Documente Academic
Documente Profesional
Documente Cultură
Subcommand
counter interface
counter policy
Description
Resets the device configuration settings to the factory defaults. Use the echo option to echo the command when it is executed.
Use the blocks option to clear all connection table block entries. Use the
trusts option to clear all trust table entries.
Clears interface counters.
Clears policy counters.
interface
Clears the interface. When used without options, it rests all interfaces.
log
Clears log files. When used without options, it erases all entries in all logs.
clear log clear log alert clear log audit clear log block clear log packet-trace clear log quarantine clear log system
np
configuration
connection-tabl e
clear
ramdisk stats
rate-limit-stre ams
list-image
remove-image
boot
rollback
compact-flash
format
mount
unmount
allowed-dest
apply-only
block
delete
http-block
http-page
http-redirect
conf t action-set
non-http-block
notify-contact
packet-trace
permit
rate-limit
rename
threshold
threshold-peri od
trust
whitelist
enable
conf t authentication disable
remote
timeout
enable
conf t categorysettings
disable
date
dst
time
timezone
conf t compact-flash
operation-mode authenticate
Usage
clear configuration
clear connection-table blocks clear connection-table trusts
boot rollback
compact-flash format
compact-flash mount
compact-flash unmount
conf t action-set <action set name> allowed-dest <destination address> add
Adds or removes a quarantine allowed destination.
conf t action-set <action set name> allowed-dest <destination address> remove
conf t action-set <action set name> apply-only <CIDR> add
Adds or removes a CIDR from the quarantine apply-only list.
conf t action-set <action set name> apply-only <CIDR> remove
Creates or modifies an action set that blocks traffic. The following
conf t action-set <action set name> quarantine
secondary actions can be added: quarantine: host IP address is placed
conf t action-set <action set name> no quarantine
into quarantine. Use no quarantine to remove the address from quarantine. conf t action-set <action set name> block reset-both
reset-both: TCP reset on the source and destination reset-destination: conf t action-set <action set name> block reset-destination
TCP reset on the destination reset-source: TCP reset on the source
conf t action-set <action set name> block reset-none
reset-none: no TCP reset.
conf t action-set <action set name> block rest-source
Deletes the named action set.
conf t action-set <action set name> delete
Blocks http requests from quarantined hosts.
conf t action-set <action set name> http-block
Creates an web page to display when a quarantined host makes a web
conf t action-set <action set name> http-page [-show-name <name of page>] [-show-desc <description of page>] [-custom-text
request.
<content of page>]
Redirects http requests from a quarantined hosts to a specified URL.
conf t action-set <action set name> http-redirect <url>
Blocks non-http requests from quarantine hosts. Permit non-http requests
conf t action-set <action set name> non-http-block
with no non-http-block.
conf t action-set <action set name> notify-contact add <contact name> conf t action-set <action set name> notify-contact remove
Adds or removes a notification contact from an action set.
<contact name>
Enables and sets packet trace settings. Set a priority (high, medium, or
conf t action-set <action set name> packet-trace [-priority <priority>] [-capture-size <bytes>] conf t action-set <action set name>
low) with the -priority option and the number of bytes to capture (641600) with the -capture-size option. Use no packet-trace to disable packet no packet-trace
tracing.
Creates or modifies an action set that permits traffic. Use the quarantine
conf t action-set <action set name> permit
command to quarantine permitted traffic and no quarantine to stop
conf t action-set <action set name> permit quarantine
quarantining permitted traffic.
conf t action-set <action set name> permit no quarantine
Creates or modifies an action set that rate-limits traffic. Enter the desired
conf t action-set <action set name> rate-limit <threshold>
threshold in Kbps.
Renames the action set.
conf t action-set <action set name> rename <new action set name>
Sets the quarantine threshold in seconds (1-10000).
conf t action-set threshold <seconds>
Sets the quarantine threshold period in minutes (1-60).
conf t action-set threshold-period <minutes>
Creates or modifies a trust action set.
conf t action-set <action set name> trust
Creates a whitelist of trusted IP addresses by using the add or remove
conf t action-set <action set name> whitelist add <IP address>
subcommands.
conf t action-set <action set name> whitelist remove <IP address>
Enables remote authentication.
conf t authentication remote enable
Disables remote authentication.
conf t authentication remote disable
Sets the remote authentication server timeout. The value should be greater
conf t authentication remote timeout <seconds>
than the timeout configured on the SMS.
