SidewinderCommandLineInterfaceReferenceGuide8.
3.
xRevisionB2Tableofcontents1Aboutthecommandlineinterface.
3Aboutthecfcommand.
3Integratedmanualpages.
32Logonatthecommandlineinterface.
53Frequentlyusedcommands.
6Administratoraccounts.
6Anti-virus.
6Audit.
7Configurationbackups.
8DNS.
8Downloads.
9Emergencymaintenancemode(EMM)9Filesystem.
10Firewallself-diagnostics.
10Generalcfcommands.
11HighAvailability.
11Interfaces.
11Licensing.
12Manualpages.
12McAfeeEIA.
13Networking.
13NTP.
14Policy.
14Routing.
15Securityzonesandgroups.
16sendmail.
16Shutdown.
17Softwaremanagement.
17System.
18tcpdump.
19Technicalsupport.
19Texteditorsandviewers.
20TypeEnforcement.
20VPN.
204Availablecfareas.
22Aboutthecommandlineinterface|3AboutthecommandlineinterfaceIfyouareexperiencedwithUNIX,youcanusetheForcepointSidewindercommandlineinterfacetoconfigurethefirewallandperformtroubleshooting.
Thecommandlineinterfacesupportsmanyfirewall-specificcommandsaswellasstandardUNIXcommands.
Forexample,thecfcommandperformsawiderangeoffirewallconfigurationtasks.
Youcanaccessthecommandlineinterfaceusingthesemethods:LocallyattachedconsoleSSHTelnetFormoreinformationaboutthesemethods,seetheForcepointSidewinderProductGuide.
AboutthecfcommandThecf(configurefirewall)commandconfiguresvariousareassuchasrules,zones,andinterfaces.
YoucanusethecfcommandasanalternativetotheAdminConsoletoperformmostadministrationtasks.
Toaccomplishataskusingcf,combinethecfareawiththeappropriatecommand,optionalarguments,andoptionalkeys.
Formoreinformation,seeGeneralcfcommands.
Example:cfzonequerydisplaystheconfiguredsecurityzones.
Tip:YoucanusethecfcommandinscriptstoautomaterepetitiveconfigurationtasksortomakeconfigurationchangeswhentheAdminConsoleisnotavailable.
Thecfcommandsandkeysignoredashes,underscores,andcapitalletters.
Youcanshortenmostcommandsandkeys.
Example:Thesecommandsreturnthesameoutput:cfpolicyquerydest_zone=externalcfpolqdestz=externalNote:Keyvalues—texttotherightoftheequalssign—mightnotignoredashes,underscores,andcapitalletters.
Keyvaluesmightbeshortenedifitrepresentsanenumerationsuchasanobjectname.
Toviewalistofavailablecfareas,enter:cf-hRelatedreferenceGeneralcfcommandsonpage11Usethesecommandstoviewcfmanpagesandcontrolthebehaviorofcfcommands.
IntegratedmanualpagesThecommandlineinterfaceincludesintegratedmanual(man)pagesformostcommands.
Toviewamanpage,typemanfollowedbythenameofacommand,thenpressEnter.
Aboutthecommandlineinterface|4Example:manpingThemanpageforcfprovidesafulldescriptionofallareasavailableinthecfcommandandtheoptionsassociatedwitheacharea.
Toviewthemanpageforthecfcommand,enter:mancfToviewthemanpageforaspecificcfarea,enter:mancf_areaExamples:mancf_policymancf_interfaceTodisplayallcommandsrelatedtoaspecificcommand,enter:man-kcommandLogonatthecommandlineinterface|5LogonatthecommandlineinterfaceYoumustrunthesrolecommandbeforeyoucanusemostcommands.
1.
Atthelogonprompt,typeyourusername,thenpressEnter.
ThePasswordpromptappears.
2.
Typeyourpassword,thenpressEnter.
TheUserdomainpromptappears:firewall_name:User{1}%3.
EnterthesrolecommandtochangetotheAdmndomain.
4.
Whenyouarefinished,entertheexitcommandtoreturntotheUserdomain.
Frequentlyusedcommands|6FrequentlyusedcommandsThissectionlistsbasicUNIXcommandsandcommandsthatarespecifictoSidewinder.
Foradditionalinformationaboutacommand,refertothemanpage.
Foradditionaltroubleshootinginformation,seetheForcepointSidewinderProductGuide.
AdministratoraccountsUsethesecommandstomanageadministratoraccounts.
Table1:AdministratoraccountcommandsCommandDescriptionmancf_adminuserDisplaysthemanpageforcfadminuser.
cfadminuseraddusername=usernamepassword=passwordrole=admindirectory=/home/usernameCreatesanadministratoraccount.
cfadminuseraddusername=usernamepassword=passwordrole=adminrodirectory=/home/usernameCreatesaread-onlyuseraccount.
