Command-line interface
The command-line interface (CLI) provides a limited set of commands to control and receive responses from the Network Security appliance.
Global commands
Global command | Description |
---|---|
back | Return to the previous command mode. |
exit | Log off from the appliance. |
help <command> | Display the information for using the specified command. |
reboot | Reboot the appliance. |
shutdown | End system operation and turn off the power. |
top | Return to the top level. |
Mode commands
Installer mode command | Description |
---|---|
restore | Restore a firmware image. |
wipe | Erase (wipe) the data from the appliance hard disk drive. |
Top mode command | Description |
---|---|
analysis mode | Work with packet analysis features. |
certificates | Work with certificates. |
cleanup | Clean up temporary files. |
firmware | Work with firmware images. |
fixpacks | Work with fix packs. |
license | Work with licenses. |
logs | Work with log files. |
management | Work with management settings. |
opensig | Work with profiling information for OpenSignatures. |
protection | Work with protection interfaces. |
services | Work with certain system services. |
snapshots | Work with policy snapshot files. |
ssh | Work with SSH keys. |
stats | Work with appliance statistics. |
support | Work with support information files. |
sysinfo show | Work with system information. |
tools | Work with network diagnostic tools. |
updates | Work with firmware and security updates. |
Analysis mode command | Description |
---|---|
debug level | Temporarily set the debug level. Additional logging is added for each increase
in the debug level. Specify one of the following debug levels: 1, 2, or 3. The alpsd status value
is the sum of the values assigned to the following statuses:
This setting is reverted upon next packet processing service restart. Note: Alpsd must be running to
set the debug level. If alpsd is not running the following message is displayed:
Tip: Consider using the debug command instead of the advanced tuning parameter to change the
debug level because the debug command does not cause alpsd to restart.
|
dpi[on|off] | Temporarily enable or disable Deep Packet Inspection (DPI). (DPI is also known as PAM.) |
filter [<event-type>] | Temporarily filter out the specified debug events from debug logs. Multiple
parameters are separated by commas. Examples:
This setting is reverted upon next packet processing service restart. Tip: Consider using the filter command instead of the advanced tuning parameter to filter out debug log
because the filter command does not cause alpsd to restart.
|
Certificates mode command | Description |
---|---|
regen_cert | Regenerate device-signing CA. Note: The keyboard command Ctrl+C does not
interrupt the regen_cert command in Certificates mode.
|
show_active | Display the active CA certificate in PEM encoded format. |
Cleanup mode command | Description |
---|---|
all | Clear all temporary files. |
dump | Clear dump files. |
log | Clear event logs. |
update | Clear update packages. |
Firmware mode command | Description |
---|---|
backup | Back up firmware on the primary partition to the inactive partition. |
get_comment [<index>] | View the comment that is associated with a firmware image. |
get_info [<index>] | View the version information that is associated with a firmware image. |
list | List information about installed firmware images. Firmware information includes the active firmware image, a description of the firmware, the date the firmware was installed, and optional backup information. |
set_comment [<index> [<comment> ...] ] | Replace the comment that is associated with a firmware image. |
swap_active | Swap the active firmware image. The appliance restarts the system by using the inactive firmware image. |
Fixpacks mode command | Description |
---|---|
install | Install available fix packs from the inserted USB flash drive. |
list | List available fix packs on the inserted USB flash drive. |
rollback | Uninstall most recently installed fix pack. |
view_history | Display installation history for all fix packs. |
License mode command | Description |
---|---|
install | Install a license file from inserted USB flash drive. |
list | List the available license files on the inserted USB flash drive. |
show | Display current active license information. |
Logs mode command | Description |
---|---|
logs grep[-i][
<log-file-name> ][ <search string> ] Tip: Use -i to ignore case.
|
Grep a specific string in a log file. The following log files are available:
|
less[ <log-file-name> ] | View and search a log file. The following log files are available:
|
tail[ -n <NUM_LINES> ] [ -F ] [ <log-file-name> ] | Tail a log file. Data is appended to output as the file grows when -F is specified. When -n <NUM_LINES> is not specified, the default value for NUM_LINES is 10. The following log files are available:
|
Management mode command | Description |
---|---|
dns | Work with the DNS appliance settings. The
following commands are available for dns:
|
force_heartbeat | Force a heartbeat to go to the SiteProtector™ System. Note: If
the appliance is not managed by the SiteProtector System, the
following error message is displayed:
Error: Force heartbeat is unavailable when the appliance is not
managed by the SiteProtector System.