Enables a filter category and assigns the named action set to the category.
conf t category-settings [-profile <profile name>] <filter category> enable -action-set <action set>
Enable the filter category for a specific profile with the -profile option.
Disables the filter category.
Sets the date.
Enables or disables Daylight Savings Time.
Sets the time according to the 24-hour clock. For example, to set the clock
to 3:30 PM, enter 15:30.
Sets the time zone. For a list of available time zones, use the command
show timezones.
Sets the device to require authentication when a compact flash card is
inserted.
Command
Subcommand
conf t compact-flash
operation-mode auto-mount
domain
from
conf t default-alertsink options
no
period
server
to
adaptive-config
add-exception
delete-copy
disable
conf t filter
enable
remove-exception
reset
threshold
timeout
use-category
disable
enable
partner
conf t high-availability
l2fb
dns
fips-mode
conf t host
ip-filter
location
name
add
clear-stats
enable
disable
remove
-eth
-ports
-gre
Description
Usage
Sets the device to automatically mount compact flash cards when inserted. conf t compact-flash operation-mode auto-mount
Defines the domain name of the email notification server.
Defines the email address for the IPS device. This must be a valid email
user name on the notification server.
Removes the default email destination
t
t
t
t
high-availability
high-availability
high-availability
high-availability
disable
enable
partner <IP address> <serial number>
no partner
t
t
t
t
t
inspection-bypass
inspection-bypass
inspection-bypass
inspection-bypass
inspection-bypass
clear-stats <rule_ID>
enable <rule_ID>
disable <rule_ID>
remove <rule_ID>
add -eth <EthType>
Command
Subcommand
-mipv4
-ipv6in4
conf t interface
ethernet
-vlan
-mpls
-ip-proto
-ip-saddr
inspection-bypass
inspection-bypass
inspection-bypass
inspection-bypass
add
add
add
add
-vlan <value>
-mpls <value>
-ip-proto <value>
-ip-saddr <CIDR range>
duplex
linespeed
Sets the line speed. You can set the speed to 10, 100, 1000, or 10000.
negotiate
shutdown
Shuts down the port. Use no shutdown to reactivate the port after a
shutdown command or after configuration has changed.
Sets the duplex speed to half for full
linespeed
Sets the IP address for the management ethernet port. The address can be
IPv4 or IPv6. Use CIDR notation to set the subnet mask. The default mask
is used when the user specifies a non-CIDR IP address.
Enables or disables IPv6 support on the management port.
Enables or disables automatic IPv6 configuration, which allows the device
to get an IPv6 address automatically from the subnet router.
Sets the line speed. You can set the speed to 10, 100, or 1000.
negotiate
ipv6auto
physical-port
route
Sets or removes the default route for the management ethernet port.
vlan
detect-mdi
mdi-mode
backlight
contrast
disable
enable
disable power-supply
Sets the MDI mode to mdi or mdix. The default setting is mdix. The mdi
setting has no effect if auto-negotiation is enabled, detect-mdix is enabled,
or the port media is fiber.
Sets the intensity of the backlighting in a range from 1 (dimmest) to 100
(brightest).
Sets the contrast in a range from 1 to 50.
Disables the LCD keypad.
Enables the LCD keypad.
Disables power supply monitoring.
t
t
t
t
t
t
t
t
t
t
t
t
interface
interface
interface
interface
interface
interface
t
t
t
t
t
t
t
t
t
interface
interface
interface
interface
interface
interface
interface
interface
interface
t
t
t
t
enable power-supply
threshold
Sets threshold values for disk usage, memory, and temperature values.
Disk and memory thresholds are expressed in percentages, and
conf t monitor threshold disk -major <60-100> -critical <60-100>
temperature thresholds are expressed in degrees Celsius. The major
conf t monitor threshold memory -major <60-100> -critical <60-100>
threshold value must be set at a value less than the critical threshold value
conf t monitor threshold temperature -major <40-80> -critical <40-80>
and allow time to react before a problem occurs. The critical threshold
value should generate a warning before a problem causes damage.
conf t monitor
conf t port
t
t
t
t
conf t interface
conf t nms
conf
conf
conf
conf
ipv6
conf t named-ip
-ip-daddr
ip
conf t lcd-keypad
Usage
conf t inspection-bypass add -mipv4 <value>
-upd-sport
-upd-dport
-tcp-sport
-tcp-dport
duplex
conf t interface
mgmtEthernet
Description
Specifies mobile IPv4 tunneling traffic. Default value is any. You may also
specify present or absent.