Note:Theadminroroleisavailableforfirewallsatversion8.
3.
2andlater.
cfadminuserdeleteusername=usernameDeletesanadministratoraccount.
cfadminusermodifyuser=usernamepassword=newpasswordChangesthepasswordforanadministratoraccount.
cfadminuserqueryDisplaystheadministratoruserdatabase.
Anti-virusUsethesecommandstomanagetheanti-virusfeature.
Table2:Anti-viruscommandsCommandDescriptionmancf_antivirusDisplaysthemanpageforcfantivirus.
cfantivirusqueryDisplaystheanti-virusconfiguration.
cfantivirusversionDisplaystheversionoftheanti-virusengineanddetectiondefinition(DAT)files.
cfdaemondrestartagent=virus-scanRestartstheanti-virusengine.
cfantivirusapplyavpatchpatch=patch_nameInstallsananti-virusenginepatchwithoutrestartingthefirewall.
cfantivirusdownloadDownloadsthelatestDATfiles.
Frequentlyusedcommands|7AuditUsethesecommandstoconfigureandviewaudit.
Table3:AuditcommandsCommandDescriptioncfaclsetloglevel=[1–4]Configurestheauditoutputlevelforrulestocontrolwhatislogged:1—Fatalerrorsonly2—[Default]Fatalerrors,majorerrors,anddeniedrules3—Fatalerrors,majorerrors,deniedrules,andallowedrules4—Everything(fortroubleshootingonly)Note:SeethePolicyareaforcommandsaboutrules.
acat>/var/tmp/audit.
txtWritesthecontentsofthebinary/var/log/audit.
rawfiletotheASCIItextfile/var/tmp/audit.
txt.
acat/var/log/audit.
raw.
time1.
time2.
gz>/var/tmp/audit.
txtWritesthecontentsofthespecifiedcompressedbinaryauditfiletotheASCIItextfile/var/tmp/audit.
txt.
acat–kShowsallauditsinrealtime.
acat_acls–dShowsauditsforpolicydeniesinrealtime.
acat_acls–aShowsauditsforpolicyallowsinrealtime.
acat–cDisplaysallthepossibleoptionsforasacap_filter.
showaudit–kpShowsnetprobeauditsinrealtime.
showaudit–kHX.
X.
X.
XShowsauditspertainingtotheIPaddressX.
X.
X.
Xinrealtime.
rollaudit–Rd–wRollslogfiles(suchasaudit.
raw).
cfdaemondenableagent=auditdbdEnablestheauditserver.
Reportswillnotgenerateuntilthisserverisenabled.
cfusageshowtype=report_namehours=[1–24]Displaysausagereportforthespecifiednumberofhours.
cfusageshowtype=report_namedays=[1–180]Displaysausagereportforthespecifiednumberofdays.
mancf_usageDisplaysthemanpageforcfusage.
Thisincludesthelistofusagereports.
cfpassportlistDisplaysthecurrentlyissuedPassports.
blackholedumpListsIPaddressesthatarecurrentlyblackholedbyauditresponsesandIPSresponses.
RelatedreferencePolicyonpage14Frequentlyusedcommands|8Usethesecommandstotroubleshootpolicyissues.
ConfigurationbackupsUsethesecommandstocreateandrestoreconfigurationbackups.
Table4:ConfigurationbackupcommandsCommandDescriptioncfconfigbackuploc=localfilename=filenamekey=passwordSavesaconfigurationbackupinthelocal/var/backups/repositorydirectory.
cfconfigbackuploc=USBfilename=filenamekey=passwordSavesaconfigurationbackuptoaUSBdrive.
cfconfigbackuploc=remoteaddress=destinationuser=usernamepassword=passwordkey=passwordSavesaconfigurationbackuptoaremotehostusingSCP.
cfconfigrestoreloc=locationfilename=filenamekey=passwordRestoresaconfigurationbackup;specifylocal,remote,orUSB.
cfconfigcompareto=filename1from=filename2Displaysthedifferencesbetweentwoconfigurationbackupfiles.
cfconfiggetinfolocation=local/usbfilename=filenameDisplaysmeta-informationaboutthespecifiedconfigurationbackup.
DNSUsethesecommandstoconfigureandtroubleshootDNS.
Table5:DNScommandsCommandDescriptioncfdnsqueryDisplaysthecurrentDNSserverconfiguration.
cfdnsstatusDisplaysthestatusofthefirewall-hostedDNSservers.
cfdaemondrestartagent=named-internetRestartstheInternetDNSserver.
cfdaemondrestartagent=named-unboundRestartstheunboundDNSserver.
cfdnsreloadReloadsDNSzoneandconfigurationfiles.
cfdnsdumpdbWritestheDNSdatabaseinmemorytothefilespecifiedbynamed.
conf.
cfdnstraceEnablesdebugtracingto/var/run/named.
run.
iand/var/run/named.
run.
u.
cfdnsnotraceDisablestracing.
hostnameDisplaysthefirewallhostname.
named-checkconf/etc/named.
conf.
