOBAL OBJECT GROUP REMOVEFROM group=group1 node=host1
Level
base
History
Appears in 6.0.0
FORMAT Appears in 9.0.0
all disapears in 9.0.0
Description
Show one object group
Usage
config global object group show name=<groupname> [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]
Format
section_line
Returns
[<groupname>] name=<nodename>...
Example
CONFIG GLOBAL OBJECT GROUP SHOW name=group1 [group1] name=host1
Level
base
History
Appears in 6.0.0
Description
Global host object administration
Level
globalobject
History
Appears in 6.1.0
level globalobject Appears in 6.1.3
level object deprecated in 6.1.3
FORMAT Appears in 9.0.0
Description
Check global host object
Usage
config global object host check name=<hostname>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
CONFIG GLOBAL OBJECT HOST CHECK name=host1 [Configuration] module=DNS section=Servers module=Filter slot=04 line=1 module=DHCP section=Server
Level
globalobject+modify
History
force Appears in 6.1.0
Description
Remove global host object
Note
command returns an error code if :
no object is found.
object is in a group
Usage
config global object host delete name=<hostname> [force=1]
Example
CONFIG GLOBAL OBJECT HOST DELETE name=host1
Level
globalobject+modify
History
Appears in 6.0.0
Description
Add global host object
Note
For single host at least one ip (v4 or v6) must be specified
For range at least one begin and end (v4 or v6) must be specified
Without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.
Usage
config global object host new name=<hostname> [ip=<ipaddress>] [ipv6=<ipv6address>] [type=router|server|host] [resolve=static|dynamic|manual] [mac=xx:xx:xx:xx:xx:xx] [color=xxxxxx] [localfirst=0|1] [comment=<comment>] [update=<0|1|2>]
name=<rangename> [begin=<range first ip> end=<range last ip>] [beginv6=<range first ipv6> endv6=<range last ipv6>] [color=xxxxxx] [localfirst=0|1] [comment=<comment>] [update=<0|1|2>]
Example
CONFIG GLOBAL OBJECT HOST NEW name=host4 ip=10.0.0.1 resolve=static comment="Global IPv4 only host" mac=11:22:33:44:55:66 CONFIG GLOBAL OBJECT HOST NEW name=host6 ipv6=fe80::1 resolve=static comment="Global IPv6 only host" CONFIG GLOBAL OBJECT HOST NEW name=host46 ip=10.0.0.1 ipv6=fe80::1 resolve=static comment="Global IPv4v6 host" CONFIG GLOBAL OBJECT HOST NEW name=range4 begin=10.0.0.1 end=10.0.0.10 comment="Global IPv4 only range" CONFIG GLOBAL OBJECT HOST NEW name=range6 beginv6=fe80::1 endv6=fe80::10 comment="Global IPv6 only range" CONFIG GLOBAL OBJECT HOST NEW name=range46 begin=10.0.0.1 end=10.0.0.10 beginv6=fe80::1 endv6=fe80::10 comment="Global IPv4v6 range"
Level
base
History
Appears in 6.0.0
Description
Global network object administration
Level
globalobject
History
Appears in 6.1.0
level globalobject Appears in 6.1.3
level object deprecated in 6.1.3
FORMAT Appears in 9.0.0
Description
Check global network object
Usage
config global object network check name=<network name>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
CONFIG GLOBAL OBJECT NETWORK CHECK name=network1 [Configuration] module=DNS section=Clients module=Filter slot=04 line=1
Level
globalobject+modify
History
force Appears in 6.1.0
Description
Remove global network object
Note
command returns an error code if :
no object is found.
object is in a group
Usage
config global object network delete name=<netname> [force=1]
Example
CONFIG GLOBAL OBJECT NET DELETE name=net1
Level
globalobject+modify
History
Appears in 6.0.0
Description
Add global network object
Note
at least one ip (v4 or v6) must be specified
without update parameter, command will return an error if an object with the same name exists.
0.0.0.0 and 255.255.255.255 IPv4 netmasks are not allowed
/0 and /32 IPv4 prefix len are not allowed
/0 and /128 IPv6 prefix len are not allowed
With update=2, modules which use the object are not reloaded.
Usage
config global object network new name=<netname> [ip=<network IPV4 address> mask=<netmask>|prefixlen=<prefixlen>] [ipv6=<network IPv6 address> prefixlenv6=<prefixlen>] [localfirst=0|1] [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]
Example
CONFIG GLOBAL OBJECT NETWORK NEW name=net0 ip=10.0.0.0 prefixlen=16 localfirst=1 comment="Global IPv4 only network" CONFIG GLOBAL OBJECT NETWORK NEW name=net1 ip=10.0.0.0 mask=255.0.0.0 localfirst=1 comment="Global IPv4 only network" CONFIG GLOBAL OBJECT NETWORK NEW name=net2 ipv6=fe80:: prefixlenv6=64 localfirst=1 comment="Global IPv6 only network" CONFIG GLOBAL OBJECT NETWORK NEW name=net3 ip=10.0.0.0 mask=255.0.0.0 ipv6=fe80:: prefixlenv6=64 localfirst=1 comment="Global IPv4v6 network"
Level
base
History
Appears in 6.0.0
Description
Global protocol object administration
Note
most of the code is shared with CONFIG.GLOBAL.OBJECT.NETWORK and CONFIG OBJECT.HOST
Level
globalobject
History
Appears in 6.1.0
level globalobject Appears in 6.1.3
level object deprecated in 6.1.3
FORMAT Appears in 9.0.0
Description
Check global protocol object
Usage
config global object protocol check name=<protocol name>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
CONFIG GLOBAL OBJECT PROTOCOL CHECK name=proto1 [Configuration] module=Filter slot=04 line=1
Level
globalobject+modify
History
force Appears in 6.1.0
Description
Delete global protocol object
Note
this command returns an error code if :
no object is found.
object is in a group
Usage
config global object protocol delete name=<protocolname> [force=1]
Example
CONFIG GLOBAL OBJECT PROTOCOL DELETE name=chaos
Level
globalobject+modify
History
Appears in 6.0.0
value replaced by protonumber in 9.0.0
Description
Add global protocol object
Note
Without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.
Usage
config global object protocol new name=<protocolname> protonumber=<IP protocol number> [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]
Example
CONFIG GLOBAL OBJECT PROTOCOL NEW name=chaos protonumber=16 color=123456 comment="CHAOS protocol"
Level
globalobject+modify
History
Appears in 9.0.0
Description
Rename global objects
Note
rename all the occurences of old_objname to new_objname in the configuration files
this command returns an error code if :
old objname is not found.
new objname already exists.
Usage
config global object rename type=<host|range|network|service|time|group|servicegroup> oldname=<old_objname> newname=<new_objname>
Example
config global object rename type=host oldname=foo newname=bar
Level
base
History
Appears in 6.0.0
Description
Global service object administration
Note
most of the code is shared with CONFIG.GLOBAL.OBJECT.NETWORK and CONFIG OBJECT.HOST
Level
globalobject
History
Appears in 6.1.0
level globalobject Appears in 6.1.3
level object deprecated in 6.1.3
FORMAT Appears in 9.0.0
Description
Check global service object
Usage
config global object service check name=<service name>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
CONFIG GLOBAL OBJECT SERVICE CHECK name=service1 [Configuration] module=Filter slot=04 line=1
Level
globalobject+modify
History
force Appears in 6.1.0
Description
Delete global service object
Note
this command returns an error code if :
no object is found.
object is in a group
Usage
config global object service delete name=<servicename> [force=1]
Example
CONFIG GLOBAL OBJECT SERVICE DELETE name=dns
Level
globalobject+modify
History
Appears in 6.0.0
Removed plugin attribute in 9.0.0
Description
Add global service object
Note
Without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.
Usage
config global object service new name=<servicename> port=<port number> proto=<tcp|udp|any> [toport=<porthigh>] [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]
Example
CONFIG GLOBAL OBJECT SERVICE NEW name=dns port=53 proto=tcp comment="DNS service"
Level
base
History
Appears in 6.0.0
Description
Global service groups administration
Note
most of the code is shared with CONFIG.GLOBAL.OBJECT.OBJECTGROUP
Level
globalobject+modify
History
Appears in 6.0.0
Description
Add service object to global service group
Note
node must be a service
this command returns an error if:
"group" or "node" don't exist
"node" is an object already included in "group"
Usage
config global object servicegroup addto group=<servicegroup name> node=<node to add name>
Example
CONFIG OBJECT SERVICEGROUP ADDTO group=group1 node=dns
Level
globalobject
History
Appears in 6.1.0
level globalobject Appears in 6.1.3
level object deprecated in 6.1.3
FORMAT Appears in 9.0.0
Description
Check global service group
Usage
config global object servicegroup check name=<service group name>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
CONFIG GLOBAL OBJECT SERVICEGROUP CHECK name=servicegroup1 [Configuration] module=Filter slot=04 line=1
Level
globalobject+modify
History
force Appears in 6.1.0
Description
Remove service group
Note
returns an error if no group with this name exist
Usage
config global object servicegroup delete name=<servicegroup name> [force=1]
Example
CONFIG GLOBAL OBJECT SERVICEGROUP DELETE name=servicegroup1
Level
globalobject+modify
History
Appears in 6.0.0
Description
Create new empty global service group
Note
returns an error if a service group with identical name exists
Usage
config global object servicegroup new name=<servicegroupname> [comment=<servicegroup comment>] [update=<0|1>]
Example
CONFIG GLOBAL OBJECT SERVICEGROUP NEW name=servicegroup1
Level
globalobject+modify
History
Appears in 6.0.0
Description
Remove service object from global service group
Note
node must be a service
this command returns an error if :
"group" or "node" don't exist
"node" is not in "group"
Usage
config global object servicegroup removefrom group=<servicegroup name> node=<node to remove name>
Example
CONFIG OBJECT GLOBAL SERVICEGROUP REMOVEFROM group=servcegroup1 node=dns
Level
base
History
Appears in 6.0.0
FORMAT Appears in 9.0.0
all disappears in 9.0.0
Description
Show global service group
Usage
config global object servicegroup show name=<servicegroup name> [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]
Format
section_line
Returns
[<servicegroup name>] name=<nodename>...
Example
CONFIG GLOBAL OBJECT SERVICEGROUP SHOW name=web [web] name=dns_udp name=http name=https
Level
base
History
Appears in 9.0.0
Description
Global Time object administration
Level
globalobject
History
Appears in 9.0.0
Description
Check global time object
Usage
config global object time check name=<timeobject name>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
config global object host check name=daysoff [Configuration] module=Filter slot=04 line=1
Level
globalobject+modify
History
Appears in 9.0.0
Description
Remove global time object
Note
command returns an error code if :
no object is found.
Usage
config global object time delete name=<timeobject name> [force=1]
Example
config global object host delete name=daysoff
Level
globalobject+modify
History
Appears in 9.0.0
Description
Add a global time object
Note
Without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.
Usage
config global object time new name=<timeobject name> time=(""|hh:mm-hh:mm[;hh:mm-hh:mm]...) weekday=(""|dow[-dow][;dow[-dow]]...) yearday=(""|mm:dd[-mm:dd][;mm:dd[-mm:dd]]...) date=(""|yyyy:mm:dd[:hh:mm][-yyyy:mm:dd[:hh:mm]]) [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]
Example
config global object time new name=work time=08:00-12:00;14:00-19:00 weekday=1;3;5-7 comment="working hours" config global object time new name=daysoff yearday=01:01;05:01;05:08;07:14;08:15;11:11;12:25
Level
maintenance+modify
Description
Activate HA configuration
Note
May start a full config file sync in order to apply changes also on peers at the same time
Usage
config ha activate
Returns
Error code
Example
CONFIG HA ACTIVATE
Level
maintenance+modify
History
sendarp Appears in 9.0.0
interfaceslipflop appears in 9.0.1
tokentimeout appears in 9.0.4
Description
Initialize an HA cluster
Note
Interfaces are expected to be ethernet or vlan interfaces.
Argument "forward" specifies what list of connected elements must be keptsynchronized between firewalls.
Value "connections" for the argument "forward" means TCP/UDP connections.
Default value for "forward" is All.
Argument "peer_waiting_timeout" indicates how long each firewall must wait at bootbefore considering their peer as offline. is given in seconds.
Default value for "peer_waiting_timeout" is 10s.
Argument "purge_arp" indicates if the ARP table must be purged when the firewallbecomes active (default is 0).
send_arp and send_arp_period defines if an ARP packet must be send periodically by the activefirewall as a reminder for other machines (default: 0, default period: 5s).
If secure is set to 1, connections sync packets will be encrypted. However you may experience reduced performances (default is 0)
nbping indicates how many ICMP requests must be sent once Corosync consider the peer to be dead. This is used to confirm that the Corosync notification wasn't a false-positive due to an overload on the peer. ICMP requests are sent with an interval of 50ms. Set this value to 0 to disable the confirmation mechanism.
interfacesflipflop indicates how long, in milliseconds, non-HA interfaces must go down when the firewall becomes passive. This is intended to reduce issues with the ARP tables of switchs during user-requested HA swaps when using a bridged network configuration. Bringing non-HA interfaces down should force the switchs to flush their ARP tables. This approach does not work with all switchs. (default is 1000, 0 to disable)
tokentimeout indicates how long Corosync must wait when it doesn't get any message from the peer(s). Once this delay is passed, Corosync will notify Stated. Stated will then try to ping the peer. If Stated doesn't get any reply either, the local firewall will become active.
Usage
config ha create password=<ha password> ifname=<interface user name> [ifname2=<interface user name>]
[priority=<0-9999>] [forward=<All|None|Connections|Hosts|Users>]
[waitingpeertimeout=<0-9999>] [purgearp=<0|1>] [sendarp=<0|1>]
[sendarpperiod=<1-9999>] [secure=<0|1>] [nbping=(0-300)]
[interfacesflipflop=<0-20000>] [tokentimeout=<1-99999>]
Returns
Error code
Example
CONFIG HA CREATE password=password ifname=vlan0 CONFIG HA CREATE password=karamba ifname=ethernet3 forward=Connection,Users
Level
maintenance+modify
History
Command appears in 9.0.0
Description
Make the firewall joins an existing HA cluster
Usage
config ha join password=<ha password> ip=<ip master> [priority=<0-9999>]
Returns
Error code
Example
CONFIG HA JOIN password=password ip=192.168.0.1
Level
base
Description
Display firewall HA configuration
Usage
config ha show
Returns
[Global] State=0|1 : Is HA activated ? Initialized=0|1 : HA initialization Forward=All|None|Connections|Hosts|Users|SIP : synchronized data types (separated by comas) SendARP=0|1 : SendARP state SendARPPeriod=<sec> : delay (sec) between 2 ARP Secure=0|1 : Crypto state on the HA link InterfacesFlipFlop=<0-20000> : How long, in milliseconds, non-HA interfaces must go down when the firewall become passive (0=disabled) [Communication] ifname=<interf> : HA interface ifname2=<interf> : HA backup interface [ICMP] NbPing=(0-300) : Number of death confirmation pings [Corosync] TokenTimeout=2000 : Timeout for peer loss detection by Corosync (in milliseconds)
Example
CONFIG HA SHOW
Level
base
Description
Get/set firewall HA state
Note
Changing state need Ha or Mainteance and Modify levels
Usage
config ha state [on|off]
Returns
Error code
Example
CONFIG HA STATE on
Level
maintenance|ha+modify
History
sendarp Appears in 9.0.0
sendarpperiod Appears in 9.0.0
purgearp Appears in 9.0.0
forward Appears in 9.0.0
nbping appears in 9.0.0
ip and ip2 removed in 9.0.0
timeout removed in 9.0.0
period removed in 9.0.0
foperiod removed in 9.0.0
level maintenance Appears in 6.0.0
level admin deprecated in 6.0.0
interf2 deprecated in 6.1.0
interf2 Appears in 6.1.2
option serial0 for interf deprecated in 6.1.2
limit removed in 9.0.0
interfacesflipflop appears in 9.0.1
tokentimeout appears in 9.0.4
Description
Update HA configuration
Usage
config ha update [password=<ha password>]
[ifname=<ethernet|vlan>]
[ifname2=(""|<ethernet|vlan>)]
[forward=<All|None|Connections|Hosts|Users>]
[waitingpeertimeout=<0-9999>]
[purgearp=<0-1>]
[sendarp=<0|1>]
[sendarpperiod=<1-9999>]
[secure=<0|1>]
[nbping=(0-300)]
[interfacesflipflop=<0-20000>][tokentimeout=<1-99999>]
Returns
Error code
Example
CONFIG HA UPDATE password=newpassword
Level
base
Description
Change HA weights on each network interface to influence HA quality computation
Level
maintenance+modify
Description
Activate changes on weights
Usage
config ha weight activate
Returns
Error code
Example
CONFIG HA WEIGHT ACTIVATE
Level
base
Description
Display current weights on network interfaces
Usage
config ha weight show
Returns
[Weights] ethernet<X>=<0-9999> ethernet<Y>=<0-9999> [...]
Example
CONFIG HA WEIGHT SHOW [Weights] ethernet0=0 ethernet1=0 ethernet2=100 ethernet3=100
Level
vpn+modify
History
Appears in 9.0.0
Description
Activate/cancel modifications of IPsec configuration
Usage
config ipsec activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Example
CONFIG IPSEC ACTIVATE
Level
vpn+modify
History
Appears in 9.0.0
Description
Add trusted certificate authority.
Usage
config ipsec ca add name=<caname> [global=<0|1>]
Example
CONFIG IPSEC CA ADD name=myca
Level
vpn_read
History
Appears in 9.0.0
Description
List trusted certificate authorities
Usage
config ipsec ca list [global=<0|1>]
Format
section_line
Example
CONFIG IPSEC CA LIST
Level
vpn_read
History
Appears in 9.0.0
Description
Check if peer is used by policies
Usage
config ipsec peer check name=<profilename> [global=<0|1>]
Example
CONFIG IPSEC PEER CHECK name=mypeer
Level
vpn_read
History
Appears in 9.0.0
Description
List IPsec peers
Usage
config ipsec peer list [type=<anonymous|gateway|all>] [global=<0|1>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [sort=<0|1>] [refresh=<0|1>]]
Format
section_line
Example
CONFIG IPSEC PEER LIST type=anonymous
Level
vpn+modify
History
Appears in 9.0.0auto mode appears in 9.0.1
Description
Create a new peer
Usage
config ipsec peer new name=<peername> method=<psk|pki|xauth|xauth_pki> [mode=<auto|main|aggressive>] dst=<host|any> src=<host|any> conf=<phase1profile> [comment=<str>] [backuppeer=<peername>] [global=<0|1>] [responderonly=<0|1>] [natt=<none|auto|force>] [checkmode=<strict|claim|obey|exact>] [(dpd_mode=<off|passive|low|high>) | (dpd_mode=manual dpd_delay=<num> dpd_retry=<num> dpd_maxfail=<num>)] [ike_frag=<0|1>] [sharedsa=<0|1>] [backupmode=<temporary|permanent>] [specific mandatory/optionnal tokens for this peer type]
PSK TOKEN
[identifier=<user_fqdn|fqdn|ip>] [psk=<[peerid,]key>]
psk is forbiden for anonymous peer.
psk can be specified in roadwarrior psks instead of here.
PKI TOKEN
cert=<certname> [peercert=<certname>] [sendcert=<0|1>] [sendcr=<0|1>]
XAUTH/XAUTH_PKI TOKEN
cert=<certname>
Implementation notes
If mode is not defined, it is calculated automatically according to type and identifier.
Example
CONFIG IPSEC PEER NEW name=mypeer type=pki dst=host1 src=Firewall_Out conf=myph1 cert=mycert
Level
vpn+modify
History
Appears in 9.0.0
Description
Remove IPsec peer if not used
Usage
config ipsec peer remove name=<profilename> [global=<0|1>]
Example
CONFIG IPSEC PEER name=mypeer
Level
vpn_read
History
Appears in 9.0.0
Description
Show information about peer
Usage
config ipsec peer show name=<peername> [global=<0|1>]
Example
CONFIG IPSEC PEER SHOW name=mypeer
Level
vpn+modify
History
Appears in 9.0.0auto mode appears in 9.0.1
Description
Update a peer
Usage
config ipsec peer update name=<peername> [method=<psk|pki|xauth|xauth_pki>] [mode=<auto|main|aggressive>] [dst=<host|any>] [src=<host|any>] [responderonly=<0|1>] [natt=<none|auto|force>] [checkmode=<strict|claim|obey|exact>] [(dpd_mode=<off|passive|low|high>) | (dpd_mode=manual dpd_delay=<num> dpd_retry=<num> dpd_maxfail=<num>)] [ike_frag=<0|1>] [sharedsa=<0|1>] [identifier=<user_fqdn|fqdn|ip>] [peercert=<certname>] [cert=<certname>] [sendcert=<0|1>] [sendcr=<0|1>] [psk=<[id_peer,]key>] [conf=<phase1profile>] [comment=<str>] [backuppeer=<peername>] [backupmode=<temporary|permanent>][global=<0|1>]
Implementation notes
If token 'peer' is any, it can't be changed to a host and vice versa. Modification of identifier can change automatically mode. Anonymous peers have responderonly set to 1.
Example
CONFIG IPSEC PEER UPDATE name=mypeer natt=force
Level
vpn+modify
History
Appears in 9.0.0
Description
Add gateway-gateway policy. To add bypass policy, peer must be 'none'.
Usage
config ipsec policy gateway add slot=<1-10> state=<on|off> local=<object|all> remote=<object|all> (peer=<peername> conf=<phase2profile> | peer=none) [proto=<any|tcp|udp|icmp>] [keepalive=<0|30|60|120|300|600>] [comment=<str>] [position=<pos>] [global=<0|1>]
Example
CONFIG IPSEC POLICY GATEWAY ADD slot=01 state=on local=net_remote remote=host_remote peer=mypeer conf=myph2
Level
vpn+modify
History
Appears in 9.0.0
Description
Add/update separator
Usage
config ipsec policy gateway addsep slot=<1-10> color=<hexa color> collapse=<0|1> comment=<str> [update=<0|1>] [position=<pos>] [global=<0|1>]
Example
CONFIG IPSEC POLICY GATEWAY ADDSEP slot=01 position=5 color="#557788" collapse=0 comment="a comment"
Level
vpn+modify
History
Appears in 9.0.0
Description
Collapse/uncollapse all separators
Usage
config ipsec policy gateway collapse slot=<1-10> action=<all|none> [global=<0|1>]
Example
CONFIG IPSEC POLICY GATEWAY COLLAPSE slot=01 action=all
Level
vpn_read
History
Appears in 9.0.0
Description
List gateway-gateway policies and separators
Usage
config ipsec policy gateway list slot=<1-10> [useclone=<0|1>] [global=<0|1>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]
Format
section_line
Example
CONFIG IPSEC POLICY GATEWAY LIST slot=01
Level
vpn+modify
History
Appears in 9.0.0
Description
Move gateway-gateway policy or seperator
Usage
config ipsec policy gateway move slot=<1-10> position=<pos> offset=<+/-num> [global=<0|1>]
Example
CONFIG IPSEC POLICY GATEWAY MOVE slot=01 position=1 offset=-1
Level
vpn+modify
History
Appears in 9.0.0
Description
Remove gateway-gateway policy or separator
Usage
config ipsec policy gateway remove slot=<1-10> position=<pos> [global=<0|1>]
Example
CONFIG IPSEC POLICY GATEWAY REMOVE slot=01 position=1
Level
vpn+modify
History
Appears in 9.0.0
Description
Update gateway-gateway policy
Usage
config ipsec policy gateway update slot=<1-10> position=<pos> [state=<on|off>] [local=<object|all>] [remote=<object|all>] [peer=<peername|none>] [conf=<phase2profile>] [proto=<any|tcp|udp|icmp>] [keepalive=<0|30|60|120|300|600>] [comment=<str>] [global=<0|1>]
Example
CONFIG IPSEC POLICY GATEWAY UPDATE slot=01 position=1 proto=tcp
Level
vpn+modify
History
Appears in 9.0.0
Description
Add mobile policy. All mobile policies must have the same anonymous peer. Only one mobile policy can use mode config.
Usage
config ipsec policy mobile add slot=<1-10> state=<on|off> local=<object|all|any> remote=<object|all|any> peer=<peername> conf=<phase2profile> [proto=<any|tcp|udp|icmp>] [keepalive=<0|30|60|120|300|600>] [modeconfig=<0|1>] [comment=<str>] [position=<pos>] [global=<0|1>]
Example
CONFIG IPSEC POLICY MOBILE ADD slot=01 state=on local=net_remote remote=any peer=myanonymouspeer conf=myph2
Level
vpn+modify
History
Appears in 9.0.0
Description
Add/update separator
Usage
config ipsec policy mobile addsep slot=<1-10> color=<hexa color> collapse=<0|1> comment=<str> [update=<0|1>] [position=<pos>] [global=<0|1>]
Example
CONFIG IPSEC POLICY MOBILE ADDSEP slot=01 position=5 color="#557788" collapse=0 comment="a comment"
Level
vpn+modify
History
Appears in 9.0.0
Description
Collapse/uncollapse all separators
Usage
config ipsec policy mobile collapse slot=<1-10> action=<all|none> [global=<0|1>]
Example
CONFIG IPSEC POLICY MOBILE COLLAPSE slot=01 action=all
Level
vpn_read
History
Appears in 9.0.0
Description
Get peer used by all mobile policies
Usage
config ipsec policy mobile getpeer slot=<1-10> [global=<0|1>]
Level
vpn_read
History
Appears in 9.0.0
Description
List mobile policies and separators
Usage
config ipsec policy mobile list slot=<1-10> [global=<0|1>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]
Format
section_line
Example
CONFIG IPSEC POLICY MOBILE LIST slot=01
Level
vpn+modify
History
Appears in 9.0.0
Description
Move mobile policy or separator
Usage
config ipsec policy mobile move slot=<1-10> position=<pos> offset=<+/-num> [global=<0|1>]
Example
CONFIG IPSEC POLICY MOBILE MOVE slot=01 position=1 offset=-1
Level
vpn+modify
History
Appears in 9.0.0
Description
Remove mobile policy or seperator
Usage
config ipsec policy mobile remove slot=<1-10> position=<pos> [global=<0|1>]
Example
CONFIG IPSEC POLICY MOBILE REMOVE slot=01 position=1
Level
vpn+modify
History
Appears in 9.0.0
Description
Update peer used by all mobile policies
Usage
config ipsec policy mobile setpeer slot=<1-10> peer=<peername> [global=<0|1>]
Example
CONFIG IPSEC POLICY MOBILE SETPEER slot=01 peer=peerx
Level
vpn+modify
History
Appears in 9.0.0
Description
Update mobile policy
Usage
config ipsec policy mobile update slot=<1-10> position=<pos> [state=<on|off>] [local=<object|all|any>] [remote=<object|all|any>] [peer=<peername>] [conf=<phase2profile>] [proto=<any|tcp|udp|icmp>] [keepalive=<0|30|60|120|300|600>] [modeconfig=<0|1>] [comment=<str>] [global=<0|1>]
Example
CONFIG IPSEC POLICY MOBILE UPDATE slot=01 position=1 proto=tcp
Level
vpn+modify
History
Appears in 9.0.0
Description
Add a proposition
Usage
config ipsec profile phase1 addprop name=<profilename> enc=<algo[/size]> auth=<algo[/size]> [dh=<dh>] [position=<pos>] [update=<0|1>] [global=<0|1>]
Implementation notes
no position => add at the endposition == 1 => add a the beginning
Example
CONFIG IPSEC PROFILE PHASE1 ADDPROP name=myp1 enc=aes/256 auth=sha1 dh=3
Level
vpn_read
History
Appears in 9.0.0
Description
Check if profile is used by peers
Usage
config ipsec profile phase1 check name=<profilename> [global=<0|1>]
Example
CONFIG IPSEC PROFILE PHASE1 CHECK name=myp1
Level
vpn_read
History
Appears in 9.0.0
Description
Get default phase1 profile
Usage
config ipsec profile phase1 getdefault [global=<0|1>]
Example
CONFIG IPSEC PROFILE PHASE1 GETDEFAULT
Level
vpn_read
History
Appears in 9.0.0
Description
List phase 1 profiles
Usage
config ipsec profile phase1 list [global=<0|1>]
Format
section_line
Example
CONFIG IPSEC PROFILE PHASE1 LIST
Level
vpn+modify
History
Appears in 9.0.0
Description
Move a proposition
Usage
config ipsec profile phase1 moveprop name=<profilename> position=<pos> offset=<+/-num> [global=<0|1>]
Example
CONFIG IPSEC PROFILE PHASE1 REMOVEPROP name=myp1 position=2 offset=+1
Level
vpn+modify
History
Appears in 9.0.0
Description
Create IPsec phase 1 profile
Usage
config ipsec profile phase1 new name=<profilename> defaultdh=<dh> [lifetime=<seconds>] enc=<algo[/size]> auth=<algo[/size]> [dh=<dh>] [comment=<str>] [global=<0|1>]
Example
CONFIG IPSEC PROFILE PHASE1 NEW name=myph1 defaultdh=1 enc=aes/128 auth=md5
Level
vpn+modify
History
Appears in 9.0.0
Description
Remove IPsec phase 1 profile if not used
Usage
config ipsec profile phase1 remove name=<profilename> [global=<0|1>]
Example
CONFIG IPSEC PROFILE PHASE1 REMOVE name=myph1
Level
vpn+modify
History
Appears in 9.0.0
Description
Remove a proposition
Usage
config ipsec profile phase1 removeprop name=<profilename> position=<pos> [global=<0|1>]
Example
CONFIG IPSEC PROFILE PHASE1 REMOVEPROP name=myp1 position=2
Level
vpn+modify
History
Appears in 9.0.0
Description
Set default phase1 profile
Usage
config ipsec profile phase1 setdefault name=<profilename> [global=<0|1>]
Example
CONFIG IPSEC PROFILE PHASE1 SETDEFAULT name=myp1
Level
vpn_read
History
Appears in 9.0.0
Description
Show information about phase 1
Usage
config ipsec profile phase1 show name=<profilename> [global=<0|1>]
Format
section_line
Example
CONFIG IPSEC PROFILE PHASE1 SHOW name=myph1
Level
vpn+modify
History
Appears in 9.0.0
Description
Update default dh, lifetime or comment
Usage
config ipsec profile phase1 update name=<profilename> [defaultdh=<dh>] [lifetime=<seconds>] [comment=<str>] [global=<0|1>]
Implementation notes
lifetime == 0 => remove lifetime
Example
CONFIG IPSEC PROFILE PHASE1 UPDATE name=myp1 lifetime=21600
Level
vpn_read
History
Appears in 9.0.0
Description
Check if profile is used by peers
Usage
config ipsec profile phase2 check name=<profilename> [global=<0|1>]
Example
CONFIG IPSEC PROFILE PHASE2 CHECK name=myph2
Level
vpn_read
History
Appears in 9.0.0
Description
Get default phase2 profile
Usage
config ipsec profile phase2 getdefault [global=<0|1>]
Example
CONFIG IPSEC PROFILE PHASE2 GETDEFAULT
Level
vpn_read
History
Appears in 9.0.0
Description
List phase 2 profiles
Usage
config ipsec profile phase2 list [global=<0|1>]
Format
section_line
Example
CONFIG IPSEC PROFILE PHASE2 LIST
Level
vpn+modify
History
Appears in 9.0.0
replaywsize appears in 9.0.5
Description
Create IPsec phase 2 profile
Usage
config ipsec profile phase2 new name=<profilename> enc=<algo[/size],algo[/size],...> auth=<algo[/size],algo[/size],...> [pfs=<dh>] [lifetime=<seconds>] [replaywsize=<from 0 to 524280 in steps of 8>] [comment=<str>] [global=<0|1>]
replaywsize: 0 deactivate anti-replay protection
Example
CONFIG IPSEC PROFILE PHASE2 NEW name=myph2 pfs=1 enc=aes/256,aes/128 auth=md5
Level
vpn+modify
History
Appears in 9.0.0
Description
Remove IPsec phase 2 profile if not used
Usage
config ipsec profile phase2 remove name=<profilename> [global=<0|1>]
Example
CONFIG IPSEC PROFILE PHASE2 REMOVE name=myph2
Level
vpn+modify
History
Appears in 9.0.0
Description
Set default phase2 profile
Usage
config ipsec profile phase2 setdefault name=<profilename> [global=<0|1>]
Example
CONFIG IPSEC PROFILE PHASE2 SETDEFAULT name=myp1
Level
vpn_read
History
Appears in 9.0.0
Description
Show information about phase 2
Usage
config ipsec profile phase2 show name=<profilename> [global=<0|1>]
Example
CONFIG IPSEC PROFILE PHASE2 SHOW name=myph2
Level
vpn+modify
History
Appears in 9.0.0
replaywsize appears in 9.0.5
Description
Update phase 2 profile
Usage
config ipsec profile phase2 update name=<profilename> [enc=<algo[/size],algo[/size],...>] [auth=<algo[/size],algo[/size],...>] [pfs=<dh>] [lifetime=<seconds>] [replaywsize=<from 0 to 524280 in steps of 8>] [comment=<str>] [global=<0|1>]
replaywsize: 0 deactivate anti-replay protection
Example
CONFIG IPSEC PROFILE PHASE2 UPDATE name=myph2 lifetime=21600
Level
vpn_read
History
Appears in 9.0.0
Description
Display global information about IPsec for this firewall.
Usage
config ipsec property
Format
section_line
Example
CONFIG IPSEC PROPERTY
Level
vpn+modify
History
Appears in 9.0.0
Description
Adds a key of update it if exists
Usage
config ipsec psk add id=<id> psk=<hex value> [global=<0|1>]
Returns
Error code
Example
CONFIG IPSEC PSK ADD id=toto psk=0x01010101 global=1
Level
vpn_read
History
Appears in 9.0.0
Description
Lists keys
Usage
config ipsec psk list [global=<0|1>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [sort=<0|1>] [refresh=<0|1>]]
Format
section_line
Returns
id=<id> psk=<hex value> global=<0|1>
Example
CONFIG IPSEC PSK LIST id="10.60.3.101" psk="0x61646D696E61646D696E" id="admin@global.conf" psk="0x61646D696E61646D696E"
Level
vpn_read
History
Appears in 9.0.0
Description
Display global information about a slot
Usage
config ipsec show slot=<1-10> [global=<0|1>]
Example
CONFIG IPSEC SHOW slot=01
Level
vpn+modify
History
Appears in 9.0.0
CRLrequired appears in 9.0.1
cfg_domain appears in 9.0.1
Description
Update global information about a slot
Usage
config ipsec update slot=<1-10> [cfg_dns=<host>] [cfg_domain=<domain1,domain2,...>] [useoldsa=<0|1>] [retry=<num>] [interval=<num>] [ph1delay=<num>] [ph2delay=<num>] [bindall=<0|1>] [certNID=<num>] [LdapField=<str>] [CRLrequired=<0|1>] [UACServCert=<0|1>][global=<0|1>]
- cfg_domain: 32 domains max
Example
CONFIG IPSEC UPDATE slot=01 dnscfg=host5
Deprecated
Level
vpn+modify
History
Appears in 6.0.0
deprecated in 9.0.0
Description
Adds a key
Usage
config key add (type=psk name=<keyname> (fqdn=<fqdn>|user_fqdn=<user_fqdn>|address=<address>) psk=<Hexadecimal presharedkey>) | (type=static name=<keyname> key=<Hexadecimal statickey>)
Returns
Error code
Example
CONFIG KEY ADD type=psk name=testkey fqdn=toto.netasq.com psk=0x63646364
Deprecated
Level
vpn
History
Appears in 6.0.0
deprecated in 9.0.0
Description
Lists keys with type filter (optional)
Usage
config key list [type=psk|static]
Returns
[PSK] Id=[ADDRESS|FQDN|USER_FQDN],<identifier>,<hex value> [Static_VPN]
Example
CONFIG KEY LIST type=psk [PSK] fw_peer=ADDRESS,fwpeer_obj,0x61616161 fw_other=ADDRESS,192.168.2.2,0x666F6F626172 otherpeer=FQDN,other.example.com,0x6364636463646364
Level
admin+modify
History
Appears in 9.0.0
Description
Activate the LDAP server with lastest configuration
Note
You can not do a "ACTIVATE NEXTBOOT" if you initialize a local or remote server
Usage
config ldap activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
Execute ensl
Example
CONFIG LDAP ACTIVATE
Level
base
History
add possibility to check any LDAP server in 9.0.0
Description
Try to connect to the LDAP server, but perform no operation. If there are no argument, this command checks the ldap configuration on firewall, else checks ldap server specified by arguments.
Usage
config ldap check [host=<Host IP> basedn=<Base DN> [port=<Port>] [user=<LDAP User> [password=<LDAP password>] [auth=Simple|SSL] [version=2|3]]]
Returns
Error code
Implementation notes
Just try to bind by libfwldap, and return the error code.
Example
CONFIG LDAP CHECK CONFIG LDAP CHECK host="ldap.intranet.int" basedn="o=netasq,dc=fr" user="cn=NetasqAdmin" password="LDAPadmin"
Level
admin+modify
Description
Delete LDAP attributes maps.
Note
All maps will be deleted if no attribute is given.
Usage
config ldap delmap [attribute]
Returns
Error code
Example
CONFIG LDAP DELMAP mail CONFIG LDAP DELMAP
Level
admin+modify
History
firewallid Appears in 6.0.0
cndn Appears in 6.2.3
protectchars Appears in 6.3.0
readonly Appears in 9.0.0
serversdn and serversfilter Appears in 9.0.0
GroupSchema appears in 1.2.0
Description
Specify parameters for an external LDAP server
Note
Internal LDAP base will be destroyed if exists.
usersdn, groupsdn and confdn are required for (resp) users, groups and configs creation.
cacert use external CA to check the LDAP server certificate (in SSL mode)
With SSL mode, the server host name MUST exist in DNS and match certifcate subject name.
Default value for GroupSchema is GroupOfMember.
Usage
config ldap external basedn=<Base DN> host=<Host IP> [port=<Port>] [backuphost=<host IP> [backupport=<Port>]]
[user=<LDAP User> [password=<LDAP password>]] [auth=Simple|SSL] [cacert=<certname>]
[usersdn=<users dn>] [serversdn=<servers dn>] [groupsdn=<groups dn>] [confdn=<config dn>]
[usersfilter=<LDAP filter for users>] [serversfilter=<LDAP filter for servers>]
[groupsfilter=<LDAP filter for groups>] [firewallid=<fwid>] [protectchars=<chars>]
[cndn=0|1] [readonly=0|1] [groupschema=groupofmember|posixgroup]
Returns
Error code
Example
CONFIG LDAP EXTERNAL basedn="o=netasq,dc=fr" host="ldap.intranet.int" user="cn=NetasqAdmin" password="LDAPadmin" CONFIG LDAP EXTERNAL basedn="o=netasq,dc=fr" host="ldap.intranet.int" user="cn=NetasqAdmin" password="LDAPadmin" auth=SSL cacert="trust_ca"
Level
admin+modify
History
firewallid Appears in 6.0.0
db disAppears in 9.0.0
Description
Initialize the local LDAP server
Note
Generate a new internal LDAP database in /usr/Firewall/Data/Ldapbase
Create an database administrator with login "cn=NetasqAdmin" and password valueThe backend is BDB.
Usage
config ldap initialize o=<Organization name> dc=<Domain Country> password=<adminpassword> [firewallid=<fwid>]
Returns
Error code
Example
CONFIG LDAP INITIALIZE o=netasq dc=france password="LDAPAdmin"
Level
admin+modify
History
firewallid Appears in 6.0.0
Description
Updates the LDAP password
Note
Update password of administrator (NetasqAdmin)
Usage
config ldap password <password>
Returns
Error code
Example
CONFIG LDAP PASSWORD "LdapAdmin"
Level
admin+modify
Description
Modify local server's access.
Note
Configure LDAP server to public access with SSL or not.
Keyname is a couple key and cert in external certificate list.
Send token "serverkey" empty to disable SSL.
Usage
config ldap public [plain=0|1] [serverkey=<keyname>]
Returns
Error code
Example
The server key is a certificat with its private key present in the PKI. The name is like : 'authority name:certificate name' CONFIG LDAP PUBLIC serverkey='authority:certificate_with_privkey'
Level
base
History
FORMAT Appears in 9.0.0
Description
Set LDAP attributes maps, or shows mappable attributes list if no map given.
Note
Admin and modify flags needed to set a map.
Usage
config ldap setmap <attribute>=<value>
Format
list
Returns
Error code
Example
CONFIG LDAP SETMAP mail=emailaddress
Level
base
History
cndn Appears in 6.2.3
readonly Appears in 9.0.0
FORMAT Appears in 9.0.0
GroupSchema appears in 1.2.0
Description
Show the LDAP configuration
Usage
config ldap show
Format
section_line
Returns
The LDAP configuration for internal server: [LDAP] o : Organization. dc : Domain country. state : ldap daemon state. method : Authentication method for new user. hash : Hash method for new user password. firewallid : optionnal FirewallID for per firewall attributes. Plain : Plain acces from network ServerKey : X509 Certificate for SSL network access The LDAP configuration for external server: [EXT_LDAP] host : Server host name. port : Server port (default 389 and 636 with SSL). basedn : Base dn of LDAP hierarchy. user : Login use by Firewall to manage LDAP external server. fwca : Distinguished name of the CA certificat use in PKI. auth : LDAP protocol (LDAP or LDAPS). state : ldap daemon state. method : Authentication method for new user. hash : Hash method for new user password. firewallid : optionnal FirewallID for per firewall attributes. cndn : 1 if CN must be used in DNs for config entries. readonly : 1 if configuration restricts LDAP access to read only mode. groupschema : groupofmember or posixgroup
Example
CONFIG LDAP SHOW [LDAP] O=EXAMPLE Dc=COM Plain=1 State=1 Method=None Hash=SSHA
Level
base
Description
Get/set the status of the LDAP server
Note
Changing state need admin and modify level
Usage
config ldap state [On|Off]
Returns
The state of the server
Example
CONFIG LDAP STATE off
Level
admin+modify
Description
Update the LDAP configuration
Note
method and hash are method used for a new user.
fwca is the path of the CA certificat (Only in an EXTERNAL LDAP database)
FirewallID update does NOT updates LDAP existing objects !