Specifies IPv6 6-in-4 tunneling traffic. Default value is any. You may also
specify present or absent.
Numeric value or range specifying the permitted VLAN IDs.
Numeric value or range specifying the permitted MPLS IDs.
IP protocol value. For more information, see ip-proto on page 40.
Source CIDR specification. Enter in the form xxx.xxx.xxx.xxx/xx .
add
delete
modify
rename
community
trap-destinati on
Adds or removes an NMS trap IP address. You can also specify a port
number with the -port option. For SNMPv3, the following options are also
available: -user -password -engine -des
add
delete
Command
Subcommand
Description
Usage
add-pair
delete
description
deployment
conf
conf
conf
conf
t
t
t
t
profile
profile
profile
profile
deployment
deployment
deployment
deployment
conf
conf
conf
conf
t
t
t
t
profile
profile
profile
profile
<profile
<profile
<profile
<profile
conf t profile
remove-pair
rename
security
traffic-mgmt
app-except
app-limit
conf t protectionsettings
dns-except
ip-except
perf-limit
force-sync
conf t reputation
conf t reputation
group
name>
name>
name>
name>
conf t profile <profile name> traffic-mgmt conf t profile <profile name> traffic-mgmt -description "<description>"
conf t protection-settings
conf t protection-settings
conf t protection-settings
conf t protection-settings
conf t protection-settings
profile <profile name>
sync-interval
Sets the synchronization interval in seconds. With a value of zero (0), all
writes are immediatly written to the hard disk. With a value of -1, the file is
written to the hard disk when a conf t ramdisk force-sync command is
conf t ramdisk sync-interval <file>
executed, the device is rebooted or halted, or when the device enters high
availability fallback mode. You must specify alert, audit, block, or sys
audit
conf t ramdisk
conf t remote-syslog
core
edge
perimeter
default
conf
conf
conf
conf
conf
conf
conf
conf
conf
t
t
t
t
t
t
t
t
t
remote-syslog
remote-syslog
remote-syslog
remote-syslog
remote-syslog
remote-syslog
remote-syslog
remote-syslog
remote-syslog
t
t
t
t
remote-syslog
remote-syslog
remote-syslog
remote-syslog
update
update
update
update
delete
rfc-format
quarantine
system
update
conf
conf
conf
conf
action-when-pending
The action that the IPS takes on traffic coming from the specified IP
address while the IP reputation filter is caching the address. The default
action is permit.
check-dest-address
check-source-address
filter
conf t reputation filter <group name> [-profile <security profile name>] delete-copy
conf t reputation filter <group name> [-profile <security profile name>] disable
conf t reputation filter <reputation group name> [-profile <security profile name>] enable [-threshold <number>] -action-set
<action set name>
add-domain
add-ip
create
delete
remove-domain
remove-ip
rename
conf
conf
conf
conf
conf
conf
conf
<IP
<IP
<IP
<IP
address>
address>
address>
address>
-port
-port
-port
-port
<port>
<port>
<port>
<port>
-alert-facility <number>
-block-facility <number>
-misuse-facility <number>
-delimiter <character>
conf t reputation check-dest-address [-profile <security profile name>] enable conf t reputation check-dest-address [-profile
<security profile name>] disable
conf t reputation check-source-address [-profile <security profile name>] enable
conf t reputation check-source-address [-profile <security profile name>] disable
t
t
t
t
t
t
t
reputation
reputation
reputation
reputation
reputation
reputation
reputation
group
group
group
group
group
group
group
Command
Subcommand
high-availability
link-down
conf t segment
name
physical-ports
restart
browser-check
http
conf t server
conf t session
https
ssh
telnet
columns
more
rows
timeout
wraparound
[no options]
ip
conf t sms
must-be-ip
no
v2
v3
[no options]
duration
no
offset
conf t sntp
port
primary
retries
secondary
timeout
icmp
icmp6
conf t traffic-mgmt
ip
ip6
conf t traffic-mgmt
tcp
udp
Description
Sets the intrinsic network high availability (fallback) option for the
segment. If the segment is set to block, all traffic through that segment is
denied in the fallback state. If the segment is set to permit, then all traffic
is permitted in the fallback state.
