Freedom9 freeGuard Blaze 2100 Cli Reference Manual

Version 3R2

freeGuard Blaze 2100 CLI Reference

Guide

COPYRIGHT NOTICE

Under the copyright law, this manual and the software described within can not be copied in

whole or part, without written permission of the manufacturer, except in the normal use of the

software to make a backup copy. The same proprietary and copyright notices must be affixed to

any permitted copies as were affixed to the original. An exception does not allow copies to be

made for others, whether or not sold, but all of the materials purchased can be sold, given, or

loaned to another person. Under the law, copying includes translating this information into

another language or format.

Information contained in this document is subject to change without notice.

TRADEMARKS

Products mentioned in this document may be trademarks and/or registered trademarks of their

respective companies and are the sole properties of their respective company.

January 11, 2007

Version 3R2

CLI Reference Guide 3

Contents

1. Preface...........................................................................................................................5

2. Command Descriptions ...............................................................................................9

address..............................................................................................................................................10

admin................................................................................................................................................12

all......................................................................................................................................................14

arp.....................................................................................................................................................15

clock .................................................................................................................................................16

config................................................................................................................................................18

console..............................................................................................................................................19

counter..............................................................................................................................................21

delete ................................................................................................................................................22

dhcp ..................................................................................................................................................23

dns ....................................................................................................................................................24

domain..............................................................................................................................................26

exit....................................................................................................................................................27

file ....................................................................................................................................................28

group ................................................................................................................................................29

ha ......................................................................................................................................................32

hostname ..........................................................................................................................................34

ike.....................................................................................................................................................35

ike-cookie.........................................................................................................................................43

image ................................................................................................................................................44

interface............................................................................................................................................45

ip.......................................................................................................................................................52

log.....................................................................................................................................................53

ntp.....................................................................................................................................................57

ping...................................................................................................................................................59

pki.....................................................................................................................................................61

policy................................................................................................................................................65

pppoe ................................................................................................................................................73

reset ..................................................................................................................................................75

route..................................................................................................................................................76

sa ......................................................................................................................................................78

save...................................................................................................................................................79

scheduler ..........................................................................................................................................81

service ..............................................................................................................................................82

Contents

4 CLI Reference Guide

Version 3R2

session..............................................................................................................................................85

snmp.................................................................................................................................................86

ssh ....................................................................................................................................................88

syslog ...............................................................................................................................................90

system ..............................................................................................................................................92

tech-support .....................................................................................................................................93

trace-route ........................................................................................................................................94

transparent........................................................................................................................................ 95

vpn ...................................................................................................................................................97

vrouter............................................................................................................................................ 101

zone................................................................................................................................................104

Version 3R2

CLI Reference Guide 5

P

REFACE

1

Contents

• About This Guide on page 6

• CLI Syntax on page 6

• Dependency Delimiters on page 6

• Object Name Conventions on page 6

• CLI Variables on page 6

PREFACE

1

6 CLI Reference Guide

Version 3R2

About This Guide

This guide describes the commands used to configure and manage the freeGuard Blaze 2100 from

a management interface.

CLI Syntax

The CLI syntax may include options, switches, parameters, and other features. Some command

descriptions use dependency delimiters. Dependency delimiters indicate which command features

are mandatory, and in which contexts.

Dependency Delimiters

Special characters are used to show the dependencies between commands features.

The { and } symbols denote a mandatory feature. Features enclosed by these symbols are es-

sential for execution of the command.

The [ and ] symbols denote an optional feature. Features enclosed by these symbols are not es-

sential for execution of the command, although omitting such features might adversely affect the

outcome.

The | symbol denotes an “or” relationship between two features. When this symbol appears be-

tween two features on the same line, you can use either feature (but not both). When this symbol

appears at the end of a line, you can use the feature on that line, or the one below it.

Nested Dependencies

CLI commands can have nested dependencies. Nested dependencies make features optional in

some contexts, and mandatory in others. The three hypothetical features shown below demon-

strate this principle.

[ feature_1 { feature_2 | feature_3 } ]

The delimiters [ and ] surround the entire clause. Consequently, you can omit feature_1,

feature_2, and feature_3, and still execute the command successfully. However, because the

{ and } delimiters surround feature_2 and feature_3, you must include either feature_2 or

feature_3 if you include feature_1. Otherwise, you cannot successfully execute the command.

Object Name Conventions

The CLI employs the following conventions regarding the names of objects:

If a name string includes one or more spaces, the entire string must be enclosed within double

quotes ( “ ); for example, set address trust “local LAN” 10.1.1.0/24.

The CLI trims any spaces leading or trailing text within a set of double quotes; for

example, “ local LAN ” becomes “local LAN”.

The CLI treats multiple consecutive spaces as a single space.

CLI Variables

Most CLI commands described in this manual have changeable parameters that affect the out-

come of command execution. These parameters may include names, IP addresses, subnet

masks, numbers, dates, etc.

. . . . .

PREFACE

Version 3R2

CLI Reference Guide 7

Variable Notation

The variable notation used in this manual consists of italicized parameter identifiers. For example,

the set arp command uses four identifiers, as shown here:

set arp

{

ip_addr mac_addr interface |

age number

}

where

• ip_addr represents an IP address.