Usage
config ldap update internal LDAP:
[HASH=<hash>] [FWCA=<fwca>] [FirewallID=<firewallid>]
external LDAP:
[HASH=<hash>] [FWCA=<fwca>] [FirewallID=<firewallid>]
[basedn=<Base DN>] [host=<Host IP>] [port=<Port>] [backuphost=<host IP> [backupport=<Port>]]
[user=<LDAP User> [password=<LDAP password>]] [auth=Simple|SSL] [cacert=<certname>]
[usersdn=<users dn>] [serversdn=<servers dn>] [groupsdn=<groups dn>] [confdn=<config dn>]
[usersfilter=<LDAP filter for users>] [serversfilter=<LDAP filter for servers>]
[groupsfilter=<LDAP filter for groups>] [protectchars=<chars>] [cndn=0|1] [ReadOnly=<0|1>]
[groupschema=groupofmember|posixgroup]
Returns
Error code
Example
CONFIG LDAP UPDATE hash=SSHA CONFIG LDAP UPDATE fwca="cn=autority, ou=cas, o=netasq, dc=fr" CONFIG LDAP UPDATE FWID=Main_Firewall
Level
log+modify
History
CANCEL Appears in 6.0.0
NEXTBOOT Appears in 6.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Reload logd configuration
Usage
config log activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
write in ConfigFiles/log and run enasq
Example
CONFIG LOG ACTIVATE
Level
log+modify
History
BlockOverFlow Appears in 6.1.0
BlockOverFlow moved to CONFIG ASQ LOG ALARM in 9.0.0
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure alarm log
Usage
config log alarm [Full=(0|1|2)] [MaxSize=<Integer>] [Delay=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG ALARM Full=1 MaxSize=13 Delay=3 Syslog=1
Level
log+modify
History
Full Appears in 6.0.0
MaxSize Appears in 6.0.0
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure authentication log
Usage
config log auth [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG AUTH syslog=1 full=0 maxsize=10 CONFIG LOG AUTH syslog=0 full=0 maxsize=10
Level
log+modify
History
Appears in 7.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Specify if log are sent by mail and specify mail recipient
Usage
config log communication email Event=(sysevent|asq) State=(0|1) [SendMinor=(0|1)] [MailGroup=<Mail_Group_Name>]
Returns
Error code
Example
CONFIG LOG COMMUNICATION EMAIL Event=asq State=0 SendMinor=1 MailGroup=MyMailGroup
Level
log+modify
History
Appears in 8.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Specify which log are sent by SNMP (according to the level and the type)
Usage
config log communication snmp Event=(sysevent|asq) State=(0|1) [SendMinor=(0|1)]
Returns
Error code
Example
CONFIG LOG COMMUNICATION SNMP Event=asq State=0 SendMinor=1
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure connection log
Usage
config log connection [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG CONNECTION FULL=0 MAXSIZE=20
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure filter log
Usage
config log filter [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG FILTER Full=1 MaxSize=13 Syslog=1
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure FTP proxy log
Usage
config log ftp [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG FTP Full=1 MaxSize=15 Syslog=1
Level
log+modify
History
Appears in 6.1.0
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure statistical monitoring log
Usage
config log monitor [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG MONITOR syslog=1 full=0 maxsize=12 CONFIG LOG MONITOR syslog=0 full=2 maxsize=12
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure Plugins ASQ log
Usage
config log plugin [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG PLUGIN Full=1 MaxSize=12 Syslog=0
Level
log+modify
History
Appears in 6.0.0
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure Pop3 proxy log
Usage
config log pop3 [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG POP3 Full=0 MaxSize=10 Syslog=0
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure PVM log
Usage
config log pvm [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG PVM Full=0 MaxSize=12 Syslog=1
Level
log+modify
History
Full Appears in 6.0.0
MaxSize Appears in 6.0.0
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure server log
Usage
config log server [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG SERVER syslog=1 full=0 maxsize=2
Level
base
History
Output changed in 7.0.0 to take in account the mail groups
nat statistic disappears in 9.0.0
Description
Dump the log configuration
Usage
config log show
Returns
[EmailSysEvent] State=1 SendMinor=1 MailGroup=AdminsSys [EmailASQ] State=1 SendMinor=1 MailGroup=AdminSecu [LogConnection] Full=1 MaxSize=25 Udp=1 Syslog=0 [LogSystem] Full=0 MaxSize=2 Syslog=0 [LogAlarm] Full=0 MaxSize=40 Delay=0 Syslog=0 [LogWeb] Full=1 MaxSize=10 Syslog=0 [LogPlugin] Full=0 MaxSize=15 Syslog=0 [LogSmtp] Full=0 MaxSize=8 Syslog=0 [LogFilter] Full=2 MaxSize=5 Syslog=0 [LogVPN] Full=1 MaxSize=5 Syslog=0 [LogXVPN] Full=0 MaxSize=5 Syslog=0 [LogMonitor] Full=0 MaxSize=1 Syslog=0 [LogPvm] Full=0 MaxSize=10 Syslog=0 [Statistic] Filter=15m Count=15m Monitor=5m [LogSsl] Full=0 MaxSize=4 Syslog=0
Example
CONFIG LOG SHOW
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure Smtp proxy log
Usage
config log smtp [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG SMTP Full=0 MaxSize=12 Syslog=1
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
appears in 9.0.0
Description
Configure ssl proxy log
Usage
config log ssl [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG SSL Full=2 MaxSize=14 Syslog=0
Level
log+modify
History
monitor Appears in 6.1.0
nat disappears in 9.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Configure the filter statistic
Usage
config log stat [filter=<string>] [count=<string>] [monitor=<string>]
Returns
Error code
Example
CONFIG LOG STAT filter=1d count=30m monitor=5m
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure system log
Usage
config log system [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG SYSTEM Full=1 MaxSize=12 Syslog=0
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure VPN log
Usage
config log vpn [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG VPN Full=1 MaxSize=5 Syslog=0
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure Web proxy log
Usage
config log web [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG WEB Full=2 MaxSize=14 Syslog=0
Level
log+modify
History
Appears in 6.0.0
level changes from other,modify to log,modify in 9.0.0
state appears in 9.0.0
Description
Configure VPN-SSL log
Usage
config log xvpn [Full=(0|1|2)] [MaxSize=<Integer>] [Syslog=(0|1)] [State=(0|1)]
where :
- Full=0 means that log files rotate when they are full;
- Full=1 means that no more logs are written when log files are full;
- Full=2 means that firewall is halted when log files are full.
- MaxSize is the percentage of these logs among all logs (sum of all MaxSizes must be 100).
Returns
Error code
Example
CONFIG LOG XVPN syslog=1 full=0 maxsize=12 CONFIG LOG XVPN syslog=0 full=2 maxsize=12
Level
base|contentfilter
History
Appears in 9.0.0
Description
MAIL rules and profile files management
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Activate : Copy all clones in real profiles.
Usage
config mailfiltering activate [CANCEL]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded.
Returns
Error code
Example
CONFIG MAILFILTERING ACTIVATE CONFIG MAILFILTERING ACTIVATE cancel
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Copy profile X to Y
Usage
config mailfiltering copy index=<profile_idx> to=<profile_idx>
Returns
Error code
Example
CONFIG MAILFILTERING COPY index=2 to=3
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Set profile X with the default rules
Usage
config mailfiltering default index=<profile_idx>
Returns
Error code
Example
CONFIG MAILFILTERING DEFAULT index=9
Level
base
History
Appears in 9.0.0
Description
List the specified profile of MAIL filtering rules. If profile is not specified, then list all the profiles.
Usage
config mailfiltering list [index=<profile_idx>]
Returns
Error code
Example
[index] name=<policy_name> lastmod=<last modified date> comment=blabla
Level
base|contentfilter
History
Appears in 9.0.0
Description
Manage mailfiltering rules of a profile
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Insert new rule at given line or Insert at the end if no ruleid is define.
Note
ruleid : insert a rule before the line index 'ruleid'
Usage
config mailfiltering rule insert index=<profile_idx> [ruleid=<digit>] state=on|off action=pass|block from=<sender> to=<recipient> [comment=<string>]
Insert at the end if no ruleid is define.
state : enable or disable the rule
index : profile number
ruleid : rule line number
action : action to apply
from : address mail of the sender
to : address mail of the recipient
comment : comment for the rule
Returns
Error code
Example
CONFIG MAILFILTERING RULE INSERT index=0 ruleid=3 action=pass from=*@netasq.com to=* comment="Pass all mail from NETASQ" CONFIG MAILFILTERING RULE INSERT index=0 ruleid=3 action=block from=*@*spam.com to=*
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Move rule from an line to another line
Usage
config mailfiltering rule move index=<profile_idx> ruleid=<digit> to=<digit>
index : profile number
ruleid : rule line number to move from
to : rule line number to move to
Example
CONFIG MAILFILTERING RULE MOVE index=0 ruleid=2 to=3
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Remove a rule.
Usage
config mailfiltering rule remove config=<profile_idx>
index : profile number
ruleid : (all|<digit>)
Example
CONFIG MAILFILTERING RULE REMOVE index=0 ruleid=3
Level
contentfilter
History
Appears in 9.0.0
Description
Show all rules of a profile.
Usage
config mailfiltering rule show index=<profile_idx>
Format
section_line
Returns
index=<profile_idx> [ruleid=<digit>] state=on|off action=pass|block from=<sender> to=<recipient> [comment=<string>]
Example
CONFIG MAILFILTERING RULE SHOW index=9 101 code=00a01000 msg="Begin" format="section_line" ruleid=1 state=on action=pass from=*@netasq.com to=* comment="bla bla bla ..." ruleid=2 state=on action=block from=*@*spam* to=* comment="" 100 code=00a01000 msg="Ok"
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Modify a rule in configuration file at given line.
Usage
config mailfiltering rule update index=<profile_idx> ruleid=<digit> [state=on|off] [action=pass|block] [from=<sender>] [to=<recipient>] [comment=<string>]
state : enable or disable the rule
index : profile number
ruleid : rule line number
action : action to apply
from : address mail of the sender
to : address mail of the recipient
comment : comment for the rule
Example
CONFIG MAILFILTERING RULE UPDATE index=0 ruleid=3 action=block CONFIG MAILFILTERING RULE UPDATE index=0 ruleid=3 to=*@netasq.com
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Change name and comment of profile X
Usage
config mailfiltering update index=<profile_idx> [name=<profile name>] [comment=<profile description>]
Returns
Error code
Example
CONFIG MAILFILTERING UPDATE index=9 name="pass all" comment="Just a pass all"
Level
network+modify
History
Appears in 6.0.0
Description
Activates all network configuration
Usage
config network activate [CANCEL|NEXTBOOT|RESET]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot;
- RESET: changes are activated immediately and resets the protected and activated interface.
Returns
Error code
Implementation notes
Calls ennetwork
Example
CONFIG NETWORK ACTIVATE CONFIG NETWORK ACTIVATE Reset CONFIG NETWORK ACTIVATE Cancel CONFIG NETWORK ACTIVATE Nextboot
Level
route+modify
History
Appears in 7.0.0
Description
Flush and reload gateways configuration
Usage
config network gateway activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
run enevent
Example
CONFIG NETWORK GATEWAY ACTIVATE
Level
route+modify
History
Appears in 7.0.0
Check Appears in 7.0.4
Force appears in 9.0.2
Force deprecated in 9.0.5
Description
Add a new gateway in the corresponding list (principal or backup)
Usage
config network gateway add Host=<Host> Type=(PrincipalGateway|BackupGateway)
[Check=<Host|Group>] [pos=<position> (default: end of list)] [comment=<comment>]
Returns
Error Code
Example
CONFIG NETWORK GATEWAY ADD Host=HOST_ROUTER_NEXT_2 Type=PrincipalGateway Check=HOST_BEHIND_ROUTER_NEXT_2
Level
base
History
Appears in 9.0.1
Description
Command to manage IPv6 gateway
Level
route+modify
History
Appears in 9.0.1
Type, Check, Pos and Comment appear in 1.0.0
Description
Add an IPv6 gateway
Usage
config network gateway ipv6 add Host=<Host> Type=(PrincipalGateway|BackupGateway)
[Check=<Host|Group>] [pos=<position> (default: end of list)] [comment=<comment>]
Returns
Error code
Level
route+modify
History
Appears in 9.0.1
Host and Type appear in 1.0.0
Description
Remove an IPv6 gateway
Usage
config network gateway ipv6 remove Host=(<Host>|Any) Type=(PrincipalGateway|BackupGateway)
Returns
Error code
Level
route+modify
History
Appears in 1.0.0
Description
Change IPv6 gateway configuration
Usage
config network gateway ipv6 set [Tries=<int>] [Wait=<seconds>] [Frequency=<seconds>] [GatewayThreshold=<int>] [ActivateallBackup=(on|off)]
Returns
Error Code
Example
CONFIG NETWORK GATEWAY IPV6 SET Tries=1 Wait=5 Frequency=10 GatewayThreshold=3 ActivateallBackup=On
Level
base
History
Appears in 9.0.1
Format changes in 1.0.0
Description
Show IPv6 gateways and their configuration
Usage
config network gateway ipv6 show
Format
section_line
Returns
[Config] State=1 GatewayThreshold=1 Tries=3 Wait=5 Frequency=60 ActivateAllBackup=0 [PrincipalGateway] Pos=1 Host=Host_Default_IPv6Router Check=Host_Behind_Default_Router Comment="default" Pos=2 Host=Host_Router_Next Comment="" [BackupGateway] Pos=1 Host=Host_Bkp_Router Comment="" Pos=2 Host=Host_Bkp_Router_Next Comment=""
Level
route+modify
History
Appears in 1.0.0
Description
Update a gateway in the list
Usage
config network gateway ipv6 update pos=<position nb> type=(PrincipalGateway|BackupGateway)
[Host=<Host>] [Check=<Host|Group>] [comment=<comment>]
Returns
Error Code
Example
CONFIG NETWORK GATEWAY IPV6 UPDATE pos=3 type=PrincipalGateway Host=HOST_ROUTER_NEXT_2
Level
route+modify
History
Appears in 7.0.0
Description
Remove a gateway anywhere in the list
Usage
config network gateway remove Host=(<Host>|Any) Type=(PrincipalGateway|BackupGateway)
Returns
Error Code
Example
CONFIG NETWORK GATEWAY REMOVE Host=HOST_ROUTER_NEXT_2 Type=PrincipalGateway
Level
route+modify
History
Appears in 7.0.0
State deprecated in 9.1.0
Description
Change gateway configuration
Usage
config network gateway set [Tries=<int>] [Wait=<seconds>] [Frequency=<seconds>] [GatewayThreshold=<int>] [ActivateallBackup=(on|off)]
Returns
Error Code
Example
CONFIG NETWORK GATEWAY SET Tries=1 Wait=5 Frequency=10 GatewayThreshold=3 ActivateallBackup=On
Level
base
History
Appears in 7.0.0
Check Appears in 7.0.4
Description
Show complete gateway configuration
Usage
config network gateway show
Format
section_line
Returns
[Config] State=1 GatewayThreshold=1 Tries=3 Wait=5 Frequency=60 ActivateAllBackup=0 [PrincipalGateway] Pos=1 Host=Host_Default_Router Check=Host_Behind_Default_Router Comment="default" Pos=2 Host=Host_Router_Next Comment="" [BackupGateway] Pos=1 Host=Host_Bkp_Router Comment="" Pos=2 Host=Host_Bkp_Router_Next Comment=""
Level
route+modify
History
Force appears in 9.0.2
Force deprecated in 9.0.5
Description
Update a gateway in the list
Usage
config network gateway update pos=<position nb> type=(PrincipalGateway|BackupGateway)
[Host=<Host>] [Check=<Host|Group>] [comment=<comment>]
Returns
Error Code
Example
CONFIG NETWORK GATEWAY UPDATE pos=3 type=PrincipalGateway Host=HOST_ROUTER_NEXT_2
Level
network+modify
History
Appears in 6.1.0
Description
Activates interfaces configuration
Usage
config network interface activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
Sync clone file then calls ennetwork -i
Example
CONFIG NETWORK INTERFACE ACTIVATE CONFIG NETWORK INTERFACE ACTIVATE Cancel CONFIG NETWORK INTERFACE ACTIVATE Nextboot
Level
base
History
Appears in 6.0.0
Description
Commands to manage interfaces addresses
Level
network+modify
History
Appears in 6.0.0
RequestDNS Appears in 6.1.0
Description
Adds an address/mask to an interface
Note
All existing interface addresses and all existing DHCP options will be deleted if address=DHCP specified
Mask must not be specified if address=DHCP
DHCP options will NOT be parsed if address=DHCP is not specified (even if already in DHCP mode)
Usage
config network interface address add ifname=<interface name> (address=<address> mask=<mask> [addresscomment=<comment>] |address=DHCP [dhcpleasetime=<lease time>] [DHCPHostName=<name>] [RequestDNS=<0|1>])
Returns
Error code
Example
CONFIG NETWORK INTERFACE ADDRESS ADD ifname=bridge5 address=192.168.1.1 mask=255.255.255.0 CONFIG NETWORK INTERFACE ADDRESS ADD ifname=bridge5 address=192.168.1.1 mask=255.255.255.0 addresscomment="My Address" CONFIG NETWORK INTERFACE ADDRESS ADD ifname=bridge5 address=DHCP DHCPLeaseTime=3600 DHCPHostname=netasq
Level
network+modify
History
Appears in 6.0.0
Description
Removes an address/mask to an interface
Note
Addresses with an higher number will be updated (address5=>address4, etc...).
Usage
config network interface address remove ifname=<interface name> address=<address>
Returns
Error code
Example
CONFIG NETWORK INTERFACE ADDRESS REMOVE ifname=bridge5 address=192.168.1.1
Level
network+modify
History
Appears in 6.0.0
Description
Updates an address/mask of an interface
Note
Only "real" addresses are allowed. DHCP mode must be set with CONFIG NETWORK INTERFACE ADDRESS ADD command.
Usage
config network interface address update ifname=<interface name> addrnb=<address number> address=<new address> mask=<new mask> [addresscomment=<comment>]
Returns
Error code
Example
CONFIG NETWORK INTERFACE ADDRESS UPDATE ifname=bridge5 addrnb=2 address=192.168.1.2 mask=255.255.255.128 CONFIG NETWORK INTERFACE ADDRESS UPDATE ifname=bridge5 addrnb=2 address=192.168.1.2 mask=255.255.255.128 addresscomment="My Address"
Level
network+modify
History
Appears in 1.0.0
Description
Create an Agg interface from an Ethernet interface
Usage
config network interface aggregate ifname=<Ethernet interface name>
Returns
The new section for the Ethernet interface
Example
[Ethernet1] State=1 Name=Ethernet_1 Media=0 Color=408080 Agg=agg1
Level
base
History
Appears in 9.0.4
Description
Indicates what the interfaces are capable of.
Usage
config network interface capabilities
Format
list
Returns
For each interface, indicates a list of capabilities.
Example
[Ethernet1] [Ethernet2] EEE
Level
network
History
Appears in 6.2.0
FORMAT Appears in 9.0.0
Description
Checks all generated objects for an interface
Note
if parameter IgnoreGeneratedGroupMembership is set to 1 (default is 0) the usage of the interface through generated groups (Firewall_all, Network_internals) won't be returned
Usage
config network interface check ifname=<interface name> [IgnoreGeneratedGroupMembership=(0|1)]
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
CONFIG NETWORK INTERFACE CHECK ifname=bridge0
Level
network+modify
History
Appears in 6.0.0
DHCPRequestGW and dialdefault deprecated in 7.0.0
Dialtype GPRS appears in 9.0.1
LocalARP (for bridges only) appears in 9.1.2
Interface Agg appears in 1.0.0
Description
Create a new interface
Usage
config network interface create ifname=<interface name> name=<username>
[comment=<comment>] [color=<color>] [type=(0|1|2)]
[DynamicDNS=<existing DynDNS conf>] (if Address=DHCP)
+ specific mandatory/optional tokens=values for interface type
* PARAMETERS FOR VLAN AND AGG INTERFACES:
Protected=(0|1)
[Address=(<IPv4 address>|DHCP) [Mask=<IPv4 mask>]]
[IPv6Address=<IPv6 address|DHCP|SLAAC> [IPv6Mask=(1-128) [eui64=(0|1)]]]
[gateway=<gateway>] [State=(0|1)] [Bridge=<bridge name>]
[FastRoute=(0|1) [KeepVLAN=(0|1)]] (if interface is in a bridge)
[ForwardIPX=(0|1)] (if interface is in a bridge)
[ForwardNetbios=(0|1)] (if interface is in a bridge)
[ForwardAppletalk=(0|1)] (if interface is in a bridge)
[ForwardPPPoE=(0|1)] (if interface is in a bridge)
[ForwardIPv6=(0|1)] (if interface is in a bridge)
[ForwardCustomLLC=0-65535[,0-65535]*] (if interface is in a bridge)
[ForwardCustomEther=0-65535[,0-65535]*] (if interface is in a bridge)
[MTU=(140-MTUmax)] (if interface is NOT in a bridge; MTUmax displayed by SYSTEM PROPERTY)
* PARAMETERS FOR VLAN INTERFACES:
Physical=<eth/wifi/vlan interface name> Tag=(1-4094) [MaxThroughput=<int>]
* PARAMETERS FOR AGG INTERFACES:
Interfaces=<list of aggregated ethernet interfaces>
[MACAddress=xx:xx:xx:xx:xx:xx] (if agg is NOT in a bridge)
* PARAMETERS FOR BRIDGE INTERFACES:
Interfaces=<list of bridged interfaces> [Address=(<IPv4 address>|DHCP) [Mask=<IPv4 mask>]] [IPv6Address=<IPv6 address|DHCP|SLAAC> [IPv6Mask=(1-128)] [eui64=(0|1)]]
[MACAddress=xx:xx:xx:xx:xx:xx] [AddressComment=<comment>] [gateway=<gateway>]
[LocalARP=(0|1)]
[MaxThroughput=<int>]
[MTU=(140-MTUmax)] (MTUmax is displayed by SYSTEM PROPERTY)
* PARAMETERS FOR DIALUP INTERFACES:
DialAuthName=<login> DialAuthKey=<passwd> DialMode=(ddial|auto) DialType=(PPP|L2TP|PPTP|PPPoE|GPRS)
[State=(0|1)] [RequestDNS=(0|1)] [DynamicDNS=<existing DynDNS conf>] [DialIdle=<int>]
[MaxThroughput=<int>]
DialType=PPP DialPhone=<dial number> [DialString=<dial string>]
DialType=L2TP DialL2TPLNS=<server> [DialL2TPSecret=<passwd>] [DialL2TPBackupLNS=<server>] [DialL2TPRedialTimeout=<int>] [DialL2TPMaxRedial=<int>] [DialL2TPLengthBit=(0|1)] [DialL2TPHiddenAVP=(0|1)] [DialL2TPChallengeAuth=<int>]
DialType=PPTP DialModemIP=<ip>
DialType=PPPoE DialInterface=<eth/vlan interface username> [DialService=<service>]
DialType=GPRS DialPhone=<dial number> DialAPN=<string> DialDefPeer=<IP> [DialAPNum=<int>] [DialSimPin=<PIN code>] [DialSimWait=<int>]
Returns
Error code
Implementation notes
INTERFACE GENERIC TOKENS RequestDNS: retrieve the DNS from the remote host MTU: value ... DIALUP GENERIC TOKENS DialAuthname: account login DialAuthkey: account password DialIdle: idle timeout before hang up DialMode: auto/ddial DialType: PPP|PPTP|PPPOE|L2TP DIALUP PPP TOKENS All interface generic and dialup generic tokens apply for PPP dialups DialPhone: phone number DialString: modem initialisation string DIALUP PPTP TOKENS All interface generic and dialup generic tokens apply for PPTP dialups DialModemIP: ip address of the PPTP modem DIALUP PPPOE TOKENS All interface generic and dialup generic tokens apply for PPPOE dialups DialInterface: name of the interface to use to send PPPOE packets DialService: service field (use by ISP to identify group of users)>] DIALUP L2TP TOKENS All interface generic, dialup generic and PPP tokens apply for L2TP dialups DialL2TPLNS: LNS server objectDialL2TPSecret: tunnel shared secret DialL2TPBackupLNS: backup LNS server object DialL2TPRedialTimeout: time between two redials DialL2TPMaxRedial: number of redials DialL2TPLengthBit: use the Length BIT in L2TP packets DialL2TPHiddenAvp: enforce the exchange of sensible data (required a shared secret) DialL2TPChallengeAuth: challenge the authentication of the peer
Example
CONFIG NETWORK INTERFACE CREATE ifname=Vlan0 Name=VLANNetwork Address=DHCP DHCPLeaseTime=3600 Tag=123 MTU=1496 Physical=Ethernet1 Color=C0C0C0 Protected=1 Type=0 Comment="VLAN Network" CONFIG NETWORK INTERFACE CREATE ifname=bridge0 Name=Bridge Address=192.168.1.1 Mask=255.255.255.0 Interfaces=Ethernet0,VLANNetwork CONFIG NETWORK INTERFACE CREATE ifname=dialup0 Name=Test DialAuthName=test DialAuthKey=test DialMode=auto DialType=L2TP DialL2TPLNS=lns_host DialL2TPSecret=secret DialL2TPBackupLNS=bckp_lns_host
Level
network+modify
History
Appears in 9.0.0
Description
Set ipsec networks as internal or not
Note
This command replaces old "InternalPeers" token used in VPN configuration file.
Usage
config network interface ipsec protected=<0|1>
Returns
Error code
Level
base
History
Appears in 9.0.1
Description
Commands to manage IPv6 addresses on interfaces
Level
network+modify
History
Appears in 9.0.1
dhcpleasetime, DHCPHostName and RequestDNS appear in 1.0.0
Description
Adds an IPv6 address to an interface
Usage
config network interface ipv6 address add ifname=<interface name> (address=<IPv6 address> mask=(1-128) [eui64=(0|1)]
| address=<DHCP|SLAAC> [dhcpleasetime=<lease time>] [DHCPHostName=<name>] [RequestDNS=<0|1>]) [addresscomment=<comment>]
Returns
Error code
Level
network+modify
History
Appears in 9.0.1
Description
Removes an IPv6 address from an interface
Usage
config network interface ipv6 address remove ifname=<interface name> address=<IPv6 address>
Returns
Error code
Level
network+modify
History
Appears in 9.0.1
dhcpleasetime, DHCPHostName and RequestDNS appear in 1.0.0
Description
Updates an IPv6 address of an interface
Usage
config network interface ipv6 address update ifname=<interface name> addrnb=<address number> (address=<new IPv6 address> mask=(1-128) [eui64=(0|1)]
| address=<DHCP|SLAAC> [dhcpleasetime=<lease time>] [DHCPHostName=<name>] [RequestDNS=<0|1>]) [addresscomment=<comment>]
Returns
Error code
Level
base
History
Appears in 9.0.1
Description
Commands to configure Router Advertisement
Level
network+modify
History
Appears in 9.0.1
sendprefix and RouterPreference appear in 1.0.0
Description
Configure general parameters for Router Advertisement
Note
if SendPrefix is 0 or not specified, no prefix will be sent at all (even if some IPv6 prefixes are configured)
if RouterPreference is not specified or empty, the default router preference is medium
Usage
config network interface ipv6 routeradv config ifname=<interface name> [state=(on|off|auto)] [sendprefix=(0|1)][MinInterval=<int>] [MaxInterval=[4-1800]] [CurHopLimit=<int>]
[ManagedFlag=(0|1)] [OtherConfigFlag=(0|1)] [RouterLifetime=<int>] [ReachableTime=<int>] [RetransTimer=<int>]
[MTU=<int>] [RDNSSLifetime=<int>] [RDNSS1=<first dns ipv6 object>] [RDNSS2=<second dns ipv6 object>]
[DNSSLLifetime=<int>] [DNSSL=<domain name>] [RouterPreference=""|low|medium|high|]
Returns
Error code
Level
base
Description
Commands to configure IPv6 prefixes to advertise
Level
network+modify
History
Appears in 9.0.1
Description
Add a prefix on interface
Usage
config network interface ipv6 routeradv prefix add ifname=<interface name> address=<prefix address>
[AutonomousFlag=0|1] [OnlinkFlag=0|1] [ValidLifetime=<seconds>] [PreferredLifetime=<seconds>] [comment=<comment>]
Returns
Error code
Level
network+modify
History
Appears in 9.0.1
Description
Remove a prefix on interface
Usage
config network interface ipv6 routeradv prefix remove ifname=<interface name> address=<prefix address>
Returns
Error code
Level
network+modify
History
Appears in 9.0.1
Description
Update a prefix on interface
Usage
config network interface ipv6 routeradv prefix update ifname=<interface name> prefixnb=<int> [address=<prefix address>] [AutonomousFlag=0|1] [OnlinkFlag=0|1]
[ValidLifetime=<seconds>] [PreferredLifetime=<seconds>] [comment=<comment>]
Returns
Error code
Level
base
Description
Commands to configure various limits related to network interfaces like number of vlans and pptps
Level
network+modify
History
Appears in 8.0.0
9.1.0: now needs a ACTIVATE to be taken into account
Description
Set interface network limits (needs ACTIVATE)
Usage
config network interface limit set type=[Vlan|Pptp] [CurrentMax=<value>]
Returns
Error code
Example
CONFIG NETWORK INTERFACE LIMIT SET type=Vlan CurrentMax=12
Level
base
History
Appears in 8.0.0
Description
Show interface network limits
Usage
config network interface limit show
Returns
One section for each interface limits with its values
Example
CONFIG NETWORK INTERFACE LIMIT SHOW [Vlan] ModelLimit=32 CurrentMax=10 Step=1 [Pptp] ModelLimit=32 CurrentMax=6 Step=5
Level
network+modify
History
Appears in 6.0.0
Description
Removes an interface
Note
Interfaces of the same type with an higher number will be updated (bridge6=>bridge5, etc.).
Parameter 'force' is useful only to remove a VLAN used by a PPPoE dialup.
Usage
config network interface remove ifname=<interface name> [force=(0|1)]
Returns
Error code
Example
CONFIG NETWORK INTERFACE REMOVE ifname=bridge5
Level
network+modify
History
Appears in 9.0.2
Description
Rename an interface
Note
Change is made immediately: there must be no clone file in use.
Usage
config network interface rename ifname=<interface name> name=<string>
Returns
Error code
Example
CONFIG NETWORK INTERFACE RENAME ifname=dialup0 name=modem
Level
base
History
Appears in 6.0.0
Description
Show an interface, or all interfaces if no name specified
Usage
config network interface show [ifname=<interface name>]
Returns
One section for each interface, with its parameters
Implementation notes
Dumps sections from NETWORK_FN
Example
CONFIG NETWORK INTERFACE SHOW ifname=ethernet0 [ethernet0] Name="out" State="1" Protected="0" Gateway="" Media="0" Type="0" Color="111111" Bridge="bridge0" comment="Out interface"
Level
network+modify
History
Appears in 6.0.0
Dialtype GPRS appears in 9.0.1
Name deprecated in 9.0.2: use CONFIG NETWORK INTERFACE RENAME instead
LocalARP (for bridges only) appears in 9.1.2
Interface Agg appears in 1.0.0
Description
Updates an interface
Note
Addresses (including DHCP and DHCP options, and SLAAC) must be updated via ADDRESS ADD and ADDRESS DEL
Dialup parameters specific to a dialtype will only be parsed if this dialtype is specified on the command
All addresses will be removed if a bridge is specified
All configuration (except Name, Color, State, Media and MaxThroughput) will be removed if an Agg is specified
Usage
config network interface update ifname=<interface name> [comment=<comment>] [color=<color>]
[type=(0|1|2)] (0=unknown, 1=machine, 2=server)
* PARAMETERS FOR ETHERNET, AGG, VLAN AND WIFI INTERFACES:
[gateway=<gateway>] [Protected=(0|1)] [State=(0|1)] [Bridge=<bridge name>]
[FastRoute=(0|1) [KeepVLAN=(0|1)]] (if interface is in a bridge)
[ForwardIPX=(0|1)] (if interface is in a bridge)
[ForwardNetbios=(0|1)] (if interface is in a bridge)
[ForwardAppletalk=(0|1)] (if interface is in a bridge)
[ForwardPPPoE=(0|1)] (if interface is in a bridge)
[ForwardIPv6=(0|1)] (if interface is in a bridge)
[ForwardCustomLLC=0-65535[,0-65535]*] (if interface is in a bridge)
[ForwardCustomEther=0-65535[,0-65535]*] (if interface is in a bridge)
[MTU=(140-MTUmax)] (MTUmax is displayed by SYSTEM PROPERTY)
[DynamicDNS=<existing DynDNS conf>] (if interface is NOT in a bridge and has Address=DHCP)
* PARAMETERS FOR ETHERNET INTERFACES:
[Media=(0-6)]
[MaxThroughput=<int>]
[MACAddress=xx:xx:xx:xx:xx:xx] (if interface is NOT in a bridge and NOT in Agg)
[EEE=(0|1)] [FlowControl=(0|1)]
* PARAMETERS FOR AGG INTERFACES:
[Interfaces=<list of aggregated interfaces>]
* PARAMETERS FOR VLAN INTERFACES:
[Physical=<eth/wifi/vlan interface name>] [Tag=(1-4094)]
[MaxThroughput=<int>]
* PARAMETERS FOR BRIDGE INTERFACES:
[Interfaces=<list of bridged interfaces>] [MACAddress=xx:xx:xx:xx:xx:xx] [gateway=<gateway>]
[LocalARP=(0|1)]
[MaxThroughput=<int>]
[MTU=(140-MTUmax)] (MTUmax is displayed by SYSTEM PROPERTY)
[DynamicDNS=<existing DynDNS conf>] (if Address=DHCP)
* PARAMETERS FOR DIALUP INTERFACES:
[State=(0|1)] [RequestDNS=(0|1)] [DynamicDNS=<existing DynDNS conf>] [MaxThroughput=<int>]
[DialAuthName=<login>] [DialAuthKey=<passwd>] [DialMode=(ddial|auto)] [DialIdle=<int>]
[DialType=PPP [DialPhone=<dial number>] [DialString=<dial string>]]
[DialType=L2TP [DialL2TPLNS=<server>] [DialL2TPSecret=<passwd>] [DialL2TPBackupLNS=<server>] [DialL2TPRedialTimeout=<int>] [DialL2TPMaxRedial=<int>] [DialL2TPLengthBit=(0|1)] [DialL2TPHiddenAVP=(0|1)] [DialL2TPChallengeAuth=<int>]]
[DialType=PPTP [DialModemIP=<ip>]]
[DialType=PPPoE DialInterface=<eth/vlan interface username> [DialService=<service>]]
[DialType=GPRS DialPhone=<dial number> DialAPN=<string> [DialAPNum=<int>] [DialDefPeer=<IP>] [DialSimPin=<PIN code>] [DialSimWait=<int>]]
* PARAMETERS FOR WIFI INTERFACES:
[WifiSSID=<ssid>] [WifiStationName=<station>] [WifiChannel=(0-14)] [WifiHostAP=(0|1)]
[MaxThroughput=<int>]
[MACAddress=xx:xx:xx:xx:xx:xx] (if interface is NOT in a bridge)
Returns
Error code
Example
CONFIG NETWORK INTERFACE UPDATE ifname=bridge3 gateway=net_host2 color=AB12E3 maxthroughput=1234567 CONFIG NETWORK INTERFACE UPDATE ifname=Dialup4 DialType="PPP" DialPhone="0123456789" DialAuthName="name@provider" CONFIG NETWORK INTERFACE UPDATE ifname=Dialup4 DialType="PPTP" DialModemIP=10.2.9.223 CONFIG NETWORK INTERFACE UPDATE ifname=Dialup4 DialType="PPPoE" DialInterface=in DialService="mod_str" CONFIG NETWORK INTERFACE UPDATE ifname=Dialup4 DialType="L2TP" DialL2TPLNS="LNS1" DialL2TPChallengeAuth="1" CONFIG NETWORK INTERFACE UPDATE ifname=ethernet3 name="my_eth" color=AB12E3 DynamicDNS="dyndns_network" state=1 CONFIG NETWORK INTERFACE UPDATE ifname=vlan0 ForwardCustomLLC=5,0,65535 ForwardPPPoE=1 ForwardIPv6=1 CONFIG NETWORK INTERFACE UPDATE ifname=vlan3 tag=44 physical=ethernet3 name="my_vlan" gateway=10.2.9.10
Level
base
History
Appears in 9.0.1
Description
Change or display IPv6 activation state
Note
Changing state requires levels network and modify
Usage
config network ipv6 state [ON|OFF]
- no argument: display status
- ON: enables IPv6
- OFF: disables IPv6
Returns
State=on|off or error code
Example
CONFIG NETWORK IPV6 STATE on CONFIG NETWORK IPV6 STATE off CONFIG NETWORK IPV6 STATE
Level
route+modify
Description
Flush and reload routing configuration
Usage
config network route activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
call ennetwork with -r flag
Example
CONFIG NETWORK ROUTE ACTIVATE CONFIG NETWORK ROUTE ACTIVATE Cancel CONFIG NETWORK ROUTE ACTIVATE Nextboot
Level
route+modify
History
Appears in 6.0.0
option remote=default removed in 9.0.0
state appears in 9.1.0
Description
Adds an IPv4 static route
Usage
config network route add remote=<remote object> interface=<ifname> [gateway=<gateway>] [color=<color>] [comment=<comment>] [state=(0|1)]
Returns
Error code
Example
CONFIG NETWORK ROUTE ADD remote=net-remote-1 gateway=router1 interface=in color=acc0ac comment="route to remote network 1"
Level
base
History
Appears in 9.0.1
Description
Commands to manage IPv6 routing
Level
route+modify
History
Appears in 9.0.1
state appears in 9.1.0
Description
Add a static IPv6 route
Usage
config network route ipv6 add remote=<remote object> interface=<ifname> [gateway=<host>] [color=<color>] [comment=<comment>] [state=(0|1)]
Returns
Error code
Level
route+modify
History
Appears in 9.0.1
Description
Remove a static IPv6 route
Usage
config network route ipv6 remove remote=<remote object>
Returns
Error code
Level
base
History
Appears in 9.0.1
Description
Show static IPv6 routes
Usage
config network route ipv6 show
Format
section_line
Returns
[StaticRoutes] Remote=<remote_object> Interface=<ifname> [Gateway=<host>] [Color=<color>] Protected=0|1 State=0|1 Comment="<comment>"
Level
route+modify
History
Appears in 9.0.1
state appears in 9.1.0
Description
Update a static IPv6 route
Usage
config network route ipv6 update remote=<remote object> [newRemote=<remote object>] [interface=<ifname>] [gateway=<host>] [color=<color>] [comment=<comment>] [state=(0|1)]
Returns
Error code
Level
route+modify
History
Appears in 6.0.0
option remote=default removed in 9.0.0
Description
Removes a route
Usage
config network route remove remote=<remote object>
Returns
Error code
Example
CONFIG NETWORK ROUTE REMOVE remote=net-remote-1 CONFIG NETWORK ROUTE REMOVE remote=192.168.200.0/255.255.255.0
Level
base
History
Appears in 6.0.0
[Router] removed in 9.0.0
FORMAT appears in 9.0.0
pagination appears in 9.0.0
Description
Shows IPv4 static routes
Usage
config network route show [useclone=<0|1>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]
Format
section_line
Returns
[StaticRoutes] Remote=host Address=ip Interface=name [Gateway=gw] [Color=color] Protected=0|1 State=0|1 Comment="comment" Remote=range Begin=start End=end Interface=name [Gateway=gw] [Color=color] Protected=0|1 State=0|1 Comment="comment" Remote=network Address=ip/prefix Interface=name [Gateway=gw] [Color=color] Protected=0|1 State=0|1 Comment="comment" Remote=ip/mask Interface=name [Gateway=gw] [Color=color] Protected=0|1 State=0|1 Comment="comment"
Example
CONFIG NETWORK ROUTE SHOW 101 code=00a01000 msg="Début" [StaticRoutes] Remote=mynet Address=172.168.100.0/24 Interface=out Gateway=10.2.0.1 Color=000c0a Protected=0 State=0 Comment="" Remote=192.168.100.0/255.255.255.0 Interface=in Gateway=10.2.2.1 Color=0a0c0a Protected=1 State=1 Comment="test route" 100 code=00a00100 msg="Ok"
Level
route+modify
Description
Updates a route
Usage
config network route update remote=<remote object> [newRemote=<remote object>] [interface=<ifname>] [gateway=<gateway>] [color=<color>] [comment=<comment>] [state=(0|1)]
Returns
Error code
Example
CONFIG NETWORK ROUTE UPDATE remote=net-remote-1 newRemote=net-remote-2 gateway=router1 interface=in color=acc0ac comment="route updated"
Deprecated
Level
base
History
Appears in 7.0.3.1Removed in 9.0.2
Description
Commands to manage switch configuration
Deprecated
Level
network+modify
History
Appears in 7.0.3.1Removed in 9.0.2
Description
Flush and reload switch configuration
Usage
config network switch activate [CANCEL]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded.
Returns
Error code
Implementation notes
call enswitch
Example
CONFIG NETWORK SWITCH ACTIVATE CONFIG NETWORK SWITCH ACTIVATE Cancel
Deprecated
Level
network+modify
History
Appears in 7.0.3.1Removed in 9.0.2
Description
Configure ports used by given interface
Usage
config network switch add ifname=<interface name> ports=<number or range of numbers (min-max) separated by commas>
Returns
Error code
Example
CONFIG NETWORK SWITCH ADD ifname="Ethernet0" ports="1,3-5"
Deprecated
Level
network+modify
History
Appears in 7.0.3.1Removed in 9.0.2
Description
Modify ports used by given interface
Usage
config network switch modify ifname=<interface name> ports=<number or range of numbers (min-max) separated by commas>
Returns
Error code
Example
CONFIG NETWORK SWITCH MODIFY ifname="Ethernet0" ports="1-6"
Level
maintenance+modify
History
CANCEL/NEXTBOOT Appears in 9.0.0
level changes from other,modify to maintenance,modify in 9.0.0
Description
Activate NTP configuration.
Usage
config ntp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
Run enntp script and start service depending on state field
Example
CONFIG NTP ACTIVATECONFIG NTP ACTIVATE cancel
Level
base
Description
Get/set NTP advanced settings : allow unauthenticated servers
Note
Maintenance and Modify levels are required to update the value
Usage
config ntp advanced [allowUnauth=on|off]
Returns
allowUnauth=(on|off) nb_nokey_server=number
Example
CONFIG NTP ADVANCED CONFIG NTP ADVANCED allowUnauth=on
Level
maintenance+modify
History
level changes from other,modify to maintenance,modify in 9.0.0
Description
Add a NTP key in md5 ascii format.
Usage
config ntp key add md5-ascii=<key data> keynum=<unique key number>
Returns
Error code
Example
CONFIG NTP KEY ADD md5-ascii=AA keynum=1
Level
maintenance
History
FORMAT Appears in 9.0.0
level changes from other to maintenance in 9.0.0
Description
List NTP keys.
Usage
config ntp key list
Format
section_line
Returns
keynum=<key id> keytype=<key type> data=<key data>
Implementation notes
load section, get s->count and print each value
Example
CONFIG NTP KEY LIST keynum=1 keytype=md5-ascii data="AA"
Level
maintenance+modify
History
option groupname for name Appears in 6.0.0
level changes from other,modify to maintenance,modify in 9.0.0
Description
Add a NTP server.
Usage
config ntp server add name=<hostname| groupname> keynum=authentication key number for this server
Returns
Error code
Example
CONFIG NTP SERVER ADD name=ntp_1 keynum=1 CONFIG NTP SERVER ADD name=ntp_2
Level
maintenance
History
type Appears in 6.0.0
FORMAT Appears in 9.0.0
level changes from other to maintenance in 9.0.0
Description
List NTP servers.
Usage
config ntp server list
Format
section_line
Returns
list of servers in the form : name=<name of server> keynum=[1-16]|none type=<host|range|group>
Implementation notes
load section, get s->count and print each value
Example
CONFIG NTP SERVER LIST name=ntp_1 keynum=1 type=host name=ntp_2 keynum=none type=host
Level
maintenance+modify
History
option groupname for name Appears in 6.0.0
level changes from other,modify to maintenance,modify in 9.0.0
Description
Remove a NTP server from list.
Usage
config ntp server remove <hostname|groupname>
Returns
Error code
Example
CONFIG NTP SERVER REMOVE name=ntp_1
Level
base
Description
Show NTP configuration.
Usage
config ntp show
Returns
[Config] State=(on|off) allowUnauth=(on|off)
Example
CONFIG NTP SHOW [Config] State=on allowUnauth=off
Level
base
History
Appears in 6.0.0
Description
Object administration
Note
Invalid name for objects are (case unsensitive):
Firewall*
Network*
Global*
ephemeral*
broadcast
anonymous
any
object commands update object configuration files and serverd memory structure
Level
object|globalobject+modify
History
Appears in 6.0.0
Description
Update object resolution file
Usage
config object activate
Level
base
History
Appears in 9.1.0
Description
Cn group category administration
Note
most of the code is shared with CONFIG.OBJECT.OBJECTGROUP
Level
object+modify
History
Appears in 9.1.0
Description
Add service object to cn group category
Note
node must be a cn group
this command returns an error if:
"group" or "node" don't exist
"node" is an object already included in "group"
Usage
config object cncategorygroup addto group=<cncategorygroup name> node=<node to add name>
Example
CONFIG OBJECT CNCATEGORYGROUP ADDTO group=group1 node=cngroup1
Level
object
History
Appears in 9.1.0
Description
Check cn group category
Usage
config object cncategorygroup check name=<cncategorygroupname>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
CONFIG OBJECT CNCATEGORYGROUP CHECK name=cncategorygroup1 [Configuration] module=Filter slot=04 line=1
Level
object+modify
History
Appears in 9.1.0
Description
Remove an cn category group
Note
returns an error if no group with this name exist
Usage
config object cncategorygroup delete name=<cngroup category name> [force=1]
Example
CONFIG OBJECT CNCATEGORYGROUP DELETE name=cncategorygroup1
Level
object+modify
History
Appears in 9.1.0
Description
Create new empty cn group category
Note
returns an error if an cn category group with identical name exists
Usage
config object cncategorygroup new name=<cncategorygroupname> [comment=<cncategorygroup comment>] [update=<0|1>]
Example
CONFIG OBJECT SERVICEGROUP NEW name=cncategorygroup1
Level
object+modify
History
Appears in 9.1.0
Description
Remove service object from cn group category
Note
node must be a cn group or a cn group category
this command returns an error if :
"group" or "node" don't exist
"node" is not in "group"
Usage
config object cncategorygroup removefrom group=<cncategorygroupname> node=<node to remove name>
Example
CONFIG OBJECT CNCATEGORYGROUP REMOVEFROM group=cncategorygroup1 node=cngroup1
Level
base
History
Appears in 9.1.0
Description
Show cn group category
Usage
config object cncategorygroup show name=<cncategorygroupname> [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]
Format
section_line
Returns
[<cncategorygroup name>] name=<nodename> ...