Configures the Link-Down Synchronization mode and timeout length. The
following modes are available: hub: ensures the partner port is
unaffected when the link goes down breaker: requires both the port and
its partner to be manually restarted when the link goes down wire:
automatically restarts the partner port when the link comes back up Valid
range of timeout is 0 to 240 seconds.
Defines a name for the segment with a maximum of 32 characters. Set the
name to "" to remove the name from the segment. Names must conform
to the following rules: Can only contain letters A-Z and a-z, digits 0-9,
single spaces, periods (.), underscores (_), and dashes (-) Must include
at least one non-digit character Cannot begin or end with spaces
Specifies the physical ports.
Restarts a segment.
Enables and disables browser checking.
Enables and disables HTTP. You must reboot the device after changing
HTTP settings.
Enables and disables HTTPS. You must reboot the device after changing
HTTPS settings.
Enables and disables SSH.
Enables and disables telnet.
Sets the column width of the terminal session.
Enables or disables page-by-page output.
Sets the row height of the session.
Sets the inactivity timeout. The -persist option applies the this value to
future sessions for all users as well as the current session.
Enables or disables text-wrapping for long text lines.
Enables SMS management.
Sets the IP address and port of the SMS that will manage the IPS.
Enables or disables restriction of SMS management to a specified IP
address. Only the SMS with this IP can manage the device.
Disables SMS management.
Enables or disables SNMP v2 communication.
Enables or disables SNMP v3 communication.
Enables SNTP.
Sets the interval at which the IPS will check with the time server. A zero
value will cause time to be checked once on boot.
Disables SNTP.
If the difference between the new time and the current time is equal to or
greater than the offset, the new time is accepted by the IPS. A zero value
will force time to change every time the IPS checks.
Identifies the port to use for the time server.
Sets or removes the IP address of your primary SNTP time server.
Sets the number of retries that the device attempts before declaring the
SNTP connection is lost.
Sets or removes the IP address of your secondary SNTP time server.
Sets the number of seconds that the device waits before declaring the
SNTP connection is lost.
Creates an ICMP traffic management filter. You can also specify the ICMP
type, or use any to apply the filter to all types.
Creates aan ICMPv6 traffic management filter. You can also specify the
ICMPv6 type, or use any to apply the filter to all types.
Usage
conf t segment <segment name> high-availability block
conf t segment <segment name> high-availability permit
t
t
t
t
t
t
t
t
t
no sms
sms v2 conf t sms no v2
sms v3 conf t sms no v3
sntp
conf t traffic-mgmt icmp [-type <ICMP type>] <filter name> [-profile <profile name>] [-srcaddr <source IP address>] [-destaddr
<destination IP address>]
conf t traffic-mgmt icmp6 [-type <ICMPv6 type>] <filter name> [-profile <profile name>] [-srcaddr <source IP address>] [destaddr <destination IP address>]
conf t traffic-mgmt ip [-ip-frag-only] <filter name> [-profile <profile name>] [-srcaddr <source IP address>] [-destaddr
Creates a IP traffic management filter. You can also specify the whether IP <destination IP address>]
fragments are filtered with the -ip-frag-only or -no-ip-frag-only options.
conf t traffic-mgmt ip [-no-ip-frag-only] <filter name> [-profile <profile name>] [-srcaddr <source IP address>] [-destaddr
<destination IP address>]
conf t traffic-mgmt ip6 [-ip-frag-only] <filter name> [-profile <profile name>] [-srcaddr <source IP address>] [-destaddr
Creates an ipv6 traffic management filter. You can also specify the whether <destination IP address>]
IP fragments are filtered with the -ip-frag-only or -no-ip-frag-only options. conf t traffic-mgmt ip6 [-no-ip-frag-only] <filter name> [-profile <profile name>] [-srcaddr <source IP address>] [-destaddr
<destination IP address>]
Creates a TCP traffic management filter. You can also specify the TCP
conf t traffic-mgmt tcp [-srcport <TCP port>] [-destport <TCP port>] <filter name> [-profile <profile name>] [-srcaddr <source
source and destination ports.