[u/i]ChecksDNSconfigurationfilesyntax.
Frequentlyusedcommands|9CommandDescriptionnamed-checkzonezone/etc/namedb.
[i/u]/file.
dbChecksazonefileforcorrectsyntax.
dighost.
domain.
tldQueriesthedefaultDNSserverinformationabouthost.
domain.
tld.
dig@X.
X.
X.
Xhost.
domain.
tldQueriestheDNSserveratX.
X.
X.
Xforinformationabouthost.
domain.
tld.
digzoneMXQueriesfortheMXrecordofthespecifiedzone.
dig–xX.
X.
X.
XQueriesforthePTRrecordofthespecifiedIPaddress.
tail–f/var/log/daemon.
logDisplayslogspertainingtoDNSinrealtime.
tail–f/var/log/daemon.
log|grepnamedDisplayslogsfornamedinrealtime.
less/etc/named.
conf.
[i/u]ViewstheconfigurationfileforInternet/unboundDNS.
ls/etc/namedb.
[i/u]ListsthedirectorycontainingInternet/unboundzones(.
db).
DownloadsUsethesecommandstodownloadtheapplicationdatabase,Geo-Locationdatabase,andIPSsignatures.
Table6:DownloadcommandsCommandDescriptioncfappdbdownloadDownloadsthelatestapplicationdatabase.
cfappdbversionDisplaysthecurrentversionoftheapplicationdatabase.
cfappdbrollbackRevertstothepreviouslydownloadedapplicationdatabase.
cfgeolocationdownloadDownloadsthelatestGeo-Locationdatabase.
cfgeolocationversionDisplaysthecurrentversionoftheGeo-Locationdatabase.
cfipsdownloadDownloadsIPSsignatures.
cfmessageloadDownloadsthelatestmessagesfromForcepoint.
cfmessageversionDisplaysthecurrentversionoftheloadedmessagesfromForcepoint.
cfmessagelistDisplayscurrentmessagesfromForcepoint.
Emergencymaintenancemode(EMM)Usethesecommandstoenteranduseemergencymaintenancemode.
Table7:EmergencymaintenancemodecommandsCommandDescriptionshutdownnowEntersemergencymaintenancemode(EMM).
cfpolicyrestore_console_accessRestoresdefaultAdminConsoleandLoginConsoleruleswhenyouarelockedoutofthefirewall.
Frequentlyusedcommands|10CommandDescriptionless/var/run/dmesg.
bootDisplaysthelogofsystemmessagesfromthekernel.
mount–aMountsallfilesystemsin/etc/fstab.
fsckChecksallfilesystemslistedin/etc/fstab.
FilesystemUsethesecommandstodisplayfreespaceandfindfilesinthefilesystem.
Table8:FilesystemcommandsCommandDescriptiondf–hDisplaysfreediskspace.
du–a/|sort–nr|moreDisplaysfilesanddirectoriessortedfromlargesttosmallest.
find/–typef–name"*name*"Findsfilesthatincludethetextnameinthefilename.
find/–typef–name"*.
core*"Findsapplicationcorefiles.
ls/var/log/crashDisplayskernelcrashfiles(vmcore.
.
gz).
Firewallself-diagnosticsUsethesecommandstomanagethefirewallself-diagnosticsfeature.
Table9:Firewallself-diagnosticscommandsCommandDescriptioncfmonitordqueryDisplaysthecurrentmonitordconfiguration.
cfmonitordsethot_process_threshold=percentageSetstheCPUusagethresholdforprocesses.
Iftheprocessreachesthatvalue,itisconsideredahotprocess.
cfmonitordsethot_process_audit=on/offWhenenabled,generatesauditorsendanalertwhenaprocessgoeshotovertheconfiguredhot_process_audit_duration.
cfmonitordsethot_process_audit_duration=minutesSetsdurationtowaitbeforegeneratingauditorsendinganalertaboutthehotprocess.
cfmonitordsethot_process_diagnostic=on/offWhenenabled,restartsthehotprocessandgeneratesdiagnosticiftheprocesscontinuestobehotovertheconfiguredhot_process_diagnostic_duration.
cfmonitordsethot_process_diagnostic_duration=minutesSetsdurationtowaitbeforegeneratingdiagnosticsandrestartingthehotprocess.
Frequentlyusedcommands|11GeneralcfcommandsUsethesecommandstoviewcfmanpagesandcontrolthebehaviorofcfcommands.