• mac_addr represents a MAC address.

• interface represents a physical or logical interface.

• number represents a numerical value.

Thus, the command might take the following form:

set arp 172.16.10.11 00e02c000080 eth1

where 172.16.10.11 is an IP address, 00e02c000080 is a MAC address, and eth1 is a physical

interface.

PREFACE

1

8 CLI Reference Guide

Version 3R2

CLI Reference Guide 9

C

OMMAND

D

ESCRIPTIONS

2

This chapter lists and describes the Command Line Interface (CLI) commands.

COMMAND DESCRIPTIONS

address

2

10 CLI Reference Guide

Version 3R2

address

The address command is used to define entries in the address book of a security zone.

An address book is a list containing all addresses, address groups, and domain names defined for

a security zone. Address book entries are used to identify addressable entities in policy defini-

tions. Entities in policy definitions have to be defined in the address book before you can use

them.

Syntax

Keywords and Variables

Variable Parameters

Example

The following commands create address book entries for “LocalNet” and “RemoteNet”:

set address trust LocalNet 10.1.1.0/24 “AmsterdamLan”

set address untrust RemoteNet 1.1.12.1/24 “SanJoseLan”

group

get address zone group name_str

group

The name of a group of address book entries. You can use an address group in a security

policy definition to specify multiple addresses. (Create address groups using the set group

address command.)

Example

The following command displays information for an address group named Sales_Group:

get address trust group HTTP_Servers

get get address zone [ group name_str | name name_str ]

set set address zone name_str { ip_addr/mask }

[ string ]

unset unset address zone name_str

zone The name of the security zone. The default security zones to which you

can bind an address book include Trust, Untrust, Global, DMZ. You can

also assign address book entries to user-defined zones.

ip_addr/mask The address and subnet mask identifying an individual host or a subnet.

string A character string containing a comment line.

. . . . .

COMMAND DESCRIPTIONS

address

Version 3R2

CLI Reference Guide 11

name

name name_str

The name of an individual address book entry. You can use an address group in a security

policy definition to specify a single address.

COMMAND DESCRIPTIONS

admin

2

12 CLI Reference Guide

Version 3R2

admin

The admin command is used to configure or display administrative parameters for the freeGuard

Blaze 2100. There will be two accounts on the device: Read/Write Administrator (admin) and

Read-Only Administrator (admin-r). The Read-only Administrator only has read privileges. The

Read/Write Administrator will have full rights to create, modify and remove settings on the box.

Whenever somebody tries to logon as admin and somebody else is already logged on as admin,

the person who logs on second gets the option to acquire the admin rights. This feature is helpful

in case the first admin session gets hung up. In this case, by logging on again as an admin and

acquire the admin right from the first user, the second admin can kill the session of the first ad-

min.

Administrators can connect to the device in two ways: Through a console cable locally attached

to the device or remotely through a Secure Command Shell (SSH).

Syntax

Keywords and Variables

Variable Parameters

alert

set admin mail alert

alert

Collects system alarms from the device for sending to an email address.

current-user

get admin current-user

current-user

Displays the user for the current administrative session. This can be ‘admin’ or ‘admin-r’

mail

set admin mail { ... }

unset admin mail { ... }

mail-addr1

set admin mail mail-addr1 name_str

set set admin password pswd_str

set admin-r password pswd_str

set admin mail mail-addr1 name_str

set admin mail mail-addr2 name_str

set admin mail server-name ip_addr

unset unset admin mail mail-addr1 name_str

unset admin mail mail-addr2 name_str

unset admin mail server-name ip_addr

. . . . .

COMMAND DESCRIPTIONS

admin

Version 3R2

CLI Reference Guide 13

Example

The following command configures the email address [email protected] to receive updates concern-

ing administrative issues:

set admin mail mail-addr1 [email protected]om

mail-addr2

set admin mail mail-addr2 name_str

Example

The following command configures the secondary email address [email protected] to receive up-

dates concerning administrative issues:

set admin mail mail-addr2 [email protected]om

password

set admin password pswd_str

set admin-r password pswd_str

password

Specifies the password (pswd_str) for admin and admin-r. The maximum length of the

password is 31 characters, including all symbols except the special command character “?.”

After this command is entered the user will be prompted to enter the password again.

server-name

set admin mail server-name ip_addr

server-name

The IP address or name of the Simple Mail Transfer Protocol (SMTP) server. This server will

forward email notifications of system alarms and traffic logs to the email addresses specified.

Example

The following command specifies a SMTP server at IP address 192.168.1.168:

set admin mail server-name 192.168.1.168

Defaults

The default password for both admin and admin-r is password.

COMMAND DESCRIPTIONS

all

2

14 CLI Reference Guide

Version 3R2

all

The all command is used to return all configuration settings and software to the factory default

settings. The configuration file, which stores the saved configuration settings of the box, is re-

stored to factory default. Software image updates that are stored in the flash memory of the box

will be erased and the factory installed software image is made active.

Syntax

unset all

Keywords and Variables

None.

Example

In the following example, the device is reset to its factory default settings and reset the device.