IP address>] [-destaddr <destination IP address>]
Creates a UDP traffic management filter. You can also specify the UDP
conf t traffic-mgmt udp [-srcport <UDP port>] [-destport <UDP port>] <filter name> [-profile <profile name>] [-srcaddr <source
source and destination ports.+
IP address>] [-destaddr <destination IP address>]
Command
conf t traffic-mgmt
Subcommand
Description
Usage
allow
block
delete
position
conf
conf
conf
conf
name>
name>
name>
name>
[-profile
[-profile
[-profile
[-profile
<profile>]
<profile>]
<profile>]
<profile>]
allow
block
delete
position <number>
Rate-limits and applies the named action set to all traffic that fits the filter. conf t traffic-mgmt <filter name> [-profile <profile>] rate-limit <action set name>
Renames the filter.
Enables trust of all packets that match the filter.
adaptive-filter
afc-severity
connection-table
gzipcompression
http-encoded-resp
ids-mode
logging-mode
quarantine
add
enable
modify
remove
attempt-action
<filter
<filter
<filter
<filter
rename
trust
congestion
conf t user
traffic-mgmt
traffic-mgmt
traffic-mgmt
traffic-mgmt
rate-limit
asymmetric-network
conf t tse
t
t
t
t
expire-action
Enables or disables asymmetric mode for the TSE. Use asymmetric mode if
your network uses asymmetric routing.
Enables or disables notification when traffic congestion reaches a defined
threshold.
Sets the timeout for the connection tables. non-tcp-timeout: Defines the
timeout for non-TCP connections. The range is 30 to 1800 seconds.
timeout: Defines the global connection table timeout. The range is 30 to
1800 seconds. trust-timeout: Defines the timeout for the trust table. The
range is 30 to 1800 seconds.
Enables or disables GZIP decompression.
Specifies inspection of encoded HTTP responses. accelerated: Hardware
acceleration is used to detect and decode encoded HTTP responses.
inspect: Enables strict detection and decoding of HTTP responses.
ignore: The device does not detect or decode HTTP responses.
Enables or disables IDS mode. When enabled, IDS mode configures the
device to operate in a manner similar to an Intrusion Detection System
(IDS). Performance protection is disabled. Adaptive Filtering mode is
set to Manual. Filters currently set to Block are not switched to Permit,
and Block filters can be still be set. NOTE: IDS mode will be disabled if you
manually enable performance protection or set Adaptive Filtering mode to
Automatic.
Sets the logging mode: conditional: Improves performance by turning off
alert/block logging when the device experiences a specified amount of
congestion. This feature is enabled by default. The -threshold setting
defines the percentage of packet loss that turns off logging. The -period
setting sets the length of time logging remains off. unconditional: The
device always logs alerts and blocks, even if traffic is dropped under high
load.
Sets the quarantine duration. The range is 1 to 1440 minutes.
Adds a user. Requires the following options: name: Login name.
Maximum of 31 characters. role: Privilege level. Privileges may be
operator, administrator, or super-user. password: Password. Maximum
32 characters. If you do not create a password, you will be asked if you
want to do so. -tech-support: Enables the Technical Support Landing
Page when the user logs into the LSM. (TippingPoint 10 only)
conf
conf
conf
conf
t
t
t
t
t
t
t
t
tse
tse
tse
tse
asymmetric-network enable
asymmetric-network disable
congestion notify enable -threshold <threshold>
congestion notify disable
Enables a user account that has been disabled due to lockout or expiration. conf t user enable <username>
Modifies the named user. Requires one or more of the following options:
role: Privilege level. Privileges may be operator, administrator, or superuser. password: Password. Maximum 32 characters. -tech-support:
Enables the Technical Support Landing Page when the user logs into the
LSM. (TippingPoint 10 only)
Removes a user login.
Specifies the action to take when the maximum number of login attempts
is reached. disable: Requires a super-user to re-enable the user.
lockout: Prevents the user from logging in for the lockout-period. notify:
Posts a notification to the audit log.
Specifies the action to take when a user account expires. disable:
Disables the account. expire: Expires the account. notify: Audits the
expiration to the audit log.
expire-period
Sets the number of days before a password expires. Valid values are 0, 10,
conf t user option expire-period <value>
20, 30, 45, 90, 332, and 365. With a value of 0, passwords do not expire.
lockout-period
Sets the number of minutes that a user is locked out after the maximum
number of unsuccessful login attempts.