Example
CONFIG OBJECT CNCATEGORYGROUP SHOW name=web [web] name=cngroup1 name=cngroup2 name=cncategorygroup3
Level
base
History
appears in 9.0.0
Description
Return a unique object from its name
Usage
config object get type=<host|range|network|group|protocol|service|time|servicegroup|urlgroup|cngroup|oemgroup> name=<objname>
Format
section_line
Returns
Return one line with the object properties: [Object] type=host modify=<0|1> global=<0|1> comment=<comment> name=<hostname> ip=<ip> ipv6=<ipv6> resolve=<static|dynamic> type=range modify=<0|1> global=<0|1> comment=<comment> name=<rangename> begin=<firstip> end=<lastip> beginv6=<firstipv6> endv6=<lastipv6> type=network modify=<0|1> global=<0|1> comment=<comment> name=<rangename> ip=<ip> mask=<netmask> prefixlen=<ipv4 prefix len> ipv6=<ipv6> prefixlenv6=<ipv6 prefix len> type=protocol modify=<0|1> global=<0|1> comment=<comment> name=<protocolname> protonumber=<ip protocol number> type=service modify=<0|1> global=<0|1> comment=<comment> name=<servicename> port=<port> toport=<""|lastport> proto=<protocolname> type=time modify=<0|1> global=<0|1> comment=<comment> name=<timename> time=<time> weekday=<weekdays> yearday=<yearday> date=<date> type=group modify=<0|1> global=<0|1> comment=<comment> name=<groupname> type=servicegroup modify=<0|1> global=<0|1> comment=<comment> name=<groupname> type=urlgroup modify=1 global=0 comment=<comment> name=<groupname> type=cngroup modify=1 global=0 comment=<comment> name=<groupname> type=oemgroup modify=0 global=0 comment=<comment> name=<groupname> ...
Example
config object get type=host name=mycomputer [Object] type=host modify=1 global=0 comment="" name=mycomputer ip=10.0.0.0 ipv6=fe80::1 resolve=static
Level
base
History
Appears in 6.0.0
Description
Object groups administration
Note
most of the code is shared with CONFIG.OBJECT.SERVICEGROUP
Level
object+modify
History
Appears in 6.0.0added position arg in 9.0.0
Description
Add object to group
Note
node might be an object or a group
this command returns an error if:
"group" or "node" don't exist
"node" is an object already included in "group"
"node" is an object included in a subgroup of "group"
"node" is a group and contains common element(s) with "group"
"node" is a group and contains an other group which contains "group"(it creates a loop)
"node" is a group and contains an other group which has common element(s) with "group" or another node
Usage
config object group addto group=<groupname> node=<node to add name> [pos=<position>]
Example
CONFIG OBJECT GROUP ADDTO group=group1 node=host1
Level
object
History
Appears in 6.1.0
FORMAT Appears in 9.0.0
Description
Check object group
Usage
config object group check name=<group name>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
CONFIG OBJECT GROUP CHECK name=group1 [Configuration] module=Filter slot=04 line=1
Level
object+modify
History
Appears in 6.0.0
force Appears in 6.1.0
Description
Delete object group
Note
returns an error if no group with this name exist
Usage
config object group delete name=<groupname> [force=1]
Example
CONFIG OBJECT GROUP DELETE name=group1
Level
object+modify
History
Appears in 6.0.0
Description
Create new empty object group
Note
returns an error if a group with identical name exists
Usage
config object group new name=<groupname> [comment=<group comment>] [update=<0|1>]
Example
CONFIG OBJECT GROUP NEW name=group1
Level
object+modify
History
Appears in 6.0.0
Description
Remove object from group
Note
node might be an object or a group
this command returns an error if :
"group" or "node" don't exist
"node" is not in "group"
Usage
config object group removefrom group=<groupname> node=<node to remove name>
Example
CONFIG OBJECT GROUP REMOVEFROM group=group1 node=host1
Level
base
History
Appears in 6.0.0
FORMAT Appears in 9.0.0
all disappears in 9.0.0
Description
Show one object group
Usage
config object group show name=<groupname> [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]
Format
section_line
Returns
[<groupname>] name=<nodename> ...
Example
CONFIG OBJECT GROUP SHOW name=group1 [group1] name=host1
Level
base
History
Appears in 6.0.0
Description
Host object administration
Note
most of the code is shared with CONFIG.OBJECT.NETWORK and CONFIG OBJECT.SERVICE
Level
object
History
Appears in 6.1.0
FORMAT Appears in 9.0.0
Description
Check host object
Usage
config object host check name=<hostname>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
config object host check name=host1 [Configuration] module=DNS section=Servers module=Filter slot=04 line=1 module=DHCP section=Server
Level
object+modify
History
force Appears in 6.1.0
Description
Remove host object
Note
command returns an error code if :
no object is found.
object is in a group
Usage
config object host delete name=<hostname> [force=1]
Example
config object host delete name=host1
Level
object+modify
History
Appears in 6.0.0
Description
Add host object
Note
For single host at least one ip (v4 or v6) must be specified
For range at least one begin and end (v4 or v6) must be specified
Without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.
Usage
config object host new name=<hostname> [ip=<ipaddress>] [ipv6=<ipv6address>] [type=router|server|host] [resolve=static|dynamic|manual] [mac=xx:xx:xx:xx:xx:xx] [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]
name=<rangename> [begin=<range first ip> end=<range last ip>] [beginv6=<range first ipv6> endv6=<range last ipv6>] [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]
Example
CONFIG OBJECT HOST NEW name=host4 ip=10.0.0.1 resolve=static comment="IPv4 only host" mac=11:22:33:44:55:66 CONFIG OBJECT HOST NEW name=host6 ipv6=fe80::1 resolve=static comment="IPv6 only host" CONFIG OBJECT HOST NEW name=host46 ip=10.0.0.1 ipv6=fe80::1 resolve=static comment="IPv4v6 host" CONFIG OBJECT HOST NEW name=range4 begin=10.0.0.1 end=10.0.0.10 comment="IPv4 only range" CONFIG OBJECT HOST NEW name=range6 beginv6=fe80::1 endv6=fe80::10 comment="IPv6 only range" CONFIG OBJECT HOST NEW name=range46 begin=10.0.0.1 end=10.0.0.10 beginv6=fe80::1 endv6=fe80::10 comment="IPv4v6 range"
Level
base
History
Appears in 9.0.0
Description
Show to which object the object 'internet' points to
Usage
config object internet show
Returns
[Internet] operator=(ne|eq) object=(host|range|net|group)
Example
CONFIG OBJECT INTERNET SHOW[Internet] operator=ne object=Network_internals
Level
base
History
appears in 9.0.0
havingipversion appears in 1.0.0
Description
List and search objects
Usage
config object list type=<all|[host][,range][,network][,group][,protocol][,service][,time][,servicegroup][,urlgroup][,cngroup][,oemgroup][,urlcategorygroup][,cncategorygroup]> [havingipversion=<4|6|any>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]
Format
section_line
Returns
[Object] type=host modify=<0|1> global=<0|1> comment=<comment> name=<hostname> ip=<ip> ipv6=<ipv6> resolve=<static|dynamic> type=range modify=<0|1> global=<0|1> comment=<comment> name=<rangename> begin=<firstip> end=<lastip> beginv6=<firstipv6> endv6=<lastipv6> type=network modify=<0|1> global=<0|1> comment=<comment> name=<rangename> ip=<ip> mask=<netmask> prefixlen=<ipv4 prefix len> ipv6=<ipv6> prefixlenv6=<ipv6 prefix len> type=protocol modify=<0|1> global=<0|1> comment=<comment> name=<protocolname> protonumber=<ip protocol number> type=service modify=<0|1> global=<0|1> comment=<comment> name=<servicename> port=<port> toport=<""|lastport> proto=<protocolname> type=time modify=<0|1> global=<0|1> comment=<comment> name=<timename> time=<time> weekday=<weekdays> yearday=<yearday> date=<date> type=group modify=<0|1> global=<0|1> comment=<comment> name=<groupname> type=servicegroup modify=<0|1> global=<0|1> comment=<comment> name=<groupname> type=urlgroup modify=1 global=0 comment=<comment> name=<groupname> type=cngroup modify=1 global=0 comment=<comment> name=<groupname> type=oemgroup modify=0 global=0 comment=<comment> name=<groupname> ...
Example
CONFIG OBJECT LIST type=host,range start=1 search=*com* searchfield=name [Object] type=host modify=1 global=0 comment="" name=mycomputer ip=10.0.0.1 resolve=static
Level
base
History
Appears in 6.0.0
Description
Network object administration
Note
most of the code is shared with CONFIG.OBJECT.HOST and CONFIG OBJECT.SERVICE
Level
object
History
Appears in 6.1.0
FORMAT Appears in 9.0.0
Description
Check network object
Usage
config object network check name=<network name>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
config object network check name=network1 [Configuration] module=DNS section=Clients module=Filter slot=04 line=1
Level
object+modify
History
force Appears in 6.1.0
Description
Remove network object
Note
command returns an error code if :
no object is found.
object is in a group
Usage
config object network delete name=<netname> [force=1]
Example
config object net delete name=net1
Level
object+modify
History
Appears in 6.0.0
Description
Add network object
Note
at least one ip (v4 or v6) must be specified
Without update parameter, command will return an error if an object with the same name exists.
0.0.0.0 and 255.255.255.255 IPv4 netmasks are not allowed
/0 and /32 IPv4 prefix len are not allowed
/0 and /128 IPv6 prefix len are not allowed
With update=2, modules which use the object are not reloaded.
Usage
config object network new name=<netname> [ip=<network IPV4 address> mask=<netmask>|prefixlen=<prefixlen>] [ipv6=<network IPv6 address> prefixlenv6=<prefixlen>] [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]
Example
CONFIG OBJECT NETWORK NEW name=net0 ip=10.0.0.0 prefixlen=16 comment="IPv4 only network" CONFIG OBJECT NETWORK NEW name=net1 ip=10.0.0.0 mask=255.0.0.0 comment="IPv4 only network" CONFIG OBJECT NETWORK NEW name=net2 ipv6=fe80:: prefixlenv6=64 comment="IPv6 only network" CONFIG OBJECT NETWORK NEW name=net3 ip=10.0.0.0 mask=255.0.0.0 ipv6=fe80:: prefixlenv6=64 comment="IPv4v6 network"
Level
base
History
Appears in 6.0.0
Description
Protocol object administration
Note
most of the code is shared with CONFIG.OBJECT.NETWORK and CONFIG OBJECT.HOST
Level
object
History
Appears in 6.1.0
FORMAT Appears in 9.0.0
Description
Check protocol object
Usage
config object protocol check name=<protocol name>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
CONFIG OBJECT PROTOCOL CHECK name=proto1 [Configuration] module=Filter slot=04 line=1
Level
object+modify
History
force Appears in 6.1.0
Description
Remove protocol object
Note
this command returns an error code if :
no object is found.
object is in a group
Usage
config object protocol delete name=<protocolname> [force=1]
Example
CONFIG OBJECT PROTOCOL DELETE name=chaos
Level
object+modify
History
Appears in 6.0.0
value replaced by protonumber in 9.0.0
Description
Add protocol object
Note
Without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.
Usage
config object protocol new name=<protocolname> protonumber=<IP protocol number> [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]
Example
CONFIG GLOBAL OBJECT PROTOCOL NEW name=chaos protonumber=16 color=123456 comment="CHAOS protocol"
Level
filter+modify
History
Appears in 6.2.0
level changes from object,globalobject,modify to filter,modify in 9.0.0
Description
Update active rules
Usage
config object qos activate
Returns
Error code
Level
base
History
Appears in 6.1.0
Description
List drop policies
Usage
config object qos drop
Returns
<inc.number>=<policy name>
Example
101 code=00a01000 msg="Begin" [Drop] 0=TailDrop 1=BLUE 100 code=00a00100 msg="Ok"
Level
filter+modify
History
Appears in 6.1.0
level filter Appears in 6.1.4
level network deprecated in 6.1.4
level other deprecated in 6.1.4
Description
Add a qid
Note
In order to use a percentage as bandwidth for CBQ, a reference bandwidth must be set using CONFIG OBJECT QOS SET
Usage
config object qos qid add qid=<qid> [comment=<comment>] (type=CBQ min=<min> min_rev=<minrev> max=<max> max_rev=<maxrev>) | (type=<PRIQ> pri=<pri>) [color=<color>] [length=<queue_length>] [prioritize_ack=<on|off>] [prioritize_lowdelay=<on|off>] [update=<on|off>]
Example
CONFIG OBJECT QOS QID ADD qid=HTTP comment="web" type=CBQ min="65536" min_rev="16384" max="0" max_rev="0" CONFIG OBJECT QOS QID ADD qid=SSH comment="ssh" type=PRIQ pri=1 CONFIG OBJECT QOS QID ADD qid=SMTP comment="mail" type=CBQ min="131072" max="262144" min_rev="0" max_rev="0"
Level
base
History
Appears in 6.1.0
FORMAT Appears in 9.0.0
Description
Check a qid
Usage
config object qos qid check name=<qid>
Format
section_line
Level
base
History
Appears in 6.1.0
Description
List qids
Usage
config object qos qid list
Level
filter+modify
History
Appears in 6.1.0
level filter Appears in 6.1.4
level network deprecated in 6.1.4
level other deprecated in 6.1.4
Description
Remove a qid
Usage
config object qos qid remove qid=<qid> [force=1]
Returns
Error code
Level
filter+modify
History
Appears in 9.0.0
Description
Rename a qid
Note
rename all the occurences of old_qidname to new_qidname in the configuration files
this command returns an error code if :
old qidname is not found.
new qidname already exists.
Usage
config object qos qid rename oldname=<old_qidname> newname=<new_qidname>
Returns
Error code
Level
filter+modify
History
Appears in 6.1.0
level filter Appears in 6.1.4
level network deprecated in 6.1.4
level other deprecated in 6.1.4
defaultqueue Appears in 9.0.0
Description
Set global QoS parameters
Usage
config object qos set [bandwidth=<bw> drop=<0|1> defaultqueue=<qid|bypass>]
Returns
Error code
Level
object+modify
History
Appears in 9.0.0
Description
Rename objects
Note
rename all the occurences of old_objname to new_objname in the configuration files
this command returns an error code if :
old objname is not found.
new objname already exists.
Usage
config object rename type=<host|range|network|service|time|group|servicegroup|urlgroup|cngroup|urlcategorygroup|cncategorygroup> oldname=<old_objname> newname=<new_objname>
Example
config object rename type=host oldname=foo newname=bar
Level
base
History
Appears in 6.0.0
Description
Service object administration
Note
most of the code is shared with CONFIG.OBJECT.NETWORK and CONFIG OBJECT.HOST
Level
object
History
Appears in 6.1.0
FORMAT Appears in 9.0.0
Description
Check service object
Usage
config object service check name=<service name>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
config object service check name=service1 [Configuration] module=Filter slot=04 line=1
Level
object+modify
History
force Appears in 6.1.0
Description
Remove service object
Note
this command returns an error code if :
no object is found.
object is in a group
Usage
config object service delete name=<servicename> [force=1]
Example
config object service delete name=dns
Level
object+modify
History
Appears in 6.0.0
Removed plugin attribute in 9.0.0
Description
Add service object
Note
without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.
Usage
config object service new name=<servicename> port=<port number> proto=<tcp|udp|any> [toport=<porthigh>] [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]
Example
CONFIG OBJECT SERVICE NEW name=dns port=53 proto=tcp comment="DNS service"
Level
base
History
Appears in 6.0.0
Description
Service groups administration
Note
most of the code is shared with CONFIG.OBJECT.OBJECTGROUP
Level
object+modify
History
Appears in 6.0.0
Description
Add service object to service group
Note
node must be a service
this command returns an error if:
"group" or "node" don't exist
"node" is an object already included in "group"
Usage
config object servicegroup addto group=<servicegroup name> node=<node to add name>
Example
CONFIG OBJECT SERVICEGROUP ADDTO group=group1 node=dns
Level
object
History
Appears in 6.1.0
FORMAT Appears in 9.0.0
Description
Check service group
Usage
config object servicegroup check name=<service group name>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
CONFIG OBJECT SERVICEGROUP CHECK name=servicegroup1 [Configuration] module=Filter slot=04 line=1
Level
object+modify
History
force Appears in 6.1.0
Description
Remove service group
Note
returns an error if no group with this name exist
Usage
config object servicegroup delete name=<servicegroup name> [force=1]
Example
CONFIG OBJECT SERVICEGROUP DELETE name=servicegroup1
Level
object+modify
History
Appears in 6.0.0
Description
Create new empty service group
Note
returns an error if a service group with identical name exists
Usage
config object servicegroup new name=<servicegroupname> [comment=<servicegroup comment>] [update=<0|1>]
Example
CONFIG OBJECT SERVICEGROUP NEW name=servicegroup1
Level
object+modify
History
Appears in 6.0.0
Description
Remove service object from service group
Note
node must be a service
this command returns an error if :
"group" or "node" don't exist
"node" is not in "group"
Usage
config object servicegroup removefrom group=<servicegroup name> node=<node to remove name>
Example
CONFIG OBJECT SERVICEGROUP REMOVEFROM group=servcegroup1 node=dns
Level
base
History
Appears in 6.0.0
FORMAT Appears in 9.0.0
all disappears in 9.0.0
Description
Show service group
Usage
config object servicegroup show name=<servicegroup name> [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]
Format
section_line
Returns
[<servicegroup name>] name=<nodename> ...
Example
CONFIG OBJECT SERVICEGROUP SHOW name=web [web] name=dns_udp name=http name=https
Level
object
History
Appears in 9.0.0
Description
Check time object
Usage
config object time check name=<timeobject name>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
config object host check name=daysoff [Configuration] module=Filter slot=04 line=1
Level
object+modify
History
force Appears in 9.0.0
Description
Remove time object
Note
command returns an error code if :
no object is found.
Usage
config object time delete name=<timeobject name> [force=1]
Example
config object host delete name=daysoff
Level
object+modify
History
Appears in 9.0.0
Description
Add a time object
Note
Without update parameter, command will return an error if an object with the same name exists.
With update=2, modules which use the object are not reloaded.
Usage
config object time new name=<timeobject name> time=(""|hh:mm-hh:mm[;hh:mm-hh:mm]...) weekday=(""|dow[-dow][;dow[-dow]]...) yearday=(""|mm:dd[-mm:dd][;mm:dd[-mm:dd]]...) date=(""|yyyy:mm:dd[:hh:mm][-yyyy:mm:dd[:hh:mm]]) [color=xxxxxx] [comment=<comment>] [update=<0|1|2>]
Example
config object time new name=work time=08:00-12:00;14:00-19:00 weekday="1;3;5-7" yearday="" date="" comment="working hours" config object time new name=daysoff time="" weekday="" yearday="01:01;05:01;05:08;07:14;08:15;11:11;12:25" date=""
Level
base
History
Appears in 9.1.0
Description
Url category groups administration
Note
most of the code is shared with CONFIG.OBJECT.OBJECTGROUP
Level
object+modify
History
Appears in 9.1.0
Description
Add url group object to url group category
Note
node must be an url group
this command returns an error if:
"group" or "node" don't exist
"node" is an object already included in "group"
Usage
config object urlcategorygroup addto group=<urlcategorygroup name> node=<node to add name>
Example
CONFIG OBJECT URLCATEGORYGROUP ADDTO group=group1 node=dns
Level
object
History
Appears in 9.1.0
Description
Check url group category
Usage
config object urlcategorygroup check name=<urlcategorygroupname>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
CONFIG OBJECT URLCATEGORYGROUP CHECK name=urlcategorygroup1 [Configuration] module=Filter slot=04 line=1
Level
object+modify
History
Appears in 9.1.0
Description
Remove an url group category
Note
returns an error if no group with this name exist
Usage
config object urlcategorygroup delete name=<servicegroup name> [force=1]
Example
CONFIG OBJECT URLCATEGORYGROUP DELETE name=urlcategorygroup1
Level
object+modify
History
Appears in 9.1.0
Description
Create new empty url group category
Note
returns an error if an url category group with identical name exists
Usage
config object urlcategorygroup new name=<urlcategorygroupname> [comment=<urlcategorygroup comment>] [update=<0|1>]
Example
CONFIG OBJECT SERVICEGROUP NEW name=urlcategorygroup1
Level
object+modify
History
Appears in 9.1.0
Description
Remove service object from url group category
Note
node must be a service
this command returns an error if :
"group" or "node" don't exist
"node" is not in "group"
Usage
config object urlcategorygroup removefrom group=<urlcategorygroupname> node=<node to remove name>
Example
CONFIG OBJECT URLCATEGORYGROUP REMOVEFROM group=urlcategorygroup1 node=dns
Level
base
History
Appears in 9.1.0
Description
Show url group category
Usage
config object urlcategorygroup show name=<urlcategorygroupname> [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]
Format
section_line
Returns
[<urlcategorygroup name>] name=<nodename> ...
Example
CONFIG OBJECT URLCATEGORYGROUP SHOW name=web [web] name=dns_udp name=http name=https
Level
contentfilter+modify
History
appears on 9.0.0
comment and update appear in Sicilia
Description
Add an url to an URL/CN group
Usage
config object urlgroup addto group=<groupname> type=(urlgroup|cngroup) url=<url> [comment=<comment>] [update=<0|1>]
group : group name to use for filter
type : type of urlgroup (urlgroup or cngroup)
url : url to add to urlgroup
comment : comment for the url
update : indicate if the commment should be updated
Returns
Error code
Example
CONFIG OBJECT URLGROUP ADDTO group=antivirus_bypass type=urlgroup url=*.netasq.com/* CONFIG OBJECT URLGROUP ADDTO group=antivirus_bypass type=urlgroup url=*.netasq.com/* comment="NETASQ" update=1 CONFIG OBJECT URLGROUP ADDTO group=bank_bypass type=cngroup url=www.bank.com
Level
base
History
appears in 9.0.0
Description
Check an URL/CN/OEM group object
Usage
config object urlgroup check name=<groupname> type=(urlgroup|cngroup|oemgroup)
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Example
CONFIG OBJECT URLGROUP CHECK name=antivirus_bypass type=urlgroup CONFIG OBJECT URLGROUP CHECK name=bank_bypass type=cngroup CONFIG OBJECT URLGROUP CHECK name=ads type=oemgroup
Level
base
History
appears in 9.1
Description
Show which groups the specified URL belongs to
Usage
config object urlgroup classify url=<url_to_check>
Format
section
Returns
[groups] <oemgroup|urlgroup>=group1 <oemgroup|urlgroup>=group2 ... <oemgroup|urlgroup>=groupN
Example
CONFIG OBJECT URLGROUP CLASSIFY url=www.netasq.com
Level
contentfilter+modify
History
appears on 9.0.0
Description
Delete an URL/CN group
Usage
config object urlgroup delete name=<groupname> type=(urlgroup|cngroup) [force=1]
Returns
Error code
Example
CONFIG OBJECT URLGROUP DELETE name=antivirus_bypass type=urlgroup CONFIG OBJECT URLGROUP DELETE name=bank_bypass type=cngroup
Level
contentfilter+modify
History
appears on 9.0.0
Description
Create a new empty URL/CN group
Usage
config object urlgroup new name=<groupname> type=(urlgroup|cngroup) [comment=<comment>] [update=<0|1>]
Returns
Error code
Example
CONFIG OBJECT URLGROUP NEW name=antivirus_bypass type=urlgroup CONFIG OBJECT URLGROUP NEW name=bank_bypass type=cngroup
Level
contentfilter+modify
History
appears on 9.0.0
Description
Delete an url from an URL/CN group
Usage
config object urlgroup removefrom group=<groupname> type=(urlgroup|cngroup) url=<url>
Returns
Error code
Example
CONFIG OBJECT URLGROUP REMOVEFROM group=antivirus_bypass type=urlgroup url=*.netasq.com/* CONFIG OBJECT URLGROUP REMOVEFROM group=antivirus_bypass type=cngroup url=www.bank.com
Level
base
History
FORMAT appears in 9.0.0
modify name on 9.0.0
was CONFIG.OBJECT.URL.SETBASE
appears in 6.2.0
Description
Switch the OEM group database used by URL/SSL Filtering, or display the actual used one.
Note
contentfilter and modify levels needed to set a base
Usage
config object urlgroup setbase [base=<NONE|NETASQ|CLOUDURL>]
Format
section
Returns
Without args: [Config] URLFiltering=<base name> When setting a base: Error code.
Implementation notes
URL and SSL Filtering databases are the same.
Example
CONFIG OBJECT URLGROUP SETBASE base=NETASQ
Level
base
History
modify on 9.0.0
FORMAT appears on 9.0.0
appears in 6.0.0
Description
Show one or all custom URL/CN groups
Usage
config object urlgroup show name=<groupname> type=(urlgroup|cngroup) [start=<int> [limit=<int>] [dir=<ASC|DESC>] [refresh=<0|1>]]
Format
section_line
Returns
A list of URLs/CNs of matching custom group [<groupname>] <url> <url>
Example
CONFIG OBJECT URLGROUP SHOW name=antivirus_bypass type=urlgroup [antivirus_bypass] *.windowsupdate.com/* *.windowsupdate.microsoft.com/*
Level
vpn|network+modify
History
Appears in 1.0.0
Description
Apply openvpn configuration and reload openvpn service with this new configuration
Usage
config openvpn activate [CANCEL] : changes are discarded
Returns
Error code
Level
vpn|network+modify
History
Appears in 1.0.0
Description
Set the default configuration (in clone file) for openvpn server
Usage
config openvpn default
Returns
Error code
Level
base
History
Appears in 1.0.0
Description
Display openvpn information
Usage
config openvpn show [[useclone=0|1]|[crypto=authAlgo|cipher|tlsCipher]]
useclone : specify if displayed configuration comes from clone file or not
crypto=authAlgo : display available Auth algorithms
crypto=cipher : display available Cipher algorithms
crypto=tlsCipher : display available TLS algorithms
Returns
[Config] state= : openvpn activation state pool= : IP addresses pool Port= : public listening port for the service route= : pushed routes on openvpn client serverPublicAddr= : public address to contact openvpn server timeout= : renegociation time of channel serverCertificate= : server certificate clientCertificate= : client certificate cipher= : used encrypt algorithm tlsCipher= : used encrypt algorithm for tls authAlgo= : message digest algorithm persist= : client IP persistency primaryDns= : pushed primary dns on openvpn client secondaryDns= : pushed secondary dns on openvpn client domainName= : pushed domain name on openvpn client verbose= : verbose activation level verboseFile= : used verbose file
Example
CONFIG OPENVPN SHOW CONFIG OPENVPN SHOW useclone=1 CONFIG OPENVPN SHOW crypto=authAlgo
Level
vpn|network+modify
History
Appears in 1.0.0
Description
Update OpenVPN configuration (in clone file) for openvpn server
Usage
config openvpn update [state=0|1] : openvpn server state
[pool=<network_object>] : IP pool allocated to openvpn clients
[route=<any|host|network|group_object>] : Networks pushed on openvpn clients
[timeout=<seconds>] : period of data channel renegociation
[serverCertificate=<cert_name>] : certificate of server
[clientCertificate=<cert_name>] : certificate of client
[cipher=<algo>] : specify algorithm to encrypt packets
[tlsCipher=<algo>] : specify algorithm to encrypt packets for tls
[authAlgo=<algo>] : specify algorithm for message digest
[persistIp=0|1] : client IP address persistency
[serverPublicAddr=<ip> or <hostname>] : public address to contact openvpn server
[port=<port>] : public listening port for the service
[primaryDns=<host_object>] : pushed primary dns on openvpn client
[secondaryDns=<host_object>] : pushed secondary dns on openvpn client
[domainName=<domain name>] : pushed domain name on openvpn client
Returns
Error code
Level
vpn+modify
History
CANCEL/NEXTBOOT Appears in 9.0.0
level changes from other,modify to vpn,modify in 9.0.0
Description
Reload PPTP server with lastest configuration or cancel modifications
Note
check licence PPTP flag before activate
Usage
config pptp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
Execute endialup
Example
CONFIG PPTP ACTIVATE CONFIG PPTP ACTIVATE cancel
Level
vpn+modify
History
level changes from other,modify to vpn,modify in 9.0.0
ReloadFilteringPolicy appears in 9.1.0
Description
Advanced parameters configuration
Note
DNS and NBDNS should be empty
Usage
config pptp advanced [DNS=<ip address>] [NBDNS=<ip address>] [ReloadFilteringPolicy=0|1]
Returns
Error code
Example
CONFIG PPTP ADVANCED dns=dns_1 CONFIG PPTP ADVANCED dns= ReloadFilteringPolicy=1
Level
vpn+modify
History
level changes from other,modify to vpn,modify in 9.0.0
Description
Specify authorized encryption methods
Note
check licence VPN flag for MPPE 128 bits encryption
Usage
config pptp method allowed=none|[mppe40],[mppe56],[mppe128],[mppesl]
Returns
Error code
Implementation notes
if none set cryptorequired=0, else set cryptorequired=1 AND MPPE choosed keysize flags
Example
CONFIG PPTP METHOD allowed=mppe40,mppe128
Level
vpn+modify
History
level changes from other,modify to vpn,modify in 9.0.0
Description
Specify Ip address pool used in client IP allocation
Note
You must set an IP address pool to activate PPTP server
Usage
config pptp pool <hostgroupname>
Returns
Error code
Implementation notes
Pool can be an host, a range, an host/range group name
Example
CONFIG PPTP POOL pptp_add
Level
vpn_read
History
level changes from base to vpn_read in 9.0.0
Description
Show PPTP server config
Usage
config pptp show
Returns
[Global] State=0|1 : PPTP server state Pool=<hostgroup> : Host group name CryptoRequired=0|1 : Accept only request with encryption MPPE40=0|1 : Accept MPPE 40 bits proposition MPPE56=0|1 : Accept MPPE 56 bits proposition MPPE128=0|1 : Accept MPPE 128 bits proposition MPPESL=0|1 : Accept MPPE stateless proposition DNS=<ip address> : DNS IP address sent to the client NBDNS=<ip address> : WINS IP address sent to the client ReloadFilteringPolicy=0|1: reload policy when a client connects or disconnects
Example
CONFIG PPTP SHOW [Global] Pool=pptp_add State=1 CryptoRequired=1 MPPE40=0 MPPE56=0 MPPE128=1 MPPESL=1 DNS= NBDNS= ReloadFilteringPolicy=0
Level
vpn_read
History
level changes from base to vpn_read in 9.0.0
Description
Get/set the status of the PPTP server
Note
check licence PPTP flag before activate
Vpn level needed to update state value
Usage
config pptp state [On|Off]
Returns
The state of the server
Implementation notes
Change ConfigFiles/pptpserver state boolean value
Example
CONFIG PPTP STATE on CONFIG PPTP STATE off
Level
base
History
Appears in 9.0.0
Description
PPTP user configuration
Usage
config pptp user
Level
vpn+modify
History
Appears in 9.0.0
Description
Reload PPTP users with lastest configuration or cancel modifications
Note
check licence PPTP flag before activate
Usage
config pptp user activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
Execute endialup
Example
CONFIG PPTP USERS ACTIVATECONFIG PPTP USERS ACTIVATE cancel
Level
vpn+modify
History
Appears in 9.0.0
Description
Allow a user to connect pptp
Usage
config pptp user add user=<username> password=<password>
Level
vpn_read
History
Appears in 9.0.0
Description
List PPTP users how have access to PPTP
Usage
config pptp user list
Level
base|asq
History
Appears in 9.0.0
Description
Commands to configure protocol profiles
Level
asq+modify
History
Appears in 9.0.0
Description
Activate the protocol's configuration
Usage
config protocol activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Example
CONFIG PROTOCOL <protocol name> ACTIVATE
Level
asq+modify
History
Appears in 9.0.0
Description
Set protocol's common settings
Usage
config protocol common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset protocol's common settings to default
Usage
config protocol common default
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for DNS protocol
Usage
config protocol dns activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for DNS protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set DNS protocol's common setting
Usage
config protocol dns common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for DNS protocol
Usage
config protocol dns common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for DNS protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for DNS
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for DNS protocol
Usage
config protocol dns profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for DNS protocol
Usage
config protocol dns profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for DNS protocol (IPS alarm)
Usage
config protocol dns profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy DNS protocol profile
Usage
config protocol dns profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for DNS protocol
Usage
config protocol dns profile default index=<profile_idx>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for DNS protocol
Usage
config protocol dns profile ips config index=<profile_idx> [InternalDomain=<string>] [NameBuffer=<10..2048>] [Probe=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for DNS protocol
Usage
config protocol dns profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for DNS protocol
Usage
config protocol dns profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for EDONKEY protocol
Usage
config protocol edonkey activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for EDONKEY protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set EDONKEY protocol's common setting
Usage
config protocol edonkey common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for EDONKEY protocol
Usage
config protocol edonkey common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for EDONKEY protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for EDONKEY
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for EDONKEY protocol
Usage
config protocol edonkey profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for EDONKEY protocol
Usage
config protocol edonkey profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for EDONKEY protocol (IPS alarm)
Usage
config protocol edonkey profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy EDONKEY protocol profile
Usage
config protocol edonkey profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for EDONKEY protocol
Usage
config protocol edonkey profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for EDONKEY
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for EDONKEY protocol
Usage
config protocol edonkey profile ips config index=<profile_idx> [AllowTCPUrg=On|Off] [Log=On|Off] [Probe=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for EDONKEY protocol
Usage
config protocol edonkey profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for EDONKEY protocol
Usage
config protocol edonkey profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for FTP protocol
Usage
config protocol ftp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for FTP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set FTP protocol's common setting
Usage
config protocol ftp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for FTP protocol
Usage
config protocol ftp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.4
Description
FTP common proxy configuration
Level
asq+modify
History
Appears in 9.0.4
Description
Common parameters configuration
Usage
config protocol ftp common proxy config ApplyNat=<0|1>
ApplyNat : Allow outbound connections from proxies to match any NAT rule instead of just dst-only
Returns
Error code
Example
CONFIG PROTOCOL FTP COMMON PROXY CONFIG ApplyNat=0
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for FTP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for FTP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for FTP protocol
Usage
config protocol ftp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for FTP protocol
Usage
config protocol ftp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for FTP protocol (IPS alarm)
Usage
config protocol ftp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy FTP protocol profile
Usage
config protocol ftp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for FTP protocol
Usage
config protocol ftp profile default index=<profile_idx>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for FTP protocol
Usage
config protocol ftp profile ips config index=<profile_idx> [AllowOp=<string>] [AllowTCPUrg=On|Off] [AuthSSL=On|Off] [DenyOp=<string>] [LineBuffer=<10..2048>] [Log=On|Off] [NoAuth=On|Off] [PassBuffer=<10..2048>] [PathBuffer=<10..2048>] [Probe=On|Off] [RFC775=On|Off] [SiteBuffer=<10..2048>] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>] [UserBuffer=<10..2048>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for FTP protocol
Usage
config protocol ftp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base
History
Appears in 9.0.0
Description
Commands to configure ftp profile settings
Level
asq+modify
History
Appears in 9.0.0
Description
Configure the antivirus part of the ftp profile
Usage
config protocol ftp profile proxy antivirus index=<profile index> [OnInfectedPolicy=<pass|block>] [OnFailedPolicy=<pass|block>] [ftpAvMode=<upload|download|both>]
Returns
Error code
Example
CONFIG PROTOCOL FTP PROFILE PROXY ANTIVIRUS index=1 OnInfectedPolicy=pass OnFailedPolicy=pass ftpAvMode=both
Level
asq+modify
History
Appears in 9.0.0
Description
Configure the authorized cmd of the ftp profile
Usage
config protocol ftp profile proxy cmd index=<profile index> <ABOR|ACCT|ADAT|ALLO|APPE|AUTH|CCC|CDUP|CONF|CWD|DELE|ENC|EPRT|EPSV|FEAT|HELP|LIST|MDTM|MIC|MKD|MLSD|MLST|MODE|NLST|NOOP|OPTS|PASS|PASV|PBSZ|PORT|PROT|PWD|QUIT|REIN|REST|RETR|RMD|RNFR|RNTO|SITE|SIZE|SMNT|STAT|STOR|STOU|STRU|SYST|TYPE|USER|XCUP|XCWD|XMKD|XPWD|XRMD>=<block|pass|filter>
Returns
Error code
Example
CONFIG PROTOCOL FTP PROFILE PROXY CMD index=1 ABOR=filter ACCT=block ADAT=pass
Level
asq+modify
History
Appears in 9.0.0
Description
Configure the ftp profile
Usage
config protocol ftp profile proxy config index=<profile index> [BindAddr=<binding ip addr>] [WelcomeMsgFiltering=on|off] [ClientMode=any|active|passive] [ServerMode=any|active|passive] [BounceCheck=on|off] [FullTransparent=on|off]
Returns
Error code
Example
CONFIG PROTOCOL FTP PROFILE PROXY CONFIG index=1 BindAddr=MyObject WelcomeMsgFiltering=off ClientMode=any ServerMode=any BounceCheck=on=on
Level
base|asq
History
Appears in 9.0.0
Description
Commands to configure extracmd profile settings
Level
asq+modify
History
Appears in 9.0.0
Description
Add additional authorized cmd of the ftp profile
Usage
config protocol ftp profile proxy extracmd add index=<profile index> <commandname>
Returns
Error code
Example
CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD ADD index=1 NEWCOMMAND
Level
base|asq
History
Appears in 9.0.0
Description
List additional authorized cmd of the ftp profile
Usage
config protocol ftp profile proxy extracmd list index=<profile index>
Format
list
Returns
List of all authorized cmds
Example
CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD LIST index=1
Level
asq+modify
History
Appears in 9.0.0
Description
Remove additional authorized cmd of the ftp profile
Usage
config protocol ftp profile proxy extracmd remove index=<profile index> <commandname>
Returns
Error code
Example
CONFIG PROTOCOL FTP PROFILE PROXY EXTRACMD REMOVE index=1 NEWCOMMAND
Level
asq+modify
History
Appears in 9.0.0
Description
Configure post processing of the ftp profile
Usage
config protocol ftp profile proxy postproc index=<profile index> [policy=<block|pass>] [size=<MaxDataSize in Ko>] [keepalive=<nb of seconds>]
Returns
Error code
Example
CONFIG PROTOCOL FTP PROFILE PROXY POSTPROC index=1 policy=pass size=4000 keepalive=20
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for FTP protocol
Usage
config protocol ftp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for H323 protocol
Usage
config protocol h323 activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for H323 protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set H323 protocol's common setting
Usage
config protocol h323 common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for H323 protocol
Usage
config protocol h323 common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for H323 protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for H323
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for H323 protocol
Usage
config protocol h323 profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for H323 protocol
Usage
config protocol h323 profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for H323 protocol (IPS alarm)
Usage
config protocol h323 profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy H323 protocol profile
Usage
config protocol h323 profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for H323 protocol
Usage
config protocol h323 profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for H323
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for H323 protocol
Usage
config protocol h323 profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for H323 protocol
Usage
config protocol h323 profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for HTTP protocol
Usage
config protocol http activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for HTTP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set HTTP protocol's common settings
Usage
config protocol http common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Level
asq+modify
History
Appears in 9.0.0
Description
Reset common settings to default for HTTP protocol
Usage
config protocol http common default
Level
base|asq
History
Appears in 9.0.4
Description
HTTP common proxy configuration
Level
asq+modify
History
Appears in 9.0.4
Description
Common parameters configuration
Usage
config protocol http common proxy config ApplyNat=<0|1>
ApplyNat : Allow outbound connections from proxies to match any NAT rule instead of just dst-only
Returns
Error code
Example
CONFIG PROTOCOL HTTP COMMON PROXY CONFIG ApplyNat=0
Level
base|asq
History
Appears in 9.0.0
Description
Profile settings for HTTP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Alarm commands for HTTP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Reset to a default template alarms for HTTP protocol
Note
if reset=0 or not specified, the command will not reset alarms already user defined
Usage
config protocol http profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Dump the alarm configuration for HTTP protocol
Usage
config protocol http profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Format
section_line
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Example
config protocol http profile alarm show index=1 [Alarm] context=http:url:decoded id=48 action=block level=major dump=0 new=1 origin=profile_template msg="Windows : cmd.exe use or access attempt" modify=1 sensible=0 category="" comment="" context=protocol id=53 action=block level=major dump=0 new=0 origin=profile_template msg="Invalid HTTP protocol" modify=1 sensible=1 category="" comment="" context=http:client id=49 action=block level=major dump=0 new=1 origin=profile_template msg="Malware : PonyDOS botnet detected" modify=1 sensible=0 category="" comment=""
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for HTTP protocol (IPS alarm)
Usage
config protocol http profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Format
section_line
Returns
Error code
Example
CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=0 context=http:css:raw id=8 action=block level=minor CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=0 context=protocol id=249 dump=1 CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=1 context=http:client:header id=10 email=off CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=1 context=http:client:header id=11 email=on emailduration=20 emailcount=10 CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=1 context=http:client:header id=12 blacklist=on blduration=20 CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=1 context=http:url:raw id=13 level=minor email=off blacklist=on blduration=20 CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=1 context=http:url:raw id=14 email=on emailduration=20 emailcount=10 blacklist=on blduration=20 CONFIG PROTOCOL HTTP PROFILE ALARM UPDATE index=1 context=http:url:raw id=15 action=pass comment="mycomment"
Level
asq+modify
History
Appears in 9.0.0
Description
Copy http protocol profile
Usage
config protocol http profile copy index=<profile_idx> to=<0..9>
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for HTTP protocol
Usage
config protocol http profile default index=<profile_idx>
Level
base|asq
History
Appears in 9.0.0
Description
IPS for HTTP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for HTTP protocol
Usage
config protocol http profile ips config index=<profile_idx> [State=On|Off] [Log=On|Off] [Probe=On|Off] [AllowTCPUrg=On|Off] [TemplateAlarm=<low|medium|high|internet>] [Allow8bit=<string>] [AllowOp=<string>] [DenyOp=<string>] [HTMLAttrValueBuffer=<128..65536>] [ArgumentBuffer=<128..4096>] [ArgumentCount=<128..512>] [AuthorizationBuffer=<128..4096>] [AuthorizationBearerBuffer=<128..4096>] [AuthorizationNegotiateBuffer=<128..4096>] [BodyBuffer=<128..4096>] [ContentTypeBuffer=<128..4096>] [CookieBuffer=<128..65535>] [HTMLCleaning=On|Off] [HTMLContext=On|Off] [HTMLDebug=On|Off] [HostBuffer=<128..4096>] [JavascriptContext=On|Off] [MaxClientHeader=<16..512>] [MaxServerHeader=<16..512>] [QueryBuffer=<128..4096>] [RequestTimeout=<1..600>] [Shoutcast=On|Off] [UAForce10=<string>] [UrlBuffer=<128..4096>] [WebDAV=On|Off] [MaxRanges=<0..1024>]
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for HTTP protocol
Usage
config protocol http profile list [index=<profile_idx>]
Level
base|asq
History
Appears in 9.0.0
Description
Commands to configure proxy settings for HTTP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Configure the antivirus part of the http profile
Usage
config protocol http profile proxy antivirus index=<profile index> [OnInfectedPolicy=<pass|block>] [OnFailedPolicy=<pass|block>]
Returns
Error code
Example
CONFIG PROTOCOL HTTP PROFILE PROXY ANTIVIRUS index=1 OnInfectedPolicy=pass OnFailedPolicy=pass
Level
asq+modify
History
Appears in 9.0.0
Description
Configure the http profile
Usage
config protocol http profile proxy config index=<profile index>
[BindAddr=<binding ip addr>]
[CheckEncoding=<on|off>]
[Connect=<on|off>]
[ConnectPort=<service>]
[KeepAlive=<on|off>]
[MaxDataSize=<maximum download data size (0=unlimited)>]
[PartialDownload=<block|filter|pass>]
[ProxyAuth=<on|off>]
[WebDAV=<on|off>]
[EncodingFilter=<on|off>]
[TimeoutConnectSrv=<int>]
[FullTransparent=on|off]
[Proxy407=on|off]
[BypassAuthOnConnect=on|off]
Returns
Error code
Example
CONFIG PROTOCOL HTTP PROFILE PROXY CONFIG index=1 BindAddr=addr CheckEncoding=on Connect=off ConnectPort=port KeepAlive=off MaxDataSize=0 PartialDownload=off ProxyAuth=on WebDAV=off EncodingFilter=on TimeoutConnectSrv=20 Proxy407=off BypassAuthOnConnect=off
Level
base|asq
History
Appears in 9.0.0
Description
Commands for protocol HTTP ICAPEXCLUDE
Level
asq+modify
Description
Add a host/range/network in the exclude list
Usage
config protocol http profile proxy icapexclude add index=<profile index> host=<host|range|network>
Returns
Error code
Example
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE ADD index=0 host=hostname
Level
base|asq
History
Appears in 9.0.0
Description
dump the icap exclude list
Usage
config protocol http profile proxy icapexclude list index=<profile index>
Returns
The list
Example
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE LIST index=0
Level
asq+modify
History
Appears in 9.0.0
Description
Remove a host/range/network from the exclude list
Usage
config protocol http profile proxy icapexclude remove index=<profile index> host=<host|range|network>
Returns
Error code
Example
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPEXCLUDE REMOVE index=0 host=hostname
Level
asq+modify
History
Appears in 9.0.0
Description
Configure icap reqmod service
Usage
config protocol http profile proxy icapreqmod index=<profile index> state=<on|off> host=<hostname|hostgroup> port=<reqmod port service> [loadbalancing=<roundrobin|random|srchash>] service=<string> LdapAuth=<on|off> IPAuth=<on|off> [HttpPost=<on|off>]
Returns
Error code
Example
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPREQMOD index=0 state=on host=hostname port=icap loadbalancing=roundrobin service=string LdapAuth=off IPAuth=off HttpPost=on
Level
asq+modify
History
Appears in 9.0.0
Description
Configure icap respmod service
Usage
config protocol http profile proxy icaprespmod index=<profile index> state=<on|off> host=<hostname|hostgroup> port=<respmod port service> [loadbalancing=<roundrobin|random|srchash>] service=<string> LdapAuth=<on|off> IPAuth=<on|off>
Returns
Error code
Example
CONFIG PROTOCOL HTTP PROFILE PROXY ICAPRESPMOD index=0 state=on host=hostname port=icap loadbalancing=roundrobin service=string LdapAuth=off IPAuth=off
Level
base|asq
History
Appears in 9.0.0
Description
Commands for protocol HTTP MIME
Level
asq+modify
History
Appears in 9.0.0
Description
add a mime in the mime list
Usage
config protocol http profile proxy mime insert index=<profile index> [ruleid=<nb>] [state=on|off] [action=pass|block|checkvirus] [mime=<string>] [comment=<string>]
Returns
Error code
Example
CONFIG PROTOCOL HTTP PROFILE PROXY MIME INSERT index=0 ruleid=1 state=on action=checkvirus mime="text/plain"
Level
asq+modify
History
Appears in 9.0.0
Description
move a mime in the mime list
Usage
config protocol http profile proxy mime move index=<profile index> ruleid=<nb> to=<nb>
Returns
Error code
Example
CONFIG PROTOCOL HTTP PROFILE PROXY MIME MOVE index=0 rule=1 to=5
Level
asq+modify
History
Appears in 9.0.0
Description
remove mime rules in the mime list
Usage
config protocol http profile proxy mime remove index=<profile index> ruleid=(<nb>|all)
Returns
Error code
Example
CONFIG PROTOCOL HTTP PROFILE PROXY MIME REMOVE index=0 rule=1
Level
base|asq
History
Appears in 9.0.0
Description
dump the mime list
Usage
config protocol http profile proxy mime show index=<profile index>
Format
section_line
Returns
the list in the format : rule=nb state=on|off action=pass|block|checkvirus mime=<string>
Example
CONFIG PROTOCOL HTTP PROFILE PROXY MIME SHOW index=0
Level
asq+modify
History
Appears in 9.0.0
Description
update a mime in the mime list
Usage
config protocol http profile proxy mime update index=<profile index> ruleid=<nb> [state=on|off] [action=pass|block|checkvirus] [mime=<string>] [comment=<string>]
Returns
Error code
Example
CONFIG PROTOCOL HTTP PROFILE PROXY MIME UPDATE index=0 rule=1 state=on action=checkvirus mime="text/plain"
Level
asq+modify
History
Appears in 9.0.0
Description
Configure post processing limit, policy and bypass
Usage
config protocol http profile proxy postproc index=<profile index> [policy=<block|pass>] [size=<MaxDataSize in Ko>] [keepalive=<nb of seconds>] [bypass=<urlgroup name>]
Returns
Error code
Example
CONFIG PROTOCOL HTTP PROFILE PROXY POSTPROC index=1 policy=pass size=4000 keepalive=20 bypass=antivirus_bypass
Level
asq+modify
History
Appears in 9.1.0
AllowIP appears in 1.0.0
Description
Configure the URLFiltering part of the HTTP proxy
Usage
config protocol http profile proxy urlfiltering index=<profile index> [OnFailedPolicy=<pass|block>] [CheckHostHeader=<0|1>] [AllowIP=<0|1>]
Returns
Error code
Example
CONFIG PROTOCOL HTTP PROFILE PROXY URLFILTERING index=1 OnFailedPolicy=block CheckHostHeader=1 AllowIP=0
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for HTTP protocol
Usage
config protocol http profile show index=<profile_idx>
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for ICMP protocol
Usage
config protocol icmp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for ICMP protocol
Level
asq+modify
History
Appears in 9.0.0
DefaultPort disappears in 1.0.0
Description
Set ICMP protocol's common setting
Usage
config protocol icmp common config
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for ICMP protocol
Usage
config protocol icmp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for ICMP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for ICMP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for ICMP protocol
Usage
config protocol icmp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for ICMP protocol
Usage
config protocol icmp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for ICMP protocol (IPS alarm)
Usage
config protocol icmp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy ICMP protocol profile
Usage
config protocol icmp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for ICMP protocol
Usage
config protocol icmp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for ICMP
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for ICMP protocol
Usage
config protocol icmp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for ICMP protocol
Usage
config protocol icmp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for IGMP protocol
Usage
config protocol igmp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for IGMP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set IGMP protocol's common setting
Usage
config protocol igmp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for IGMP protocol
Usage
config protocol igmp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for IGMP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for IGMP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for IGMP protocol
Usage
config protocol igmp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for IGMP protocol
Usage
config protocol igmp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for IGMP protocol (IPS alarm)
Usage
config protocol igmp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy IGMP protocol profile
Usage
config protocol igmp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for IGMP protocol
Usage
config protocol igmp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for IGMP
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for IGMP protocol
Usage
config protocol igmp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for IGMP protocol
Usage
config protocol igmp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for IMAP4 protocol
Usage
config protocol imap4 activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for IMAP4 protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set IMAP4 protocol's common setting
Usage
config protocol imap4 common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for IMAP4 protocol
Usage
config protocol imap4 common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for IMAP4 protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for IMAP4
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for IMAP4 protocol
Usage
config protocol imap4 profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for IMAP4 protocol
Usage
config protocol imap4 profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for IMAP4 protocol (IPS alarm)
Usage
config protocol imap4 profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy IMAP4 protocol profile
Usage
config protocol imap4 profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for IMAP4 protocol
Usage
config protocol imap4 profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for IMAP4
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for IMAP4 protocol
Usage
config protocol imap4 profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for IMAP4 protocol
Usage
config protocol imap4 profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for IP protocol
Usage
config protocol ip activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for IP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set IP protocol's common setting
Usage
config protocol ip common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for IP protocol
Usage
config protocol ip common default
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Configure common settings for ip
Usage
config protocol ip common ips config [MTULimit=<0|140..65535>] [OptimizeLargeTable=<0..2>]
Returns
Error code
Example
CONFIG PROTOCOL IP COMMON IPS CONFIG PortScanRate=10 UserRemoveState=On
Level
asq+modify
History
Appears in 9.0.0
Description
Configure common fragmentation settings for ip
Usage
config protocol ip common ips fragment [FragLimit=<28..65535>] [KeepFrag=<On|Off>] [StateTimeout=<0|2..30>]
Returns
Error code
Example
CONFIG PROTOCOL IP COMMON IPS FRAGMENT PortScanRate=10 UserRemoveState=On
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for IP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for IP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for IP protocol
Usage
config protocol ip profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for IP protocol
Usage
config protocol ip profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for IP protocol (IPS alarm)
Usage
config protocol ip profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy IP protocol profile
Usage
config protocol ip profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for IP protocol
Usage
config protocol ip profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for IP protocol
Usage
config protocol ip profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for IP protocol
Usage
config protocol ip profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
base|asq
History
Appears in 9.0.0
Description
List all the supported protocols
Usage
config protocol list
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for MGCP protocol
Usage
config protocol mgcp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for MGCP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set MGCP protocol's common setting
Usage
config protocol mgcp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for MGCP protocol
Usage
config protocol mgcp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for MGCP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for MGCP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for MGCP protocol
Usage
config protocol mgcp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for MGCP protocol
Usage
config protocol mgcp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for MGCP protocol (IPS alarm)
Usage
config protocol mgcp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy MGCP protocol profile
Usage
config protocol mgcp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for MGCP protocol
Usage
config protocol mgcp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for MGCP
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for MGCP protocol
Usage
config protocol mgcp profile ips config index=<profile_idx> [ChildTimeout=<60..604800>] [CommandBuffer=<32..1024>] [ParameterBuffer=<32..1024>] [Probe=On|Off] [SDPBuffer=<32..1024>] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for MGCP protocol
Usage
config protocol mgcp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for MGCP protocol
Usage
config protocol mgcp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for MSN protocol
Usage
config protocol msn activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for MSN protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set MSN protocol's common setting
Usage
config protocol msn common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for MSN protocol
Usage
config protocol msn common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for MSN protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for MSN
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for MSN protocol
Usage
config protocol msn profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for MSN protocol
Usage
config protocol msn profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for MSN protocol (IPS alarm)
Usage
config protocol msn profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy MSN protocol profile
Usage
config protocol msn profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for MSN protocol
Usage
config protocol msn profile default index=<profile_idx>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for MSN protocol
Usage
config protocol msn profile ips config index=<profile_idx> [AllowTCPUrg=On|Off] [Log=On|Off] [Probe=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for MSN protocol