Table10:cfcommandsCommandDescriptionmancfDisplaysthemanpageforcf.
mancf_areaDisplaysthemanpageforthespecifiedcfarea.
cfareacommandRunsthespecifiedcommand.
cf–iticketIDareacommandMarksthechangescausedbythecommandwiththespecifiedticketID.
cfareaqueryDisplaysthecurrentconfigurationofthespecifiedcfarea.
cf–optionareaqueryModifiestheoutputofthequerycommandbasedonthespecifiedoption:ddelimiter—Displaystheoutputonasingleline,separatingeachelementusingthespecifieddelimiter.
J—Displaystheoutputonasingleline,whichisusefulforpipingittoanothercommand,suchasgrep.
Kkey1,key2—Displaysoutputforthespecifiedkeysonly.
T—Formatstheoutputinatablethatcontainsonecolumnperkey.
HighAvailabilityUsethesecommandstoconfigureandtroubleshootHighAvailability.
Table11:HighAvailabilitycommandsCommandDescriptionmancf_clusterDisplaysthemanpageforcfcluster.
cfclusterfailover_statusDisplaysstatusofthefailoverdaemon.
cfclusterstatusDisplaysthecurrentregistrationanddaemonstatusofthecluster.
cfclusterqueryDisplayspeerreservationsandglobalclustersettings.
tcpdump–pRunstcpdumponaload-sharingHighAvailabilitycluster.
InterfacesUsethesecommandstoconfigurenetworkinterfaces.
Table12:NetworkinterfacecommandsCommandDescriptionmancf_interfaceDisplaysthemanpageforcfinterface.
cfinterfaceqDisplaysthenetworkinterfaceandNICconfiguration.
Frequentlyusedcommands|12CommandDescriptioncfinterfacemodifyname=nameaddresses=IP1/netmask,IP2/netmaskModifiestheIPaddressesassignedtothespecifiedinterface.
cfinterfacemodifyname=namezone=zonenameAssociatestheinterfacewiththespecifiedzone.
cfinterfaceswaphwdevice=NICname1swap_hwdevice=NICname2SwapsconfigurationsettingsbetweentwoNICs,includingtheIPaddress,zones,aliases,andotherconfiguredattributesassociatedwiththeNIC.
cfinterfacemodifyentrytype=nicname=NICnameiftype=mediatypeSetsthemediatypefortheNIC,suchasautoselector1000baseTX.
LicensingUsethesecommandstoviewandconfigurethefirewalllicense.
Table13:LicensingcommandsCommandDescriptioncflicensefeaturesPrintsalistofthecurrentlylicensedfeatures.
cflicenseqShowsthecurrentlicenseconfiguration.
cflicensegetRetrievesmasterkeybasedonlicenseconfiguration.
cflicensesystemIDDisplaysthesystemIDsavailabletobeusedforlicenseactivation.
OnlyonesystemIDcanbeusedtoactivate.
cflicensereadfile=filenameReadsthelicensefromafileformanualactivation.
ManualpagesUsethesecommandstofindandviewmanualpages.
Table14:ManualpagecommandsCommandDescriptionmancommandDisplaysthemanpageforthespecifiedcommand.
mancf_commandDisplaysthemanpageforthespecifiedcfarea.
man–ktermListsallmanpagesthatincludethespecifiedterm.
Note:Thiscommanddoesnotreturncfcommands.
Frequentlyusedcommands|13McAfeeEIAUsethesecommandstotroubleshootMcAfeeEndpointIntelligenceAgent(McAfeeEIA).
Note:TheMcAfeeEIAcommandsareavailableforfirewallsatversion8.
3.
2andlater.
IfyouareusingMcAfeeNetworkIntegrityAgentwithafirewallatversion8.
3.
1orearlier,seethemanpageforcf_nia.
Table15:McAfeeEIAcommandsCommandDescriptioncfeiasetenabled=yes/nodeploy_mode=static/dynamicEnablesordisablestheMcAfeeEIAfeature.
Deploymentmodeisstaticordynamic.
cfeiaqueryDisplaystheMcAfeeEIAconfiguration.
cfeiaqueryallDisplaystheconfigurationsettingsandentriesmadeonthediscoveryandexecutablelists.
cfeiaimportexecutablefilename=filenameAllowstheclassificationexecutableentriestobeimportedfromafile.
cfeiaquerydiscovery_listIndynamicdeployment,displaystheentriesinthediscoverylists.
cfeiaqueryexecutable_listDisplaystheentriesintheexecutableclassificationlists.
cfeiapurgediscovery_listRemovesallentriesfromthehostdiscoverylists.
cfeiapurgeexecutable_listRemovesallentriesfromtheexecutableclassificationlists.
cfeiaflushgti_cacheRemovesallMcAfeeGlobalThreatIntelligence(McAfeeGTI)filereputationentriesfromthelocalfirewallcache.
NetworkingUsethesecommandstoviewnetworkinginformationandtroubleshootnetworkingproblems.