Command
Subcommand
max-attempts
delete
description
remove-row
rename
zones
delete
debug reputation
debug best-effortmode
ticks
clear-caches
lookup
show-cachestats
enable
disable
-queuelatency
debug np best-effort
options
-recoverpercent
list
remove
debug traffic-capture
start
stop
stop-all
-c
-C
debug traffic-capture
-i
start options
-w
Description
Usage
Sets the maximum number of login attempts that are permitted before the
conf t user option max-attempts <value>
action specified in attempt-action takes place. Valid values are integers
between 1 and 10, inclusive.
Sets the security level for user names and passwords. Valid values are
integers between 0 and 2 inclusive. See Security Levels on page 64.
Configures the physical port, VLAN ID, and CIDR associated with a virtual
port. Leaving a option blank sets the value to any.
Creates a virtual port and assigns a name. The maximum number of
characters is 32. Spaces are not allowed. Use the -description option to
add a description.
Deletes a virtual port.
Enters a description of the virtual ports.
Removes the physical port, VLAN, and CIDR associated with a virtual port,
resetting its values to any.
Changes the name of the virtual ports.
Sets the physical port list and VLAN list for a virtual port.
Deletes a virtual segment.
Sets the precedence of a virtual segment. Assigning a position of 1 gives
the segment topmost precedence.
Creates, moves, or edits a virtual segment.
Lists all processes.
Lists the number of processes currently running in the control and data
planes, the maximum CPU usage, and the average CPU usage. The
following options provide more information: -details: Provides a more
detailed list of processes and CPU usage. -tiers: Lists processes and CPU
usage by tier.
Clears the reputation caches.
Looks up an address in the reputation database.
Shows the reputation cache statistics.
Enables Best Effort mode.
Disables Best Effort mode.
Defines the latency threshold at which Best Effort mode is entered. The
default is 1000 microseconds.
Defines the recovery percentage at which Best Effort mode is exited. The
default is 20%; if the latency threshold is 1000 microseconds, the device
exits Best Effort mode when latency drops to 200 microseconds (20% of
1000).
Returns a list of all traffic captures currently saved on the IPS.
Removes a saved traffic capture. Use the -f flag to force the removal of the
file when a traffic capture is in progress.
Initiates a traffic capture. This subcommand can be used in conjunction
with the options or with an expression.
If only one traffic capture is currently in progress, terminates the traffic
capture in progress. If two or more traffic captures are currently in
progress, you must specify a filename.
Stops traffic captures currently in progress.
Defines the number of packets at which the traffic capture will stop. The
default is 100.
Defines the capture file size at which the traffic capture will stop. The size
is defined in bytes. The default is 100000.
Sets the virtual segment on which the traffic will be captured. The default
is all defined virtual segments. The segment should be defined with the
syntax 1A-1B.
Defines a name for the traffic capture file. Do not include an extension; the
TOS will automatically append one. The default file name is the date and
time at which the traffic capture was initiated, in the format YYYYMMDDHHMMSS.pcap.
debug
debug
debug
debug
debug
reputation clear-cache
reputation lookup <IP address>
reputation show-cache-stats
np best-effort enable [-queue-latency <microseconds>] [-recover-percent <percent>]
np best-effort disable
Command
Subcommand
auth delete
fips
keys
restore-ssl
default-gateway
deployment-choices
show deployment-choices
dns
filter
show dns
show filter <number>
force
high-availability
zero-power
ping
-q
-v
-4
-6
add
quarantine
setup
empty
list
remove
emaildefault
ethernetport
host
servers
sms
time
vlan-translation
action-sets
arp
autodv
clock
compact-flash
defaultalert-sink
show subcommands
Description
Usage
Reboots the device and wipes out the user database. Use the -add and password options to create a new default super user. If you do not specify
a username and password, you will be forced to create one via the serial
port terminal when the device reboots. -add: Defines the new default
fips auth delete fips auth delete -add <user name> -password <password>
super-user name. -password: Creates a password for the user. If you
specify an asterisk (*) for the password, you will be prompted for the
password.