Usage
config protocol msn profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for MSN protocol
Usage
config protocol msn profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for MYSQL protocol
Usage
config protocol mysql activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for MYSQL protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set MYSQL protocol's common setting
Usage
config protocol mysql common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for MYSQL protocol
Usage
config protocol mysql common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for MYSQL protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for MYSQL
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for MYSQL protocol
Usage
config protocol mysql profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for MYSQL protocol
Usage
config protocol mysql profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for MYSQL protocol (IPS alarm)
Usage
config protocol mysql profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy MYSQL protocol profile
Usage
config protocol mysql profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for MYSQL protocol
Usage
config protocol mysql profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for MYSQL
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for MYSQL protocol
Usage
config protocol mysql profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for MYSQL protocol
Usage
config protocol mysql profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
base|asq
History
Appears in 9.0.0
Description
Command for NB-CIFS_TCP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for NB-CIFS_TCP protocol
Usage
config protocol nb-cifs_tcp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for NB-CIFS_TCP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set NB-CIFS_TCP protocol's common setting
Usage
config protocol nb-cifs_tcp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NB-CIFS_TCP protocol
Usage
config protocol nb-cifs_tcp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for NB-CIFS_TCP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for NB-CIFS_TCP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NB-CIFS_TCP protocol
Usage
config protocol nb-cifs_tcp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for NB-CIFS_TCP protocol
Usage
config protocol nb-cifs_tcp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for NB-CIFS_TCP protocol (IPS alarm)
Usage
config protocol nb-cifs_tcp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy NB-CIFS_TCP protocol profile
Usage
config protocol nb-cifs_tcp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NB-CIFS_TCP protocol
Usage
config protocol nb-cifs_tcp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for NB-CIFS_TCP
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for NB-CIFS_TCP protocol
Usage
config protocol nb-cifs_tcp profile ips config index=<profile_idx> [AllowTCPUrg=On|Off] [Probe=On|Off] [SMB2ReferralFileNameBuffer=<0..65536>] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for NB-CIFS_TCP protocol
Usage
config protocol nb-cifs_tcp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for NB-CIFS_TCP protocol
Usage
config protocol nb-cifs_tcp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
base|asq
History
Appears in 9.0.0
Description
Command for NB-CIFS_UDP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for NB-CIFS_UDP protocol
Usage
config protocol nb-cifs_udp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for NB-CIFS_UDP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set NB-CIFS_UDP protocol's common setting
Usage
config protocol nb-cifs_udp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NB-CIFS_UDP protocol
Usage
config protocol nb-cifs_udp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for NB-CIFS_UDP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for NB-CIFS_UDP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NB-CIFS_UDP protocol
Usage
config protocol nb-cifs_udp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for NB-CIFS_UDP protocol
Usage
config protocol nb-cifs_udp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for NB-CIFS_UDP protocol (IPS alarm)
Usage
config protocol nb-cifs_udp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy NB-CIFS_UDP protocol profile
Usage
config protocol nb-cifs_udp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NB-CIFS_UDP protocol
Usage
config protocol nb-cifs_udp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for NB-CIFS_UDP
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for NB-CIFS_UDP protocol
Usage
config protocol nb-cifs_udp profile ips config index=<profile_idx> [Probe=On|Off] [SMB2ReferralFileNameBuffer=<0..65536>] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for NB-CIFS_UDP protocol
Usage
config protocol nb-cifs_udp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for NB-CIFS_UDP protocol
Usage
config protocol nb-cifs_udp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for NB-DGM protocol
Usage
config protocol nb-dgm activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for NB-DGM protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set NB-DGM protocol's common setting
Usage
config protocol nb-dgm common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NB-DGM protocol
Usage
config protocol nb-dgm common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for NB-DGM protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for NB-DGM
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NB-DGM protocol
Usage
config protocol nb-dgm profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for NB-DGM protocol
Usage
config protocol nb-dgm profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for NB-DGM protocol (IPS alarm)
Usage
config protocol nb-dgm profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy NB-DGM protocol profile
Usage
config protocol nb-dgm profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NB-DGM protocol
Usage
config protocol nb-dgm profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for NB-DGM
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for NB-DGM protocol
Usage
config protocol nb-dgm profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for NB-DGM protocol
Usage
config protocol nb-dgm profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for NB-SSN protocol
Usage
config protocol nb-ssn activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for NB-SSN protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set NB-SSN protocol's common setting
Usage
config protocol nb-ssn common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NB-SSN protocol
Usage
config protocol nb-ssn common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for NB-SSN protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for NB-SSN
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NB-SSN protocol
Usage
config protocol nb-ssn profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for NB-SSN protocol
Usage
config protocol nb-ssn profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for NB-SSN protocol (IPS alarm)
Usage
config protocol nb-ssn profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy NB-SSN protocol profile
Usage
config protocol nb-ssn profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NB-SSN protocol
Usage
config protocol nb-ssn profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for NB-SSN
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for NB-SSN protocol
Usage
config protocol nb-ssn profile ips config index=<profile_idx> [AllowTCPUrg=On|Off] [Probe=On|Off] [SMB2ReferralFileNameBuffer=<0..65536>] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for NB-SSN protocol
Usage
config protocol nb-ssn profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for NB-SSN protocol
Usage
config protocol nb-ssn profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for NNTP protocol
Usage
config protocol nntp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for NNTP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set NNTP protocol's common setting
Usage
config protocol nntp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NNTP protocol
Usage
config protocol nntp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for NNTP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for NNTP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NNTP protocol
Usage
config protocol nntp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for NNTP protocol
Usage
config protocol nntp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for NNTP protocol (IPS alarm)
Usage
config protocol nntp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy NNTP protocol profile
Usage
config protocol nntp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for NNTP protocol
Usage
config protocol nntp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for NNTP
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for NNTP protocol
Usage
config protocol nntp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for NNTP protocol
Usage
config protocol nntp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for OSCAR protocol
Usage
config protocol oscar activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for OSCAR protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set OSCAR protocol's common setting
Usage
config protocol oscar common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for OSCAR protocol
Usage
config protocol oscar common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for OSCAR protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for OSCAR
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for OSCAR protocol
Usage
config protocol oscar profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for OSCAR protocol
Usage
config protocol oscar profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for OSCAR protocol (IPS alarm)
Usage
config protocol oscar profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy OSCAR protocol profile
Usage
config protocol oscar profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for OSCAR protocol
Usage
config protocol oscar profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for OSCAR
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for OSCAR protocol
Usage
config protocol oscar profile ips config index=<profile_idx> [AllowTCPUrg=On|Off] [Log=On|Off] [Probe=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for OSCAR protocol
Usage
config protocol oscar profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for OSCAR protocol
Usage
config protocol oscar profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for PGSQL protocol
Usage
config protocol pgsql activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for PGSQL protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set PGSQL protocol's common setting
Usage
config protocol pgsql common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for PGSQL protocol
Usage
config protocol pgsql common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for PGSQL protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for PGSQL
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for PGSQL protocol
Usage
config protocol pgsql profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for PGSQL protocol
Usage
config protocol pgsql profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for PGSQL protocol (IPS alarm)
Usage
config protocol pgsql profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy PGSQL protocol profile
Usage
config protocol pgsql profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for PGSQL protocol
Usage
config protocol pgsql profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for PGSQL
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for PGSQL protocol
Usage
config protocol pgsql profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for PGSQL protocol
Usage
config protocol pgsql profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for POP3 protocol
Usage
config protocol pop3 activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for POP3 protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set POP3 protocol's common setting
Usage
config protocol pop3 common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for POP3 protocol
Usage
config protocol pop3 common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.4
Description
POP3 common proxy configuration
Level
asq+modify
History
Appears in 9.0.4
Description
Common parameters configuration
Usage
config protocol pop3 common proxy config ApplyNat=<0|1>
ApplyNat : Allow outbound connections from proxies to match any NAT rule instead of just dst-only
Returns
Error code
Example
CONFIG PROTOCOL POP3 COMMON PROXY CONFIG ApplyNat=0
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for POP3 protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for POP3
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for POP3 protocol
Usage
config protocol pop3 profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for POP3 protocol
Usage
config protocol pop3 profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for POP3 protocol (IPS alarm)
Usage
config protocol pop3 profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy POP3 protocol profile
Usage
config protocol pop3 profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for POP3 protocol
Usage
config protocol pop3 profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for POP3
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for POP3 protocol
Usage
config protocol pop3 profile ips config index=<profile_idx> [AllowTCPUrg=On|Off] [Log=On|Off] [Probe=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for POP3 protocol
Usage
config protocol pop3 profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Commands to configure pop3 profile settings
Level
asq+modify
History
Appears in 9.0.0
Description
Configure the antivirus part of the pop3 profile
Usage
config protocol pop3 profile proxy antivirus index=<profile index> [OnInfectedPolicy=<pass|block>] [OnFailedPolicy=<pass|block>] [OnFragmentedEmailPolicy=<pass|block>]
Returns
Error code
Example
CONFIG PROTOCOL POP3 PROFILE PROXY ANTIVIRUS index=1 OnInfectedPolicy=pass OnFailedPolicy=pass OnFragmentedEmailPolicy=block
Level
asq+modify
History
Appears in 9.0.0
Description
Configure the authorized cmd of the pop3 profile
Usage
config protocol pop3 profile proxy cmd index=<profile index> <QUIT|CAPA|USER|PASS|APOP|AUTH|STLS|STAT|LIST|RETR|DELE|NOOP|RSET|TOP|UIDL|LAST>=<block|pass|filter>
Returns
Error code
Example
CONFIG PROTOCOL POP3 PROFILE PROXY CMD index=1 QUIT=filter CAPA=filter USER=filter PASS=filter APOP=filter AUTH=filter STLS=block STAT=filter LIST=filter RETR=filter DELE=filter NOOP=filter RSET=filter TOP=filter UIDL=filter LAST=block
Level
asq+modify
History
Appears in 9.0.0
Description
Configure the pop3 profile
Usage
config protocol pop3 profile proxy config index=<profile index> [BindAddr=<binding ip addr>] [FullTransparent=on|off] [WelcomeMsgFiltering=<on|off>]
Returns
Error code
Example
CONFIG PROTOCOL POP3 PROFILE PROXY CONFIG index=1 BindAddr=MyObject MaxDataSize=4096 MaxRecipient=1000 WelcomeMsgFiltering=on
Level
base|asq
History
Appears in 9.0.0
Description
Commands to configure extracmd profile settings
Level
asq+modify
Description
Add additional authorized cmd of the pop3 profile
Usage
config protocol pop3 profile proxy extracmd add index=<profile index> <commandname>
Returns
Error code
Example
CONFIG PROTOCOL POP3 PROFILE PROXY EXTRACMD ADD index=1 NEWCOMMAND
Level
base|asq
History
Appears in 9.0.0
Description
List additional authorized cmd of the pop3 profile
Usage
config protocol pop3 profile proxy extracmd list index=<profile index>
Format
list
Returns
List of all authorized cmds
Example
CONFIG PROTOCOL POP3 PROFILE PROXY EXTRACMD LIST index=1
Level
asq+modify
History
Appears in 9.0.0
Description
Remove additional authorized cmd of the pop3 profile
Usage
config protocol pop3 profile proxy extracmd remove index=<profile index> <commandname>
Returns
Error code
Example
CONFIG PROTOCOL POP3 PROFILE PROXY EXTRACMD REMOVE index=1 NEWCOMMAND
Level
asq+modify
History
Appears in 9.0.0
Description
Configure post processing of the pop3 profile
Usage
config protocol pop3 profile proxy postproc index=<profile index> [policy=<block|pass>] [size=<MaxDataSize in Ko>] [keepalive=<nb of seconds>]
Returns
Error code
Example
CONFIG PROTOCOL POP3 PROFILE PROXY POSTPROC index=1 policy=pass size=4000 keepalive=20
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for POP3 protocol
Usage
config protocol pop3 profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
base|asq
History
Appears in 9.0.0
Description
Alarm commands for protocols
Level
asq+modify
History
Appears in 9.0.0
Description
Reset to a default template alarms for this protocol
Note
if reset=0 or not specified, the command will not reset alarms already user defined
Usage
config protocol profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Dump the alarm configuration for this protocol
Note
if extended=0 or not specified, the command will not show the longmsg and signatures tokens
Usage
config protocol profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Format
section_line
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Example
config protocol http profile alarm show index=1 [Alarm] context=http:url:decoded id=48 action=block level=major dump=0 new=1 origin=profile_template msg="Windows : cmd.exe use or access attempt" modify=1 sensible=0 category="" comment="" context=protocol id=53 action=block level=major dump=0 new=0 origin=profile_template msg="Invalid HTTP protocol" modify=1 sensible=1 category="" comment="" context=http:client id=49 action=block level=major dump=0 new=1 origin=profile_template msg="Malware : PonyDOS botnet detected" modify=1 sensible=0 category="" comment=""
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm (IPS alarm)
Usage
config protocol profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Format
section_line
Returns
Error code
Example
CONFIG PROTOCOL xxx PROFILE ALARM UPDATE index=3 id=0 context=protocol action=block level=minor CONFIG PROTOCOL xxx PROFILE ALARM UPDATE index=3 id=1 context=protocol dump=1 CONFIG PROTOCOL xxx PROFILE ALARM UPDATE index=3 id=2 context=protocol email=on emailduration=20 emailcount=10 CONFIG PROTOCOL xxx PROFILE ALARM UPDATE index=3 id=3 context=protocol level=minor blacklist=on blduration=20 email=off CONFIG PROTOCOL xxx PROFILE ALARM UPDATE index=3 id=4 context=protocol action=pass comment="raised by our software"
Level
base|asq
History
Appears in 9.0.0
Description
List all the config referring to the profile specified by index for the given protocol
Usage
config protocol profile check index=<profile_idx>
Returns
Error code
Example
CONFIG PROTOCOL HTTP PROFILE CHECK index=2
Level
asq+modify
History
Appears in 9.0.0
Description
Copy profile
Usage
config protocol profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset protocol profile's settings to default
Usage
config protocol profile default index=<profile_idx>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Set the protocol profile's IPS settings
Note
AllowTCPUrg argument is only available for protocol over TCP.
Usage
config protocol profile ips config [index=<profile_idx>] [State=<On|Off>] [Probe=<On|Off>] [AllowTCPUrg=<On|Off>] [TemplateAlarm=<high|medium|low|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all available profiles or a specific profile
Usage
config protocol profile list [index=<profile_idx>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Show protocol profile's settings
Usage
config protocol profile show index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Command for PROXY_TCP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for PROXY_TCP protocol
Usage
config protocol proxy_tcp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for PROXY_TCP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set PROXY_TCP protocol's common setting
Usage
config protocol proxy_tcp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for PROXY_TCP protocol
Usage
config protocol proxy_tcp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for PROXY_TCP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for PROXY_TCP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for PROXY_TCP protocol
Usage
config protocol proxy_tcp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for PROXY_TCP protocol
Usage
config protocol proxy_tcp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for PROXY_TCP protocol (IPS alarm)
Usage
config protocol proxy_tcp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy PROXY_TCP protocol profile
Usage
config protocol proxy_tcp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for PROXY_TCP protocol
Usage
config protocol proxy_tcp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for PROXY_TCP
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for PROXY_TCP protocol
Usage
config protocol proxy_tcp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for PROXY_TCP protocol
Usage
config protocol proxy_tcp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
base|asq
History
Appears in 9.0.0
Description
Command for PROXY_UDP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for PROXY_UDP protocol
Usage
config protocol proxy_udp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for PROXY_UDP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set PROXY_UDP protocol's common setting
Usage
config protocol proxy_udp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for PROXY_UDP protocol
Usage
config protocol proxy_udp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for PROXY_UDP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for PROXY_UDP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for PROXY_UDP protocol
Usage
config protocol proxy_udp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for PROXY_UDP protocol
Usage
config protocol proxy_udp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for PROXY_UDP protocol (IPS alarm)
Usage
config protocol proxy_udp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy PROXY_UDP protocol profile
Usage
config protocol proxy_udp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for PROXY_UDP protocol
Usage
config protocol proxy_udp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for PROXY_UDP
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for PROXY_UDP protocol
Usage
config protocol proxy_udp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for PROXY_UDP protocol
Usage
config protocol proxy_udp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for RDP protocol
Usage
config protocol rdp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for RDP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set RDP protocol's common setting
Usage
config protocol rdp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RDP protocol
Usage
config protocol rdp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for RDP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for RDP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RDP protocol
Usage
config protocol rdp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for RDP protocol
Usage
config protocol rdp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for RDP protocol (IPS alarm)
Usage
config protocol rdp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy RDP protocol profile
Usage
config protocol rdp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RDP protocol
Usage
config protocol rdp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for RDP protocol
Usage
config protocol rdp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for RDP protocol
Usage
config protocol rdp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for RIP protocol
Usage
config protocol rip activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for RIP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set RIP protocol's common setting
Usage
config protocol rip common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RIP protocol
Usage
config protocol rip common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for RIP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for RIP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RIP protocol
Usage
config protocol rip profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for RIP protocol
Usage
config protocol rip profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for RIP protocol (IPS alarm)
Usage
config protocol rip profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy RIP protocol profile
Usage
config protocol rip profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RIP protocol
Usage
config protocol rip profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for RIP protocol
Usage
config protocol rip profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for RIP protocol
Usage
config protocol rip profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for RTCP protocol
Usage
config protocol rtcp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for RTCP protocol
Level
asq+modify
History
Appears in 9.0.0
DefaultPort and SSLDefaultPort disappear in 1.0.0
Description
Set RTCP protocol's common setting
Usage
config protocol rtcp common config
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RTCP protocol
Usage
config protocol rtcp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for RTCP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for RTCP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RTCP protocol
Usage
config protocol rtcp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for RTCP protocol
Usage
config protocol rtcp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for RTCP protocol (IPS alarm)
Usage
config protocol rtcp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy RTCP protocol profile
Usage
config protocol rtcp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RTCP protocol
Usage
config protocol rtcp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for RTCP
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for RTCP protocol
Usage
config protocol rtcp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for RTCP protocol
Usage
config protocol rtcp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for RTP protocol
Usage
config protocol rtp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for RTP protocol
Level
asq+modify
History
Appears in 9.0.0
DefaultPort and SSLDefaultPort disappear in 1.0.0
Description
Set RTP protocol's common setting
Usage
config protocol rtp common config
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RTP protocol
Usage
config protocol rtp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for RTP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for RTP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RTP protocol
Usage
config protocol rtp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for RTP protocol
Usage
config protocol rtp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for RTP protocol (IPS alarm)
Usage
config protocol rtp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy RTP protocol profile
Usage
config protocol rtp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RTP protocol
Usage
config protocol rtp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for RTP protocol
Usage
config protocol rtp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for RTP protocol
Usage
config protocol rtp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
base|asq
History
Appears in 9.0.0
Description
Command for RTP_RTCP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for RTP_RTCP protocol
Usage
config protocol rtp_rtcp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for RTP_RTCP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set RTP_RTCP protocol's common setting
Usage
config protocol rtp_rtcp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RTP_RTCP protocol
Usage
config protocol rtp_rtcp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for RTP_RTCP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for RTP_RTCP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RTP_RTCP protocol
Usage
config protocol rtp_rtcp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for RTP_RTCP protocol
Usage
config protocol rtp_rtcp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for RTP_RTCP protocol (IPS alarm)
Usage
config protocol rtp_rtcp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy RTP_RTCP protocol profile
Usage
config protocol rtp_rtcp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for RTP_RTCP protocol
Usage
config protocol rtp_rtcp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for RTP_RTCP
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for RTP_RTCP protocol
Usage
config protocol rtp_rtcp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for RTP_RTCP protocol
Usage
config protocol rtp_rtcp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
base|asq
History
Appears in 9.0.0
Description
Show detailed information about protocols (index=1 if omitted)
Usage
config protocol show [index=<profile_idx>]
Example
CONFIG PROTOCOL SHOW index=0
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for SIP_TCP protocol
Usage
config protocol sip_tcp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for SIP_TCP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set SIP_TCP protocol's common setting
Usage
config protocol sip_tcp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for SIP_TCP protocol
Usage
config protocol sip_tcp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for SIP_TCP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for SIP_TCP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for SIP_TCP protocol
Usage
config protocol sip_tcp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for SIP_TCP protocol
Usage
config protocol sip_tcp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for SIP_TCP protocol (IPS alarm)
Usage
config protocol sip_tcp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy SIP_TCP protocol profile
Usage
config protocol sip_tcp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for SIP_TCP protocol
Usage
config protocol sip_tcp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for SIP_TCP
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for SIP_TCP protocol
Usage
config protocol sip_tcp profile ips config index=<profile_idx> [AllowOp=<string>] [AllowTCPUrg=On|Off] [DenyOp=<string>] [KeepAliveCommand=<string>] [HeaderBuffer=<64..4096>] [Log=On|Off] [MaxPendingRequest=<1..512>] [Messenger=On|Off] [PINT=On|Off] [PassOnFail=On|Off] [Probe=On|Off] [RFC2976=On|Off] [RFC3262=On|Off] [RFC3265=On|Off] [RFC3311=On|Off] [RFC3428=On|Off] [RFC3515=On|Off] [RFC3903=On|Off] [RequestBuffer=<64..4096>] [RequestTimeout=<10..3600>] [SDPBuffer=<64..4096>] [SessionTimeout=<60..604800>] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for SIP_TCP protocol
Usage
config protocol sip_tcp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for SIP_TCP protocol
Usage
config protocol sip_tcp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for SIP_UDP protocol
Usage
config protocol sip_udp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for SIP_UDP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set SIP_UDP protocol's common setting
Usage
config protocol sip_udp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for SIP_UDP protocol
Usage
config protocol sip_udp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for SIP_UDP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for SIP_UDP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for SIP_UDP protocol
Usage
config protocol sip_udp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for SIP_UDP protocol
Usage
config protocol sip_udp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for SIP_UDP protocol (IPS alarm)
Usage
config protocol sip_udp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy SIP_UDP protocol profile
Usage
config protocol sip_udp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for SIP_UDP protocol
Usage
config protocol sip_udp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for SIP_UDP
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for SIP_UDP protocol
Usage
config protocol sip_udp profile ips config index=<profile_idx> [AllowOp=<string>] [DenyOp=<string>] [KeepAliveCommand=<string>] [HeaderBuffer=<64..4096>] [Log=On|Off] [MaxPendingRequest=<1..512>] [Messenger=On|Off] [PINT=On|Off] [PassOnFail=On|Off] [Probe=On|Off] [RFC2976=On|Off] [RFC3262=On|Off] [RFC3265=On|Off] [RFC3311=On|Off] [RFC3428=On|Off] [RFC3515=On|Off] [RFC3903=On|Off] [RequestBuffer=<64..4096>] [RequestTimeout=<10..3600>] [SDPBuffer=<64..4096>] [SessionTimeout=<60..604800>] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for SIP_UDP protocol
Usage
config protocol sip_udp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for SIP_UDP protocol
Usage
config protocol sip_udp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for SMTP protocol
Usage
config protocol smtp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for SMTP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set SMTP protocol's common setting
Usage
config protocol smtp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for SMTP protocol
Usage
config protocol smtp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.4
Description
SMTP common proxy configuration
Level
asq+modify
History
Appears in 9.0.4
Description
Common parameters configuration
Usage
config protocol smtp common proxy config ApplyNat=<0|1>
ApplyNat : Allow outbound connections from proxies to match any NAT rule instead of just dst-only
Returns
Error code
Example
CONFIG PROTOCOL SMTP COMMON PROXY CONFIG ApplyNat=0
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for SMTP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Commands to configure alarm profile settings
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Dump the smtp alarm configuration
Usage
config protocol smtp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Example
CONFIG PROTOCOL SMTP PROFILE ALARM SHOW index=1
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Update the smtp alarm configuration
Usage
config protocol smtp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Example
CONFIG PROTOCOL SMTP PROFILE ALARM UPDATE index=1 id=5 context=smtp:client action=pass level=major
Level
asq+modify
History
Appears in 9.0.0
Description
Copy SMTP protocol profile
Usage
config protocol smtp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for SMTP protocol
Usage
config protocol smtp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for SMTP
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for SMTP protocol
Usage
config protocol smtp profile ips config index=<profile_idx> [AllowOp=<string>] [AllowTCPUrg=On|Off] [BdatSize=<102400..10485760>] [CommandLineLimit=<64..4096>] [DenyOp=<string>] [FilterChunkedExtension=On|Off] [FilterExchangeExtensions=On|Off] [FilterTurningExtensions=On|Off] [HeaderLineLimit=<64..4096>] [Log=On|Off] [Probe=On|Off] [ServerLineLimit=<64..4096>] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>] [Xexch50Size=<102400..1073741824>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for SMTP protocol
Usage
config protocol smtp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Commands to configure smtp profile settings
Level
asq+modify
History
Appears in 9.0.0
Description
Configure the antivirus part of the smtp profile
Usage
config protocol smtp profile proxy antivirus index=<profile index> [OnInfectedPolicy=<pass|block>] [OnFailedPolicy=<pass|block>] [OnFragmentedEmailPolicy=<pass|block>]
Returns
Error code
Example
CONFIG PROTOCOL SMTP PROFILE PROXY ANTIVIRUS index=1 OnInfectedPolicy=pass OnFailedPolicy=pass OnFragmentedEmailPolicy=block
Level
asq+modify
History
Appears in 9.0.0
Description
Configure the authorized cmd of the smtp profile
Usage
config protocol smtp profile proxy cmd index=<profile index> <HELO|MAIL|RCPT|DATA|RSET|SEND|SOML|SAML|VRFY|EXPN|HELP|NOOP|QUIT|TURN|EHLO|ETRN|AUTH|ATRN|BDAT|STARTTLS>=<block|pass|filter>
Returns
Error code
Example
CONFIG PROTOCOL SMTP PROFILE PROXY CMD index=1 HELO=filter MAIL=filter RCPT=filter DATA=filter RSET=filter SEND=block SOML=block SAML=block VRFY=block EXPN=block HELP=filter NOOP=filter QUIT=filter TURN=block EHLO=filter ETRN=filter AUTH=filter ATRN=block BDAT=block STARTTLS=block
Level
asq+modify
History
Appears in 9.0.0
Description
Configure the smtp profile
Usage
config protocol smtp profile proxy config index=<profile index> [BindAddr=<binding ip addr>] [MaxDataSize=<mail data size limit(0=unlimited)>] [MaxRecipient=<max recipients(0=unlimited)>] [WelcomeMsgFiltering=<on|off>] [ForceHeloIP=<on|off>] [MaxLineLength=<1000..2048>] [FullTransparent=on|off]
Returns
Error code
Example
CONFIG PROTOCOL SMTP PROFILE PROXY CONFIG index=1 BindAddr=MyObject MaxDataSize=4096 MaxRecipient=1000 WelcomeMsgFiltering=on ForceHeloIP=off MaxLineLength=1000
Level
base|asq
History
Appears in 9.0.0
Description
Commands to configure extracmd profile settings
Level
asq+modify
History
Appears in 9.0.0
Description
Add additional authorized cmd of the smtp profile
Usage
config protocol smtp profile proxy extracmd add index=<profile index> <commandname>
Returns
Error code
Example
CONFIG PROTOCOL SMTP PROFILE PROXY EXTRACMD ADD index=1 NEWCOMMAND
Level
base|asq
History
Appears in 9.0.0
Description
List additional authorized cmd of the smtp profile
Usage
config protocol smtp profile proxy extracmd list index=<profile index>
Format
list
Returns
List of all authorized cmds
Example
CONFIG PROTOCOL SMTP PROFILE PROXY EXTRACMD LIST index=1
Level
asq+modify
History
Appears in 9.0.0
Description
Remove additional authorized cmd of the smtp profile
Usage
config protocol smtp profile proxy extracmd remove index=<profile index> <commandname>
Returns
Error code
Example
CONFIG PROTOCOL SMTP PROFILE PROXY EXTRACMD REMOVE index=1 NEWCOMMAND
Level
asq+modify
History
Appears in 9.0.0
Description
Configure post processing of the smtp profile
Usage
config protocol smtp profile proxy postproc index=<profile index> [policy=<block|pass>] [size=<MaxDataSize in Ko>] [ServerKeepAlive=<nb of seconds>] [ClientKeepAlive=<nb of seconds>] [ClientKeepAliveCode=<smtp code>]
Returns
Error code
Example
CONFIG PROTOCOL SMTP PROFILE PROXY POSTPROC index=1 policy=pass size=4000 ServerKeepAlive=20 CONFIG PROTOCOL SMTP PROFILE PROXY POSTPROC index=1 ClientKeepAlive=20 ClientKeepAliveCode=250
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for SMTP protocol
Usage
config protocol smtp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for SSH protocol
Usage
config protocol ssh activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for SSH protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set SSH protocol's common setting
Usage
config protocol ssh common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for SSH protocol
Usage
config protocol ssh common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for SSH protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for SSH
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for SSH protocol
Usage
config protocol ssh profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for SSH protocol
Usage
config protocol ssh profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for SSH protocol (IPS alarm)
Usage
config protocol ssh profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy SSH protocol profile
Usage
config protocol ssh profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for SSH protocol
Usage
config protocol ssh profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for SSH protocol
Usage
config protocol ssh profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for SSH protocol
Usage
config protocol ssh profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for SSL protocol
Usage
config protocol ssl activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for SSL protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set SSL protocol's common setting
Usage
config protocol ssl common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for SSL protocol
Usage
config protocol ssl common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Certificates Authority Management
Level
unknown
Description
Custom Certificates Authority Management
Level
asq+modify
History
Appears in 9.0.0
Description
Add the specified custom certificate authority
Usage
config protocol ssl common proxy ca custom add <custom certificate object to add>
Returns
Error code
Example
CONFIG PROTOCOL SSL COMMON PROXY CA CUSTOM ADD CANetasq.pem
Level
base|asq
History
Appears in 9.0.0
Description
Show the Custom Certificates Authority list
Note
show the list of all used Custom Certificates Authority
Usage
config protocol ssl common proxy ca custom list
Format
list
Returns
Error Code
Example
CONFIG PROTOCOL SSL COMMON PROXY CA CUSTOM LIST
Level
asq+modify
History
Appears in 9.0.0
Description
Remove specified custom certificates authority
Usage
config protocol ssl common proxy ca custom remove <custom certificate object to remove>
Returns
Error Code
Example
CONFIG PROTOCOL SSL COMMON PROXY CA CUSTOM REMOVE CANetasq
Level
base|asq
History
Appears in 9.0.0
Description
Trusted Certificates Authority Management
Level
asq+modify
History
Appears in 9.0.0
Description
Disable all the trusted certificates authority, or just the specified certificate object
Usage
config protocol ssl common proxy ca trusted disable all|<trusted certificate file name to disable>
all : disable all trusted certificates authority for proxy ssl
<trusted certificate file name> : disable the specified certificate file name
Returns
Error Code
Example
CONFIG PROTOCOL SSL COMMON PROXY CA TRUSTED DISABLE all CONFIG PROTOCOL SSL COMMON PROXY CA TRUSTED DISABLE ddc328ff.0
Level
asq+modify
History
Appears in 9.0.0
Description
Enable all trusted certificates authority, or just the specified file
Usage
config protocol ssl common proxy ca trusted enable all|<trusted certificate file name to enable>
all : enable all trusted certificates authority for proxy ssl
<trusted certificate file name> : enable the specified certificate file name
Returns
Error Code
Example
CONFIG PROTOCOL SSL COMMON PROXY CA TRUSTED ENABLE all CONFIG PROTOCOL SSL COMMON PROXY CA TRUSTED ENABLE ddc328ff.0
Level
base|asq
History
Appears in 9.0.0
Description
Show the Trusted Certificates Authority list
Usage
config protocol ssl common proxy ca trusted list all|enabled|disabled
The trusted list is already embedded on the IPS
all : show the list of all available trusted Certificates Authority with a status before : Enabled or Disabled
enabled : show the list of trusted Certificates Authority used by the proxy SSL
disabled : show the list of trusted Certificates Authority not used by the proxy SSL
Format
section_line
Returns
Error Code
Example
CONFIG PROTOCOL SSL COMMON PROXY CA TRUSTED LIST all CONFIG PROTOCOL SSL COMMON PROXY CA TRUSTED LIST enabled
Level
base|asq
History
Appears in 1.0.0
Description
SSL Proxy Certificates Management
Level
base|asq
History
Appears in 1.0.0
Description
SSL Proxy Trusted Certificates Management
Level
asq+modify
History
Appears in 1.0.0
Description
Add a certificate in the trusted store
Usage
config protocol ssl common proxy cert trusted add cert=<trusted certificate file name>
Returns
Error Code
Example
CONFIG PROTOCOL SSL COMMON PROXY CERT TRUSTED ADD cert="An authority:Its certificate"
Level
base|asq
History
Appears in 1.0.0
Description
List the trusted certificates. Act as a whitelist for bypass SSL checks
Usage
config protocol ssl common proxy cert trusted list
Format
list
Example
CONFIG PROTOCOL SSL COMMON PROXY CERT TRUSTED LIST [Result] 1="An authority:Its certificate"
Level
asq+modify
History
Appears in 9.0.0
Description
Common parameters configuration
Usage
config protocol ssl common proxy config [CipherLevelAlgorithm=low|medium|high] [NbMaxFakeCertif=<integer>] [CacheIpSize=<integer>] [FakeCertifValidityDate=<integer>] [CaCustom=<0|1>] [CATrusted=<All|None|exception>] [CA=<authorityName> CAPassphrase=<pass>] [ApplyNat=<0|1>]
CipherLevelAlgorithm : Cipherlevel is a combination of authorized cipher algorithm composed with : low, medium, high
NbMaxFakeCertif : Limit for the number of fake-certificate saved on the ramdrive
CacheIpSize : Nb of entries for the IP cache
FakeCertifValidityDate : Nb of days for the fake-certificate validity
CaCustom : Enable 1 | Disable 0
CATrusted : Copy the Trusted CA to the verify directory
CA : The authority who sign the fake certificates
CAPassphrase : The passphrase of the authority
ApplyNat : Allow outbound connections from proxies to match any NAT rule instead of just dst-only
Returns
Error code
Example
CONFIG PROTOCOL SSL COMMON PROXY CONFIG CipherLevelAlgorithm=low,high CONFIG PROTOCOL SSL COMMON PROXY CONFIG CA=ca_name CAPassphrase=mdp
Level
asq+modify
History
Appears in 1.2.0
Description
Configure the ssl protocol used in proxy ssl
Usage
config protocol ssl common proxy sslprotocol [SSLv3=<on|off>] [TLSv1_0=<on|off>] [TLSv1_1=<on|off>] [TLSv1_2=<on|off>]
Returns
Error code
Example
CONFIG PROTOCOL SSL COMMON PROXY SSLPROTOCOL SSLv3=off TLSv1_0=on TLSv1_1=on TLSv1_2=on
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for SSL protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for SSL
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for SSL protocol
Usage
config protocol ssl profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for SSL protocol
Usage
config protocol ssl profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for SSL protocol (IPS alarm)
Usage
config protocol ssl profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy SSL protocol profile
Usage
config protocol ssl profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for SSL protocol
Usage
config protocol ssl profile default index=<profile_idx>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0BlockSkype disapear in 9.1.0
Description
IPS settings for SSL protocol
Usage
config protocol ssl profile ips config index=<profile_idx> [AllowTCPUrg=On|Off] [Cipherlevel=<1..31>] [Log=On|Off] [PlainData=<1..3>] [Probe=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for SSL protocol
Usage
config protocol ssl profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Commands to configure ssl profile settings
Level
asq+modify
History
RevocCheckFailPolicy appears in 1.0.0
Description
Configure the ssl profile
Usage
config protocol ssl profile proxy config index=<profile_index> [BindAddr=<binding ip addr>] [OnFailedPolicy=<block|nodecrypt>] [UntrustedCAPolicy=<block|nodecrypt>] [SelfSignedCertifPolicy=<block|filter>] [ValidityDatePolicy=<block|filter>] [FullTransparent=on|off] [ContentInspection=on|off] [OnInvalidName=<block|filter>] [RevocCheckFailPolicy=<block|filter>]
index : profile number
BindAddr : bind the source IP address
OnFailedPolicy : block|nodecrypt SSL policy for error cases
OnInvalidName : block|Filter SSL policy for invalid name cases
UntrustedCAPolicy : block|nodecrypt SSL policy for untrusted CA
SelfSignedCertifPolicy : Block|Filter Auto signed certificate Policy
ValidityDatePolicy : Block|Filter Validity date Policy
RevocCheckFailPolicy : Block|Filter Revocation check fails policy
FullTransparent : Disable/enable full transparent mode
ContentInspection : Enable/disable content inspection, disable implies bypass inspection analysis
Returns
Error code
Example
CONFIG PROTOCOL SSL PROFILE PROXY CONFIG index=1 OnFailedPolicy=block UntrustedCAPolicy=nodecrypt SelfSignedCertifPolicy=filter ValidityDatePolicy=block
Level
asq+modify
History
Appears in 9.1.0
Description
Configure the SSLFiltering part of the SSL proxy
Usage
config protocol ssl profile proxy sslfiltering index=<profile index> OnFailedPolicy=<pass|block>
OnFailedPolicy : Pass means continue with the next sslfiltering rules
Returns
Error code
Example
CONFIG PROTOCOL SSL PROFILE PROXY SSLFILTERING index=1 OnFailedPolicy=block
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for SSL protocol
Usage
config protocol ssl profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for TCPUDP protocol
Usage
config protocol tcpudp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for TCPUDP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set TCPUDP protocol's common setting
Usage
config protocol tcpudp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for TCPUDP protocol
Usage
config protocol tcpudp common default
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Configure common settings for tcp/udp
Usage
config protocol tcpudp common ips config [PortScanRate=<0..16>] [UserRemoveState=On|Off]
Returns
Error code
Example
CONFIG PROTOCOL TCPUDP COMMON IPS CONFIG PortScanRate=10 UserRemoveState=On
Level
asq+modify
History
Appears in 9.0.0
Description
Configure connection profile settings for tcp/udp
Usage
config protocol tcpudp common ips connection [HalfOpen=On|Off] [PurgeTimeout=<2..172800>] [LogTCP=On|Off] [LogUDP=On|Off]
Returns
Error code
Example
CONFIG PROTOCOL TCPUDP COMMON IPS CONNECTION LogTCP=On LogUDP=Off
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for TCPUDP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for TCPUDP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for TCPUDP protocol
Usage
config protocol tcpudp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for TCPUDP protocol
Usage
config protocol tcpudp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for TCPUDP protocol (IPS alarm)
Usage
config protocol tcpudp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy TCPUDP protocol profile
Usage
config protocol tcpudp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for TCPUDP protocol
Usage
config protocol tcpudp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for TCPUDP
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for TCPUDP protocol
Usage
config protocol tcpudp profile ips config index=<profile_idx> [AllowTCPUrg=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Configure profile settings for tcp/udp IPS connection
Usage
config protocol tcpudp profile ips connection [ClosedTimeout=<2..60>] [SecureTCP=(On|Off)] [HalfCloseTimeout=<2..3600>] [MSSLimit=<0|100..65535>] [SeqRewrite=(On|Off)] [SkeletonTimeout=<2..60>] [SYNTimeout=<2..60>] [TCPDataTimeout=<30..604800>] [UDPDataTimeout=<30..3600>] [TCPSmallWindowTimeout=<5..604800>] [TCPClosedFastReuse=(On|Off)] [ProbeTimeout=<100..60000>] [StalledTimeout=<8..60480>]
Returns
Error code
Example
CONFIG PROTOCOL TCPUDP PROFILE IPS CONNECTION ClosedTimeout=42
Level
asq+modify
History
Appears in 9.0.0
Description
Configure profile settings for tcp/udp synproxy
Usage
config protocol tcpudp profile ips synproxy [State=On|Off] [Sack=On|Off] [MSSLimit=<0|100..65535>] [AllConn=On|Off]
Returns
Error code
Example
CONFIG PROTOCOL TCPUDP PROFILE IPS SYNPROXY
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for TCPUDP protocol
Usage
config protocol tcpudp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for TCPUDP protocol
Usage
config protocol tcpudp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for TELNET protocol
Usage
config protocol telnet activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for TELNET protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set TELNET protocol's common setting
Usage
config protocol telnet common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for TELNET protocol
Usage
config protocol telnet common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for TELNET protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for TELNET
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for TELNET protocol
Usage
config protocol telnet profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for TELNET protocol
Usage
config protocol telnet profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for TELNET protocol (IPS alarm)
Usage
config protocol telnet profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy TELNET protocol profile
Usage
config protocol telnet profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for TELNET protocol
Usage
config protocol telnet profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for TELNET
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for TELNET protocol
Usage
config protocol telnet profile ips config index=<profile_idx> [AllowTCPUrg=On|Off] [Probe=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for TELNET protocol
Usage
config protocol telnet profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for TELNET protocol
Usage
config protocol telnet profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for TEREDO protocol
Usage
config protocol teredo activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for TEREDO protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set TEREDO protocol's common setting
Usage
config protocol teredo common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for TEREDO protocol
Usage
config protocol teredo common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for TEREDO protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for TEREDO
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for TEREDO protocol
Usage
config protocol teredo profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for TEREDO protocol
Usage
config protocol teredo profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for TEREDO protocol (IPS alarm)
Usage
config protocol teredo profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy TEREDO protocol profile
Usage
config protocol teredo profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for TEREDO protocol
Usage
config protocol teredo profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for TEREDO
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for TEREDO protocol
Usage
config protocol teredo profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for TEREDO protocol
Usage
config protocol teredo profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for TFTP protocol
Usage
config protocol tftp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for TFTP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set TFTP protocol's common setting
Usage
config protocol tftp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for TFTP protocol
Usage
config protocol tftp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for TFTP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for TFTP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for TFTP protocol
Usage
config protocol tftp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for TFTP protocol
Usage
config protocol tftp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for TFTP protocol (IPS alarm)
Usage
config protocol tftp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy TFTP protocol profile
Usage
config protocol tftp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for TFTP protocol
Usage
config protocol tftp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for TFTP
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for TFTP protocol
Usage
config protocol tftp profile ips config index=<profile_idx> [FileBuffer=<64..512>] [Log=On|Off] [PassOnFail=On|Off] [Probe=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for TFTP protocol
Usage
config protocol tftp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for TFTP protocol
Usage
config protocol tftp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for XMPP protocol
Usage
config protocol xmpp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for XMPP protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set XMPP protocol's common setting
Usage
config protocol xmpp common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for XMPP protocol
Usage
config protocol xmpp common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for XMPP protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for XMPP
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for XMPP protocol
Usage
config protocol xmpp profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for XMPP protocol
Usage
config protocol xmpp profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for XMPP protocol (IPS alarm)
Usage
config protocol xmpp profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy XMPP protocol profile
Usage
config protocol xmpp profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for XMPP protocol
Usage
config protocol xmpp profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for XMPP
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for XMPP protocol
Usage
config protocol xmpp profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for XMPP protocol
Usage
config protocol xmpp profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
asq+modify
History
Appears in 9.0.0
Description
Activate configuration for YMSG protocol
Usage
config protocol ymsg activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Common command for YMSG protocol
Level
asq+modify
History
Appears in 9.0.0
Description
Set YMSG protocol's common setting
Usage
config protocol ymsg common config [DefaultPort=<service_group_list>|<service_list>] [SSLDefaultPort=<service_list>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for YMSG protocol
Usage
config protocol ymsg common default
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Profile setting for YMSG protocol
Level
base|asq
History
Appears in 9.0.0
Description
Common commands for YMSG
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for YMSG protocol
Usage
config protocol ymsg profile alarm default index=<profile index> template=(high|medium|low|internet|"") [reset=0|1]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
reaction split to blacklist and email in 9.1.0
comment appears in 9.1.0
Description
Show profile's settings for YMSG protocol
Usage
config protocol ymsg profile alarm show index=<profile index> [context=(protocol|<ASQ context name>)] [extended=0|1]
Returns
context=<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> modify=(0|1) sensible=(0|1) category=<category> comment="<comment>" [longmsg=<detailed message>] [signatures=<number of variants>]
Level
asq+modify
History
Appears in 9.0.0
Reaction split to blacklist and email in 9.1.0
Comment appears in 9.1.0
Description
Configure ASQ alarm for YMSG protocol (IPS alarm)
Usage
config protocol ymsg profile alarm update index=<profile index> id=<int> context=(protocol|<ASQ context name>) [action=(pass|block)] [level=(minor|major|ignore)] [dump=(0|1)] [email=off | email=on emailduration=<seconds> emailcount=<int>] [blacklist=off | blacklist=on blduration=<minutes>] [comment=<string>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Copy YMSG protocol profile
Usage
config protocol ymsg profile copy index=<profile_idx> to=<0..9>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Reset profile's settings to default for YMSG protocol
Usage
config protocol ymsg profile default index=<profile_idx>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
IPS commands for YMSG
Level
asq+modify
History
Appears in 9.0.0
Description
IPS settings for YMSG protocol
Usage
config protocol ymsg profile ips config index=<profile_idx> [AllowTCPUrg=On|Off] [Log=On|Off] [Probe=On|Off] [State=On|Off] [TemplateAlarm=<low|medium|high|internet>]
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
List all profiles or a specific profile for YMSG protocol
Usage
config protocol ymsg profile list [index=<profile_idx>]
Returns
[00] name="default" lastmod="2011-02-23 10:47:45" ...