Table16:NetworkingcommandsCommandDescriptionnetstat–inDisplaysstatisticsfornetworkinterfaces.
Tip:Seemannetstatforadditionalflags.
netstat–Iinterface–w5Showslivestatisticsforthespecifiednetworkinterfaceeveryfiveseconds.
ifconfig–aShowscurrentnetworkinterfaceparameters.
ifconfigbridge0etherShowstheMACaddresstableforthetransparentinterface,ifconfigured.
cfinterfaceqDisplaysthenetworkinterfaceandNICconfiguration.
pingX.
X.
X.
XPingsthespecifiedIPaddressfromthefirewall.
arp–aShowsARPtables.
Frequentlyusedcommands|14CommandDescriptionTip:ToaddastaticARPentry,seemanarp.
conf.
arp–dhostnameClearsthespecifiedARPentryfromthefirewall.
NTPUsethesecommandstoconfigureandtroubleshoottheNTP(NetworkTimeProtocol)server.
Table17:NTPcommandsCommandDescriptioncfntpqueryDisplaystheNTPconfiguration.
cfdaemondrestartagent=ntpRestartstheNTPserverforthespecifiedzone.
ntpdate–butime_serverIPForcesimmediatesynchronizationwiththespecifiedNTPserver.
tcpdump–npiinterfaceudpport123CapturesNTPtraffic(UDPport123)onthespecifiednetworkinterface.
ntpqStartsthespecialNTPqueryprogram.
Note:Seemanntpqfordetails.
PolicyUsethesecommandstotroubleshootpolicyissues.
Table18:PolicycommandsCommandDescriptionmancf_policyDisplaysthemanpageforcfpolicy.
cfpolicyq|lessDisplaystheaccesscontrolrules.
cfappdblistDisplaystheapplicationsintheapplicationdatabasethatiscurrentlyloaded.
cfapplicationqueryDisplayscustomapplications.
cfappgroupqueryDisplaysapplicationgroups.
cfgeolocationlistDisplaysGeo-Locationcountriesandcorrespondingcountrycodes.
cfserverstatusDisplayswhichserversarerunning.
cfagentqueryDisplaystheagentsandtheirglobalproperties.
cfappfilterqueryDisplaysallApplicationDefenses.
ipfilter–vDisplaystheipfilterdatabasecurrentlyusedbythekernel.
cfpolicyreloadReloadstheipfilterdatabasebeingusedbythekernel.
Frequentlyusedcommands|15CommandDescriptionCAUTION:Activesessionswillbedropped.
cfpolicyrepairRepairsthepolicydatabase.
cfpolicyrestore_console_accessRestoresdefaultAdminConsoleandLoginConsoleruleswhenyouarelockedoutofthefirewall.
Tip:Ifyouareunabletologontoyourfirewall,runthiscommandfromemergencymaintenancemode.
SeeEmergencymaintenancemode(EMM).
cfpolicyexport>filenameWritesthecurrentpolicyconfigurationtoatab-delimitedfilethatcanbeimportedintoMicrosoftExcel.
cfsslquerytable=ruleDisplaystheSSLrules.
RelatedreferenceEmergencymaintenancemode(EMM)onpage9Usethesecommandstoenteranduseemergencymaintenancemode.
RoutingUsethesecommandstoconfigureandtroubleshootstaticroutes.
Table19:RoutingcommandsCommandDescriptionroute–ngetdestinationDisplaysthegatewayusedtoreachthespecifieddestination.
route–ngetdefaultDisplaysthedefaultroute.
traceroute–ndestinationDisplaystheroutepacketstaketoreachthespecifieddestination.
Tip:ForIPv6addresses,usetraceroute6.
netstat–nrDisplaystheroutingtables,includingstaticroutesandlearnedroutes.
Zonesareidentifiedbyindex.
cfroutestatusDisplaystheroutingtables,includingstaticroutesandlearnedroutes.
Zonesareidentifiedbyname.
cfroutequeryDisplaystheconfiguredstaticroutes.
cfrouteaddroute=host/maskgateway=gatewayAddsastaticroute.
cfroutedeleteroute=host/maskDeletesthespecifiedroute.
Frequentlyusedcommands|16SecurityzonesandgroupsUsethesecommandstomanagezonesandzonegroups.
Table20:ZonecommandsCommandDescriptioncfzonequeryDisplayszoneconfiguration.
cfzonedeletename=nameDeletesthespecifiedzone.
Note:Azonecannotbedeletedifitisreferencedbyanyactivepolicy.
cfzoneaddname=namemodes=0–63Addsanewzone.
Note:Forinformationaboutmodes,seemancf_zone.
regionDisplaysthezoneindexes.
cfzonemodifyname=namenewname=newnameChangesthenameofthespecifiedzone.
cfzonegroupqueryDisplayszonegroupconfiguration.
cfzonegroupdeletename=nameDeletesthespecifiedzonegroup.