1.Execute the unset all command.

unset all

2. The following prompt appears: “Erase all system config, are you sure y / [n]?”

3. Press the Y key. This returns the system configuration to the factory default settings.

4. Execute the reset command.

reset

5. The following prompt appears: “Configuration modified, save? [y] / n”

6. Press the N key. This action generates the following prompt: “System reset, are you sure? y /

[n] n”

7. Press the Y key. This action restarts the system. The device now has its original factory default

settings.

. . . . .

COMMAND DESCRIPTIONS

arp

Version 3R2

CLI Reference Guide 15

arp

The arp command is used to create, remove, or list interface entries in the Address Resolution

Protocol (ARP) table of the device.

Syntax

Keywords and Variables

Variable Parameters

set arp ip_addr mac_addr interface

age

set arp age number

age

Sets the age-out value for ARP entries (in seconds). The default value is 1200 seconds (20

minutes).

clear clear arp [ip_addr]

get get arp [ip_addr]

set set arp

{

ip_addr mac_addr interface | age number

}

unset unset arp {ip_addr | age }

ip_addr IP address of a network device for which you want to make a static entry

in the ARP table.

mac_addr The MAC address of a network device for which you want to make a

static entry in the ARP table.

interface The name of the interface through which the freeGuard Blaze 2100 can

direct traffic to reach the network device with the specified IP address

and MAC address.

COMMAND DESCRIPTIONS

clock

2

16 CLI Reference Guide

Version 3R2

clock

The clock commands are used to get and set the system time.

Syntax

Keywords and Variables

Variable Parameter

set clock date time

date time

Configures the correct current date and time on the device. Specify the date and time using

the following formats: (mm/dd/yyyy hh:mm or mm/dd/yyyy hh:mm:ss).

Example

The following command sets the clock to November 9, 2005, 3:45 a.m.

set clock 11/09/2005 3.45

[NOTE] By default, the device automatically adjusts its system clock for daylight savings time.

dst-off

set clock dst-off

unset clock dst-off

dst-off

Turns off the automatic time adjustment for daylight saving time.

ntp

set clock ntp

unset clock ntp

ntp

Configures the device for Network Time Protocol (NTP), which synchronizes computer clocks

in the Internet.

timezone

set clock timezone number

unset clock timezone number

get get clock

set set clock {date time | dst-off | ntp | timezone number }

unset unset clock {dst-off | ntp | timezone }

. . . . .

COMMAND DESCRIPTIONS

clock

Version 3R2

CLI Reference Guide 17

timezone

Sets the time zone value. This value indicates the time difference between GMT standard time

and the current local time (when DST is OFF). When DST is ON and the clock is already set

forward one hour, decrease the time difference by one hour and set the minutes accurately.

Set the number between -12 and 12.

COMMAND DESCRIPTIONS

config

2

18 CLI Reference Guide

Version 3R2

config

Use the config command to display the configuration settings for the device. You can display a

current configuration setting (stored in RAM), or saved configurations (stored in flash memory).

The config file can be saved to flash memory with the save command.

Syntax

Keywords and Variables

exec config saved

Executes a config file from flash memory. The exec config saved command executes the list of

commands in the configuration file. This commands can be used to restore the product to an

earlier configuration setting. The product needs to be rebooted before a saved configuration

file is executed.

get config [saved]

The get config command shows the current configuration setting of the product. The current

configuration setting can be different from the configuration file that’s saved in flash memory.

The get config command does not execute the commands in the configuration file. The get

config saved commands shows the saved configuration file. The current configuration can be

saved to flash with the save ... command.

exec exec config saved

get get config [ saved ]

. . . . .

COMMAND DESCRIPTIONS

console

Version 3R2

CLI Reference Guide 19

console

Use the console commands to define or list the CLI console parameters. The console parameters

determine the following:

• Whether the device displays messages in the active console window

• The number of lines that may appear on a console window page

• The maximum time that can pass before automatic logout occurs due to inactivity

Syntax

Keywords and Variables

disable

set console disable

unset console disable

disable

Disables console access through the serial port. Two confirmations are required to disable

access to the console.

page

set console page number

unset console page

page

An integer value specifying how many lines appear on each page between page breaks. When

you set this value to zero, there are no page breaks, and the text appears in a continual

stream.

Example

To define 20 lines per page displayed on the console:

set console page 20

resize

exec console resize

get

get console

set

set console

{

disable | page number | timeout number

}

unset

unset console { disable | page | timeout }

exec

exec console resize

COMMAND DESCRIPTIONS

console

2

20 CLI Reference Guide

Version 3R2

Resize the console size to window size.

timeout

set console timeout number

unset console timeout

timeout

Determines how many minutes the device waits before closing an inactive administrator

session. If you set the value to zero, the console never times out.

Example

To define the console timeout value to 20 minutes:

set console timeout 20

defaults

The console displays 22 lines per page.

The default inactivity timeout is 10 minutes.

Page is loading ...

Freedom9 freeGuard Blaze 2100 Cli Reference Manual

Freedom9 freeGuard Blaze 2100 Cli Reference Manual

Related papers

Other documents