Documente Academic
Documente Profesional
Documente Cultură
Introduction
This document contains a categorized complete listing of Command Line Interface (CLI) commands for SonicOS Standard and Enhanced firmware for the Pro 4060, Pro 2040 and TZ 170 devices. Each command is described and, where appropriate, an example of usage is included.
Note: Commands using port spec x0, 1x, etc. only take IDs for existing ports on the device. For example, the
TZ170 uses x0-x2, the Pro 2040 x0-x3, and the Pro 4060 x0-x5. This Users Guide contains the following sections: Input Data Format Specification Text Conventions Editing and Completion Features Command Hierarchy Configuration Security Management Methods for Each Appliance Initiating a Management Session Command Set Status
Text Conventions
Bold text indicates a command executed by interacting with the user interface. Courier bold text indicates commands and text entered using the CLI. Italic text indicates the first occurrence of a new term, as well as a book title, and also emphasized text. In this command summary, items presented in italics represent user-specified information. Items within angle brackets (< >) are required information. Items within square brackets ([ ]) are optional information. Items separated by a pipe (|) are options. You can select any of them.
Page 1
Note: Though a command string may be displayed on multiple lines in this guide, it must be entered on a
single line with no carriage returns except at the end of the complete command.
Most configuration commands require completing all fields in the command. For commands with several possible completers, the Tab or ? key display all options. myDevice> show [TAB] alerts arp content-filter cpu device gms interface log memory messages nat netstat network processes route securityservices status system tech-support tsr web-management zone zones
The Tab key can also be used to finish a command if the command is uniquely identified by user input. myDevice> show al [TAB] displays myDevice> show alerts Additionally, commands can be abbreviated as long as the partial commands are unique. The following text: myDevice> sho int inf is an acceptable abbreviation for myDevice> show interface info
Page 3
Command Hierarchy
The CLI configuration manager allows you to control hardware and firmware of the appliance through a discreet mode and submode system. The commands for the appliance fit into the logical hierarchy shown below. To configure items in a submode, activate the submode by entering a command in the mode above it. For example, to set the default LAN interface speed or duplex, you must first enter configure, then interface x0 lan. To return to the higher Configuration mode, simply enter end or finished.
Configuration Security
SonicWALL Internet Security appliances allow easy, flexible configuration without compromising the security of their configuration or your network.
Passwords
The SonicWALL CLI currently uses the administrators password to obtain access. SonicWALL devices are shipped with a default password of password. Setting passwords is important in order to access the SonicWALL and configure it over a network.
Note: The default terminal settings on the SonicWALL and modules is 80 columns by 25 lines. To ensure the
best display and reduce the chance of graphic anomalies, use the same settings with the serial terminal software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on the serial terminal software. 1. Attach the included null modem cable to the appliance port marked CONSOLE. Attach the other end of the null modem cable to a serial port on the configuring computer. 2. Launch any terminal emulation application that communicates with the serial port connected to the appliance. Use these settings: 3. 115,200 baud (9600 for TZ170) 8 data bits no parity 1 stop bit no flow control Press Return. Initial information is displayed followed by a DEVICE NAME> prompt.
Page 5
Command Descriptions
Command show alerts show arp show content filter show cpu show device show gms show interface details <x1|x2|x3|x4|x5> Show interface status <x1|x2|x3|x4|x5> Show alerts Displays currently known arp entries Show content filter list status Show cpu and memory information Displays on the console the contents of the status section of the Tech Support Report (TSR) Displays GMS configuration Displays on the console the contents of the network section of the TSR Displays on the console basic interface status for the SonicWALL, such as active/inactive/disabled, speed setting, duplex setting, IP addressing information Display the SonicWALL log contents Display the configuration data Display the system memory on the appliance Show system messages Display on the console the NAT policy section of the TSR Displays the contents of the netstat table. Shows the network summary. Display procedure information. Displays the complete routing table. Displays the complete status of all security services on the SonicWALL, including license status, licenses available, licenses in use, and license expiration dates. Shows the current status of the appliance. Description
show log content show log settings show memory show messages show nat policies show netstat show network show processes show route show security-services
show status
Command show tech-support show tsr <all | av | cfl | dhcpc |dhcprelay | dhcps | dhcpsstat | ethernet | ha | ip-helper | ipsec | l2tpclient | license | log | management | network | objects | policies | pppoe | pptpclient | radius | snmp | status | time | update | users | wlb> show web-management Show zone <name>
Description Displays the contents of the TSR. Displays on the console the named TSR sections or all of the TSR.
Display the Web-management status and configuration. Displays on the console all rules for the specified zone. For example, show zone <lan rules> displays all of the rules to and from the LAN zone. Displays configured zones on the appliance and interfaces associated with each zone.
show zones
Page 7
ping <IP address|Domain Name> restart restore synchronize-licenses traceroute <IP address|Domain Name>
Page 9
Command bandwidth-management size <uvalue> comment <string> duplex <full|half> end finished fragment-packets
Description Sets the bandwidth management size. Adds comment as part of the port configuration. Sets the interface duplex speed. Exit the configuration mode. Exit configuration mode to the top menu. Enable/disable fragmentation of packets larger than the interface MTU. Enable/disable ignoring the dont fragment bit. Displays the command and description. Displays information about the interface. Sets the mode for the WAN interface and inters the given mode configuration. Enters or removes IP address of DNS servers. Exits configuration mode. Exits configuration mode to top menu. Sets or removes default gateway for the interface. Displays help for given command. Displays IP information about the interfac. Sets the IP address for the interface. Exits configuration mode.
ignore-df-bit
[no] dns <IP Address> end finished gateway <IP Address> help <command> info [no] ip <IP Address>
end
finished
Description Displays help for given command. Displays IP information about the interfac. Sets the hostname for the interface. Releases IP address information. Renews IP address information.