Note:Azonegroupcannotbedeletedifitisreferencedbyanyactivepolicy.
cfzonegroupaddname=namemembers=zone1,zone2Createsazonegroup.
cfzonegroupmodifyname=namemembers=zone1,zone2,zone3Addszonestoazonegroup.
sendmailUsethesecommandstotroubleshootsendmailissues.
Table21:sendmailcommandsCommandDescriptioncfsendmailflushqueue=zoneFlushesthemailqueueforthespecifiedzone.
cfsendmailrebuildRebuildsthesendmaildatabasefiles.
cfdaemondrestartagent=sendmailRestartsthesendmailserver.
cfserverstatussendmailDisplaysifsendmailisrunningandinwhichzones.
mailqDisplaysthemailqueues.
tail–f/var/log/maillogDisplaysthemailloginrealtime.
netstat–na|grepLISTEN|grep25Displayslistensonport25.
Frequentlyusedcommands|17CommandDescriptionls/var/spool/mqueue.
#Displaysdirectoryforqueuedmail.
newaliasesRebuildsthe/etc/aliasesfile.
telnetX.
X.
X.
X25ConnectstoamailserverIPaddressonport25totestSMTPconnectivity.
psssendmail|grep-csendmailDisplaysthenumberofsendmailprocessesrunning.
psssendmailDisplaysifsendmailisacceptingconnections.
ShutdownUsethesecommandstoshutdownthefirewall.
Table22:ShutdowncommandsCommandDescriptionshutdown–rnowRestartsthefirewallimmediately.
shutdown–hnowHaltsthefirewallimmediately.
shutdown–pnowTurnsofftheapplianceimmediately.
shutdown–snow+30Schedulesasoftshutdownonaload-sharingfirewalltodirectallconnectionstotheotherfirewall.
Thefirewallwillshutdownin30minutes.
shutdownnowCausesthefirewalltoenteremergencymaintenancemode.
SoftwaremanagementUsethesecommandstomanagesoftwarepackages.
Table23:SoftwaremanagementcommandsCommandDescriptionmancf_packageDisplaysthemanpageforcfpackage.
cfpackagelistDisplaysasummaryofinstalledandloadedsoftwarepackages.
cfpackageloadsource=sourcepackages=package_nameDownloadsthespecifiedpackage.
cfpackageinstallpackages=package_nameInstallsthespecifiedpackage.
cfpackageuninstallpackages=package_nameUninstallsthespecifiedpackage.
cfpackageloadsource=cdrompackages=package_nameLoadsapackagefromaCDinthefirewallopticaldrive.
uname–rDisplaystheversionandpatchlevel.
Frequentlyusedcommands|18SystemUsethesecommandstotroubleshootfirewallsystemissues.
Table24:SystemcommandsCommandDescriptiontopDisplaystopCPUprocesses.
UsethesecommandstoviewCPUstatistics.
top–P—DisplaysperCPUusagestatistics.
top–S—DisplaysconsolidatedCPUusagestatistics.
mannetstatDisplaysthemanpagefornetstat.
netstat–naDisplaysopenports.
netstat–naptcpDisplaysopenTCPports.
lsof–nPi:port#Displayslistensonthespecifiedport#inadifferentformatthannetstat.
sockstat–4lpport#Displayslistensonthespecifiedport#inadifferentformat.
netstat–mDisplaysmemorymanagementinformation.
netstat–nafinetDisplaysallIPv4socketsandconnections.
nestat–nafinet6DisplaysallIPv6socketsandconnections.
netstat–Ana|grepLISTENOutputsprocesseswithaPCBnumber.
Note:Runfstat|grepPCB#tofindtheprocessresponsibleforalisten.
uptimeDisplayssystemuptimesincethelastrestart.
vmstatDisplaysvirtualmemorystatistics.
connect_monDisplaysthenumberofcurrentconnectionsbyservice.
pss|moreDisplaysallrunningprocesses.
pssprocess_nameFindsaspecificprocessanditsprocessID.
dmesgDisplayssystemandhardwareinformationfromthesystembuffer.
kill–HUPpid#RestartsaprocesswithoutchangingtheprocessID.
killpid#TerminatestheprocesswithspecifiedprocessID.
kill–9pid#ForcesaterminationoftheprocesswiththespecifiedprocessID.
setconsoledeviceSelectstheprimaryconsoledevice.
Theavailabledevicesarevideo,serial,both,ordefault(whichisboth).
cfhostnamesetname=newhostnameChangesthefirewallhostname.
Note:Ifyouchangethehostname,additionalconfigurationchangesarealsorequired.
Fordetailedinstructions,seeKnowledgeBasearticle8888.