Manages generated keys and SSL keys. You must specify two options for
managing SSL keys. The first option specifies what to do with the
generated keys: keep: Saves the keys when the box is rebooted.
generate: Generates a new key on reboot. delete: Deletes the generated
fips keys <keep/generate/delete> <keep/delete/restore-default>
keys on reboot. The second option specifies the action for the authorized
SSL key that was originally obtained with the device. This option does not
take effect until after a reboot keep: Saves the key. delete: Deletes the
default key. restore-default: Restores the default key.
fips
health
high-availability
host
inspection-bypass
interface
fips restore-ssl
high-availability force fallback
high-availability force normal
high-availability
high-availability
high-availability
high-availability
ping
ping
ping
ping
<IP
<IP
<IP
<IP
zero-power
zero-power
zero-power
zero-power
address>
address>
address>
address>
<packet
<packet
<packet
<packet
-q
-v
-4
-6
show
show
show
Displays the disk space, memory usage, power supply status, temperature,
show
fans, I2C bus timeouts, and voltage of the device.
show
show
show
Displays the current HA status.
show
Displays the host management port configurable options and the current
show
settings. Use the -details option for more information.
show
show
Displays the inspection bypass rules.
show
Displays network interface data. Specify one of the following:
show
mgmtEthernet: Management interface. ethernet: Port specifier (1A, 1B,
show
etc.)
health disk-space
health fans
health i2c-bus
health memory
health power-supply
health temperature
health voltage
high-availability
host
host -details
inspection-bypass
inspection-bypass -details]
interface mgmtEthernet
interface ethernet
Command
Subcommand
Description
Usage
license
Shows the license status for the TOS, Digital Vaccine, and IP Reputation.
show license
log
mfg-info
np
show subcommands
policy counters
protection-settings
ramdisk
rate-limitspeeds
reputation
routes
server
service-access
session
profile
sms
sntp
timezones
traffic-mgmt
tse
user
version
virtual-port
virtual-segments
action-set
authentication
autodv
category-settings
show configuration
show
show
Displays a log file. Only users with super-user privileges can view the audit show
log.
show
show
show
Displays manufacturing information, including the device serial number and
show
MAC address.
show
show
show
show
show
show
show
Displays the network processor statistic sets.
show
show
show
show
show
show
show
show
clock
compact-flash
log
log
log
log
log
log
alert
audit
block
quarantine
summary
system
mfg-info
np
np
np
np
np
np
np
np
np
np
np
np
np
np
np
engine
engine filter
engine packet
engine parse
engine reputation dns
engine reputation ip
engine rule
general
general statistics
protocol-mix
reassembly
reassembly ip
reassembly tcp
rule-stats
softlinx
show sms
show sntp
show timezones
show traffic-mgmt -profile <profile name>
show
show
Displays information and settings regarding the Threat Suppression Engine. show
show
show
Displays the user login accounts on the TippingPoint device
show
Displays the version of the TOS software running on the IPS device.
show
Displays information about a virtual port.
show
Displays all of the virtual segments configured on the device.
show
Lists all action sets that have been defined for this device. You can also
show
view a single action set by specifying the action set name.
show
Displays the remote authentication configuration.
show
Shows configuration settings for the automatic update service for Digital
show
Vaccine packages.
Shows configuration settings for filter categories. You can also view the
show
settings for a single profile by specifying the profile name.
show
Shows timezone and daylight saving time settings.
show
Shows the compact flash operation mode.
show
category-settings
category-settings -profile <profile name>
clock
compact-flash
default-alertsink
Shows the default email address to which attack alerts will be directed.
default-gateway
email-ratelimit
filter
high-availability
host
inspection-bypass
conf
conf
conf
conf
filter <number>
high-availability
host
inspection-bypass
Command
Subcommand
Description
Usage
interface
show
show
show
show
conf
conf
conf
conf
interface
interface ethernet
interface mgmtEthernet
interface settings
lcd-keypad
log
monitor
nms
notify-contacts
port
show
show
show
show
show
show
show
show
show
show
show
show
conf
conf
conf
conf
conf
conf
conf
conf
conf
conf
conf
conf
lcd-keypad
log
log audit-log
monitor
nms
notify-contacts
port
profile
profile <profile name>
protection-settings
protection-settings -profile <profile name>
ramdisk
profile
protection-settings
show configuration
ramdisk
remote-syslog
reputation
segment
server
service-access
session
sms
sntp
traffic-mgmt
tse
user
virtual-port
snapshot
virtual-segments
vlantranslation
create
list
remove
restore
-include-reput ation
-include-manua l-entries
snapshot options
-include-network
-exclude-network
conf
conf
conf
conf
conf
conf
conf
reputation
reputation group
reputation filter
segment
segment <segment name>
server
service-access