[no] dynamic end finished help <command> [no] hostname <string> [no] inactivity timeout <uvalue > info [no] ip <IP Address> [no] password <quoted string> [no] server ip <IP Address> start stop [no] username <string>
Sets the SonicWALL to obtain the IP address dynamically. Exits configuration mode. Exits configuration mode to top menu. Displays help for given command. Clears/Sets PPTP hostname. Enables/disables the PPTP inactivity timer. Sets/Clears the PPTP inactivity timeout. Displays IP information about the interface. Sets/Clears the IP address for the interface. Sets/Clears the PPTP password. Sest/Clears the PPTP server IP address.
Sets/Clears the PPTP username Sets the SonicWALL to obtain the IP address dynamically. Exits configuration mode.
Command Mode finished help <command> [no] hostname <string> [no] inactivity timeout <uvalue> info [no] ip <IP Address> [no] password <quoted string> [no] server ip <IP Address> start stop [no] username <string> mtu <uvalue> name <interface name> speed <10|100> Other Interface Configuration auto comment <string> duplex <full|half> end finished help <command>
Description Exits configuration mode to top menu. Displays help for given command. Clears/Sets L2TP hostname. Enables/disables the L2TP inactivity timer. Sets/Clears the L2TP inactivity timeout. Displays IP information about the interface. Sets/Clears the IP address for the interface. Sets/Clears the L2TP password. Sets/Clears the L2TP server IP address.
Sets/Clears the L2TP username. Sets the MTU of the interface. Sets the name for the interface. Sets the interface speed. Sets the interface to autonegotiate. Adds a comment as part of the force configuration. Sets the interface duplex speed. Exits configuration mode. Exits configuration mode to top menu. Displays help for given command.
Page 13
Command info name <interface name> speed <10|100> [no] log categories [all] Log Category Information [no] all [no] attack [no] blocked-code [no] blockedsites [no] connection [no] conn-traffic[ [no] debug end finished help <command> [no] icmp info [no] lan-icmp [no]lan-tcp [no]lan-udp [no]maintenance
Description Displays IP information about the interface. Sets the name for the interface. Sets the interface to autonegotiate. Assigns/clears logging categories. Assigns/clears all logging categories. Assigns/clears attack logging category. Assigns/clears blocked code logging category. Assigns/clears blocked sites logging category. Assigns/clears connection logging category. Assigns/clears conn traffic logging category. Assigns/clears debug logging category. Exits configuration mode. Exits configuration mode to top menu. Displays help for given command. Assigns/clears ICMP logging category. Displays IP information about the interface. Assigns/clears LAN-ICMP logging category. Assigns/clears LAN-TCP logging category. Assigns/clears LAN-UDP logging category. Assigns/clears maintenance logging category.
Command [no] mgmt-80211b [no] modem-debug [no] sys-env [no] sys-err [no]tcp [no] udp [no] user-activity [no] vpn-stat [no] vpn-tunnelstatus [no] log filter-time <uvalue> log ordering <choices> [invert] name <string> [no] route default <IP address> [no] route <Destination> <Netmask> <Gateway> [metric <route metric>] [no] web-management http enable <x0 | x1 | x2 | x3 | x4 | x5> web-management http port <tcp port or 'default'> [no] web-management https enable <x0 | x1 | x2 | x3 | x4 | x5> web-management https port <tcp port or 'default'> web-management restore
Description Assigns/clears 80211b management logging category. Assigns/clears modem debugging logging category. Assigns/clears sys env logging category. Assigns/clears sys error logging category. Assigns/clears TCP logging category. Assigns/clears UDP logging category. Assign/clear user-activity logging category. Assigns/clears vpn-stat logging category. Assigns/clears vpn tunnel status logging category. Assigns/clears log filter time. Assign/clear ordering method when displaying log entries. Sets/clears the firewall name. Assigns clear default route. Assigns clear static routes. Enables/disables HTTP web management. Assigns the HTTP web management port or reset to default. Enables/disables HTTPS web management. Assigns the HTTPS web management port or resets to default. Restores default web-management port and interface assignments. Enters the zone configuration menu.
Page 15
zone <wan|lan|dms>
Description Exits configuration mode. Exits configuration mode to top menu. Enables/disables intra-zone communications.
Top Level Commands Command cls exit Description Clears window, leaving a single prompt line. This command causes you to exit submenu, or if issued at the global level, returns you to the login prompt. Exports the preferences file using the Zmodem. Exports the tsr using the Z-modem. Displays command and description. Import preferences file using Z-modem.
Command logout ping < IP address | Domain Name> restart restore [no] web-management http enable web-management http port <tcp port or 'default'> [no] web-management https enable web-management https port <tcp port or 'default'> web-management restore
Description Logout from the console. Sends ICMP packets to destination IP address. Restarts the device. Restore the device to factory defaults. Enables/disables HTTP web management. Assigns the HTTP web management port or reset to default. Enables/disables HTTPS web management. Assigns the HTTPS web management port or resets to default. Restores default web-management port and interface assignments.
Page 17
SonicWALL, Inc. 1143 Borregas Avenue Sunnyvale CA 94089-1306 P/N: 232-000549-00 Rev B, 02/2005 T +1 408.745.9600 F +1 408.745.9300 www.sonicwall.com
2008 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice. 07/07 SW 145