Frequentlyusedcommands|19tcpdumpUsethesecommandstocapturenetworktraffic.
Table25:tcpdumpcommandsCommandDescriptionmantcpdumpDisplaysthemanpagefortcpdump.
Tip:Seealsohttp://www.
tcpdump.
org.
tcpdump–npiem0hostX.
X.
X.
XDisplayspacketsonthespecifiedinterfacesenttoorreceivedfromthespecifiedhost.
tcpdump–npiem0–Xs1500portyDisplaysupto1,500bytesofpacketheaders(exceptlinklevel)andpacketdataforthespecifiedportonthespecifiedinterface.
tcpdump–npiem0–wfilenameWritesarawpacketdumptofilenameinthecurrentworkingdirectory.
tcpdump–npiem0–wfilename–s0Capturesallbytesandwritesarawpacketdumptofilenameinthecurrentworkingdirectory.
tcpdump–pRunstcpdumpinnon-promiscuousmode.
TechnicalsupportThesecommandsmightbeusefulwhenyoucontacttechnicalsupport.
Table26:TechnicalsupportcommandsCommandDescriptionktrace–ppid#StartsatraceoftheprocesswiththespecifiedprocessID.
ktrace–cpid#Stopsaprocesstrace.
kill–6pid#Terminatesaprocessanddumpsacorefileoftheprocess.
sysctl-wkern.
corefile='%N.
core.
%P'ConfiguresthefirewalltoincludetheprocessIDinthefilenameofcorefiles.
Allowsmultiplecorefilestocoexistwithoutoverwritingeachother.
Note:Usesysctl-wkern.
corefile='%N.
core'toreturntothepreviousoperatingmode.
Frequentlyusedcommands|20TexteditorsandviewersUsethesecommandstoviewandedittextfiles.
Table27:TexteditorandviewercommandsCommandDescriptionvifilenameEditsthespecifiedfilewithvi.
emacsfilenameEditsthespecifiedfilewithemacs.
lessfilenameViewsthecontentsofthespecifiedtextfile.
viewfilenameViewsthecontentsofthespecifiedtextfilewitharead-onlyversionofvi.
catfilenameCreatesordisplaysthespecifiedfile.
editfilenameEditsthespecifiedfilewithedit.
TypeEnforcementUsethesecommandstoviewandmodifyTypeEnforcement.
Table28:TypeEnforcementcommandsCommandDescriptionll(lowercaseL)DisplaysTypeEnforcementforthefilesinthecurrentdirectory.
ps–axZDisplaysTEdomaininformation.
chtypecreator:typefilenameChangestheTypeEnforcementforafile.
VPNUsethesecommandstoviewandtroubleshootVPNs.
Table29:VPNcommandsCommandDescriptioncfipsecqDisplaysallconfiguredVPNs.
cfipsecpolicydumpDisplaysactiveVPNs.
cfipsecreload[flush=1]Flushesallexistingkeysandpolicy,thenreloadstheVPNs.
Note:ThiscommandclosesallopenVPNconnections.
cfpoolqDisplaysclientaddresspools.
showaudit–vkDisplaysauditspertainingtoVPNsinrealtime.
netstat–na|grep500Displayslistensforport500(ISAKMP)connections.
Frequentlyusedcommands|21CommandDescriptiontcpdump–npiem0udpport500orproto50orproto51DisplaysISAKMP,ESP(IPProto50),orAH(IPProto51)trafficonnetworkinterfaceem0.
tcpdump-npiem0udpport4500DisplaysNAT-Ttrafficonnetworkinterfaceem0.
Availablecfareas|22AvailablecfareasThefollowingtableliststhecfareas,showingtheprimarycommandsavailableforeacharea.
Table30:AvailablecfareascfareaAreadescriptionacceleratorManagescryptographicaccelerationdevices.
aclManagestheaccesscontrollist(ACL)daemon.
adminuserManagesadministratoraccounts.
agentConfiguresglobalagentattributesforproxies,servers,andfilters.
antivirusManagestheanti-virusengineandthevirusscanningservice.
appdbManagestheapplicationdatabase.
appfilterManagesindividualApplicationDefensesandApplicationDefensegroups.
appgroupManagesapplicationgroups.
applicationManagescustomapplications.
auditConfiguresauditing,includingauditbot(response),email,filteroptions,andnetworkdefenses.
authManagesauthenticators.
catgroupsManagesIPSsignaturegroups.
certManagescertificates,privatekeys,andcertificateidentities.
clusterDisplaysthecurrentstatusandconnectionstateofaHighAvailabilityclusterandregistersasecondary/standbytoaHighAvailabilityclusterprimary.
cmdConfiguresglobalsettingsforthecertificatemanagementserveronthefirewall.
commandcenterManagesregistrationwithaForcepointSidewinderControlCenterManagementServer.
configCreatesandrestoresconfigurationbackups.
crontabConfiguresthestatus(enabled/disabled)andfrequencyoftheavailablecronjobs.