Level
base|asq
History
Appears in 9.0.0
Description
Show profile's settings for YMSG protocol
Usage
config protocol ymsg profile show index=<profile_idx>
Returns
[Common] [IPS] State=1 Log=1 Probe=1 ...
Level
base
History
Appears in 7.0.0
Description
Configure the proactive vulnerability management module
Level
pvm+modify
History
Appears in 7.0.0
Description
Activate or discard changes of the last configuration operations
Usage
config pvm activate [CANCEL]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded.
Returns
Error code
Implementation notes
run enasq
Example
> CONFIG PVM ACTIVATE 100 code=00a00100 msg="Ok"
Level
base
History
Appears in 7.0.0
Description
Get informations about vulnerabilities of the proactive vulnerability management module
Level
pvm
History
Appears in 7.0.0
Description
Return the list of vulnerability family names with their id
Usage
config pvm data family
Returns
<family_id>=<family_name>
Example
> CONFIG PVM DATA FAMILY 101 code=00a01000 msg="Début" 1="web server" 2="web client" ... 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 7.0.0
Description
Return the list of vulnerability severity names with their id
Usage
config pvm data severity
Returns
<severity_id>=<severity_label>
Example
> CONFIG PVM DATA SEVERITYLIST 101 code=00a01000 msg="Début" 0=null 1=low ... 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 7.0.0
FORMAT Appears in 9.0.0
Description
Return the list of informations about vulnerabilities of the proactive vulnerability management module
Note
if PvmId is not present, all vulnerabilities are returned
Usage
config pvm data vuln [PvmId=<vuln_id>]
Format
section_line
Returns
id : vulnerability id name : vulnerability's name family : vulnerability's family id severity : vulnerability's severity id date : vulnerability's discovery date targetclient : true if affected product is a client targetserver : true if affected product is a server remote : true if the vulnerability could be exploited remotely
Example
> CONFIG PVM DATA VULN 101 code=00a01000 msg="Début" id=x name=x family=x severity=x date=x targetclient=x targetserver=x remote=x id=x name=x family=x severity=x date=x targetclient=x targetserver=x remote=x 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears 9.0.0
Description
Set the mailgroups to which the pvm emails will be sent (set to empty to disable email)
Usage
config pvm email [mail1=<email_group>|""] [mail2=<email_group>|""]
Returns
Error code
Implementation notes
mail1 is the detailed mail mail2 is the summary mail
Level
base
History
Appears in 7.0.0
Description
Configure monitored hosts and which profile must be used for them
Level
pvm+modify
History
Appears in 7.0.0
Description
Associate a machine, network or group with a profile or exclude it from monitoring
Usage
config pvm hostlist add Host=<host|network|group> ( Type=included Profile=<profile_name> | Type=excluded )
Returns
Error code
Example
> CONFIG PVM HOSTLIST ADD Type=included Host=x Profile=x 100 code=00a00100 msg="Ok" > CONFIG PVM HOSTLIST ADD Type=excluded Host=x 100 code=00a00100 msg="Ok"
Level
pvm+modify
History
Appears in 7.0.0
Description
Clear the monitored list or the excluded list
Usage
config pvm hostlist clear Type=included|excluded
Returns
Error code
Example
> CONFIG PVM HOSTLIST CLEAR Type=included 100 code=00a00100 msg="Ok"
Level
pvm+modify
History
Appears in 7.0.0
Description
Remove the object from the monitored list or the excluded list
Usage
config pvm hostlist remove Type=included|excluded Host=<host|network|group>
Returns
Error code
Example
> CONFIG PVM HOSTLIST REMOVE Type=included Host=x 100 code=00a00100 msg="Ok"
Level
base
History
Appears in 7.0.0
FORMAT Appears in 9.0.0
Description
Show the monitored list and the excluded list
Usage
config pvm hostlist show
Format
section_line
Returns
host : object name that represent the host, the network or the groupprofile : profile name associated with the oject
Example
> CONFIG PVM HOSTLIST SHOW 101 code=00a01000 msg="Début" [included]host=x profile=x host=x profile=x [excluded]host=x host=x 100 code=00a00100 msg="Ok"
Level
base
History
Appears in 7.0.0
Description
Set profiles which associate actions with vulnerability criterias
Level
pvm+modify
History
Appears in 7.0.0
Description
Remove all lines from a profile
Usage
config pvm profile clear Profile=<profile_name>
Returns
Error code
Example
> CONFIG PVM PROFILE CLEAR Profile=x 100 code=00a00100 msg="Ok"
Level
pvm+modify
History
Appears in 7.0.0
Description
Create a new profile
Usage
config pvm profile create Profile=<profile_name> [Comment=<any_comment>]
Returns
Error code
Example
> CONFIG PVM PROFILE CREATE Profile=x 100 code=00a00100 msg="Ok"
Level
pvm+modify
History
Appears in 7.0.0
Description
Add a line to a profile
Note
LineId must be equal to the last line id + 1
Usage
config pvm profile line add Profile=<profile_name> LineId=<line_id> state=1|0 ( vulnlist=1 | ( [family=<family_id>]
[targetclient=1|0] [targetserver=1|0] [remote=1|0] [severity=x] ) ) [level=<minor|major>]
[mail1=<email_group>] [mail2=<email_group>] [comment=x]
Returns
Error code
Example
> CONFIG PVM PROFILE LINE ADD Profile=x LineId=x state=1 family=x level=minor 100 code=00a00100 msg="Ok"
Level
pvm+modify
History
Appears in 7.0.0
Description
Remove a line from a profile
Note
LineId must be equal to the last line id
Usage
config pvm profile line remove Profile=<profile_name> LineId=<line_id>
Returns
Error code
Example
> CONFIG PVM PROFILE LINE REMOVE Profile=x LineId=x 100 code=00a00100 msg="Ok"
Level
pvm+modify
History
Appears in 7.0.0
Description
Update a line in a profile
Note
LineId must already exists
Usage
config pvm profile line update Profile=<profile_name> LineId=<line_id> state=1|0 ( vulnlist=1 | ( [family=<family_id>]
[targetclient=1|0] [targetserver=1|0] [remote=1|0] [severity=x] ) ) [level=<minor|major>]
[mail1=<email_group>] [mail2=<email_group>] [comment=x]
Returns
Error code
Example
> CONFIG PVM PROFILE LINE UPDATE Profile=x LineId=x state=1 family=x alertlevel=minor 100 code=00a00100 msg="Ok"
Level
base
History
Appears in 7.0.0
FORMAT Appears in 9.0.0
Description
List all defined profiles
Usage
config pvm profile list
Format
section_line
Returns
profile : profile namecomment : comment associated with the profile
Example
> CONFIG PVM PROFILE LIST 101 code=00a01000 msg="Début" profile=profile1 comment=x profile=profile2 comment=x 100 code=00a00100 msg="Ok"
Level
pvm+modify
History
Appears in 7.0.0
Description
Remove a profile
Usage
config pvm profile remove Profile=<profile_name>
Returns
Error code
Example
> CONFIG PVM PROFILE REMOVE Profile=x 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 7.0.0
Description
Show a profile definition
Note
vulnerability criteria (family, targetclient, targetserver, remote and severity) not present means any
level not present means ignore
mail1 and mail2 not present means no mail
if vulnlist is present no vulnerability criteria could be present, vuln ids are retrieved by 'CONFIG PVM PROFILE VULN SHOW'
Usage
config pvm profile show Profile=<profile_name>
Returns
[<line_id>] state=1|0 family=<family_id> targetclient=1|0 targetserver=1|0 remote=1|0 severity=x level=<minor|major> mail1=<email_group> mail2=<email_group> comment=x [<line_id>] state=1|0 vulnlist=1 level=<minor|major> mail1=<email_group> mail2=<email_group> comment=x ...
Example
> CONFIG PVM PROFILE SHOW Profile=x 101 code=00a01000 msg="Début" [1] state=1 family=21 level=minor mail1=g1 [2] state=1 vulnlist=1 level=major mail1=g1 mail2=g1 [3] state=1 severity=4 level=major 100 code=00a00100 msg="Ok"
Level
pvm+modify
History
Appears in 7.0.0
Description
Modify a profile
Usage
config pvm profile update Profile=<profile_name> Comment=<any_comment>
Returns
Error code
Example
> CONFIG PVM PROFILE CREATE Profile=x Comment=x 100 code=00a00100 msg="Ok"
Level
base
History
Appears in 7.0.0
Description
Manage vuln id explicitly associated with a line of a profile
Level
pvm+modify
History
Appears in 7.0.0
Description
Associate a vulnerability id with a line of a profile
Note
the profile line must have no vulnerability criteria set
Usage
config pvm profile vuln add Profile=<profile_name> LineId=<line_id> PvmId=<vuln_id>
Returns
Error code
Example
> CONFIG PVM PROFILE VULN ADD profile=x LineId=x PvmId=x 100 code=00a00100 msg="Ok"
Level
pvm+modify
History
Appears in 7.0.0
Description
Remove all vulnerability ids associated with a line of a profile
Usage
config pvm profile vuln clear Profile=<profile_name> LineId=<line_id>
Returns
Error code
Example
> CONFIG PVM PROFILE VULN CLEAR profile=x LineId=x 100 code=00a00100 msg="Ok"
Level
pvm+modify
History
Appears in 7.0.0
Description
Remove a vulnerability id from the line of a profile association
Usage
config pvm profile vuln remove Profile=<profile_name> LineId=<line_id> PvmId=<vuln_id>
Returns
Error code
Example
> CONFIG PVM PROFILE VULN REMOVE profile=x LineId=x PvmId=x 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 7.0.0
FORMAT Appears in 9.0.0
Description
Return the list of vulnerability id associated with a line of a profile
Usage
config pvm profile vuln show Profile=<profile_name> LineId=<line_id>
Format
list
Returns
list of vulnerability id
Example
> CONFIG PVM PROFILE VULN SHOW profile=x LineId=x 101 code=00a01000 msg="Début" 100221 122333 100 code=00a00100 msg="Ok"
Level
base
History
Appears in 7.0.0
Description
Return the global proactive vulnerability management module configuration
Usage
config pvm show
Returns
state : the state of the module if there is no parameteventttl : the value in seconds of the timeout of events
Example
> CONFIG PVM SHOW 101 code=00a01000 msg="Début" [Result] State=On EventTTL=86400 mail1=<email_group> mail2=<email_group> 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 7.0.0
Description
Enable, disable or return the state of the proactive vulnerability management module
Note
Modify level is required to update the state value
Usage
config pvm state [On|Off]
Returns
return the state of the module if there is no parameter
Example
> CONFIG PVM STATE On 100 code=00a00100 msg="Ok" > CONFIG PVM STATE 101 code=00a01000 msg="Début" [Result] State=On 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 7.0.0
Description
Set how long vulnerabilities are stored in the proactive vulnerability management module
Note
Modify level is required to update value
Usage
config pvm timeout [EventTTL=<timeout_in_seconds>]
Returns
return the value in seconds of the timeout of events
Implementation notes
if a vulnerability is detected again within this period, its countdown is reset if countdown reaches zero, the vulnerability is discarded
Example
> CONFIG PVM TIMEOUT EventTTL=86400 100 code=00a00100 msg="Ok" > CONFIG PVM TIMEOUT 101 code=00a01000 msg="Début" [Result] EventTTL=86400 100 code=00a00100 msg="Ok"
Level
base
History
level base Appears in 6.0.0
level other deprecated in 6.0.0
Description
Command to manage raid
Level
maintenance+modify
History
Appears in 8.1.0
Description
Create raid array if it is not done automaticaly. Reboot is needed after this operation.
Usage
config raid create
Level
maintenance+modify
History
level maintenance Appears in 6.0.0
level other deprecated in 6.0.0
Description
Force the hotspare's status to be optimal
Usage
config raid hotspare physical number of the drive (min = 1)
Level
report+modify
History
Appears in 9.1.0
Description
Activate report configuration changes
Usage
config report activate No arguments : changes are activated immediately
CANCEL : Changes are discarded
NEXTBOOT : Changes will be activated on next boot
Example
CONFIG REPORT ACTIVATE
Level
base
History
Appears in 9.1.0
Description
Display reports configuration
Note
if "report" is specified, only the configuration of this specific report will be displayed
Usage
config report show [report=<report_id>] (default: all reports)
[useclone=(0|1)] (default: 0)
[extra=(0|1)] : if 1, will display additionnal informations that may take time to compute (default: 0)
Returns
[Global] State=(0|1) : global state of the reporting functionality Size=123456 : size of the report database [<report id 1>] : report id Comment="" : description of the report State=(0|1) : indicates if the report is enabled [<report id 2>] Comment="" State=(0|1) (...)
Example
CONFIG REPORT SHOW CONFIG REPORT SHOW report=top_ips_alarms CONFIG REPORT SHOW extra=1
Level
base
History
Appears in 9.1.0
Description
Enable or disable reporting
Note
If "report" is specified, only the configuration of this specific report will be displayed.
If reporting is disabled, the report database will remain in place, untouched. You have todelete the report database yourselves if you don't want to keep the values (see REPORT RESET)
Usage
config report state [(on|off)]
Returns
State=(0|1) : State of reporting (only if no argument is specified)
Example
CONFIG REPORT STATE CONFIG REPORT STATE off
Level
report+modify
History
Appears in 9.1.0
Description
Change report configuration
Usage
config report update report=<report_id> : report for which we want to update the configuration
state=(0|1) : new report state (disabled/enabled)
Example
CONFIG REPORT UPDATE report=top_ips_alarms state=0
Level
maintenance+modify
History
level maintenance Appears in 6.0.0
level admin deprecated in 6.0.0
usb Appears in 6.1.0refresh appears in 8.1.4
Description
Restores full or partial configuration (complete list of available items is provided by SYSTEM BACKUP command) refresh token (default 0), when set to 1, refresh all (except network) firewall configuration, and does not require user to reboot if services successfully restarted.
Note
usb option is used to get the backup from usb token instead of filefwserial is only valid when HA is configured
Usage
config restore list=<all|network|global|object|global_object|filter|filterslotxx|global_filter|global_filterslotxx|vpn|ldap|urlfiltering|sslfiltering|urlgroup|global|pattern|secure|autoupdate|services|mailfiltering|dhcp|ntp|dns|snmp|pvm|cert|securityinspection|vpn-ssl|vpn-pptp|event-rules|qos|auth|webadmin|statusweight|log|route|sysevent|bird|antispam|mailgroup|communication|system|serverd|reports> [refresh=0|1] [password=<password protection>] [usb=0|1] [fwserial=(all|local|<serial>)]
Returns
Error code
Example
CONFIG RESTORE list=all password=adminadmin CONFIG RESTORE list=all refresh=1 CONFIG RESTORE list=all usb=1
Level
base
History
Appears in 6.0.0
Description
Secure configuration with usb token configuration
Level
maintenance+modify
History
Appears in 6.0.0
level changes from other,modify to maintenance,modify in 9.0.0
Description
Add configuration file in secure mode
Note
configuration must be loaded first
Usage
config secure add <filename>
Returns
Error code
Example
CONFIG SECURE ADD "/usr/Firewall/ConfigFiles/key"
Level
maintenance
History
Appears in 6.1.0
Description
Create a backup (.na) of Secure Configuration
Note
configuration must be loaded before
Usage
config secure backup [comment=<a description>] [password=<password protection>]
Returns
The backup file
Example
CONFIG SECURE BACKUP comment="backup of usb token key" CONFIG SECURE BACKUP password="mypassword"
Level
maintenance+modify
History
Appears in 6.0.0
level changes from other,modify to maintenance,modify in 9.0.0
Description
Mount usb token (if found), initialize secure conf, generate and update key material on USB token
Note
USB token is required
Usage
config secure initialize
Returns
Error code
Implementation notes
Generate cryptographic material and put them on USB token
Example
CONFIG SECURE INITIALIZE
Level
base
History
Appears in 6.0.0
FORMAT Appears in 9.0.0
Description
List the file that may be added on secure mode
Usage
config secure list
Format
list
Returns
the list of file (on category) that may be secured
Example
CONFIG SECURE LIST[network] /usr/Firewall/ConfigFiles/network /usr/Firewall/ConfigFiles/object /usr/Firewall/ConfigFiles/Global/object ... [ha] /usr/Firewall/ConfigFiles/highavailability ... [vpn] /usr/Firewall/ConfigFiles/key ...
Level
maintenance+modify
History
Appears in 6.1.0
level changes from other,modify to maintenance,modify in 9.0.0
Description
Load configuration from usb token (if found)
Note
USB token is required
Usage
config secure load
Returns
Error code
Implementation notes
load cryptographic material from usb token and copy them to ramdrive (created if not exist)
Example
CONFIG SECURE LOAD
Level
maintenance+modify
History
Appears in 6.0.0
all Appears in 6.1.0
level changes from other,modify to maintenance,modify in 9.0.0
Description
Remove one or all file(s) from secure configuration mode
Note
configuration must be loaded first
Usage
config secure remove <filename>|all
Returns
Error code
Example
CONFIG SECURE REMOVE "/usr/Firewall/ConfigFiles/key" CONFIG SECURE REMOVE all
Level
maintenance+modify
History
Appears in 6.1.0
Description
Restore a backup (.na) of the Secure Configuration on usb token
Note
USB token is required (restore is doing on it)
Usage
config secure restore [password=<password protection>]
Returns
Error code
Example
CONFIG SECURE RESTORE
Level
base
History
Appears in 6.1.0
level changes from other to base in 9.0.0
Description
Show the secured files and information of status
Usage
config secure show
Returns
[Config] IsLoaded=0|1 NbFile=<number of secure file> UsbToken=NotInitialize|Initialize|NotFound AutoSync=<number of minutes between each synchronisation> [Files] path of file 1 ... path of file n
Example
CONFIG SECURE SHOW [Config] IsLoaded=0 UsbToken=NotFound NbFile=0 AutoSync=0 [Files]
Level
maintenance
History
Appears in 6.0.0
level changes from other to maintenance in 9.0.0
Description
Activate or desactivate use of secure mode
Note
if some file are in secure mode and state is off, this file are not loadedModify level is required to update the state value
Usage
config secure state [On|Off]
Returns
The current value (case of no arg) or error code
Implementation notes
if state is on, we check usb token in boot sequence
Example
CONFIG SECURE STATE CONFIG SECURE STATE on
Level
maintenance+modify
History
Appears in 6.0.0
auto Appears in 6.1.0
level changes from other,modify to maintenance,modify in 9.0.0
Description
Synchronize file which are in secure mode (in automatic or manual mode)
Note
Configuration must be loaded first. To stop automatic mode call with auto=0THe number of minutes must be in [0, 1440[
Usage
config secure sync [auto=0|<number of minutes>]
Returns
Error code
Implementation notes
check if plain version of file is different of secure version. If yes, encrypt plain versionand change secure version of file. In automatic mode, the synchronization is perform each xx minutes
Example
CONFIG SECURE SYNC CONFIG SECURE SYNC auto=5
Level
maintenance
History
Appears in 6.0.0
level changes from other to maintenance in 9.0.0
Description
Activate or desactivate the installation of backup found on usb token
Note
when backup file are found and install, the state is automatically set to offModify level is required to update the state value
Usage
config secure usbconf [On|Off]
Returns
The current value on token 'InstallUsbConf' (case of no arg) or error code
Implementation notes
if state is on, we search backup file on usb token during boot sequence and install them
Level
asq+modify
History
Appears in 9.0.0
Description
Flush SecurityInspection configuration
Usage
config securityinspection activate
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Commands for global ASQ configuration
Level
base|asq
History
Appears in 9.0.0
Description
Static address list management
Level
asq+modify
History
Appears in 9.0.0
Description
Add a host entry in the static address list
Usage
config securityinspection common addresslist add Type=BlackList|BlackListExclude|WhiteList|WhiteListExclude|SynProxyExclude Name1=<object> [Name2=<object>]
Returns
Error code
Example
CONFIG SECURITYINSPECTION COMMON ADDRESSLIST ADD Type=BlackList Name1=spamer
Level
asq+modify
History
Appears in 9.0.0
Description
Remove a host entry from the static address list
Usage
config securityinspection common addresslist remove Type=BlackList|BlackListExclude|WhiteList|WhiteListExclude|SynProxyExclude Name1=<object> [Name2=<object>]
Returns
Error code
Example
CONFIG SECURITYINSPECTION COMMON ADDRESSLIST REMOVE Type=BlackList Name1=spamer
Level
base|asq
History
Appears in 9.0.0
Description
Dump the static address list
Usage
config securityinspection common addresslist show Type=BlackList|BlackListExclude|WhiteList|WhiteListExclude|SynProxyExclude
Format
list
Returns
list all members.
Example
CONFIG SECURITYINSPECTION COMMON ADDRESSLIST SHOW Type=BlackList
Level
base|asq
History
Appears in 9.0.0
Description
Common alarms management
Level
base
History
Appears in 9.0.0
Description
List all available signature contexts, classifications, or alarm categories
Usage
config securityinspection common alarm list type=(context|classification|category)
Format
list
Returns
List of all available classifications, signature contexts or alarm categories
Example
CONFIG SECURITYINSPECTION COMMON ALARM LIST type=context CONFIG SECURITYINSPECTION COMMON ALARM LIST type=category CONFIG SECURITYINSPECTION COMMON ALARM LIST type=classification
Level
base|asq
History
Appears in 9.0.0
Description
New alarms management
Level
base|asq
History
Appears in 9.0.0
Description
List new alarms
Usage
config securityinspection common alarm new list [context=<ASQ context>]
Format
section_line
Returns
context=<asq_context_name> id=<alarmid>
Level
asq+modify
History
Appears in 9.0.0
Description
Remove new state for new alarms
Usage
config securityinspection common alarm new remove context=(all|<ASQ context>) [id=<alarmid>]
Returns
Error code
Example
CONFIG SECURITYINSPECTION COMMON ALARM NEW REMOVE context=http:url:decoded id=48 CONFIG SECURITYINSPECTION COMMON ALARM NEW REMOVE context=all
Level
asq+modify
History
Appears in 9.0.0
Description
Configure ASQ init values
Usage
config securityinspection common init [FilterRuleLimit=<0..MODEL_LIMIT>] [HostLimit=<0..MODEL_LIMIT>] [UserLimit=<0..MODEL_LIMIT>] [LogQueueSize=<0..MODEL_LIMIT>] [DataTracking=<0|1>] [PatternMatching=<0|1>]
Returns
Error code
Example
CONFIG SECURITYINSPECTION COMMON INIT UserLimit=0 DataTracking=1
Level
base|asq
History
Appears in 9.0.0
Description
Configuration of probe alarm
Level
asq+modify
History
Appears in 9.0.0
Description
Add a probe
Usage
config securityinspection common probe add portproto=<integer/tcp|udp> category=(0|1|2|3|4|5) msg=<string> state=(0|1)
Returns
Error code
Example
CONFIG SECURITYINSPECTION COMMON PROBE ADD portproto=1214/tcp category=4 msg="kazaa" state=1
Level
asq+modify
History
Appears in 9.0.0
Description
Modify a probe
Usage
config securityinspection common probe modify portproto=<integer/tcp|udp> category=(0|1|2|3|4|5) msg=<string> state=(0|1)
Returns
Error code
Example
CONFIG SECURITYINSPECTION COMMON PROBE MODIFY portproto=1214/tcp
Level
asq+modify
History
Appears in 9.0.0
Description
Remove a probe
Usage
config securityinspection common probe remove portproto=<integer/tcp|udp>
Returns
Error code
Example
CONFIG SECURITYINSPECTION COMMON PROBE REMOVE portproto=1214/tcp
Level
base|asq
History
Appears in 9.0.0
Description
Dump the probe configuration
Usage
config securityinspection common probe show
Format
section_line
Returns
[PortProbe] port=<port_number> proto=(TCP|UDP) category=(cat_id) msg=<probe message> state=(0|1)
Example
CONFIG SECURITYINSPECTION COMMON PROBE SHOW port=111 proto=TCP category=2 msg="rpc.statd" state=1 port=137 proto=UDP category=1 msg="NetBios" state=1 port=1214 proto=TCP category=4 msg="Kazaa" state=1
Level
base|asq
History
Appears in 9.0.0
Description
Dump the ASQ configuration
Note
if config is not specified, the command dump the configuration for the default profile
Usage
config securityinspection common show [config=<config_index>]
Returns
[Init] DataTracking=1 FilterRuleLimit=0 HostLimit=0 LogQueueSize=0 UserLimit=0 PatternMatching=1 [Stateful] Reload=1 ReloadNAT=0 IncomingConfig=00 OutgoingConfig=01 LoadBalancing=srchash Verbose=0 VerboseType=Host, User, Connection, Plugin, AlarmBlock, AlarmPacket, Nat, Filter, Conf NewPatternConf=block,major,dump
Example
CONFIG SECURITYINSPECTION COMMON SHOW
Level
asq+modify
History
Appears in 9.0.0
Description
Configure ASQ stateful settings
Usage
config securityinspection common stateful [Reload=(0|1)] [NATReload=(0|1)] [IncomingConfig=<0...9>] [OutgoingConfig=<0...9>] [StatelessLog=(0|1)] [LoadBalancing=<none|srchash|connhash>] [Verbose=(0|1)] [VerboseType=All,Host,User,Connection,Plugin,AlarmBlock,AlarmPass,AlarmPacket,Nat,Filter,Bridge,Packet,Conf,Script,Pof,Qos] [NewPatternConf=(high|medium|low|internet)|((pass|block),(major|minor|ignore)[,dump])|""]
Returns
Error code
Example
CONFIG SECURITYINSPECTION COMMON STATEFUL MTULimit=1492
Level
base|asq
History
Appears in 9.0.0
Description
Command to configure ASQ
Level
base|asq
History
Appears in 9.0.0
Description
Per configuration alarms configuration
Level
base|asq
History
Appears in 9.0.0
context appears in 9.1.0
Added extended parameter and added tokens longmsg and signatures in response in 9.1.0
id appears in 9.1.0
Description
Per configuration alarm listing
Note
if extended=0 or not specified, the command will not show the longmsg and signatures tokens
Usage
config securityinspection config alarm list index=<securityinspection_index>
[category=<cat_id>] [context=<context_id>] [classification=<classification_id>] [id=<id>] [extended=0|1]
[start=<int>] [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]
Format
section_line
Returns
protocol=<proto> context=protocol|<asq_context_name> id=<alarmid> action=(block|pass) level=(major|minor|ignore) dump=(0|1) new=(0|1) origin=(user|profile_template|config_template|new) [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>] msg=<alarm message> [longmsg=<detailed message>] [modify=(0|1)] [sensible=(0|1)] category=(<empty string>|<cat_id[,cat_id]...>) classification=<classification_id> [resource=<resource name>] [signatures=<number of variants>]
Example
config securityinspection config alarm list index=1 [Alarm] protocol=http context=protocol id=53 action=block level=major dump=0 new=0 origin=profile_template msg="Invalid HTTP protocol" modify=1 sensible=1 protocol=http context=http:client id=28 action=block level=minor dump=0 new=0 origin=config_template msg="Apache: chunked encoding vulnerability" modify=1 sensible=0 category="0,3" classification=1 resource="apache"
Level
asq+modify
History
Appears in 9.0.0
Description
Set the alarm template and remove overloaded alarms in profiles referenced by the configuration
Note
activate is not required (the command checks that no changes are pending)
if template is not specified, the command apply the internet template to the specified config
if reset=0 or not specified, the command will not reset alarms already user defined
Usage
config securityinspection config alarm template index=<securityinspection_index> [template=(high|medium|low|internet)] [reset=0|1]
Returns
Error code
Example
CONFIG SECURITYINSPECTION CONFIG ALARM TEMPLATE index=1 CONFIG SECURITYINSPECTION CONFIG ALARM TEMPLATE index=1 template=internet CONFIG SECURITYINSPECTION CONFIG ALARM TEMPLATE index=1 template=high reset=1
Level
asq+modify
History
Appears in 9.0.0
Description
Configuration copy
Usage
config securityinspection config copy index=<securityinspection_index> to=<1-10>
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Set securityinspection configuration back to default settings
Usage
config securityinspection config default index=<securityinspection_index>
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Display name and last modification time. If index is omitted, display all Security Inspection profiles
Usage
config securityinspection config list [index=<securityinspection_index>]
Returns
Error code
Level
asq+modify
History
Appears in 9.0.0
Description
Attribute protocol profile(s)
Usage
config securityinspection config protocol index=<securityinspection_index> (allprotocol=<profile_index>|<protocol>=<profile_index>)
Returns
Error code
Level
base|asq
History
Appears in 9.0.0
Description
Display configuration
Usage
config securityinspection config show index=<securityinspection_index>
Returns
Error code
Level
filter|vpn+modify
History
type Appears in 6.0.0
config Appears in 6.0.0
nat and url types disappear in 9.0.0
level changes from base,modify to filter,vpn,modify in 9.0.0
Description
Activate a slot
Note
Additionnal level flags may be needed (filter, vpn, globalfilter) according to the slot type
Usage
config slot activate type=(filter|vpn) slot=<slotnumber> [global=(0|1)]
Returns
Error code
Example
CONFIG SLOT ACTIVATE type=filter slot=03
Level
filter|vpn+modify
History
Appears in 9.0.0
Description
Copy a slot
Usage
config slot copy type=(filter|vpn) slot=<slotnumber> [global=(0|1)] to=<slotnumber>
Returns
Error code
Example
CONFIG SLOT COPY type=filter global=0 slot=1 to=7
Level
filter|vpn+modify
History
Appears in 9.0.0
Description
Replace a slot by its default value
Usage
config slot default type=(filter|vpn) [global=(0|1)] slot=<slotnumber>
Returns
Error code
Example
CONFIG SLOT DEFAULT type=filter slot=7
Level
filter_read
History
type Appears in 6.0.0
config Appears in 6.0.0
FORMAT Appears in 9.0.0
type disappears in 9.0.0: can only download a filter slot
level changes from base to filter_read in 9.0.0
Description
Download a filter slot file
Note
Additionnal level flags may be needed (filter, globalfilter) according to the slot type
Usage
config slot download slot=<slotnumber> [global=(0|1)]
Format
raw
Returns
the file to download
Example
CONFIG SLOT DOWNLOAD slot=02
Level
base
History
type Appears in 6.0.0
nat and url types disappear in 9.0.0
Description
List slot content
Note
Additionnal level flags may be needed (filter, vpn, globalfilter) according to the slot type
Usage
config slot list type=(filter|vpn) [global=(0|1)]
Returns
id : Slot identifier name : Slot name progtime : Slot activation time progdays : Slot activation days (day number) lastmod : Date of last modification [Global] active=active slot number sync= active slot sync with conf ? [Slot number] name=name of slot lastmod=last modified date
Example
CONFIG SLOT LIST type=filter 101 code=00a01000 msg="Begin" [Global] active=10 sync=1 [01] name="block all" lastmod="2003-03-31 14:47:09" [08] name="trend" lastmod="2004-02-19 15:15:07" [09] name="log all" lastmod="2004-01-13 16:51:44" [10] name="pass all" lastmod="2003-03-31 14:47:09" 100 code=00a00100 msg="Ok"
Level
filter|vpn+modify
History
type Appears in 6.0.0
config Appears in 6.0.0
nat and url types disappear in 9.0.0
level changes from base,modify to filter,vpn,modify in 9.0.0
Description
Remove a slot
Usage
config slot remove type=(filter|vpn) slot=<slotnumber>
Returns
Error code
Example
CONFIG SLOT REMOVE filter 04
Level
filter_read|vpn_read
History
type Appears in 6.0.0
nat and url types disappear in 9.0.0
level changes from base to filter_read,vpn_read in 9.0.0
Description
Shows slot status
Note
Additionnal level flags may be needed (filter, vpn, globalfilter) according to the slot type
Usage
config slot state type=(filter|vpn) [global=(0|1)]
Returns
active : Active slot number sync : Synchronization flag [Result]active=<number of active slot>sync=(0|1)
Example
CONFIG SLOT STATE type=filter 101 [Result] active=10 sync=1
Level
filter|vpn+modify
History
Appears in 9.0.0
Description
Change the information attached to a slot
Usage
config slot update type=(filter|vpn) slot=<slotnumber> [global=(0|1)] [name=<string>] [comment=<string>]
Returns
Error code
Example
CONFIG SLOT UPDATE type=filter slot=7 global=0 name="block all clone" comment="absolute security"
Level
filter+modify
History
type disappears in 9.0.0: can only download a filter slot
level changes from base,modify to filter,modify in 9.0.0
Description
Upload a filter slot file
Note
Additionnal level flags may be needed (filter, globalfilter) according to the slot type
Usage
config slot upload slot=<slotnumber> name=<name> [global=(0|1)] [comment=<comment>]
Example
CONFIG SLOT UPLOAD slot=02 name="log all"
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
Description
Set the community name to use for SNMP V1 and V2c (read only)
Usage
config snmp access community community=<community>
Returns
Error code
Example
CONFIG SNMP community=public
Level
log+modify
History
added AES in supported privtype in 7.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Create a snmpV3 user (read only)
Note
use clear to erase the current user
if privpass is'nt specify, then passphrase = authpass
privtype and privpass are optional
Usage
config snmp access userv3 [clear] username=<username> authtype=(MD5|SHA) authpass=<passphrase> [privtype=(AES|DES)] [privpass=<passphrase>]
Returns
Error code
Example
CONFIG SNMP USERV3 clear CONFIG SNMP USERV3 username=admin authtype=MD5 authpass=adminadmin privtype=DES CONFIG SNMP USERV3 username=admin authtype=MD5 authpass=adminadmin privtype=DES privpass=nimdanimda CONFIG SNMP USERV3 username=admin authtype=MD5 authpass=adminadmin
Level
log+modify
History
CANCEL/NEXTBOOT Appears in 9.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Activate SNMP configuration.
Usage
config snmp activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
Run ensnmp script and start service depending on state field
Example
CONFIG SNMP ACTIVATECONFIG SNMP ACTIVATE cancel
Level
base|log_read
History
added V2cState and V3State in 9.0.0
level log_read added in 9.0.0
Description
Show SNMP configuration.
Usage
config snmp show
Returns
[Config] State=(0|1) authtrapenable=(0|1) [System] location=<string> contact=<email addresse> [Access] username=<login> authtype=SHA AuthPass=<password> privtype=des PrivPass=<password> Community=<string>
Example
CONFIG SNMP SHOW
Level
base
Description
Get/set snmpd state.