|
hostname | Work with the appliance host name. The following
commands are available for hostname:
|
interfaces | Work with management interface settings. The following commands are
available for interfaces:
|
rescue | Unlock the admin account. |
set_password | Set the appliance password. |
snmp | Work with SNMP settings.
|
Opensig mode command | Description |
---|---|
show_stats[all|n] | Display the profiling stats. Displays the
following OpenSignature rule performance statistics for each open
signature:
Note: Define the n variable to see statistics
for the top n active rules. For example, type show_stats
10 to see the profiling information for the top 10 active
open signatures.
|
Protection mode command | Description |
---|---|
list | List the names of the protection interfaces that are available on this appliance. |
show [<interface name>] | Display the link status (up or down) and the negotiated speed and duplex for
the specified interface. If this command runs with no arguments, the system displays the current link status and the speed and duplex for all protection interfaces. |
Services mode command | Description |
---|---|
restart | List services that can be restarted. Select
one of the following services to restart:
|
Session mode command | Description |
---|---|
delete [<ip address>] | Delete the active session that is associated with the specified address. |
delete_all [<ip address>] | Delete all active sessions. |
list | List the active sessions. Show all users who authenticated to the appliance. |
Snapshots mode command | Description |
---|---|
apply [<index>] | Apply a policy snapshot file to the system. Note: The
keyboard command Ctrl + C does not interrupt the apply command
in Snapshots mode.
|
create [<comment> ...] | Create a snapshot of current policy files. |
delete [<index>] | Delete a policy snapshot file. |
download | Download a policy snapshot file to a USB flash drive. |
get_comment [<index>] | View the comment that is associated with a policy snapshot file. |
list | List the policy snapshot files. |
set_comment [<index> [<comment> ...] ] | Replace the comment that is associated with a policy snapshot file. |
upload | Upload a policy snapshot file from a USB flash drive. |
SSH mode command | Description |
---|---|
regen_ssh_keys | Regenerate SSH keys. |
Stats mode command | Description |
---|---|
show [all | cpu | memory | storage | inspect | interface | inbound_ssl | outbound_ssl | login_expr | time_drift | policy_change | reboot_count] | Specify which of the following appliance statistics to display:
|
Support mode command | Description |
---|---|
create [<comment> ...] | Create a support information file. |
delete [<index>] | Delete a support information file. |
download [<index>] | Download a support information file to a USB flash drive. |
get_comment [<index>] | View the comment that is associated with a support information file. |
list | List the support information files. |
set_comment [<index> [<comment> ...] ] | Replace the comment that is associated with support information file. |
Sysinfo mode command | Description |
---|---|
show [all | serial | nim] | Specify which of the following system information to display:
|
Tools mode command | Description |
---|---|
capture | Work with packet captures. |
nslookup [<host>] [<server>] | Query internet domain name servers. |
ping [-6] [-c <count>] [-s <size>] <host> | Send an ICMP ECHO_REQUEST to network hosts. Note: The count must be 0 - 5535.
If the count is 0, then the system sends ICMP ECHO_REQUEST pings until it is interrupted by the user
with the keyboard command Ctrl+C. The default count is 0. The size must be 0 - 65535. The default
size is 56 bytes.
|
telnet [-l <user>] <host>
[<port>] Note: User
and port are optional.
|
Communicate with a remote computer that is using the Telnet protocol. |
traceroute [-6] <host> [<size>] | Trace a packet from a computer to a remote destination, showing how many hops
the packet made to reach the destination, and the duration of each hop. Note: Size must be 38 -
32768. Default size is 38 bytes.
|
Updates mode command | Description |
---|---|
install[type][usb|server] | Install an update from the inserted USB flash drive or update server. Restriction: Only updates that are available for your appliance model are
displayed.
Note: The keyboard command Ctrl+C does not interrupt the install command in Updates mode.
|
list[type] [usb|server] | List available updates on the inserted USB flash drive or on the update
server. Any of the following updates might be available:
Note: The types of updates that are available depend on the model of your
appliance.
|
rollback | Undo a security update. Note: The keyboard command Ctrl+C does not interrupt
the rollback command in Updates mode.
|
show | Display version information for the security update that is installed and current. |
view_history | Display installation and rollback history for all updates. |