Note
Changing state need Log level
Usage
config snmp state [On|Off]
Returns
State=(0|1)Error code
Implementation notes
load section Config, and return the State value
Example
CONFIG SNMP STATE On
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
Description
Set system information (location, name and contact)
Usage
config snmp system location=<systemlocation> contact=<string> [name=<string>]
Returns
Error code
Example
CONFIG SNMP SYSTEM location=Lille contact=admin@netasq.com CONFIG SNMP SYSTEM location=Lille contact=admin@netasq.com name=MyFirewall
Level
base
History
FORMAT Appears in 9.0.0
Description
Configure SNMP trap
Usage
config snmp trap
Format
section_line
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
Description
If AUTH on, then send trap on authentication failure
Usage
config snmp trap auth (on | off)
Returns
Error code
Example
CONFIG SNMP TRAP AUTH on
Level
log+modify
History
port became an obj_service on 6.1.1
level changes from other,modify to log,modify in 9.0.0
Description
Add an host for sending SNMP V1 trap
Usage
config snmp trap v1 add host=<obj_host> community=<STRING> port=<obj_service>
Returns
Error code
Example
CONFIG SNMP TRAP host=trapV1 community=public port=162
Level
log+modify
History
port became an obj_service on 6.1.1
level changes from other,modify to log,modify in 9.0.0
Description
Modify a configuration for a host
Usage
config snmp trap v1 modify host=<obj_host> community=<STRING> port=<obj_service>
Returns
Error code
Example
CONFIG SNMP TRAP ipaddr=trapV1 community=public port=162
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
Description
Remove a destination host for SNMP v1 trap
Usage
config snmp trap v1 remove host=obj_host
Returns
Error code
Example
CONFIG SNMP TRAP V1 REMOVE host=trapV1
Level
base|log_read
History
FORMAT Appears in 9.0.0
level log_read added in 9.0.0
Description
Show SNMP configuration TRAP V1.
Usage
config snmp trap v1 show
Format
section_line
Returns
Host=<object> Port=<integer> Community=<string>
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
Description
Specify the host and the port to send trap in V2
Usage
config snmp trap v2 add host=<obj_host> community=<STRING> port=<int>
Returns
Error code
Example
CONFIG SNMP TRAP ipaddr=trapV2 community=public port=162
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
Description
Modify a configuration for a host
Usage
config snmp trap v2 modify host=<obj_host> community=<STRING> port=<int>
Returns
Error code
Example
CONFIG SNMP TRAP ipaddr=trapV2 community=public port=162
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
Description
Remove a destination host for SNMP V2 trap
Usage
config snmp trap v2 remove host=obj_host
Returns
Error code
Level
base|log_read
History
FORMAT Appears in 9.0.0
level log_read added in 9.0.0
Description
Show SNMP configuration TRAP V2.
Usage
config snmp trap v2 show
Format
section_line
Returns
Host=<object> Port=<integer> Community=<string>
Example
Host=F-500 Port=162 Community=public Host=F-501 Port=162 Community=public Host=F-502 Port=162 Community=public
Level
log+modify
History
added AES in supported privtype in 7.0.0
level changes from other,modify to log,modify in 9.0.0
engineID becomes optional in 9.1.0
Description
Configure SNMP trap in V3
Usage
config snmp trap v3 add host=<obj_host> port=<INTEGER> SecurityName=<STRING> [engineID=<ENGINE_ID>] SecurityLevel=(noAuthNoPriv|authNoPriv|authPriv) [authtype=<SHA|MD5>] [AuthPass=<STRING>] [privtype=(AES|DES)] [PrivPass=<STRING>]
Returns
Error code
Example
CONFIG SNMP TRAP V3 ADD host=trapV3 port=162 AuthMethod=SHA AuthPass=passpass SecurityName=James engineID=0x0102030405 SecurityLevel=authNoPriv PrivMethod=DES PrivPass=passpass
Level
log+modify
History
added AES in supported privtype in 7.0.0
level changes from other,modify to log,modify in 9.0.0
engineID becomes optional in 9.1.0
Description
Modify a configuration for a host
Usage
config snmp trap v3 modify host=<obj_host> port=<INTEGER> SecurityName=<STRING> [engineID=<ENGINE_ID>] SecurityLevel=(noAuthNoPriv|authNoPriv|authPriv) [authtype=(SHA|MD5)] [AuthPass=<STRING>] [privtype=(AES|DES)] [PrivPass=<STRING>]
Returns
Error code
Example
CONFIG SNMP TRAP V3 ADD host=trapV3 port=162 AuthMethod=SHA AuthPass=passpass SecurityName=James engineID=0x0102030405 SecurityLevel=authNoPriv PrivMethod=DES PrivPass=passpass
Level
log+modify
History
level changes from other,modify to log,modify in 9.0.0
Description
Remove a destination host for SNMP V3 trap
Usage
config snmp trap v3 remove host=obj_host
Returns
Error code
Example
CONFIG SNMP TRAP V3 REMOVE host=trapV3
Level
base|log_read
History
FORMAT Appears in 9.0.0
level log_read added in 9.0.0
Description
Show SNMP configuration TRAP V2.
Usage
config snmp trap v3 show
Format
section_line
Returns
Host=<object> Port=<int> authtype=SHA AuthPass=<password> SecurityName=<login> EngineID=<engineID> SecurityLevel=noAuthNoPriv privtype=DES PrivPass=<password>
Example
Host=F-500 Port=162 authtype=SHA AuthPass=adminadmin SecurityName=admin EngineID=0x0102030405 SecurityLevel=noAuthNoPriv privtype=DES PrivPass=adminadmin Host=F-501 Port=162 authtype=SHA AuthPass=adminadmin SecurityName=admin EngineID=0x0102030405 SecurityLevel=noAuthNoPriv privtype=DES PrivPass=adminadmin Host=F-502 Port=162 authtype=SHA AuthPass=adminadmin SecurityName=admin EngineID=0x0102030405 SecurityLevel=noAuthNoPriv privtype=DES PrivPass=adminadmin
Level
log+modify
History
Appears in 9.0.0
Description
Define the snmp version protocol to use
Usage
config snmp version [v2cstate=0|1] [v3state=0|1]
Returns
Error code
Implementation notes
Define the V2cState and V3State in the Config section
Example
CONFIG SNMP STATE v2cstate=0 v3state=1
Level
base|contentfilter
History
Appears in 9.0.0
Description
URL rules and profile files management
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Activate : Copy all clones in real profiles.
Usage
config sslfiltering activate [CANCEL]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded.
Returns
Error code
Example
CONFIG SSLFILTERING ACTIVATE CONFIG SSLFILTERING ACTIVATE CANCEL
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Copy profile X to Y
Usage
config sslfiltering copy index=<profile_idx> to=<profile_idx>
Returns
Error code
Example
CONFIG SSLFILTERING COPY index=2 to=3
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Set profile X with the default rules
Usage
config sslfiltering default index=<profile_idx>
Returns
Error code
Example
CONFIG SSLFILTERING DEFAULT index=9
Level
base
History
Appears in 9.0.0
Description
List the specified profile of SSL filtering rules. If profile is not specified, then list all the profiles.
Usage
config sslfiltering list [index=<profile_idx>]
Returns
Error code
Example
[index] name=<policy_name> lastmod=<last modified date> comment=blabla
Level
base|contentfilter
History
Appears in 9.0.0
Description
Manage sslfiltering rules of a profile
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Insert new rule at given line or Insert at the end if no ruleid is define.
Usage
config sslfiltering rule insert index=<profile_idx> [ruleid=<digit>] state=on|off action=decrypt|nodecrypt|block cngroup=<cngroup object|cncategorygroup object> [comment=<string>]
Insert at the end if no ruleid is define.
state : enable or disable the rule
index : profile number
ruleid : rule line number
action : action to apply
cngroup : group name to use for filter
comment : comment for the rule
Example
CONFIG SSLFILTERING RULE INSERT index=0 ruleid=3 action=block cngroup=bank comment="block bank web site"
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Move rule from an line to another line
Usage
config sslfiltering rule move index=<profile_idx> ruleid=<digit> to=<digit>
index : profile number
ruleid : rule line number to move from
to : rule line number to move to
Example
CONFIG SSLFILTERING RULE MOVE index=0 ruleid=2 to=3
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Remove a rule.
Usage
config sslfiltering rule remove config=<profile_idx>
index : profile number
ruleid : (all|<digit>)
Example
CONFIG SSLFILTERING RULE REMOVE index=0 ruleid=3
Level
contentfilter
History
Appears in 9.0.0
Description
Show all rules of a profile.
Usage
config sslfiltering rule show index=<profile_idx>
Format
section_line
Returns
ruleid=<nb> invalid=0|1 state=on|off action=decrypt|nodecrypt|block cngroup=<name> comment="bla bla bla ..."
Example
CONFIG SSLFILTERING RULE SHOW=9 101 code=00a01000 msg="Begin" format="section_line" ruleid=1 invalid=0 state=on action=nodecrypt cngroup=bank comment="bla bla bla ..." 100 code=00a01000 msg="Ok"
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Modify a rule in configuration file at given line.
Usage
config sslfiltering rule update index=<profile_idx> ruleid=<digit> [state=on|off] [action=decrypt|nodecrypt|block] [cngroup=<cngroup object|cncategorygroup object>] [comment=<string>]
state : enable or disable the rule
index : profile number
ruleid : rule line number
action : action to apply
cngroup : group name to use for filter
comment : comment for the rule
Example
CONFIG SSLFILTERING RULE UPDATE index=0 ruleid=3 action=block cngroup=bank comment="block bank web site"
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Change name and comment of profile X
Usage
config sslfiltering update index=<profile_idx> [name=<profile name>] [comment=<profile description>]
Returns
Error code
Example
CONFIG SSLFILTERING UPDATE index=9 name="pass all" comment="Just a pass all"
Level
admin
History
Appears in 6.3.0
FORMAT Appears in 9.0.0
Description
Check if the configuration has been modified since last validation
Usage
config status check [password=<password>]
Format
list
Returns
The list of modified files: [Files] file1 file2 ....
Example
CONFIG STATUS CHECK
Level
admin+modify
History
Appears in 6.3.0
Description
Uninstall integrity configuration
Usage
config status remove
Returns
Error code
Example
CONFIG STATUS REMOVE
Level
admin
History
Appears in 6.3.0
FORMAT Appears in 9.0.0
Description
Show all monitored configuration files
Usage
config status show
Format
list
Returns
The list of checked files [Files] file1=hash1 file2=hash2 ...
Example
CONFIG STATUS SHOW
Level
base
History
Appears in 6.0.0
Description
Configuration of system event (level and action)
Level
log+modify
History
Appears in 6.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Activate alarm configuration
Usage
config sysevent activate
Returns
Error code
Implementation notes
write in ~/ConfigFiles/alarm [Reload] Alarm=1run enasq
Example
CONFIG SYSEVENT ACTIVATE
Level
log+modify
History
Appears in 6.0.0
level changes from other,modify to log,modify in 9.0.0
Description
Restore default settings for system event
Usage
config sysevent default
Returns
Error code
Example
CONFIG SYSEVENT DEFAULT
Level
log+modify
History
Appears in 6.0.0
level changes from other,modify to log,modify in 9.0.0
email and blacklist appear in 9.1.0
Description
Configure level and reactions for firewall event (ex : Firewall startup)
Usage
config sysevent modify id=<INTEGER> [level=(minor|major|ignore|system)]
[email=off | email=on emailduration=<seconds> emailcount=<int>]
[blacklist=off | blacklist=on blduration=<minutes>]
Returns
Error code
Example
CONFIG SYSEVENT EVENT id=1 level=major
Level
base
History
Appears in 6.0.0
FORMAT Appears in 9.0.0
id appears in 9.1.0
Description
Dump the system event configuration
Usage
config sysevent show [id=<integer>]
Format
section_line
Returns
[EventLevel] id=<integer> Level=(minor|major|system|ignore) msg="string" [email=on emailduration=<seconds> emailcount=<int>] [blacklist=on blduration=<minutes>]
Example
CONFIG SYSEVENT SHOW
Level
base+modify
Description
Upload a file (index-logo.jpg, custom.css, custom_disclaimer.html, disclaimer.pdf, sslvpn_connect.bat and sslvpn_disconnect.bat require admin level and can be reset)
Note
Additionnal rights may be needed to write files:
wpad.dat: contentfilter
app_user_req, rej_user_req, ldapmaps, keytab: user
app_cert_req, rej_cert_req: pki
custom_disclaimer.html, disclaimer.pdf: admin
index-logo.jpg, custom.css: admin
httpproxy_blockpage0,httpproxy_blockpage1,httpproxy_blockpage2,httpproxy_blockpage3: contentfilter
Usage
config upload [RESET] <custom.css|index-logo.jpg|httpproxy_blockpage0|httpproxy_blockpage1|httpproxy_blockpage2|httpproxy_blockpage3|algorithm|vpntunnel|ldapmaps|app_user_req|rej_user_req|app_cert_req|rej_cert_req|keytab|wpad.dat|custom_disclaimer.html|disclaimer.pdf|sslvpn_connect.bat|sslvpn_disconnect.bat>
Returns
Error code
Implementation notes
Only allowed file can be upload : ldapmaps, app_user_req, rej_user_req, app_cert_req, rej_cert_req, keytab, custom.css, index-logo.jpg, custom_disclaimer.html, disclaimer.pdf, wpad.dat, httpproxy_blockpage0,httpproxy_blockpage1,httpproxy_blockpage2,httpproxy_blockpage, sslvpn_connect.bat, sslvpn_disconnect.bat Some files can be reseted to their original state : index-logo.jpg, custom.css, custom_disclaimer.html, disclaimer.pdf, sslvpn_connect.bat, sslvpn_disconnect.bat Admin rights are mandatory for: index-logo.jpg, custom.css, custom_disclaimer.html, disclaimer.pdf, sslvpn_connect.bat, sslvpn_disconnect.bat<NLen>
Example
CONFIG UPLOAD custom_disclaimer.htmlCONFIG UPLOAD RESET index-logo.jpg
Level
base|contentfilter
History
Appears in 9.0.0
Description
URL rules and profile files management
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Activate : Copy all clones in real profiles.
Usage
config urlfiltering activate [CANCEL]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded.
Returns
Error code
Example
CONFIG URLFILTERING ACTIVATE CONFIG URLFILTERING ACTIVATE CANCEL
Level
base|contentfilter
History
Appears in 9.1.0
Description
URL block pages configuration
Level
contentfilter+modify
History
Appears in 9.1.0
Description
Reset block pages to default
Usage
config urlfiltering blockpage default index=<blockpage idx>
Returns
Error code
Example
CONFIG URLFILTERING BLOCKPAGE RESET index=2
Level
contentfilter|base
History
Appears in 9.1.0
Description
List available block pages
Usage
config urlfiltering blockpage list
Returns
Error code
Example
CONFIG URLFILTERING BLOCKPAGE UPDATE index=2 name=blockpage1
Level
contentfilter+modify
History
Appears in 9.1.0
Description
Update information about block pages
Usage
config urlfiltering blockpage update index=<profile_idx> [name=<profile name>] [comment=<profile description>]
Returns
Error code
Example
CONFIG URLFILTERING BLOCKPAGE UPDATE index=2 name=blockpage1
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Copy profile X to Y
Usage
config urlfiltering copy index=<profile_idx> to=<profile_idx>
Returns
Error code
Example
CONFIG URLFILTERING COPY index=2 to=3
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Set profile X with the default rules
Usage
config urlfiltering default index=<profile_idx>
Returns
Error code
Example
CONFIG URLFILTERING DEFAULT index=9
Level
base
History
Appears in 9.0.0
Description
List the specified profile of URL filtering rules. If profile is not specified, then list all the profiles.
Usage
config urlfiltering list [index=<profile_idx>]
Returns
Error code
Example
[index]name=<policy_name> comment=blabla lastmod=<last modified date>
Level
base|contentfilter
History
Appears in 9.0.0
Description
Manage urlfiltering rules of a profile
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Insert new rule at given line or Insert at the end if no ruleid is define.
Usage
config urlfiltering rule insert index=<profile_idx> [ruleid=<digit>] state=on|off action=pass|block|blockpage0|blockpage1|blockpage2|blockpage3 urlgroup=<urlgroup object|urlcategory group object> [comment=<string>]
state : enable or disable the rule
index : profile number
ruleid : rule line number
action : action to apply
urlgroup : group name to use for filter
comment : comment for the rule
Example
CONFIG URLFILTERING RULE INSERT index=0 ruleid=3 action=block urlgroup=ecommerce comment="block ecommerce"
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Move rule from an line to another line
Usage
config urlfiltering rule move index=<profile_idx> ruleid=<digit> to=<digit>
index : profile number
ruleid : rule line number to move from
to : rule line number to move to
Example
CONFIG URLFILTERING RULE MOVE index=0 ruleid=2 to=3
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Remove a rule at a given line.
Usage
config urlfiltering rule remove index=<profile_idx> ruleid=all|<digit>
index : profile number
ruleid : all or rule line number
Example
CONFIG URLFILTERING RULE REMOVE index=0 ruleid=3
Level
contentfilter
History
Appears in 9.0.0
Description
Show all rules of a profile.
Usage
config urlfiltering rule show index=<profile_idx>
Format
section_line
Returns
ruleid=<nb> invalid=0|1 state=on|off action=pass|block|blockpage urlgroup=<name> comment="bla bla bla ..."
Example
CONFIG URLFILTERING RULE SHOW=9 101 code=00a01000 msg="Begin" format="section_line" ruleid=1 invalid=0 state=on action=pass urlgroup=group comment="bla bla bla ..." 100 code=00a01000 msg="Ok"
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Modify a rule in configuration file at given line.
Usage
config urlfiltering rule update index=<profile_idx> ruleid=<digit> [state=on|off] [action=pass|block|blockpage0|blockpage1|blockpage2|blockpage3] [urlgroup=<urlgroup object|urlcategorygroup object>] [comment=<string>]
state : enable or disable the rule
index : profile number
ruleid : rule line number
action : action to apply
urlgroup : group name to use for filter
comment : comment for the rule
Example
CONFIG URLFILTERING RULE UPDATE index=0 ruleid=3 action=block urlgroup=ecommerce comment="block ecommerce"
Level
contentfilter+modify
History
Appears in 9.0.0
Description
Change name and comment of profile X
Usage
config urlfiltering update index=<profile_idx> [name=<profile name>] [comment=<profile description>]
Returns
Error code
Example
CONFIG URLFILTERING UPDATE index=9 name="pass all" comment="Just a pass all"
Level
admin+modify
History
level maintenance removed in 9.0.0
Description
Add an object to the list of authorized ip for webadmin
Usage
config webadmin access add <Object name>
Returns
Error code
Example
CONFIG WEBADMIN ACCESS ADD MyNetwork
Level
admin+modify
History
level maintenance removed in 9.0.0
Description
Remove an object from the list of authorized ip for webadmin
Usage
config webadmin access remove <Object name>
Returns
Error code
Example
CONFIG WEBADMIN ACCESS REMOVE MyNetwork
Level
base
Description
Show the list of authorized object for webadmin
Usage
config webadmin access show
Format
list
Returns
Error code
Example
CONFIG WEBADMIN ACCESS SHOW
Level
admin+modify
History
level maintenance removed in 9.0.0
Description
Reload sld daemon with lastest configuration
Usage
config webadmin activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
Execute ensl
Example
CONFIG WEBADMIN ACTIVATE
Level
admin+modify
History
level maintenance removed in 9.0.0
Description
Set if the admin account is authorized to access webadmin
Usage
config webadmin adminaccount [0/1]
Returns
Error code
Example
CONFIG WEBADMIN ADMINACCOUNT 1
Level
admin+modify
History
level maintenance removed in 9.0.0
Description
Set the number of attempt per minute before banish the ip
Usage
config webadmin bruteforce nbattempts [nb]
nb is the number of attempt per minute in the range of [1,20]
Returns
Error code
Example
CONFIG WEBADMIN BRUTEFORCE NBATTEMPTS 3
Level
admin+modify
History
level maintenance removed in 9.0.0
Description
Set the state of protection against bruteforce
Usage
config webadmin bruteforce state [0/1]
Returns
Error code
Example
CONFIG WEBADMIN BRUTEFORCE STATE 1
Level
admin+modify
History
level maintenance removed in 9.0.0
Description
Set the time (in sec) of banishment after the number of attempt per minute is reached
Usage
config webadmin bruteforce time [nb]
nb is the time (in sec) of banishment in the range [60,3600]
Returns
Error code
Example
CONFIG WEBADMIN BRUTEFORCE TIME 12002
Level
admin+modify
History
Appears in 9.1.0
Description
Set the time (in sec) during the attempt are counted
Usage
config webadmin bruteforce triestime [nb]
nb is the time (in sec) of attempt in the range [1,3600]
Returns
Error code
Example
CONFIG WEBADMIN BRUTEFORCE TRIESTIME 30
Level
admin+modify
History
level maintenance removed in 9.0.0
Description
Set the idle timeout
Usage
config webadmin idle [nb]
nb is the idle timeout (in sec) in the range [60, 3600]
Returns
Error code
Example
CONFIG WEBADMIN IDLE 300
Level
admin+modify
History
level maintenance removed in 9.0.0
Description
Set the tcp port for webadmin service
Usage
config webadmin port [port]
port is the value of the port for webadmin service (default is https)
Returns
Error code
Example
CONFIG WEBADMIN PORT https
Level
base
Description
Dump status of all webadmin parameters
Usage
config webadmin show
Returns
Error code
Example
CONFIG WEBADMIN SHOW
Deprecated
Level
other+modify
History
option ezadmin-internal for shared Appears in 6.1.0
option ezadmin-external for shared Appears in 6.1.0
option ezadmin for shared deprecated in 6.1.0
deprecated in 7.0.0
Description
Shared files
Usage
config webserver files shared=none|[ezadmin-internal],[ezadmin-external]
Returns
Error Code
Example
CONFIG WEBSERVER FILES shared=ezadmin-internal
Deprecated
Level
base
History
deprecated in 7.0.0
Description
Dump webserver config
Usage
config webserver show
Returns
[config] EZadmin-internal : sharing ezadmin file on internal interfaces EZadmin-external : sharing ezadmin file on external interfaces
Level
vpn+modify
History
Appears in 6.1.0
level changes from other,modify to vpn,modify in 9.0.0
Description
Set configuration for user access when using profile
Note
action : action we will proceed when user xvpn profile is not defined
profile name : xvpnd default profile in ldap
Usage
config xvpn access action=pass|block | action=default profile=<profile name>
Returns
Error code
Example
CONFIG XVPN PROFILE ACCESS action=pass CONFIG XVPN PROFILE ACCESS action=default profile="my server profile"
Level
vpn+modify
History
Appears in 6.0.0
level changes from other,modify to vpn,modify in 9.0.0
Description
Reload xvpn daemon with lastest configuration
Usage
config xvpn activate [CANCEL]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded.
Returns
Error code
Implementation notes
Execute ensl
Example
CONFIG XVPN ACTIVATE
Level
vpn+modify
History
Appears in 6.0.0
checkcert Appears in 6.1.0
basic_auth Appears in 6.1.0
owa_compat Appears in 6.1.0
basic_auth disAppears in 7.0.0
owa_compat disAppears in 7.0.0
startscript Appears in 6.1.0
endscript Appears in 6.1.0
level changes from other,modify to vpn,modify in 9.0.0
checkcert deprecated in 9.1.0
Description
Customize some option
Note
accepted char for 'hide' and 'login' are : [a-z][A-Z][0-9][-][_]
startscript and endscript must be a base64 encoded command
Usage
config xvpn advanced [hide=<prefix tag used to hide original URL>] [login=<token used to send username information in http header>][startscript=<command to execute on workstation when start client (base64 encoded)>][endscript=<command to execute on workstation when stop client (base64 encoded)>]
Returns
Error code
Example
CONFIG XVPN ADVANCED hide="netasq" (URL http://10.13.13.13/index.html may be rewrite in /netasq0143/index.html) CONFIG XVPN ADVANCED login="HttpNetasqUserName" (add "HttpNetasqUserName: login" in all HTTP header request"
Level
base
History
Appears in 6.1.0
Description
Profile configuration for xvpn server
Level
vpn+modify
History
Appears in 9.0.0
Description
Activate the lastest configuration
Usage
config xvpn profile activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Example
CONFIG XVPN PROFILE ACTIVATE CONFIG XVPN PROFILE ACTIVATE CANCEL
Level
vpn+modify
History
Appears in 6.1.0
level changes from other,modify to vpn,modify in 9.0.0
Description
Create server template
Usage
config xvpn profile create <profile name>
Returns
Error code
Example
CONFIG XVPN PROFILE CREATE "OwaProfile"
Level
base
History
Appears in 6.1.0
FORMAT Appears in 9.0.0
level changes from other,user to base in 9.0.0
Description
List all server profile
Usage
config xvpn profile list
Format
list
Returns
Error code (if not found) or the list of profile
Example
CONFIG XVPN PROFILE LIST NetasqIdXvpn=mail NetasqIdXvpn=web
Level
vpn+modify
History
Appears in 6.1.0
level changes from other,modify to vpn,modify in 9.0.0
Description
Remove server profile
Usage
config xvpn profile remove <profile name>
Returns
Error code
Example
CONFIG XVPN PROFILE REMOVE "OwaProfile"
Level
vpn_read|user
History
Appears in 6.1.0
level changes from other,user to vpn_read,user in 9.0.0
Description
Show server on template
Usage
config xvpn profile show <profile name>
Returns
Error code or profile : [XvpnProfile] httpserver= : list of http server xserver= : list of full access server
Example
CONFIG XVPN PROFILE SHOW "OwaProfile" [XvpnProfile] httpserver="howa" xserver="xowa"
Level
vpn+modify
History
Appears in 6.1.0
level changes from other,modify to vpn,modify in 9.0.0
Description
Add|Update|Remove entry on profile (server...=<empty string> to remove)
Usage
config xvpn profile update name=<profile name> ( httpserver=[value] | xserver=[value] ) [comment=<profile comment>]
Returns
Error code
Example
CONFIG XVPN PROFILE UPDATE name="my server profile" httpserver="hsrv1,hsrv2,hsrv3" CONFIG XVPN PROFILE UPDATE name="my server profile" xserver="xsrv1,xsrv3" CONFIG XVPN PROFILE UPDATE name="my server profile" httpserver="hsrv1,hsrv2,hsrv3" xserver="xsrv1,xsrv3" CONFIG XVPN PROFILE UPDATE name="my server profile" httpserver=
Level
base
History
Appears in 6.0.0
Description
Xvpn HTTP server related functions
Level
vpn+modify
History
Appears in 6.0.0
hidden Appears in 6.1.0
whitelisturls Appears in 6.1.0
BasicAuth Appears in 7.0.0
OwaCompatibility Appears in 7.0.0
Owa Appears in 8.0.0
Zimbra Appears in 8.1.2
level changes from other,modify to vpn,modify in 9.0.0
Description
Add HTTP server entry
Note
the hidden tag is used to hide server on web portalBasicAuth is used to remove Negociate and NTLM authentication
OwaCompatibility is used to force OWA compatibility mode with Internet Explorer
Usage
config xvpn server http add name=<server name> host=<object> link=<name see in portal> [url=<specify url to load>] [port=<service>] [hidden=0|1] [whitelisturls=<urlgroup>] [basic_auth=0|1] [Owa=0|1] [OwaCompatibility=0|1] [Zimbra=0|1]
Returns
Error code
Example
CONFIG XVPN SERVER HTTP ADD name=intranet host=intranet.test.int link="go to intranet" CONFIG XVPN SERVER HTTP ADD name=proxy_test host=intranet.test.int link="test proxy intranet" url="proxy/index.php" port http_proxy
Level
base
History
Appears in 6.0.0
Description
Xvpn alias on HTTP server related functions
Level
vpn+modify
History
Appears in 6.0.0
level changes from other,modify to vpn,modify in 9.0.0
Description
Add alias on HTTP server entry
Note
accepted char for alias are : [a-z][A-Z][0-9][-][_][.]
Usage
config xvpn server http alias add name=<http server name> alias=<name of alias>
Returns
Error code
Example
CONFIG XVPN SERVER HTTP ALIAS ADD name=intranet alias="192.168.0.1"
Level
vpn+modify
History
Appears in 6.0.0
level changes from other,modify to vpn,modify in 9.0.0
Description
Remove alias on HTTP server entry
Usage
config xvpn server http alias remove name=<http server name> alias=<name of alias>
Returns
Error code
Example
CONFIG XVPN SERVER HTTP ALIAS REMOVE name=intranet alias="192.168.0.1"
Level
vpn+modify
History
Appears in 6.0.0
level changes from other,modify to vpn,modify in 9.0.0
Description
Remove HTTP server entry
Usage
config xvpn server http remove name=<name of server to remove>
Returns
Error code
Example
CONFIG XVPN SERVER HTTP REMOVE name=intranet
Level
vpn_read
History
Appears in 6.0.0
level changes from base to vpn_read in 9.0.0
Description
Get/Set the status of the xvpn servers (http)
Note
Changing state of http servers need Vpn level
Usage
config xvpn server http state [On|Off]
Returns
The current value (case of no arg) or error code
Example
CONFIG XVPN SERVER HTTP STATE
Level
vpn+modify
History
Appears in 6.0.0
hidden Appears in 6.1.0
whitelisturls Appears in 6.1.0
BasicAuth Appears in 7.0.0
OwaCompatibility Appears in 7.0.0
Owa Appears in 8.0.0
Zimbra Appears in 8.1.2
level changes from other,modify to vpn,modify in 9.0.0
Description
Update one or more value of HTTP server configuration
Usage
config xvpn server http update name=<server name> [host=<object>] [link=<name see in portail>] [url=<specify url to load>] [port=<service>] [hidden=0|1] [whitelisturls=<urlgroup>] [BasicAuth=0|1] [Owa=0|1] [OwaCompatibility=0|1] [Zimbra=0|1]
Returns
Error code
Example
CONFIG XVPN SERVER HTTP UPDATE name=intranet link="new link for server"
Level
base
History
Appears in 6.0.0
Description
Xvpn no HTTP server related functions
Level
vpn+modify
History
Appears in 6.0.0
script Appears in 6.1.0
chost Appears in 6.2.0
citrix Appears in 7.0.0
level changes from other,modify to vpn,modify in 9.0.0
Description
Add no HTTP server entry
Note
script must be a base64 encoded command
Usage
config xvpn server other add name=<server name> host=<object> port=<service> [chost=<ip address>] cport=<service|integer> [script=<command to execute on workstation (base64 encoded)>] [citrix=<0|1>]
Returns
Error code
Example
CONFIG XVPN SERVER OTHER ADD name=ssh_intranet host=my_ssh_server port=ssh cport=2222 CONFIG XVPN SERVER OTHER ADD name=ssh_intranet host=my_ssh_server port=ssh chost="127.0.0.2" cport=2222
Level
vpn+modify
History
Appears in 6.0.0
level changes from other,modify to vpn,modify in 9.0.0
Description
Remove no HTTP server entry
Note
need modify level
Usage
config xvpn server other remove name=<name of server to remove>
Returns
Error code
Example
CONFIG XVPN SERVER OTHER REMOVE name=ssh_intranet
Level
vpn_read
History
Appears in 6.0.0
level changes from base to vpn_read in 9.0.0
Description
Get/Set the status of the xvpn servers (no http)
Note
Changing state of no http servers need Vpn level
Usage
config xvpn server other state [On|Off]
Returns
The current value (case of no arg) or error code
Example
CONFIG XVPN SERVER OTHER STATE
Level
vpn+modify
History
Appears in 6.0.0
script Appears in 6.1.0
chost Appears in 6.2.0
citrix Appears in 7.0.0
level changes from other,modify to vpn,modify in 9.0.0
Description
Update one or more value of no HTTP server configuration
Note
script must be a base64 encoded command
Usage
config xvpn server other update name=<server name> [host=<object>] [port=<service>] [chost=<ip address>] [cport=<service|integer>] [script=<command to execute on workstation (base64 encoded)>] [citrix=<0|1>]
Returns
Error code
Example
CONFIG XVPN SERVER OTHER UPDATE name=ssh_intranet host=new_ssh_server
Level
vpn_read
History
Appears in 6.0.0
Owa Appears in 8.0.0
level changes from base to vpn_read in 9.0.0
Description
Show xvpn config
Usage
config xvpn show
Returns
[Config] State : xvpn daemon state HttpServerState : http server state XServerState : other server state HttpRewriteURL : prefixe of tag to rewrite URL HttpHeaderLoginTag : name of tag to send login of user to server ProfileAccess : action we will proceed when user xvpn profile is not defined XvpnId : name of xvpnd default profile XserverStartScript : command to lunch when xvpnd client start XserverEndScript : command to lunch when xvpnd client stop BasicAuth : force basic authentication OwaCompatibility : activate OWA compatibility [MaxValue] XServer= : max number of other server HttpServer= : max number of http server HttpServerAlias= : max number of alias for http server UrlsOnWhiteList= : max number of urls for whitelist [HttpServer_xxx] Name : name of server Host : server object to connect to Port : server port to connect to FwPort : firewall listen port Hidden : specify if server is visible or not for user URL : url of server to connect to Link : link on web page to call url Alias : list of alias for server WhiteListUrls : urlgroup name for white list [XServer_xxx] Name : name of server Host : server ip to connect to Port : server port to connect to CHost : local ip to listen to (client workstation) CPort : local port to listen to (client workstation) Script: command to lunch for this service
Example
CONFIG XVPN SHOW [Config] State=1 XServerState=1 HttpServerState=1 HttpRewriteURL=netasq HttpHeaderLoginTag=netasq ProfileAccess=Pass XvpnId= XserverStartScript= XserverEndScript= Owa=0 OwaCompatibility=0 CheckClientCert=0 [MaxValue] XServer=32 HttpServer=64 HttpServerAlias=24 UrlsOnWhiteList=32 [XServer_ssh_build] Name=ssh_build Host=build Port=ssh CHost= CPort=11022 Script=ImM6XHwMjI= [HttpServer_owa] Name=owa Host=owa Port=http FwPort=11235 Hidden=0 URL=exchange Link="OWA server" WhiteListUrls=owa Alias=192.168.1.1
Deprecated
Level
base
History
Appears in 6.0.0
deprecated in 7.0.0
Description
Get/Set the status of the xvpn server
Note
Return an error if state for http and "no http" server are 0
Changing state need admin and modify level
Usage
config xvpn state [On|Off]
Returns
The current value (case of no arg) or error code
Example
CONFIG XVPN STATE off 100 code=00a00100 msg="Ok" CONFIG XVPN STATE state=0
Level
base
Description
Get system informations
Usage
globaladmin getinfos
Returns
[Information]...
Level
base
History
HA CHECKSYNC appeared in 9.0.0
Description
Indicates if changes have been made to the local configuration since the last HA synchronisation (see HA SYNC).
Usage
ha checksync
Returns
Sync=(0|1)
Example
HA CHECKSYNC Sync=0
Level
ha|base+modify
Description
Activate new HA cluster configuration
Usage
ha cluster activate
Example
HA CLUSTER ACTIVATE
Level
ha|base+modify
Description
Add a node in HA cluster
Note
IPs are optional, but some functionnalities (like file synchronization) may not work aslong as they are not provided.
Usage
ha cluster add serial=U250-XXX
[ip=<main link IP>]
[ip2=<backup link IP>]
priority=<firewall priority>
sshkeytype=<ssh-dss|ssh-rsa>
sshkey=<ssh public key>
[sshkeylogin=<login corresponding to the key>]
Example
HA CLUSTER ADD serial=U250-XXX ip=192.168.0.2 ip2=192.168.1.2 priority=128sshkeytype=ssh-dss sshkey=ABCDEF0123456789 sshkeylogin=admin@peer_fw
Level
base
Description
Give the list of firewalls in the HA cluster
Usage
ha cluster list
Format
list
Returns
[HA] <serial> : fw serial <serial> : fw serial
Example
[HA] F60-XA300110600101 F60-XA000010699999
Level
ha|base+modify
Description
Remove a node in HA cluster
Usage
ha cluster remove serial=U250-XXX
Example
HA CLUSTER REMOVE serial=U250-XXX
Level
ha|base
Description
Show all nodes in HA cluster
Usage
ha cluster show
Example
HA CLUSTER SHOW
Level
ha|base+modify
Description
Update node info in HA cluster
Note
If ip is specified, ip2 must also be, otherwise it will be removed.
Usage
ha cluster update serial=(U120-XXXXXX|local)
[ip=<main link IP>]
[ip2=(|<backup link IP>)]
[priority=<firewall priority>]
[sync=(0|1)] (immediate HA config sync ; default is 1)
Example
HA CLUSTER UPDATE serial=U250-XXXX ip2=192.168.3.2HA CLUSTER UPDATE serial=U120-XXXX priority=10
Level
ha|maintenance+modify
History
level maintenance Appears in 6.0.0
level other deprecated in 6.0.0
Description
Halt firewall peer
Usage
ha halt serial=<serial>|local
Returns
Error code
Example
HA HALT
Level
base
Description
Display firewall informations about the firewalls of the HA cluster
Note
Quality factor depends on various elements including interface status
Regarding notifications:
- They are identified by "code". "level" indicates the severity of the issue, and "type" is type of check that raised this notification.
- "causedBy" can be a list of firewall serial numbers, interface user names, etc. The type of value in this field depends of the type of check.
Usage
ha info [serial=(all|local|<peer serial>)]
Format
section_line
Returns
[Notifications]level=<level> type=<type> code=<code> msg="<msg>" causedBy="<src1>[,<src2>[(...)]]" level=<level> type=<type> code=<code> msg="<msg>" (...) [serial] Reply=(0|1) : If the firewall replied (if 0, following fields will be missing) Model=UXXX : Firewall model Version=<build> : Firmware version Supervisor=(0|1) : Cluster supervisor AsqDumpVersion=(0-999) : Connections data version ConnSyncVersion=(0-999) : Connection synchronization protocol version ClusterBalancingVersion=(0-999): Cluster balancing protocol version Forced=(No|Active|Passive) : Forced mode Mode=(Active|Passive) : Firewall mode Licence=(None|Master|Slave) : HA mode defined in the licence ConnectedOn=(0|1) : 1 if this is the firewall you're currently connected to BackupActive= BackupVersion= BackupDate= Quality=<factor> : Quality (in pourcent) Priority=<0-9999> : HA priority Boot="YYYY-MM-DD hh:mm:ss" : firewall boot time LastConfigSync="YYYY-MM-DD hh:mm:ss": Last time a full configuration sync has been done LastModeChange="YYYY-MM-DD hh:mm:ss": Last HA mode change State=(None|Starting|Waiting peer|Running|Ready|Reboot|Down|Initializing) : current state Ip=<IP> : Firewall IP in HA cluster Link=<status> : OK, Failed, Failing, Unknown LinkStatusChanged="YYYY-MM-DD hh:mm:ss" BackupIp=<IP> : Firewall backup IP in HA cluster BackupLink=<status> : OK, Failed, Failing, Unknown BackupLinkStatusChanged="YYYY-MM-DD hh:mm:ss"
Example
HA INFO [Notifications] level=warning type=cluster code=13 msg="Degraded mode: Can't synchronize files" causedBy="U120XA0C0907550" level=warning type=net_if code=20 msg="Some non-HA interfaces have no MAC address forced. This can make HA swaps less efficient" causedBy="out" [U120-XA000010600009] Reply=0 [U120XA0C42424242420] Reply=1 Model="U120-A" Version="9.0.0.beta-2011-02-15-14:58-NO_OPTIM" Supervisor=1 AsqDumpVersion=3 ConnSyncVersion=2 ClusterBalancingVersion=4 Forced="No" Mode="Active" Licence="Slave" ConnectedOn=1 BackupActive="Main" BackupVersion="9.0.0.beta-2011-02-11-12:34-NO_OPTIM" BackupDate="2011-02-11 17:44:20" Quality=66 Priority=100 Boot="2011-02-15 15:15:24" LastConfigSync="2011-02-15 14:38:00" LastModeChange="2011-02-15 15:18:58" State="Running" Ip="172.16.0.1" Link="FAULTY" LinkStatusChanged="2011-02-15 15:19:27" BackupIp="172.16.1.1" BackupLink="OK" BackupLinkStatusChanged="2011-02-15 15:19:27"
Level
ha|maintenance+modify
History
level maintenance Appears in 6.0.0
level other deprecated in 6.0.0
Description
Reboot firewall peer
Usage
ha reboot serial=<serial>|local
Returns
Error code
Example
HA REBOOT
Level
ha|base
Description
Call HA CLUSTER REMOVE on a remote firewall
Note
Connect as user HA
Usage
ha remote haclusterremove ip=<target firewall ip>
password=<password of user 'HA'>
<other tokens accepted by HA CLUSTER REMOVE>
Example
HA REMOTE HACLUSTERREMOVE ip=172.16.0.1 password=hapassword serial=U120-XXX
Level
ha|base+modify
Description
Force a firewall as active or passive
Note
If another firewall has been previously forced, this will unforce it first.
Usage
ha setmode mode=(active|passive|normal)[serial=U250-XXX]
Returns
active|passive
Example
HA SETMODE HA SETMODE mode=active HA SETMODE mode=passive serial=U250-XXX
Level
ha|base+modify
History
Mode Appears in 6.0.7
Optenet Appears in 6.2.0
Vaderetro Appears in 6.2.0
Optenet disappears in 9.1.0
Description
Sync firewall
Note
Default values:
from: local
to: all (source will be automatically excluded)
data: everything
Usage
ha sync [from=<serial>|active|local][to=<serial>|local|all][data=EVERYTHING|CONFIG|AU_CLAMAV|AU_KASPERSKY|AU_ANTISPAM|AU_ROOTCERTIFICATES|AU_URLFILTERING|AU_PATTERNS|AU_VADERETRO|AU_PVM|USERPREFS]
Returns
[<serial>] : One per firewall impacted by the filesyncPreCommandsSuccessful="abc,def,ghi" : Optionnal (only displayed if there is actually a value)PreCommandsFailed="abc,def,ghi" : Optionnal (only displayed if there is actually a value)FileSyncSuccessful="abc,def,ghi" : Optionnal (only displayed if there is actually a value)FileSyncFailed="abc,def,ghi" : Optionnal (only displayed if there is actually a value)ReactivationsSuccessful="abc,def,ghi" : Optionnal (only displayed if there is actually a value)ReactivationsFailed="abc,def,ghi" : Optionnal (only displayed if there is actually a value)PostCommandsSuccessful="abc,def,ghi" : Optionnal (only displayed if there is actually a value)PostCommandsFailed="abc,def,ghi" : Optionnal (only displayed if there is actually a value)
Example
HA SYNC HA SYNC data=au_Patterns
Level
unknown
History
Appears in V4.0
Description
Display available commands
Usage
help
Returns
Available help
Example
HELP AUTH : user authentication CA : command to manage internal PKI CHPWD : return if it's necessary to update password or not CONFIG : firewall configuration functions GLOBALADMIN : global administration HA : HA functions HELP : display available commands LIST : display the list of connected user, show user rights (Level) and rights for current session (SessionLevel). LOG : log related functions. Everywhere a timezone is needed, if not specified the command is treated with firewall timezone setting. MODIFY : Get / lose the modify or the monitor_write right MONITOR : monitor related functions NOP : do nothing but avoid disconnection from server. QUIT : log off SYSTEM : system commands USER : user related functions VERSION : display server version
Level
base
History
FORMAT Appears in 9.0.0
Description
Display the list of connected users, show user rights (Level) and rights for current session (SessionLevel).
Note
Without ADMIN level, list only user with modify and he's session rights
Usage
list
Format
section_line
Returns
List of connected users: User=<login> Address=<Client address> Level=<user level> SessionID=<SessionNumber> SessionLevel=<session level>
Example
User="admin" Address=192.168.1.1 Level="modify,base,contentfilter,log,filter,vpn,pki,object,user,admin" SessionID=16 SessionLevel="modify,base,contentfilter,log,filter,vpn,pki,object,user,admin"
Level
unknown
Description
Log related functions.Everywhere a timezone is needed, if not specified the command is treated with firewall timezone setting.
Level
log+modify
History
FORMAT Appears in 9.0.0
Description
Clear the log file
Note
With a date, delete from first log up to the given date.
Usage
log clear <log name> <date>
Format
list
Example
LOG CLEAR alarm LOG CLEAR server "2003-01-01 00:00:00"
Level
log_read
History
level changes from log to log_read in 9.0.0
Description
Convert a date range to a number of lines. If 'tz' is specified, 'first' and 'last' use this timezone. Else, 'first' and 'last' use the firewall timezone.
Usage
log datetoline name=<log name> first=<first date> last=<last date> [tz=<timezone offset of first and last>]
Example
LOG DATETOLINE name=connection first="2002-07-01 00:00:00" last="2002-07-02 23:59:59" Dans la section "Result" Total=6520 LOG DATETOLINE name=connection first="2002-06-30 23:00:00" last="2002-07-02 22:59:59" tz=+0000 Dans la section "Result" Total=8478
Level
log_read
History
FORMAT Appears in 9.0.0
level changes from log to log_read in 9.0.0
Description
Get log from date up to a number of lines. If 'tz' is specified, 'first' uses this timezone. Else, 'first' uses the firewall timezone.
Note
Additionnal rights may be needed to read some files
if first date is not in a comprehensible format command will run in "last" mode
Usage
log downlimit name=<log name> [first=<first date> [tz=<timezone offset of first>]] number=<number>
Format
list
Example
LOG DOWNLIMIT name=alarm first="2002-07-01 07:00:00" number=100 will return 100 lines starting to the date. LOG DOWNLIMIT name=web number=100 will return last 100 lines in log web, (used by monitoring).
Level
log_read
History
FORMAT Appears in 9.0.0
level changes from log to log_read in 9.0.0
Description
Get log file lines between the specified dates. If 'tz' is specified, 'first' and 'last' use this timezone. Else, 'first' and 'last' use the firewall timezone.
Note
Additionnal rights may be needed to read some files
server log require ADMIN level
Usage
log download name=<log name> first=<first> last=<last> [tz=<timezone offset of first and last>]
Format
section_line
Example
LOG DOWNLOAD name=alarm first="2002-06-30 23:00:00" last="2002-07-01 12:00:00"
Level
log_read
History
level changes from base to log_read in 9.0.0
Description
Get information on the log file
Note
Log names are : alarm, connection, smtp, filter, web, filterstat, count, auth, server
Usage
log info <log name>
Returns
[LogInfo] Line=<Number of lines> Size=<Size> MaxSize=<Max Size> Start=<Start date> End=<End date>
Example
LOG INFO connection[LogInfo] Line=53277 Size=23927 MaxSize=40 Start="2003-05-27 06:29:13" End="2003-07-21 09:02:38"
Level
log_read
History
level changes from base to log_read in 9.0.0
Description
Get state of the log module
Usage
log property
Returns
State=<0|1> Syslog=<0|1> List=<list of available logs> DiskSize=<size> DiskFree=<size>
Example
LOG PROPERTYState=1 Syslog=0 List=filter,alarm,web,smtp,vpn,connection,system,plugin DiskSize=8853504 DiskFree=7120896
Level
log_read
History
Appears in 1.0.0
Description
Log search related functions. Everywhere a timezone is needed, if not specified the command is treated with firewall timezone setting
Level
log_read
History
Appears in 1.0.0
Description
Get the current page, partial or complete.
Usage
log search get
Format
section_line
Example
LOG SEARCH GET
Level
log_read
History
Appears in 1.0.0
Description
Set the Nth page as current and process it.
Usage
log search jump page_number
Example
LOG SEARCH JUMP 10
Level
log_read
History
Appears in 1.0.0
Description
Start a new paginated log research and set the first page as current. If 'tz' is specified, 'first' and 'last' use this timezone. Else, 'first' and 'last' use the firewall timezone.
Note
The search pattern is a space separated string containing some criteria like '<token><op><value>' where:
- <token> is a log line token (or 'any')
- <op> is '=' or '!='
- <value> is a regular expression, optionally surrounded by single quotes
The 'any' token can be used in the search pattern to accept log lines containing the associated value in any token
Additionnal rights may be needed to read some files
server log require ADMIN level
Usage
log search new [view=<view name>|file=<file name>] first=<date> [last=<date>] [tz=<timezone offset of first and last>] pagesize=<size> [pattern=<search pattern>]
Example
LOG SEARCH NEW view=server pagesize=20 first="2002-06-30 23:00:00" last="2002-07-01 12:00:00" tz=+0001 pattern="token!=foo token2='bar' any=foobar"
Level
log_read
History
Appears in 1.0.0
Description
Set the next page as current and process it.
Usage
log search next
Example
LOG SEARCH NEXT
Level
log_read
History
Appears in 1.0.0
Description
Set the previous page as current and process it.
Usage
log search previous
Example
LOG SEARCH PREVIOUS
Level
log_read
History
Appears in 1.0.0
Description
Resume the search.
Usage
log search resume
Example
LOG SEARCH RESUME
Level
unknown
History
monitor Appears in 6.0.0
level base appears 6.0.1
level base deprecated in 6.1.0
Description
Get / lose the modify or the mon_write right
Usage
modify [monitor] on|off
Returns
Operation result
Example
MODIFY on
Level
filter+mon_write
History
Appears in 6.0.0
Description
Dynamic address list management
Note
timeout is time in seconds
Filter and Modify levels are required for Type that are not BlackList
Usage
monitor addresslist add Type=BlackList|BlackListExclude|WhiteList|WhiteListExclude Name1=<object> [Name2=<object>] Timeout=<timeout>
Example
MONITOR ADDRESSLIST ADD Type=BlackList Name1=10.2.16.1 Timeout=10
Level
filter_read
History
Appears in 6.0.0
FORMAT Appears in 9.0.0
Description
Dump the dynamic address list
Note
Filter level is required for Type that are not BlackList
Usage
monitor addresslist show Type=BlackList|BlackListExclude|WhiteList|WhiteListExclude
Format
section_line
Returns
range1=10.2.16.3:10.2.16.3 range2=0.0.0.0:255.255.255.255 timeout=599 range1=10.2.23.3:10.2.23.10 range2=10.2.16.4:10.2.16.4 timeout=156
Example
MONITOR ADDRESSLIST SHOW Type=BlackList
Level
base
History
Appears in 1.0.0
Description
Monitor Agg interfaces
Usage
monitor agg [<Agg ifname>]
Format
section_line
Returns
[aggregation_username] Port=<port number> Ifname=<ifusername> MACName=<ifmacname> connected=0|1 active=0|1 (...)
Example
[agregat56] Port="5" Ifname="Ethernet_4" MACName="igb1" connected="1" active="1" Port="6" Ifname="Ethernet_5" MACName="igb0" connected="0" active="0" [agregat78] Port="7" Ifname="Ethernet_6" MACName="igb7" connected="1" active="1" Port="8" Ifname="Ethernet_7" MACName="igb6" connected="1" active="0"
Deprecated
Level
log_read
History
FORMAT Appears in 9.0.0
deprecated in 9.1.0
Description
Get an alarm in the dispatch queue
Note
lastid return only the last alarm id
Usage
monitor alarm get lastid|all|<id>
Format
section_line
Returns
LASTID : return alarmid=<lastid> ALL|<id> : alarmid=<id> <welf alarm>
Example
MONITOR ALARM GET all MONITOR ALARM GET lastid 100 alarmid=8" MONITOR ALARM GET 148
Level
base
History
Appears in 6.1.0
Description
Monitor antivirus
Usage
monitor antivirus
Returns
[xx] Name=<string> : Antivirus Name Selected=<integer> : selected antivirus DateUpd=<string> : date of the last database update LicenceExp=<string> : licence expiration date
Implementation notes
log disable
Example
MONITOR ANTIVIRUS 101 code=00a01000 msg="Begin" [00] Name=clamav Selected=1 DateUpd=2006-05-10 15:08:55 LicenceExp=2008-06-30 [01] Name=Kaspersky Selected=0 DateUpd= LicenceExp=2008-06-30 100 code=00a00100 msg="Ok"
Level
base
History
Appears in 1.0.0
Description
Check autobackup status
Usage
monitor autobackup
Returns
[Autobackup]State=(disabled|success|Never used|failed) Last=<YYYY-MM-DD hh:mm:ss> : date of last successful backup
Level
base
History
Appears in 6.0.0
Pvm Appears in 7.0.0
Description
Check autoupdate status or launch an update
Note
Launching an update requires level "Maintenance AND (Mon_write OR Modify)"
Usage
monitor autoupdate [update=<on|Antispam|URLFiltering|Patterns|Kaspersky|Clamav|Vaderetro|Pvm|RootCertificates>] [force=(0|1)]
Deprecated
Level
base
History
Appears in 6.0.0
deprecated in 6.1.0
Description
Monitor kaspersky
Usage
monitor avp
Level
log_read
History
FORMAT Appears in 9.0.0
host, srcifname, dstifname, slotlevel, ruleid, rtidname and qidname appear in 9.1.0
srcmac, natslotlevel, natruleid and username appear in 1.0.0
Description
List connection information with at least one filter
Usage
monitor connection [host=<host_address>] [srcifname=<interface>] [dstifname=<interface>] [slotlevel=<slot> ruleid=<rule>] [natslotlevel=<slot> natruleid=<rule>] [rtidname=<router_name>] [qidname=<qidname>] [srcmac=<macaddr>] [username=<user>]
Format
section_line
Returns
time : connection creation time id : unique identifier parentid : parent unique identifier for protocol like ftp or 0 if not used proto : protocol (tcp, udp, http, ...) src : source IP address srcname : miniDNS client name for source IP address srcmac : source ETHERNET address srcport : source port dst : destination IP address dstname : miniDNS server name for destination IP address dstport : destination port srcif : packets source interface dstif : packets destination interface sent : bytes sent rcvd : bytes received duration : duration in seconds rtid : router ID rtidname : router ID name slotlevel : slot level ruleid : rule ID natslotlevel : nat slot level natruleid : nat rule ID state : state of TCP connection qidname : Qos ID name username : username for the connexion ... : protocol dependent field
Level
base
History
Appears in 6.1.0
Description
Get information on status of cryptographic card
Note
the effect of 'all' is to get more information when an error occure
Usage
monitor cryptocard [all]
Returns
[Global]State= : state of card (0 or 1) StateError= : error code of driver card (only if State=0) LibraryVersion= : version of library (only for option 'all') DriverVersion= : version of driver (only for option 'all') StatsError= : error code of driver card (only if stats failed and option 'all') SymError= : error code of driver card for symetric op (only if stats failed and option 'all') AsymError= : error code of driver card for asymetric op (only if stats failed and option 'all') IntError= : error code of driver card (only if stats failed and option 'all') [Flow] RNG= : number of random byte generated DES= : number of byte encrypted/decrypted with DES/3DES [Request] RNG= : number of request for random generation DH= : number of request for Diffie-Hellman RSA= : number of request for RSA DES= : number of request for DES/3DES
Example
MONITOR CRYPTOCARD
Level
base
History
Appears in 9.1.0
Description
Display information on the dhcp leases
Usage
monitor dhcp
Format
section_line
Returns
[DHCP_Lease]IPAddress="<ip>" State="[free|active|expired|released|abandoned|reset]" Start="YYYY-MM-DD hh:mm:ss" End="YYYY-MM-DD hh:mm:ss" MacAddress="xx:xx:xx:xx:xx:xx" [Hostname="<hostname>"] (...) [Stat_Lease] NBTotal=<total number of leases in the list> NBActive=<number of actived leases>
Example
MONITOR DHCP [DHCP_Lease] IPAddress="172.16.4.10" State="active" Start="2012-05-07 18:14:12" End="2012-05-07 18:16:12" MacAddress="00:01:03:8a:d9:7f" Hostname="my-pc" IPAddress="10.10.10.237" State="active" Start="2012-03-05 08:25:28" End="2012-03-06 08:25:28" MacAddress="d8:9e:3f:a2:ff:ff" Hostname="my-server" IPAddress="10.10.9.217" State="active" Start="2012-03-05 08:15:06" End="2012-03-06 08:15:06" MacAddress="34:15:9e:44:eb:eb" Hostname="my-phone" IPAddress="10.10.13.239" State="free" Start="2012-03-05 08:23:30" End="2012-03-05 08:24:19" MacAddress="88:c6:63:b6:dd:dd" [Stat_Lease] NBTotal=4 NBActive=3
Level
filter_read
History
Appears in 6.0.0
level filter Appears in 6.0.2
level log deprecated in 6.0.2
FORMAT Appears in 9.0.0
host, shost, dhost, port, sport, dport, iface, siface, diface, proto, iptype, rtid, qid appear in 1.0.0
Description
Dump current filter rules
Usage
monitor filter [host=<host_address>] [shost=<host_address>] [dhost=<host_address>] [port=<port>] [sport=<port>] [dport=<port>] [iface=<interface>] [siface=<interface>] [diface=<interface>] [proto=<tcp|udp>] [iptype=<4|6>] [rtid=<router_name>] [qid=<qidname>]
Format
list
Example
MONITOR FILTER
Level
filter+mon_write
History
Appears in 6.0.0
Description
Flushes an object in the dynamic address list, or flush all entries in the dynamic if 'all' given as argument
Note
Filter and Modify levels are required for Type that are not BlackList
Usage
monitor flush addresslist Type=BlackList|BlackListExclude|WhiteList|WhiteListExclude Name1=<object>|all [Name2=<object>]
Example
MONITOR FLUSH ADDRESSLIST Type=BlackList Name1=10.2.16.1 MONITOR FLUSH ADDRESSLIST Type=BlackList Name1=all
Level
base
History
Appears in 1.0.0
Description
Get flush informations
Usage
monitor flush info
Returns
[rulestat] last_global_reset=<secs> time in secs since the last global slot reset last_local_reset=<secs> time in secs since the last local slot reset
Example
MONITOR FLUSH INFO [rulestat] last_global_reset=150 last_local_reset=654
Level
pvm+mon_write
History
Appears in 7.0.0
Description
Clear the whole PVM knowledge base or all data of a host
Usage
monitor flush pvm (All | HostId=<host>)
Returns
Error code
Level
filter+modify|mon_write
History
Appears in 1.0.0
Description
Reset filter rulematch counters
Usage
monitor flush rulematch <global=(0|1)>
Example
MONITOR FLUSH RULEMATCH global=0
Level
vpn_read+mon_write
History
Appears in 6.0.0
Description
Flushes an SA identified by it's SPI, or flush all SAs if 'all' given as SPI
Usage
monitor flush sa <SA SPI>|'all'
Example
MONITOR FLUSH SA 456303451 MONITOR FLUSH SA 0x1b32a35b MONITOR FLUSH SA all
Level
log+mon_write
History
level mon_write Appears in 6.0.0
level modify deprecated in 6.0.0
Description
Reset ASQ statistics
Usage
monitor flush stat
Level
log+mon_write
History
level mon_write Appears in 6.0.0
level modify deprecated in 6.0.0
Description
Flush ASQ state (host, connection, fragment, ...)
Usage
monitor flush state <ip>
Level
vpn_read
History
FORMAT Appears in 9.0.0
Description
List IPsec SA
Usage
monitor getsa
Format
section_line
Returns
src=<ip> : source IP address dst=<ip> : destination IP address type=ah|esp : SA type mode=any|transport|tunnel : SA mode spi=<id> : identifier reqid=<id> : identifier comp=<algo> : compression algo in use enc=<algo> : cypher algo in use auth=<algo> : authentication in use state=larval|mature|dying|dead : SA state lifetime=<secs> : time count bytes=<count> : byte count
Example
101 begin src=10.2.0.1 dst=10.2.0.2 type="esp" mode="tunnel" spi=6599678 peerspi=106673664 reqid=16385 enc="rijndael-cbc" auth="hmac-sha1" state="mature" lifetime=465 bytes=101552 maxlifetime=600 maxbytes=0 src=10.2.0.2 dst=10.2.0.1 type="esp" mode="tunnel" spi=106673664 peerspi=6599678 reqid=16386 enc="rijndael-cbc" auth="hmac-sha1" state="mature" lifetime=465 bytes=282280 maxlifetime=600 maxbytes=0 .
Level
vpn_read
History
Appears in 6.1.0
FORMAT Appears in 9.0.0
Description
List IPsec SPD policy
Usage
monitor getspd
Format
section_line
Returns
src=<ip> : source IP address srcname=<name> : Optionnal source object name srcmask=<masklen> : the value of src mask len in bits srcport=<port> : Optionnal source port dst=<ip> : destination IP address dstname=<name> : Optionnal destination object name dstmask=<masklen> : the value of dst mask len in bits dstport=<port> : Optionnal destination port proto=<protocol> : Optionnal protocol name dir=in|out policy=none|ipsec srcgw=<ip> : source Gateway IP srcgwname=<name> : Optionnal source Gateway name dstgw=<ip> : destination Gateway IP dstgwname=<name> : Optionnal destination Gateway name enc=esp|ah|ipcomp : Optionnal encapsulation mode mode=tunnel|transport : Optionnal IPSec mode level=use|require|unique : Optionnal policy level reqid=<id> : Optionnal Reqid identifier (if level is "unique") lifetime=<secs> : Optionnal current time count bytes=<count> : Optionnal current byte count maxlifetime=<secs> : Optionnal max time count maxbytes=<count> : Optionnal max byte count
Example
101 begin src=127.0.0.0 srcmask=8 srcname=Network_loopback dst=127.0.0.0 dstmask=8 dstname=Network_loopback dir=in policy=none spid=13 seq=3 pid=56555 src=192.168.1.0 srcmask=24 srcname=Net_peer dst=10.2.0.0 dstmask=16 dstname=network_in dir=in policy=ipsec spid=16 seq=2 pid=56555 enc="esp" mode=tunnel srcgw=172.16.1.2 srcgwname=ipsec_peer dstgw=172.16.11.2 dstgwname=Firewall_out level=unique reqid=16392 src=127.0.0.0 srcmask=8 srcname=Network_loopback dst=127.0.0.0 dstmask=8 dstname=Network_loopback dir=out policy=none spid=14 seq=1 pid=56555 src=10.2.0.0 srcmask=16 srcname=network_in dst=192.168.1.0 dstmask=24 dstname=Net_peer dir=out policy=ipsec spid=15 seq=0 pid=56555 enc="esp" mode=tunnel srcgw=192.16.11.2 srcgwname=Firewall_out dstgw=172.16.1.2 dstgwname=ipsec_peer level=unique reqid=16391 .
Level
base
History
appears in 9.0.2
Description
show GPRS network and signal quality
Usage
monitor gprs
Returns
[<name of GPRS interface>] operator="<network operator>" signal_quality=<signal quality in bars (0-5)>
Level
log_read
History
FORMAT Appears in 9.0.0
mac_addr, byte_count and throughput_out appear in 1.0.0
conn disappears in 1.0.0
Description
List host informations and statistics
Usage
monitor host [<host address>]
Format
section_line
Returns
addr : host IP address mac_addr : ethernet address name : host name interface : host interface packet : total accepted packet count byte : total incoming byte count byte_count : total outcoming byte count throughput : current incoming throughput (current,max) throughput_out : current outcoming throughput (current,max)
Example
101 begin addr=10.3.0.1 name=10.3.0.1 interface=FwTunnel_OUT packet=0 byte=0 conn=0 throughput=0,0 addr=10.3.1.1 name=10.3.1.1 interface=FwTunnel_OUT packet=4 byte=916 conn=0 throughput=0,71 ...
Level
log_read
History
FORMAT Appears in 9.0.0
Description
Display interface information
Note
Without interface name, return information from all interfaces. All values are in bits
Usage
monitor interface [<interface name>]
Format
section_line
Returns
name=user interface name,real interface name type=ethernet|dialup|vlan|pptp addr=address/mask color=rgb throughput=interface in : mac,current,max,userdefined in bits throughput_out=interface out : mac,current,max,userdefined in bits packet=accepted,blocked,fragmented,tcp,udp,icmp byte=incomming : total,tcp,udp,icmp byte_out=outgoing : total,tcp,udp,icmp tcpconn=nb of tcp connection since last stat reset udpconn=nb of udp connection since last stat reset tcpconncount=nb of current tcp connection inside ASQ udpconncount=nb of current udp connection inside ASQ state=0|1 : interface down | interface up plugged=0|1 : Passive | Active protected=0|1 : Non protected | Protected fullduplex=0|1 : Half duplex | Full duplex
Example
MONITOR INTERFACE in 100 name=in,ethernet1 addr=10.2.0.1/255.0.0.0 type=ethernet color=A040FF
Level
log_read
History
appears in 9.0.0
Description
Get last log lines from the dispatch queue
Note
lastid return only the last alarm id
Usage
monitor log <logname> lastid|all|<id>
Format
section_line
Example
MONITOR LOG connection all
Level
base
History
Appears in 1.0.0
Description
Display currently connected users
Usage
monitor openvpn list
Format
section_line
Level
base
History
Appears in 1.0.0
Description
Remove connected user
Usage
monitor openvpn remove user=<all|username> : client username
[ip=<ip>|<all>] : real ip of client
[port=<port>|<all>] : port of client
Returns
Error code
Example
MONITOR OPENVPN REMOVE user=all MONITOR OPENVPN REMOVE user=test ip=all MONITOR OPENVPN REMOVE user=test ip=all port=all MONITOR OPENVPN REMOVE USER=test ip=192.168.0.1 MONITOR OPENVPN REMOVE USER=test ip=192.168.0.1 port=4242
Level
base
History
Appears in 6.0.0
Description
List active slot and sync status
Usage
monitor policy
Level
base
History
Appears in 1.2.0
Description
Monitor power states on SN3000 and SN6000
Usage
monitor power
Returns
[Power0] (OK|FAILED|NOTFOUND) [Power1] (OK|FAILED|NOTFOUND)
Example
MONITOR POWER
Level
base
History
Appears in 1.0.0
Description
Monitor Proxy-Cache
Usage
monitor proxycache
Level
base
History
Appears in 7.0.0
Description
Display information of the proactive vulnerability management module
Level
pvm
History
Appears in 7.0.0
FORMAT Appears in 9.0.0
Description
Test user defined value and return real PVM value
Usage
monitor pvm force check (Type=os Name=<user_os> | Type=service Name=<user_service>)
Format
list
Returns
the nearest valid name
Example
MONITOR PVM FORCE CHECK Type=service Name="Apache 1.3" 101 code=00a01000 msg="Début" Apache_1.3.x100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 7.0.0
FORMAT Appears in 9.0.0
Description
List products or product families that can be forced by the user
Usage
monitor pvm force list Type=os|service
Format
section_line
Returns
name : name of the productfamily : is it a product family or not (a product family could be set followed by a version)
Example
MONITOR PVM FORCE LIST Type=os 101 code=00a01000 msg="Début" name=Linux family=1 name=Windows_XP family=0 ... 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 7.0.0
product Appears in 8.0.0
osname Appears in 8.0.0
FORMAT Appears in 9.0.0
Description
Return all hosts which have some informations stored in proactive vulnerability management module
Usage
monitor pvm host
Format
section_line
Returns
hostid : id use to join this other monitor requests addr : ip address of the affected host name : name of the host info : number of information detected on the host vuln : number of vulnerability detected on the host port : number of open port detected on the host product : number of product detected on the host service : number of service (product that hold an open port) detected on the host lastevent : date of the last even seen on the host osname : operating system without version of the host os : operating system of the host detectedos : operating system of the host as detected by the proactive vulnerability management module
Example
> MONITOR PVM VULN_HOST 101 code=00a01000 msg="Début" hostid=x addr=x name=x info=x vuln=x product=x service=x port=x lastevent=x osname=x os=x detectedos=x hostid=x addr=x name=x info=x vuln=x product=x service=x port=x lastevent=x osname=x os=x detectedos=x 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 8.0.0
FORMAT Appears in 9.0.0
Description
Return all hosts on which the os have been found
Usage
monitor pvm hostbyos OsName=<pvm_os>
Format
section_line
Returns
hostid : id use to join this other monitor requests addr : address of the host name : name of the host os : real os (with version)
Example
> MONITOR PVM HOSTBYPRODUCT OsName=Linux 101 code=00a01000 msg="Début" hostid=x addr=x name=x os=x hostid=x addr=x name=x os=x 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 8.0.0
FORMAT Appears in 9.0.0
Description
Return all hosts on which the product have been found
Usage
monitor pvm hostbyproduct ProductName=<pvm_product>
Format
section_line
Returns
hostid : id use to join this other monitor requests addr : address of the host name : name of the host os : operating system of the host product : real detected product (with version)
Example
> MONITOR PVM HOSTBYPRODUCT ProductName=Firefox 101 code=00a01000 msg="Début" hostid=x addr=x name=x os=x product=x hostid=x addr=x name=x os=x product=x 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 7.0.0
product Appears in 8.0.0
FORMAT Appears in 9.0.0
Description
Return all hosts on which the vulnerability|information have been found
Usage
monitor pvm hostbypvmid PvmId=<pvm_id>
Format
section_line
Returns
hostid : id use to join this other monitor requests addr : address of the affected host name : name of the host os : operating system of the host port : port of the service on which the vulnerability|information has been found (if any) productname : product name without version on which the vulnerability|information has been found (if any) product : product name on which the vulnerability|information has been found (if any) servicename : service without version (product with an open port) name on which the vulnerability|information has been found (if any) service : service (product with an open port) name on which the vulnerability|information has been found (if any) affecteddate : date when the vulnerability|information has been found on the host detail : additional vulnerability|information data (if any)
Example
> MONITOR PVM HOSTBYPVMID PvmId=12002 101 code=00a01000 msg="Début" hostid=x addr=x name=x os=x port=x/tcp servicename=x service=x affecteddate=x detail=x hostid=x addr=x name=x os=x port=x/udp servicename=x service=x affecteddate=x detail=x 100 code=00a00100 msg="Ok"> MONITOR PVM HOSTBYPVMID PvmId=12005 101 code=00a01000 msg="Début" hostid=x addr=x name=x os=x productname=x product=x affecteddate=x detail=x 100 code=00a00100 msg="Ok"> MONITOR PVM HOSTBYPVMID PvmId=12007 101 code=00a01000 msg="Début" hostid=x addr=x name=x os=x affecteddate=x detail=x 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 8.0.0
FORMAT Appears in 9.0.0
Description
Return all hosts on which the service have been found
Usage
monitor pvm hostbyservice ServiceName=<pvm_service>
Format
section_line
Returns
hostid : id use to join this other monitor requests addr : address of the host name : name of the host os : operating system of the host port : port on which the service has been found service : real detected service (with version)
Example
> MONITOR PVM HOSTBYSERVICE ServiceName=Apache 101 code=00a01000 msg="Début" hostid=x addr=x name=x os=x port=x service=x hostid=x addr=x name=x os=x port=x service=x 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 7.0.0
product stuffs Appears in 8.0.0
servicename Appears in 8.0.0
osname Appears in 8.0.0
service family Appears in 8.0.0
Description
Return informations, services and vulnerabilities of a host
Usage
monitor pvm hostdata HostId=<host_id>
Format
section_line
Returns
[Host] hostid : id use to join this other monitor requests addr : ip address of the host name : name of the host port : number of open port product : number of product service : number of service (product that hold an open port) osname : operating system without version of the host os : operating system of the host detectedos : operating system of the host as detected by the proactive vulnerability management module info : number of informations detected by the proactive vulnerability management module vuln : number of vulnerabilities detected by the proactive vulnerability management module [Product] productname : product without version product : product name family : product's family id [Service] port : port of the service servicename : service without version service : service name detectedservice : service name as detected by the proactive vulnerability management module family : service's family id [Info] id : information id name : information's name family : information's family id level : alarm level of the information on the host (ignore, minor or major) port : port of the service on which the information has been found (if any) product : product name on which the information has been found (if any) service : service (product with an open port) name on which the information has been found (if any) affecteddate : date when the information has been found on the host detail : additional data (if any) [Vuln] id : vulnerability id name : vulnerability's name family : vulnerability's family id severity : vulnerability's severity id remote : true if the vulnerability could be exploited remotely solution : true if the vulnerability could be corrected level : alarm level of the vulnerability on the host (ignore, minor or major) port : port of the service on which the vulnerability has been found (if any) product : product name on which the vulnerability has been found (if any) service : service (product with an open port) name on which the vulnerability has been found (if any) affecteddate : date when the vulnerability has been found on the host detail : additional data (if any)
Example
> MONITOR PVM HOSTDATA HostId=x 101 code=00a01000 msg="Début" [Host] hostid=x addr=x name=x info=x vuln=x port=x osname=x os=x detectedos=x [Product] productname=x product=x family=x productname=x product=x family=x [Service] port=x/tcp servicename=x service=x detectedservice=x family=x port=x/tcp servicename=x service=x detectedservice=x family=x port=x/tcp servicename=x service=x detectedservice=x family=x [Info] id=x name=x family=x level=x port=x/tcp service=x detail=x id=x name=x family=x level=x port=x/udp service=x id=x name=x family=x level=x product=x detail=x id=x name=x family=x level=x detail=x [Vuln] id=x name=x family=x severity=x remote=x solution=x level=x port=x/tcp service=x detail=x id=x name=x family=x severity=x remote=x solution=x level=x port=x/udp service=x id=x name=x family=x severity=x remote=x solution=x level=x product=x detail=x id=x name=x family=x severity=x remote=x solution=x level=x detail=x 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 7.0.0
FORMAT Appears in 9.0.0
Description
Return all informations detected by the proactive vulnerability management module
Usage
monitor pvm info
Format
section_line
Returns
id : information id name : information's name family : information's family id affectedhost : number of hosts which are affected by this vulnerability
Example
> MONITOR PVM INFO 101 code=00a01000 msg="Début" id=x name="x" family=x affectedhost=x id=x name="x" family=x affectedhost=x 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 8.0.0
FORMAT Appears in 9.0.0
Description
Return all operating sytems detected by the proactive vulnerability management module
Usage
monitor pvm os
Format
section_line
Returns
osname : operating system without version family : os' family id count : number of instance of this os
Example
> MONITOR PVM INFO 101 code=00a01000 msg="Début" osname=x family=x count=x osname=x family=x count=x 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 8.0.0
FORMAT Appears in 9.0.0
Description
Return all products detected by the proactive vulnerability management module
Usage
monitor pvm product
Format
section_line
Returns
productname : product without version family : product's family id count : number of instance of this product
Example
> MONITOR PVM INFO 101 code=00a01000 msg="Début" productname=x family=x count=x productname=x family=x count=x 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 8.0.0
FORMAT Appears in 9.0.0
Description
Return all services (products with an open port) detected by the proactive vulnerability management module
Usage
monitor pvm service
Format
section_line
Returns
servicename : service without version family : service's family id count : number of instance of this service
Example
> MONITOR PVM INFO 101 code=00a01000 msg="Début" servicename=x family=x count=x servicename=x family=x count=x 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 7.0.0
Description
Return statistics on vulnerabilities|informations found by the proactive vulnerability management module
Usage
monitor pvm stat
Returns
[LastQuarter] info : number of informations detected in the last quarter vuln : number of vulnerabilities detected in the last quarter host : number of hosts seen by the proactive vulnerability management module in the last quarter [Info] total : total number of information detected less12h : number of information detected in the last 12 hours less1d : number of information detected in the last day less2d : number of information detected in the last 2 days less7d : number of information detected in the last 7 days less30d : number of information detected in the last 30 days [Vuln] total : total number of vulnerability detected less12h : number of vulnerability detected in the last 12 hours less1d : number of vulnerability detected in the last day less2d : number of vulnerability detected in the last 2 days less7d : number of vulnerability detected in the last 7 days less30d : number of vulnerability detected in the last 30 days
Example
> MONITOR PVM STAT 101 code=00a01000 msg="Début" [LastQuarter] info=x vuln=x host=x [Info] total=x less_12h=x less_1d=x less_2d=x less_7d=x less_30d=x [Vuln] total=x less_12h=x less_1d=x less_2d=x less_7d=x less_30d=x 100 code=00a00100 msg="Ok"
Level
pvm
History
Appears in 7.0.0
FORMAT Appears in 9.0.0
Description
Return all vulnerabilities detected by the proactive vulnerability management module
Usage
monitor pvm vuln
Format
section_line
Returns
id : vulnerability id name : vulnerability's name family : vulnerability's family id severity : vulnerability's severity id date : vulnerability's discovery date targetclient : true if affected product is a client targetserver : true if affected product is a server remote : true if the vulnerability could be exploited remotely solution : true if the vulnerability could be corrected affectedhost : number of hosts which are affected by this vulnerability
Example
> MONITOR PVM VULN 101 code=00a01000 msg="Début" id=x name="x" family=x severity=x date=x targetclient=x targetserver=x remote=x solution=x affectedhost=x id=x name="x" family=x severity=x date=x targetclient=x targetserver=x remote=x solution=x affectedhost=x 100 code=00a00100 msg="Ok"
Level
log_read
History
Appears in 6.1.0
FORMAT Appears in 9.0.0
Description
List QoS queues informations and statistics
Usage
monitor qos [<queue name>]
Format
section_line
Returns
qid : queue name byte : total byte count conn : current connection count throughput : current throughput (current,max)
Level
base
Description
Give the RAID's status
Usage
monitor raid
Example
[DISK_0] Address=1 Status="Optimal" Type=RAID_DISK [DISK_1] Address=3 Status="Optimal" Type=RAID_DISK [RAID_ARRAY_0] Address=1 Status="Optimal" Type=RAID-1 Children=DISK_0,DISK_1 [DISK_2] Address=2 Status="Optimal" Type=HOTSPARE
Level
log_read
History
Appears in 1.0.0
Description
List routing information
Usage
monitor route
Format
section_line
Returns
[ASQRoute] name=<name> gateway=<ip> : gateway IP addr rtid=<id> : route id used=<count> : number of packet processed type=<Interface|LB|Filter> : route type status=<0|1> : 0=disabled, 1=enabled [Gateways] type=<PrincipalGateway|BackupGateway> name=<name> lastip=<ip> state=<UP|DOWN>
Example
[ASQRoute] name="dmz13" gateway="10.200.35.200" rtid=0 used=0 type="Interface" enabled=1 name="fw_labo" gateway="10.2.0.1" rtid=1 used=0 type="Filter" enabled=1 name="gm_fw_system" gateway="10.200.0.1" rtid=2 used=0 type="LB" enabled=1 name="gm_fw_u450_test" gateway="10.200.35.254" rtid=3 used=0 type="LB" enabled=1 [Gateways] type="PrincipalGateway" name="fw_system" lastip="10.200.0.1" result="UP" type="PrincipalGateway" name="dummy_gateway" lastip="10.200.35.50" result="DOWN" type="PrincipalGateway" name="fw_u450_test" lastip="10.200.35.254" result="UP"
Level
log_read
History
FORMAT Appears in 9.0.0
Description
Return the list of all active services, with uptime for each services
Usage
monitor services
Format
section_line
Returns
[Service] alarmd=1 uptime=236194 authd=0 uptime=236202 dhclient uptime=0,236202 dhcpd=0 uptime=236202 dns=0 uptime=236202 eventd uptime=1,236202
Level
base
History
Appears in 1.0.0
Description
Monitor the health and attributes of each S.M.A.R.T. devices
Usage
monitor smart
Example
MONITOR SMART
Level
log_read
Description
List firewall informations and statistics
Usage
monitor stat
Returns
time=<%Y-%m-%d %T> : current system date uptime=<day:hour:min:sec> : system running for mem=<host,frag,icmp,conn,dtrack,dyn> : memory left for in percent stattime= : temperature= : current cpu(s) temperature in celsius (NA if not available) CPU=<user+sys+nice,intr,sys>: CPU load informations
Example
date="2002-08-08 12:54:55" uptime=1:3:14:29 mem=1,0,0,0 stattime="2002-08-08 12:01:00" temperature=40,48 CPU=25,4,15
Level
log_read
History
FORMAT Appears in 9.0.0
Description
List authenticated user
Usage
monitor user [<name>]
Format
section_line
Returns
name : user name addr : host IP address timeout : time left in seconds group : user group name
Example
101 begin name="auth1d" group="" addr=10.2.13.80 timeout=2633 name="guillaumed" group="laboSYS" addr=10.2.3.1 timeout=4828 name="yvanv" group="laboIHM" addr=10.2.2.1 timeout=4744
Level
unknown
Description
Do nothing but avoid disconnection from server.
Note
Used to reset idle time-out.
Usage
nop
Returns
Error code
Example
NOP
Level
pki
History
Appears in 9.0.0
Description
Check if the authority is used
Usage
pki ca check caname=<name>
Format
section_line
Level
base
History
Appears in 9.0.0
Description
show or update the checkcrl utility configuration
Level
pki+modify
History
Appears in 9.0.0
Description
Add a new URI to the checkcrl list.
Usage
pki ca checkcrl add caname=<name> uri=<uri> state=<enabled|disabled>
Format
section
Level
pki+modify
History
Appears in 9.0.0
Description
Remove an entry in the checkcrl utility
Usage
pki ca checkcrl remove caname=<name> id=<number>
Level
base
History
Appears in 9.0.0
Description
Show the checkcrl configuration
Usage
pki ca checkcrl show caname=<name>
Format
section_line
Level
pki+modify
History
Appears in 9.0.0
Description
Add a new URI to the CRL distribution points list. The new URI will be added to the next certificates created
Usage
pki ca config crldp add caname=<name> uri=<uri>
Level
pki+modify
History
Appears in 9.0.0
Description
Remove an entry in the CRLDP.
Usage
pki ca config crldp remove caname=<name> id=<number>
Level
base
History
Appears in 9.0.0
Description
Show the authority parameters.
Usage
pki ca config show caname=<name>
Format
section
Level
pki+modify
History
Appears in 9.0.0
Description
Update the authority parameters.
Usage
pki ca config update caname=<name> [crl_days=<days>] [crl_hours=<days>] [user_size=<size>] [user_days=<days>] [smartcard_size=<size>] [smartcard_days=<days>] [server_size=<size>] [server_days=<days>] [ca_size=<size>] [ca_days=<days>]
Level
pki+modify
Licence needed:
PKI
History
Appears in 9.0.0
Description
Create a new CA in the tree for create a sub-authority, you must precise the topca and topcapass. by default, it creates a root authority
Usage
pki ca create passphrase=<pass>
CN=<name>
C=<country>
ST=<state>
O=<organization>
OU=<unit>
[size=<key size>]
[topca=<name>]
[topcapass=<pass>]
[default=<0|1>]
[nbdays=<days>]
[shortname=<name>]
[L=<locality>]
[E=<email>]
[S=<serial>]
[UA=<unstructuredAddress>]
[UN=<unstructuredName>]
Format
section
Level
pki
History
Appears in 9.0.0
Description
Download the CA. This command does not send the private key. This command sends you the complete chain of authorities in p12 or pem format but single object in der one.
Usage
pki ca get caname=<name> format=<p12|pem|der> [password=<P12_password>]
Level
base
History
Appears in 9.0.0
Description
List all of the CAs under the authority specified or ROOT authority.
Usage
pki ca list [caname=<name>]
Format
section_line
Level
pki+modify
History
Appears in 9.0.0
Description
Try to publish the default authority into the configured LDAP
Usage
pki ca publish
Level
pki+modify
History
Appears in 1.0.0
Description
Remove a CA with all certificates without password
Usage
pki ca purge caname=<name>
Level
pki+modify
History
Appears in 9.0.0
Description
Rename the specified object Use the force token if you want to rename the in-use authority.
Usage
pki ca rename caname=<name> newname=<name> [force=<0|1>]
Level
pki+modify
History
Appears in 9.0.0
Description
Remove a CA on the tree, and if have the private key, revoke all certificates under. You must specify the passphrase for an authority which have a private key and you must specify the top-ca password for an authority who is depend on another authority which have private key. Use the force token if you want to remove a in-use authority. This command does not revoke the sub-authority. The valid reasons are : unknow, keyCompromise, CACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, privilegeWithdrawn, AACompromise
Usage
pki ca revoke caname=<name> [format=<pem|der>] [passphrase=<pass>] [reason=<raison>] [topcapass=<pass>] [force=<0|1>]
Level
base
History
Appears in 9.0.0
Description
show update or create a certificate request
Level
pki
History
Appears in 9.0.0
Description
Check if the specified certificate is in use. If no authority name is given, the default one is taken.
Usage
pki certificate check name=<name> [caname=<name>]
Format
section_line
Level
pki+modify
History
Appears in 9.0.0
Description
Add a small comment on the given certificat. If no authority name is given, the default one is taken.
Usage
pki certificate comment name=<name> comment=<comment> [caname=<name>]
Level
pki+modify
Licence needed:
PKI
History
Appears in 9.0.0
Description
Create a new certificate. You must have the authority private key. For a server certificate, the CN must be a FQDN For a user, you must precise an email. For a SmartCard type, you must have an email and have define the CRLDP of the authority. You can also specify the UPN (UserPrincipalName) used to login in Windows environment. If no authority name is given, the default one is taken.
Usage
pki certificate create type=<user|server|smartcard>
CN=<name>
passphrase=<pass>
[caname=<name>]
[shortname=<name>]
[size=<key size>]
[nbdays=<days>]
[C=<country>]
[ST=<state>]
[L=<locality>]
[O=<organisation>]
[OU=<unit>]
[E=<email>]
[UA=<unstructuredAddress>]
[UN=<unstructuredName>]
[S=<serial>]
[UPN=<userPrincipalName>]
[ALTNAMES=<list of ip or fqdn name separated by ;>]
Format
section
Example
PKI CERTIFICATE CREATE type=smartcard CN="John Doe" passphrase="secret" E=j.doe@company.com UPN="john.doe@COMPANY.DOMAIN" PKI CERTIFICATE CREATE type=server CN="www.companie.com" passphrase="secret" ALTNAMES="*.companie.com;companie.com;12.34.56.78;98.76.54.32"
Level
pki+modify
History
Appears in 1.2.0
Description
Drop the private key of the certificate
Usage
pki certificate dropkey name=<name> [caname=<name>] [force=<0|1>]
Example
PKI CERTIFICATE DROPKEY caname=myca name=mycert
Level
base
History
Appears in 9.0.0
Description
Download the certificate. If the certificate have a private key, you must precise a password for crypt the private key. If no authority name is given, the default one is taken.
Usage
pki certificate get name=<name> format=<p12|pem|der> [password=<exportpassword>] [caname=<name>]
Level
base
History
Appears in 9.0.0
Description
List all of the certificates under the specified authority. If no authority name is given, the default one is taken.
Usage
pki certificate list [caname=<name>]
Format
section_line
Level
pki+modify
History
Appears in 9.0.0
Description
Try to publish a certificat of the default authority into the configured LDAP. You can precise the uid of an user or the complete DN of the location to publish. If the certificate have a private key, you must precise a password to crypt the P12 file in LDAP.
Usage
pki certificate publish name=<name> [dn=<dn> | uid=<uid>] [password=<p12password>]
Level
pki+modify
History
Appears in 9.0.0
Description
Rename the specified object Use the force token if you want to rename the in-use certificate.
Usage
pki certificate rename name=<name> newname=<name> [caname=<name>] [force=<0|1>]
Level
pki+modify
Licence needed:
PKI
History
Appears in 9.0.0
Description
Revoke the certificate if have the authority private key. Else, just drop it. Use the force token if you want to remove the in-use certificate. If no authority name is given, the default one is taken. The valid reasons are : unknow, keyCompromise, CACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, privilegeWithdrawn, AACompromise
Usage
pki certificate revoke name=<name> [caname=<name>] [passphrase=<pass>] [reason=<raison>] [force=<0|1>]
Format
section
Level
base
History
Appears in 9.0.0
Description
Show all of the information in the certificate. The full parameter give you the same outpout as a openssl one. If no authority name is given, the default one is taken.
Usage
pki certificate show name=<name> [caname=<name>] [full=<0|1>]
Format
section
Level
base
History
Appears in 9.0.0
Description
Show the parameters.
Usage
pki config show
Format
section
Level
pki+modify
Licence needed:
PKI
History
Appears in 9.0.0
Description
Create a new CRL for the specified CA. You must have the private key of the authority. If no authority name is given, the default one is taken.
Usage
pki crl create passphrase=<pass> [caname=<name>]
Level
pki
History
Appears in 9.0.0
Description
Download the CRL. If no authority name is given, the default one is taken.
Usage
pki crl get format=<pem|der> [caname=<name>]
Level
pki+modify
History
Appears in 9.0.0
Description
Try to publish the CRL of the default authority into the configured LDAP
Usage
pki crl publish
Level
pki+modify
History
Appears in Sicilia
Description
Remove the CRL.
Usage
pki crl remove caname=<name>
Level
pki+modify
History
Appears in 9.0.0
Description
Import a item into the PKI
Usage
pki import format=<p12|pem|der> type=<req|cert|pkey|crl|ca|all> [password=<pass>] [force=<0|1>]
Level
pki+modify
Licence needed:
PKI
History
Appears in 9.0.0
Description
Create a new certification request for the given authority. If no authority name is given, the default one is taken. The email is mandatory for a user request. The name must be a fqdn or an IP for a server one.
Usage
pki request create type=<user|server|smartcard|ca>
CN=<name>
passphrase=<pass>
[caname=<name>]
[shortname=<name>]
[size=<key size>]
[nbdays=<days>]
[C=<country>]
[ST=<state>]
[L=<locality>]
[O=<organisation>]
[OU=<unit>]
[E=<email>]
[UA=<unstructuredAddress>]
[UN=<unstructuredName>]
[S=<serial>]
[UPN=<userPrincipalName>]
[ALTNAMES=<list of ip or fqdn name separated by ;>]
Level
base
History
Appears in 9.0.1
Description
Download only the certificate request. The private key remain in the PKI. The file format remain the same as origin.
Usage
pki request get name=<name> format=<pem|der>
Level
base
History
Appears in 9.0.0
Description
List all of the pending request
Usage
pki request list
Format
section_line
Level
pki+modify
History
Appears in 9.0.0
Description
Remove a pending certification request
Usage
pki request remove name=<name>
Level
base
History
Appears in 9.0.0
Description
Display the content of the certification request. The full parameter gives you the same outpout as a openssl one.
Usage
pki request show name=<name> [full=<0|1>]
Format
section
Level
pki+modify
Licence needed:
PKI
History
Appears in 9.0.0
Description
Sign the request with the specified authority. You must have the private key of the authority. If no authority name is given, the default one is taken. For a SmartCard type, you must have an email and have define the CRLDP of the authority. You can also specify the UPN (UserPrincipalName) used to login in Windows environment. For a server certificate you can specify ALTNAMES with a semicolon separated list of IP or FQDN names.
Usage
pki request sign type=<user|server|smartcard|ca>
name=<name>
passphrase=<pass>
[caname=<name>]
[shortname=<name>]
[size=<key size>]
[nbdays=<days>]
[UPN=<userPrincipalName>]
[ALTNAMES=<list of ip or fqdn name separated by ;>]
Format
section
Example
PKI REQUEST SIGN type=smartcard name="request_1" CN="John Doe" passphrase="secret" UPN="john.doe@COMPANY.DOMAIN" PKI REQUEST SIGN type=server name="request_2" CN="www.companie.com" passphrase="secret" ALTNAMES="*.companie.com;companie.com;12.34.56.78;98.76.54.32"
Level
pki+modify
Licence needed:
PKI
History
Appears in 9.0.2
Description
Check the remote status of a SCEP query and import certificate if signed
Usage
pki scep check transaction=<name>
Format
section
Returns
In case of success : [Result] status=SUCCESS name=<certificate name> In case of failure : [Result] status=REJECT reason=<reason string> In case of pending result : [Result] status=PENDING transaction=<transactionID>
Example
PKI SCEP CHECK transaction=U250XXXXXXX-1548632651
Level
pki+modify
Licence needed:
PKI
History
Appears in 9.0.2
Description
Generate a private key localy and query a new certificate on the remote host. You must specify the authority of the peer, else the default authority is taken. The password is the remote challenge to use. Microsoft SCEP does not support AltNames with IPs
Usage
pki scep query type=<user|server|smartcard|ca>
CN=<name>
password=<The SCEP password to use, leave blank if none>
caname=<name>
url=<HTTP URL>
[shortname=<name>]
[size=<key size>]
[C=<country>]
[ST=<state>]
[L=<locality>]
[O=<organisation>]
[OU=<unit>]
[E=<email>]
[UA=<unstructuredAddress>]
[UN=<unstructuredName>]
[S=<serial>]
[UPN=<userPrincipalName>]
[ALTNAMES=<list of ip or fqdn name separated by ;>]
Format
section
Returns
In case of success : [Result] status=SUCCESS name=<certificate name> In case of failure : [Result] status=REJECT reason=<reason string> In case of pending result : [Result] status=PENDING transaction=<transactionID>
Example
PKI SCEP QUERY type=user caname=remote_autority password="SCEP_challenge" url="http://microsoftPKI/certsrv/mscep/mscep.dll" CN="John Doe" E=j.doe@company.com UPN="john.doe@COMPANY.DOMAIN" PKI SCEP QUERY type=server CN="www.company.com" size=1024 caname=remote_autority password="SCEP_challenge" url="http://ciscoPKI/cgi-bin/scep/scep" ALTNAMES="*.companie.com;companie.com;10.1.2.3"
Level
base
History
Appears in 9.0.0
Description
Search objects who are matching the filter. If cert=1 is used, all objects who have a certificate are displayed. Else, print all. If pkey=1 is used, all objects who have a private key are displayed. Else, print all. If crl=1 is used, all objects who have a crl are displayed (only applicable to authorities). Else, print all. If crldp=1 is used, all objects who have a crldp are displayed (only applicable to authorities). Else, print all.
Usage
pki search [name=<search patern>] [type=<req|ca|user|server|smartcard|all>] [cert=<0|1>] [pkey=<0|1>] [crl=<0|1>] [crldp=<0|1>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [searchfield=<token>] [sort=<token>] [refresh=<0|1>]]
Format
section_line
Level
report_read
History
Appears in 9.1.0
Description
Get report results regarding a specific day.
Note
These results always cover a period starting at midnight.
Usage
report get day report=<report_id> : Report for which we want the results
[offset=<nb_days>] : Which day must be covered by the results (0 = today, 1 = yesterday, etc).
Up to 7 on small firewalls without SD card (U30, U70, U30S, U70S, SN200, SN300, ...).
Up to 30 on bigger firewalls or small firewalls with SD card (U30S, U70S, SN200, SN300, ...).
Default is 0.
[format=(section_line|csv)] : output format:
- section_line (default) : Usual Serverd output format
- csv : export the results in a CSV file
Format
section_line
Returns
see REPORT GET LASTHOUR
Example
REPORT GET DAY report=top_ips_alarms REPORT GET DAY report=top_webdomains offset=3 REPORT GET DAY report=top_webdomains offset=3 format=csv
Level
report_read
History
Appears in 9.1.0
Description
Get report results regarding the last 30 days.
Note
These results always cover a period starting at D-30 at midnight and endingtoday at midnight (-> today is excluded). If there is no /log on the firewall,this command will always return an error.
Usage
report get last30days report=<report_id> : Report for which we want the results
[format=(section_line|csv)] : output format:
- section_line (default) : Usual Serverd output format
- csv : export the results in a CSV file
Format
section_line
Returns
see REPORT GET LASTHOUR
Example
REPORT GET LAST30DAYS report=top_ips_alarms REPORT GET LAST30DAYS report=top_webdomains format=csv
Level
report_read
History
Appears in 9.1.0
Description
Get report results regarding the last 7 days.
Note
These results always cover a period starting at D-7 at midnight and endingtoday at midnight (-> today is excluded).
Usage
report get last7days report=<report_id> : Report for which we want the results
[format=(section_line|csv)] : output format:
- section_line (default) : Usual Serverd output format
- csv : export the results in a CSV file
Format
section_line
Returns
see REPORT GET LASTHOUR
Example
REPORT GET LAST7DAYS report=top_ips_alarms REPORT GET LAST7DAYS report=top_webdomains format=csv
Level
report_read
History
Appears in 9.1.0
Description
Get report results regarding the last 60 minutes
Usage
report get lasthour report=<report_id> : report for which we want the results
[format=(section_line|csv)] : output format:
- section_line (default) : Usual Serverd output format
- csv : export the results in a CSV file
Format
section_line
Returns
[Info] : report infos creationDate="YYYY-MM-DD" : date at which the report has been created periodBegin="YYYY-MM-DD hh:mm" : beginning of the period covered by the report periodEnd="YYYY-MM-DD hh:mm" : end of the period covered by the report [Data] : results position="1" value="www.netasq.com" count=705536 position="2" value="gw" count=204800 position="3" value="safebrowsing.cache.l.google.com" count=109568 position="4" value="172.16.1.1" count=72704 position="5" value="weather.noaa.gov" count=41984 position="6" value="musicbrainz.org" count=32768 position="7" value="dns_b" count=30720 position="8" value="clients.l.google.com" count=22528 position="9" value="fo-anyycs-l.ay1.b.yahoodns.net" count=20480 position="10" value="api.mywot.com" count=16384 position="11" count=999999 : "others"
Example
REPORT GET LASTHOUR report=top_ips_alarms REPORT GET LASTHOUR report=top_webdomains format=csv
Level
report+modify
History
Appears in 9.1.0
Description
Delete reports data.
Note
report=all can be used also to destroy a corrupted database by a new (empty) one.
Usage
report reset report=(<report_id>|all) : Report for which we want to drop its data.
Example
REPORT RESET report=all REPORT RESET report=top_ips_alarms
Level
base
History
Appears in 6.2.0
Description
Return the list of files that will be copied during backup
Usage
system backup
Returns
[Config] list= : list of categories for Config list_adv= : list of advanced categories for Config [Data] list= : list of categories for data
Implementation notes
return the list of file that will be backuped in the form of section
Example
SYSTEM BACKUP [Config] list=network,object,nat,filter,vpn,ldap,url,global,secure,autoupdate,proxies,services list_adv=network,object,global_object,nat,filter,filterslotxx,global_filter,global_filterslotxx,ldap,url,global,secure,autoupdate,proxies,cert,asq,vpn-ssl,vpn-pptp,event-slots,event-rules,qos,auth,statusweight,dhcp,ntp,dns,snmp,log,route,sysevent,bird,antispam,communication [Data] list=data,urlgroup,pattern
Level
base
Description
Show information about backup partition or dump firewall image to inactive slot
Note
With type=bootdump argument, dump is scheduled to next reboot.
Maintenance and Modify levels needed for bootdump
fwserial argument is only valid if the HA is activated (or if serial=local)
Backupinfo of other HA firewalls can be obtained using HA INFO
Usage
system clone [type=(none|dump|bootdump)] [fwserial=(all|local|passive|active|<serial>)]
fwserial specifies a firewall in the HA cluster on which this operation must be done.With type=dump or type=bootdump, also dump firewall image to inactive slot
fwserial=local and type=none by default
type=none can only be used with fwserial=local
Returns
Error code, just ok if working only on a remote firewall, or backup info: [BackupInfo] Active= : partition actually active BackupVersion= : firmware version on backup BackupBranch= : firmware branch on backup Boot= : partition used for boot Date= : firewall date
Implementation notes
Active partitions are for primary slot /dev/ad0s1a and for backup slot /dev/ad0s1d
Example
SYSTEM CLONE SYSTEM CLONE type=dump
Level
base
Description
Get/set firewall date
Usage
system date [yyyy-mm-jj hh:mm:ss]
Returns
Date="2002-08-07 16:32:50"
Example
SYSTEM DATE SYSTEM DATE "2002-08-07 16:32:50"
Level
maintenance+modify
History
level maintenance Appears in 6.0.0
level other deprecated in 6.0.0
Description
Restore default configuration and reboot
Usage
system defaultconfig [reset]
when reset specified only marks the configuration as not being the default one (does not restore any configuration)
Returns
Error code
Example
SYSTEM DEFAULTCONFIG SYSTEM DEFAULTCONFIG reset
Level
ha|maintenance+modify
History
level maintenance Appears in 6.0.0
level other deprecated in 6.0.0
Description
Halt firewall
Usage
system halt [force]
Returns
Error code
Example
SYSTEM HALT
Level
base
Description
Get/set the firewall identity
Note
Maintenance and Modify levels needed to update value
Usage
system ident <ident>
Returns
Error code or current value: Name=
Example
SYSTEM IDENT "My_Firewall" 100 code=00a00100 msg="Ok" SYSTEM IDENT Name="My_Firewall"
Level
maintenance
History
Appears in 6.0.0
FORMAT Appears in 9.0.0
Description
Return a file which contains the result of system information command
Usage
system information
Format
raw
Returns
information on system
Example
SYSTEM INFORMATION
Level
admin
History
Appears in 8.1.0
Description
initialize the product. Retrieve the GUID of the product required to obtain the final init package
Usage
system initialize
Example
SYSTEM INITIALIZE
Level
base
History
Arguments format changed in 9.0.0
Keyboard layout configuration is forbidden under XEN in 9.0.0
Warning when keyboard is available but not language Appears in 6.2.3
Description
Get/set the firewall default language
Note
Maintenance and Modify levels needed to update value
Usage
system language [ language=[us|fr] ] [ keyboard=[us|fr|de|it|es|ch|pl] ]
Returns
the actual language set and keyboard map. A warning will be returned if Language does not match keyboard and requested language.
Example
SYSTEM LANGUAGE SYSTEM LANGUAGE keyboard=es SYSTEM LANGUAGE language=fr keyboard=us SYSTEM LANGUAGE language=us
Deprecated
Level
maintenance+modify
History
level maintenance Appears in 6.0.0
level other deprecated in 6.0.0
deprecated in 9.0.0
Description
Clear/test firewall's LEDs
Usage
system led ack|test
Returns
Error code
Example
SYSTEM LED test SYSTEM LED ack
Level
base
Description
Display firewall licence
Usage
system licence dump [new=(0|1)] [fwserial=(<serial>|passive|active|local)]
new option is used to dump the licence uploaded but not active yet
fwserial option is used to do the operation on HA peer firewall. By default, the local licence will be dumped
Returns
Error code
Example
SYSTEM LICENCE DUMP SYSTEM LICENCE DUMP new=1
Level
maintenance+modify
Description
Configure the licence updater module
Note
State : activate or deactivate the module
Period : time in hours (>=12) between two licence check
Auto : automaticaly activate (or not) the licence if a new one was found
Usage
system licence updater config State=[0|1] Period=<nb_hours> Auto=[0|1]
Returns
Error code
Example
SYSTEM LICENCE UPDATER CONFIG State=1 Period=13 Auto=0
Level
base
Description
Show diff between firewall licence and uploaded licence
Usage
system licence updater diff [fwserial=(<serial>|active|passive|local)]
fwserial option is used to do the operation on another firewall in the HA cluster (unless fwserial=local).
By default the operation is done on the local firewall.
Returns
Error code
Example
SYSTEM LICENCE UPDATER DIFF
Level
maintenance
History
force appears in 1.0.0
Description
Manually get licence from the server
Usage
system licence updater get [force=(0|1)]
force option is used to force downloading a licence (default: force=0)
Returns
Error code
Example
SYSTEM LICENCE UPDATER GET SYSTEM LICENCE UPDATER GET force=1
Level
maintenance+modify
History
force disappears in 1.0.0
Description
Install uploaded licence
Usage
system licence updater install [fwserial=(<serial>|active|passive|local)]
fwserial option is used to do the operation on another firewall in the HA cluster (unless fwserial=local).
By default the operation is done on the local firewall.
Returns
Error code
Example
SYSTEM LICENCE UPDATER INSTALL
Level
base
Description
Shows updater config and state
Usage
system licence updater show
Returns
101 code=00a01000 msg="Begin" [Config] State=1 Period=24 Auto=0 [Check] last= Standby=1 StandbyPeer=0 NeedReboot=0 NeedRebootPeer=0 100 code=00a00100 msg="Ok"
Example
SYSTEM LICENCE UPDATER SHOW
Level
base
Description
Upload firewall licence
Note
Ha or Maintenance and Modify levels needed to upload licence
Usage
system licence upload [fwserial=(<serial>|passive|active|local)]
fwserial option is used to do the operation on another firewall in the HA cluster (unless fwserial=local).
By default the operation is done on the local firewall.
Returns
Error code
Example
SYSTEM LICENCE UPLOAD
Level
maintenance+modify
Description
Format log partition or whole disk (Log writing is disabled during operation)
Usage
system logdisk format dev=<disk or partition name>
Returns
Warning/Error messages or ok
Example
SYSTEM LOGDISK FORMAT dev=mmcsd0 SYSTEM LOGDISK FORMAT dev=mmcsd0s1g
Level
base
Description
List available disks or partitions for logs
Note
formated token specify if device is a partition or an empty disk. We consider that a formated disk have always a formated partition.
Usage
system logdisk list
Format
section_line
Returns
[Result] disk=internal size="67904774144" formated="1" dev="ad0s1g" disk="SDCard" size="7948197888" formated="0" dev="mmcsd0"
Level
maintenance+modify
Description
Select new partition for log writing (Log writing is disabled during operation)
Usage
system logdisk select dev=<partition name>
Returns
Warning/Error messages or ok
Example
SYSTEM LOGDISK SELECT dev=mmcsd0s1g
Level
base
Description
Display or modify logs writing state
Note
Modifying state requires Maintenance and Modify levels
Usage
system logdisk state [on|off]
- no argument : display status
- on : mount current log partition
- off : unmount log partition
Returns
[Result] state=<USED|UNUSED|INCONSISTENT>device=<device>
Level
maintenance+modify
History
Appears in 9.0.1
type appears in 1.0.0
Description
Hostname lookup
Usage
system nslookup host=<host> [type=(ipv4|ipv6|all)]
Format
section_line
Returns
[IPv4] <list of IPv4> [IPv6] <list of IPv6>
Example
SYSTEM NSLOOKUP host=www.netasq.com
Level
maintenance
History
Appears in 9.0.1
type appears in 1.0.0
Description
Calls the system's ping command
Usage
system ping host=<host> [source=<ip>] [type=(ipv4|ipv6|any)]
<host> : destination host
<source> : the source ip address to be used
<type> : explicitly force IPv4 or IPv6 name resolving (default value is any)
Format
section
Returns
Error code
Implementation notes
Ping system command forced parameters: -n : addresses printed numerically -W 5000 : wait for a reply during max 5 seconds (IPv4 only)
Example
SYSTEM PING host=update1.stormshield.eu SYSTEM PING host=update1.stormshield.eu source=192.168.0.254 SYSTEM PING host=dns1.google.com type=ipv6 source=fd01::1
Level
base
History
Bridge count appears in 6.2.0
MTUmax appears in 9.0.0
DefaultConfig appears in 9.0.1
Description
Get firewall information. This command is used to enumerate the firewall capabilities.
Usage
system property
Returns
Type : type of product Model : firewall model Version : software revision SerialNumber : serial number MTUmax : maximum MTU allowed Bridge : bridge number count Ethernet : ethernet interface count VLAN : vlan interface count WIFI : wireless interface count Dialup : dialup interface count PPTP : PPTP interface count Serial : serial line interface count Loopback : loopback interface count Watchdog : hardware watchdog available Led : status LED available Clone : clone partition available HADialup : HA on dialup interface Raid : RAID is active Usb : USB port available Antiviral : an antivirus is available HighAvail : HA is available SwitchPort : switch port count (0 if no switch available) CryptoCard : a crypto card is available DefaultConfig : a default config has just been done Amazon : VM type (Amazon or not) Init : 0 means the product has to be activated
Example
SYSTEM PROPERTY 101 code=00a01000 msg="Begin" format="section"Type="Firewall" Model="U120-A" Version="9.0.0" SerialNumber="U120XA5H1021960" MTUmax=1500 Bridge=8 Ethernet=6 VLAN=64 WIFI=0 Dialup=8 PPTP=32 Serial=0 Loopback=7 Watchdog=0 Led=0 Clone=1 HADialup=1 Raid=0 Antiviral=1 HighAvail=1 Usb=1 SwitchPort=6 CryptoCard=0 DefaultConfig=0 Amazon=0 Init=1 100 code=00a00100 msg="Ok"
Level
ha|maintenance+modify
History
force Appears in 6.0.0
level maintenance Appears in 6.0.0
level other deprecated in 6.0.0
Description
Reboot firewall
Usage
system reboot [force]
Returns
Error code
Example
SYSTEM REBOOT
Level
maintenance
History
Appears in 9.0.1
Description
Register online a new UTM
Usage
system register newclient=<0|1> reseller=<reseller name> companyname=<client's company name> webcode=<webcode> phone=<client's phone number> [fax=<fax number>] address=<client's address> zipcode=<client's zipcode> city=<client's city> country=<client's country> contactfirstname=<> contactlastname=<> [contactphone=<phone number>] [contactfax=<fax number>] contactmail=<mail> login=<login> password=<password> hamaster=<master serial>
Example
SYSTEM REGISTER newclient=0 reseller=myreseller companyname="mycompany" webcode=0a1b2c3d login=mylogin password=mypassword SYSTEM REGISTER newclient=0 reseller=myreseller companyname="mycompany" webcode=0a1b2c3d login=mylogin password=mypassword hamaster=U250-XXX SYSTEM REGISTER newclient=1 reseller=myreseller companyname="mycompany" webcode=0a1b2c3d phone=0123456789 address="1 main steet" zipcode=12345 city=paris country=france contactfirstname=jean contactlastname=dupont contactphone=9876543210 contactmail="dupont@mycompany.com"
Level
base
History
Appears in 9.0.0
Description
Display and update the user rights on the system
Level
admin+modify
History
Appears in 9.0.0
Description
Activate the new ruleset
Usage
system right activate [CANCEL | NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Level
admin+modify
History
Appears in 9.0.0
Description
Add a new rule in the set
Usage
system right insert <user=<uid>|group=<cn>> manage=<rights> [ruleid=<number>]
Level
admin
History
Appears in 9.0.0
Description
Display the list of rules
Usage
system right list
Format
section_line
Returns
[Result] ruleid=1 user="titeuf" manage="base,pki,modify" ruleid=2 group="Comics Book" manage="base,ha,modify"
Level
admin+modify
History
Appears in 9.0.0
Description
Change the order of a rule
Usage
system right move ruleid=<number> to=<number>
Level
admin+modify
History
Appears in 9.0.0
Description
Remove a rule of the set
Usage
system right remove ruleid=<number>
Level
base
History
Appears in 9.0.0
Description
Set/show specific language for current session
Usage
system session [language=us|fr]
Example
SYSTEM SESSION language=fr
Level
maintenance
History
Appears in 6.2.0
Description
Set/show the boot partition
Usage
system setboot [boot=Main|Backup]
Returns
Error code (if no parameter) or current value : [BackupInfo] boot= : current partition
Example
SYSTEM REBOOT [BackupInfo] boot=Main SYSTEM REBOOT boot=Backup 100 code=00a00100 msg="Ok"
Level
maintenance
History
Appears in 8.0.3
Description
Set the security branch (licence)
Usage
system setbranch EUROPE|EXPORT1|EXPORT2|EXPORT3
Example
SYSTEM SETBRANCH EXPORT2
Level
base
Description
Get 'NeedReboot' status (indicates if reboot is necessary to complete the configuration process)
Usage
system status
Returns
101 code=00a01000 msg="Begin" format="section" NeedReboot=0 100 code=00a00100 msg="Ok"
Example
SYSTEM STATUS
Level
base
Description
Get current timezone
Usage
system timezone get
Returns
timezone= : fullname of timezone abbr= : abbreviation for current zone offset= : GMT +|- offset
Example
SYSTEM TIMEZONE GET timezone="Europe/Paris" abbr="CEST" offset="GMT+02:00"
Level
base
History
FORMAT Appears in 9.0.0
Description
Show list of timezones
Usage
system timezone list [<pattern which occured in zone name>]
Format
list
Returns
<full timezone name> | <general timezone name>/<precise timezone name>
Example
SYSTEM TIMEZONE LIST Africa/ Africa/Algiers Africa/Luanda Africa/Porto-Novo Africa/Gaborone ... SYSTEM TIMEZONE LIST europe Europe/ Europe/London Europe/Belfast Europe/Dublin ...
Level
maintenance+modify
History
level maintenance Appears in 6.0.0
level admin deprecated in 6.0.0
Description
Set firewall timezone (timezone name is case sensitive)
Note
timezone names are case sensitive
Usage
system timezone set zone=<full timezone name>|<general timezone name>/<precise timezone name> [force=<0|1>]
Returns
Error code
Example
SYSTEM TIMEZONE SET "Europe/Paris"
Level
maintenance
History
Appears in 9.0.1
type appears in 1.0.0
Description
Calls the system's traceroute or traceroute6 command
Usage
system traceroute host=<host> [pause=<milliseconds>] [source=<ip>] [type=(ipv4|ipv6|any)]
<pause> : the delay between probes (allow bypassing packet rate limitation)
<ip> : the source ip address to be used
<type> : explicitly force IPv4 or IPv6 tracerouting. 'any' means IPv4 is preferred if both IPv4 and IPv6 addresses are available.
Format
section_line
Implementation notes
Traceroute system command forced parameters: -I : icmp protocol -n : addresses printed numerically -w 1 : waits for 1 second max -m 32 : max 32 hops -q 2 : max 2 probes per hop
Example
SYSTEM TRACEROUTE host=www.stormshield.eu SYSTEM TRACEROUTE host=update1.stormshield.eu source=10.0.0.254 pause=500
Level
ha|maintenance+modify
History
level maintenance Appears in 6.0.0
level admin deprecated in 6.0.0
fwserial Appears in 9.0.0
Description
Install MAJ file
Usage
system update activate [fwserial=(<serial>|all|local|active|passive)]
Returns
Error code
Implementation notes
Verify that MAJ hasn't been modified. To do that, it decrypts the header file and checks the hash value of the MAJ file. MAJ date is checked and compared with 'update date' from the licence. If all checks pass, MAJ is installed. If the HA is activated, the fwserial argument allows to specify on which firewall the update must be activated. Pleasenote that fwserial=all will reboot both firewalls at once.
Example
SYSTEM UPDATE ACTIVATE SYSTEM UPDATE ACTIVATE fwserial=U120-XXXX
Level
base
History
Appears in 9.0.0
force appears in 1.0.0
Description
Check new versions of firmware. Need access to internet and so, if necessary, a configured HTTP proxy.
Note
HTTP proxy can be configured with CONFIG COMMUNICATION HTTPPROXY
Usage
system update check [force=0|1] : specify if cache must be updated or not
Format
section_line
Example
SYSTEM UPDATE CHECK
Level
ha|maintenance+modify
History
Appears in 7.0.0
Description
Load MAJ from file (on firewall or usb token). Use token force to install complete maj
Note
fwserial valid only in a HA clustertoken force is used to force complete maj
Usage
system update load file=<path of maj file> [force=(0|1)] [fwserial=(<serial>|all|local|active|passive)]
Implementation notes
read protected MAJ file from firewall, save header of MAJ in encrypted file, verify signature of MAJ and decrypt them in /usr/Firewall/Update/.
Level
base
Description
Show the result of the last update
Note
Maintenance and Modify levels needed to clear
Usage
system update result [clear]
Returns
[State] Status= : result of maj From= : previous firmware version To= : current firmware version
Implementation notes
Read "update" file
Example
SYSTEM UPDATE RESULT [State] Status=1 From="6.2.0" To="6.2.1"
Level
base
History
Appears in 9.0.0
Description
Indicates if a firmware update has been uploaded and gets the firmware version provided by the update
Usage
system update status [fwserial=(<serial>|all|local|active|passive)]
Example
SYSTEM UPDATE HASUPD fwserial=all101 code=00a01000 msg="Début" format="section"[U120XXXXXXX]HasUpdate=1UpdateVersion="9.0.0.beta-23"[U120XXXXXXX]HasUpdate=0100 code=00a00100 msg="Ok"
Level
ha|maintenance+modify
History
level maintenance Appears in 6.0.0
level admin deprecated in 6.0.0
Description
Upload MAJ file to firewall
Note
token force is used to force complete maj
Usage
system update upload [force=(0|1)] [fwserial=(<serial>|all|local|active|passive)]
Returns
Error code
Implementation notes
get protected MAJ file from manager, save header of MAJ in encrypted file, verify signature of MAJ and decrypt them in /usr/Firewall/Update/maj.
Example
SYSTEM UPDATE UPLOAD
Level
base
Description
Get/set the firewall watchdog
Note
Time values are included in 10-max_timeout secs, and 0 used to stop watchdog
Maintenance and Modify levels needed to update value
Usage
system watchdog [<time>]
Returns
If no parameter is set, return information about the watchdog (current timeout, maximum timeout) If the timeout parameter is set, return the new applied value: timeout=
Example
SYSTEM WATCHDOG 100 101 code=00a01000 msg="Début" format="section" timeout=100 100 code=00a00100 msg="Ok" SYSTEM WATCHDOG 101 code=00a01000 msg="Début" format="section" timeout=100 max_timeout=900 100 code=00a00100 msg="Ok"
Level
user+modify
History
Appears in 9.0.0
Description
Activate UAC configuration
Usage
user access activate [CANCEL|NEXTBOOT]
- no argument: changes are activated immediately;
- CANCEL: changes are discarded;
- NEXTBOOT: changes will be activated on next boot.
Returns
Error code
Implementation notes
run ensl -u
Example
USER ACCESS ACTIVATE
Level
base
History
Appears in 9.0.0
Description
show or update the default authentication rule
Level
base
History
Appears in 9.0.0
Description
Print the default authentication rule
Usage
user access default show
Format
section_line
Returns
The default rule for user access
Level
user+modify
History
Appears in 9.0.0
Description
Update the default authentication rule.
Usage
user access default update [auth=<pass|block>]
[authmethod=<plain|ssl|radius|kerberos|...>]
[ipsec=<pass|block>]
[openvpn=<pass|block>]
[xvpn=<default|pass|profile|block>]
[xvpnprofile=<default|profile name>]
Returns
Error code
Level
user+modify
History
Appears in 9.0.0
src appears in 9.1.0
Description
Insert a rule at the end of the set. If id is specified the rule is insert at the specified position Src parameter is a comma ',' separated list of objects or interfaces. Keyword ipsec can be used to configure XAUTH authmethod is a ordered comma separated list of authentication method to be applied to the user guest authentication method cannot be mixed with other method and used with a username
Usage
user access insert state=<on|off>
user=<uid>|group=<cn>
auth=<default|pass|block>
authmethod=<default,plain,ssl,radius,kerberos,spnego,agent,guest>
src=(any|<objectname>[,<interfacename>[,ipsec[,...]]])
[position=<digit>]
[comment=<string>]
For a separator:
separator=<Color>
collapse=<0|1>
[comment=<string>]
[position=<digit>]
Returns
Error code
Level
base
History
Appears in 9.0.0
network appears in 9.1.0
Description
List the authentication rules
Usage
user access list [useclone=<0|1>]
Format
section_line
Returns
[Ruleset]
Level
user+modify
History
Appears in 9.0.0
Description
Move a new rule in the set. If a rule exists with the destination id, we increment all of the sub-id
Usage
user access move position=<digit> to=<digit>
Returns
Error code
Level
user+modify
History
Appears in 9.0.0
Description
Remove a rule from the specified set. All of the sub-id are re-numbered
Usage
user access remove position=<digit>
Returns
Error code
Level
user+modify
History
Appears in 9.1.0
Description
Insert a rule at the end of the set. If id is specified the rule is insert at the specified position If xvpn parameter is set to profile and no profile is given. the programs take the profile in the default rule
Usage
user access right insert state=<on|off>
user=<uid>|group=<cn>
xvpn=<default|pass|profile|block>
ipsec=<default|pass|block>
openvpn=<default|pass|block>
[position=<digit>]
[xvpnprofile=<profile name|{NOTHING for default}>]
[comment=<string>]
For a separator:
separator=<Color>
collapse=<0|1>
[comment=<string>]
[position=<digit>]
Returns
Error code
Level
base
History
Appears in 9.1.0
Description
List the right rules
Usage
user access right list [useclone=<0|1>]
Format
section_line
Returns
[Ruleset]
Level
user+modify
History
Appears in 9.1.0
Description
Move a new rule in the specified set. If a rule exists with the destination id, we increment all of the sub-id
Usage
user access right move position=<digit> to=<digit>
Returns
Error code
Level
user+modify
History
Appears in 9.1.0
Description
Remove a rule from the set. All of the sub-id are re-numbered
Usage
user access right remove position=<digit>
Returns
Error code
Level
user+modify
History
Appears in 9.1.0
Description
Update a rule in the specified set. If xvpn parameter is set to profile and no profile is given. the programs take the profile in the default rule
Usage
user access right update position=<digit>
[state=<on|off>]
[user=<uid>|group=<cn>]
[ipsec=<default|pass|block>]
[openvpn=<default|pass|block>]
[xvpn=<default|pass|profile|block>]
[xvpnprofile=<profile name|{NOTHING for default}>]
[comment=<string>]
For a separator:
position=<digit>
[separator=<Color>]
[collapse=<0|1>]
[comment=<string>]
Returns
Error code
Level
user+modify
History
Appears in 9.0.0
src appears in 9.1.0
Description
Update a rule in the set. authmethod is a ordered comma separated list of authentication method to be applied to the user guest authentication method cannot be mixed with other method and used with a username
Usage
user access update position=<digit>
[state=<on|off>]
[user=<uid>|group=<cn>]
[src=(any|<objectname>[,<interfacename>[,ipsec[,...]]])]
[auth=<default|pass|block>]
[authmethod=<default,plain,ssl,radius,kerberos,spnego,agent,guest>]
[comment=<string>]
For a separator:
position=<digit>
[separator=<Color>]
[collapse=<0|1>]
[comment=<string>]
Returns
Error code
Level
base
Description
Download the user certificate from ldap. You must precise the output format of the certificate. The format must be in : PEM DER P12
Usage
user certificate <User ID>|<User DN> <format>
Returns
The file found in the ldap.
Level
user
History
Appears in 6.1.0
FORMAT Appears in 9.0.0
Description
Checks if an user ID is used in the configuration
Usage
user check name=<username>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Level
user+modify
Description
Create a new user
Note
"uid" is the LDAP reference for user login.
Some uid are forbidden (admin,ha...).
Check duplicated user (DN, login...).
Usage
user create <uid> <name> [<givenname>]
Returns
the DN of the new user, or an error message (internal error / LDAP error).
Implementation notes
a call to fw_ldap_create_user, (), with a check for forbidden/reserved names.
Example
USER CREATE jd "DUPONT" Jean 100 Dn="cn=Jean DUPONT,ou=users,o=netasq,dc=int"
Level
user+modify
Description
Add an user to a group
Usage
user group adduser <group name>|<group DN> <UserId>|<User DN>
Returns
Error code
Example
USER GROUP ADDUSER "end_user" "cn=Jean DUPONT,ou=users,o=netasq,dc=int"
Level
user
History
Appears in 6.1.0
FORMAT Appears in 9.0.0
Description
Checks if an user group ID is used in the configuration
Usage
user group check name=<hostname>
Format
section_line
Returns
[Configuration] module=<string> (slot=<00-10> line=<int>| section=<string>|profile=<00-03> section=<string>)
Level
user+modify
Description
Create an user group
Usage
user group create <group name> <User ID>|<User DN>
Returns
the DN of the new group, or an error message (internal error / LDAP error).
Example
USER GROUP CREATE "end_user" "fd"Dn="cn=end_user, ou=groups,o=EXAMPLE,dc=COM"
Level
user+modify
Description
Remove an user from a group
Usage
user group deluser <group name>|<group DN> <UserId>|<User DN>
Returns
Error code
Example
USER GROUP DELUSER "end_user" "cn=Jean DUPONT,ou=users,o=netasq,dc=int"
Level
user
Description
Get/Set a description for a group
Note
Modify level is needed to set a description
Usage
user group description <group name>|<group DN> [comment]
Returns
Error code
Example
USER GROUP DESCRIPTION "end_user" "Standard Users group" USER GROUP DESCRIPTION "end_user" [Group] description="Standard Users group"
Level
base
History
level base Appears in 6.1.0
level user deprecated in 6.1.0
FORMAT Appears in 9.0.0
Description
List user groups
Note
List all groupofnames entry in the LDAP database.
Search pattern is used in CN, and \"*\" may be used as a wildcard.
Usage
user group list [<Search pattern>]
Format
list
Returns
A list of matching DNs, or an error code.
Example
USER GROUP LIST USER GROUP LIST "*group*" cn=testgroup1,ou=groups,o=EXAMPLE,dc=COMcn=group2,ou=groups,o=EXAMPLE,dc=COM
Level
user+modify
Description
Remove an user group
Usage
user group remove <group name>|<group DN>
Returns
Error code
Example
USER GROUP REMOVE "end_user"
Level
user
Description
Show an user group
Usage
user group show <group name>|<group DN>
Returns
[Group]objectClass="top" objectClass_2="groupofnames" description=<description> cn=<group CN> member=<DN 1> member_2=<DN 2> member_x=<DN x>
Example
USER GROUP SHOW "end_user" [Group] objectClass="top" objectClass_2="groupofnames" description="Groupe du personnel" cn="Personnel" member="cn=Ludovic MENTFLA,ou=users,o=NETASQ,dc=FR" member_2="cn=Daniel QUETTECO,ou=users,o=NETASQ,dc=FR" member_3="cn=Fabien MASTHO,ou=users,o=NETASQ,dc=FR" member_4="cn=Raphael BAULTRAIM,ou=users,o=NETASQ,dc=FR" Manage="modify,base,contentfilter,log,filter,vpn,pki,object,user" Access="pptp"
Level
base
History
NetasqAllowed-Access Appears in 6.0.0
NetasqAllowed-Manage Appears in 6.0.0
FORMAT Appears in 9.0.0
pagination appears in 9.0.0
NetasqAllowed-Access disappears in 9.0.0
NetasqAllowed-Manage disappears in 9.0.0
Description
List users from internal or external LDAP database
Note
List all inetorgperson entry in the LDAP database.
May take a while with huge LDAP bases...
Usage
user list [(cn|uid|sn|description|all)=<search pattern>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [sort=1] [refresh=<0|1>]]
Format
list
Returns
A list of DNs
Implementation notes
Filter construction and a call to fw_ldap_filter_find().
Example
USER LIST cn=Foo,ou=users,o=EXAMPLE,dc=COM cn=Bar,ou=users,o=EXAMPLE,dc=COM USER LIST "cn=*" USER LIST uid=jd
Level
user+modify
History
dn Appears in 6.0.0
password Appears in 6.0.0
method Appears in 6.0.0
hash Appears in 6.0.0
method disapear in 9.1.0
Description
Update an user's password
Note
Need ADMIN and modify rights (or self-modification) to update an user with administration rights.
arguments aren't logged.
Usage
user password dn=<User ID>|<User DN> password=<newpassword> [hash=<MD5|SMD5|SHA|SSHA|CRYPT|NONE>]
Returns
Error code
Implementation notes
A call to fw_ldap_update(), with many checks about method/hash, etc...
Example
user password dn=jd password=foo 100 Password updated for user jd user password dn=jd password=bar method=SRP_LDAP 100 Password updated for user jd user password dn=jd password=bar method=SRP_LDAP hash=SSHA 100 Password updated for user jd
Level
user+modify
Description
Delete an user
Note
Need ADMIN rights to revoke admin users.
User can't be removed if it is the last member of a group.
Usage
user remove <User ID>|<User DN>
Returns
Error code
Implementation notes
Check if user can be removed (LDAP admin user can't be removed), remove user from groups, revoke user cert if exists then calls fw_ldap_update().
Example
USER REMOVE jd USER REMOVE "cn=Jean DUPONT,ou=users,o=netasq,dc=int"
Level
user+modify
Description
Valid the user request, user is added on LDAP
Note
if certificate request is attached at user request,
this certificate request is save on /usr/Firewall/ConfigFiles/PKI/work/ with form : email.csr
and index file (/usr/Firewall/ConfigFiles/PKI/work/pending.csr) is updated.
Usage
user request approved <id>
Returns
Error code
Implementation notes
This command is used to valid an LDAP/PKI user request. When approved, a entry is created on LDAP server with the token/value of the request. If PKI is used, a certificate request is created, look CA.REQUEST command. Finaly, the user request is deleted.
Example
USER REQUEST APPROVED 106
Level
user
History
Appears in samoa.1
Description
Used to specify the format of user identifier
Note
user requests are saved in /usr/Firewall/ConfigFiles/pending.enrolment
Usage
user request format set uid=<format> : uid format to apply during user enrolment
Returns
The current value (case of no arg) or error code
Implementation notes
This comand specifies the format to apply on user identifier.
Example
USER REQUEST FORMAT SET uid=%F.%L 100 Success
Level
base
History
Appears in samoa.1
Description
Used to get the format of user identifier
Note
user identifier format is saved in /usr/Firewall/ConfigFiles/pending.enrolment
Usage
user request format show
Returns
The current value or error code
Implementation notes
This comand gets the format to apply on user identifier.
Example
USER REQUEST FORMAT SHOW 100 Uid="%F.%L"
Level
base
History
FORMAT Appears in 9.0.0
level changes from user to base in 9.0.0
Description
List all requests sent by users
Note
user requests are saved on /usr/Firewall/ConfigFiles/PKI/work/pending.ldap
Usage
user request list
Format
list
Returns
The list of pending ldap requests (if found), or error code
Implementation notes
This command is used to list all LDAP/PKI requests made by users from Web Enrolment page
Example
USER REQUEST LIST cn=jean DUPONT,email=jean.dupont@netasq.com,id=106cn=jean DURAND,email=jean.durand@netasq.com,id=107
Level
user+modify
Description
Delete user request
Usage
user request remove <id>
Returns
Error code
Implementation notes
This command is used to delete an LDAP/PKI user request
Example
USER REQUEST REMOVE 106
Level
user
Description
Used to specify if an email is send to user when request is approve or remove
Note
We can upload two file with subject and body of mail
If no files is upload, default subject and body are use.
If no argument, command print the actual value of param Send.
Modify level needed to update value
Usage
user request sendmail [On|Off]
Returns
The current value (case of no arg) or error code
Implementation notes
This comand send or not an email to user.
Example
USER REQUEST SENDMAIL on 100 Success USER REQUEST SENDMAIL 100 sendmail=0
Level
user
Description
Show information on specific request
Note
before approved request, it must necessary to set value for 'uid'
Usage
user request show <id>
Returns
[Request] RequestId= : request identifier sn= : surname givenName= : givenname mail= : email address description= : comment telephoneNumber= : telephone number UserPassword=None|Present : user has a password or not uid= : user login reqtype=None|Present : user has a request or not
Implementation notes
This command is used show details of LDAP/PKI user request make by user from Web Enrolment pages
Example
USER REQUEST SHOW 106 [Request] RequestId=106 sn="DUPONT" givenName="jean" mail="jean.dupont@netasq.com" description="Test labo pour doc" telephoneNumber="000" UserPassword="Present" uid="" date="2006-05-18 07:50:27" reqtype="Present"
Level
user+modify
Description
Update the value of token in user request
Note
if token not exist on request, it's impossible to update
Usage
user request update id=<id> token=<token> value=<value>
Returns
Error code
Implementation notes
This command is used to update a token value of LDAP/PKI user request. With this, it's not necessary for user to enrol a next time, if a little error is detected by Administrator.
Example
USER REQUEST UPDATE id="106" token="uid" value="jean.dupont"
Level
base
History
appears in 9.0.0
Description
Search users and groups from internal or external LDAP database
Note
List all inetorgperson and entry in the LDAP database.
May take a while with huge LDAP bases...
Usage
user search filter=<search pattern> [type=<user|group|any>] [start=<int> [limit=<int>] [dir=<ASC|DESC>] [search=<pattern>] [sort=1] [refresh=<0|1>]]
Format
list
Returns
A result section with type=DN line
Implementation notes
Filter construction and a call to fw_ldap_filter_find().
Example
USER SEARCH filter="*toto*" user="cn=Foo,ou=users,o=EXAMPLE,dc=COM" user_2="cn=Foo Bar,ou=users,o=EXAMPLE,dc=COM" group="cn=Bar,ou=groups,o=EXAMPLE,dc=COM" group_2="cn=Bar Foo,ou=groups,o=EXAMPLE,dc=COM" USER SEARCH filter="*toto*" type=user user="cn=Foo,ou=users,o=EXAMPLE,dc=COM" user_2="cn=Foo Bar,ou=users,o=EXAMPLE,dc=COM"
Level
base
Description
Show an user's informations
Note
Need USER or ADMIN rights for most attributes, except for UID, MAIL, SN, CN and givenname.
Usage
user show <User ID>|<User DN> [<attribute>]
Returns
[User] attribute=value If an attribute have many values, they will be indexed: attribute=value attribute_2=value attribute_3=value
Implementation notes
A call to fw_ldap_get_object() or fw_ldap_get_attr() if attribute specified.
Example
USER SHOW "cn=Jean DUPONT,ou=users,o=netasq,dc=int" mail [User] mail="jean.dupont@netasq.com" USER SHOW jd [User] givenName="Jean" objectClass="top" objectClass_2="person" objectClass_3="organizationalPerson" objectClass_4="inetOrgPerson" objectClass_5="NetasqPerson" uid="jd" mail="jean.dupont@netasq.com" cn="Jean DUPONT" telephoneNumber="63" sn="DUPONT"
Level
user+modify
Description
Update value in an user attribut.
Note
Some update operations may require specific rights :
Access require ADMIN to change other administrator access
Some update operations (like password) must use specific commands.
Usage
user update <User ID>|<User DN> (add|mod|del) <attribute> [<value>]
The list of updatable attribute is :
mail
description
uid
telephoneNumber
Returns
Error code
Implementation notes
A call to fw_ldap_update(), with many checks about what is modified, and who tries to modify.
Example
user update "cn=Jean DUPONT,ou=users,o=netasq,dc=int" add mail jean.dupond@netasq.com 100 Added mail="jean.dupond@netasq.com" for user cn=Jean DUPONT,ou=users,o=netasq,dc=int user update jd mod mail jean.dupont@netasq.com 100 Set mail to "jean.dupont@netasq.com" for user jd user update jd del mail 100 Attribute "mail" removed for user jd
Level
unknown
Description
Display server version
Usage
version
Returns
Version for protocol and/or command
Implementation notes
This command have 3 cases : - in factory mode, this return the version of protocol and NS-BSD. - in normal case without user autenticated, this return the version of protocol. - in normal case with user autenticated, this return the version of protocol and command.
Example
VERSION Protocol=3 Command=4