Note:Forinformationondefaultcronjobs,seeKnowledgeBasearticle9226.
daemondConfiguresdaemondandstopsorrestartsagents.
Note:Disabledagentsremainstoppeduntilthenextpolicyapply.
Apolicyapplyoccurseverytimeachangetorules,ruleelements,orthesystemclockissaved.
dhcrelayManagestheDHCPRelayagent,whichforwardsDHCPandBOOTPrequestsfromonesubnettoanother.
dnsManagesfirewallDNSsettings.
domainManagesdomainnetworkobjects.
eiaManagesMcAfeeEIA.
Thisareaisavailableforfirewallsatversion8.
3.
2andlater.
Availablecfareas|23cfareaAreadescriptionNote:Forfirewallsatversion8.
3.
0or8.
3.
1,usetheniacfcommand.
epoManagesMcAfeeePolicyOrchestratorsettings.
exportManagestheauditexportutility.
externalgroupManagesexternalauthenticationgroups.
fipsEnablesanddisablesFIPS140-2compliancemode,andexaminesthedefault_SSL_certtoverifyFIPS140-2compliance.
geolocationManagesGeo-LocationnetworkobjectsandgeneralGeo-Locationsettings.
hostManageshostnetworkobjects.
hostnameManagesthefirewallhostname.
Note:Ifyouchangethehostname,additionalconfigurationchangesarealsorequired.
Fordetailedinstructions,seeKnowledgeBasearticle8888.
idsManagestheshunningservice.
AvailablesettingsincludeIDSentriesthatspecifyanIPaddressofanIDS(IntrusionDetectionServer),asharedpassword,andatimeoutvaluethatidentifiestheamountofsecondstoshunanIPaddress.
interfaceManagesnetworkinterfaces.
ipaddrManagesIPaddressnetworkobjects.
iprangeManagesIPaddressrangenetworkobjects.
ipsManagesIPSsignatures.
Note:ThisisdifferentfromIPSAttackResponses,whicharecontrolledusingcfaudit.
ipsecManagesVPNdefinitions.
ipsresponseManageshowthefirewallrespondsifitssignature-basedIPSinspectiondetectsanintrusion.
ipssigEnablesordisablesindividualIPSsignatures.
knownhostsManagestheSSHknownhostsdatabase.
lcaManagesthelocal(firewall-hosted)certificateauthority.
Thisfeatureisnotwidelyused.
licenseManagesthefirewalllicense.
messageDisplaysandmanagessettingsformessagesfromForcepoint.
monitordManagessettingsforidentifyingandactingonCPU-intensiveprocesses.
netgroupManagesnetworkobjectgroups(netgroups).
netmapManagesnetmapnetworkobjects.
niaManagesMcAfeeNetworkIntegrityAgentsettings.
Thisareaisavailableforfirewallversion8.
3.
0or8.
3.
1.
Note:Forfirewallsatversion8.
3.
2andlater,usetheeiacfcommand.
Availablecfareas|24cfareaAreadescriptionntpManagestheNTP(NetworkTimeProtocol)server.
packageManagessoftwarepackages.
Note:Avoidusingautorunandautoload,astheyrequirespecificparameterstorun.
Useinstall,uninstall,androllbackinstead.
passportManagesthePassportauthenticator.
policyManagesrulesandrulegroups,andexportsruleelements.
poolManagesclientaddresspoolsusedfordynamicclientaddressinginIPsecVPNdefinitions.
qosManagesQualityofService(QoS)policy.
reportsManagesauditreports.
routeManagesstaticnetworkroutes.
sendmailProvideslimitedutilitiesforsendmail,includingrebuildingdatabasefilesandflushingqueues.
serverDisplaysserverstateinformation.
snmpManagesSimpleNetworkManagementProtocol(SNMP)settings.
smartfilterManagesSmartFilterwebfilteringsettings.
sslManagesSSLrulesandassignsSSLcertificatesforfirewalladministrativesessions(forexample,AdminConsoleconnections).
subnetManagessubnetnetworkobjects.
timeperiodManagestimeperiodobjects.
timezoneConfiguresthetimezone.
trustedsourceManagesMcAfeeGlobalThreatIntelligence(McAfeeGTI)settings.
udbManagestheauthenticationuserdatabase.
upsManagesuninterruptiblepowersupply(UPS)settings.
urltranslationManagesURLtranslationrules.
usageDisplaysusagereports.
usergroupManagesusergroupsthatarestoredintheuserdatabase.
uttManagestheUDPtoTCPtunnelconfiguration.
zoneManagessecurityzones.
zonegroupManagessecurityzonegroups.
如果我们较早关注NameCheap商家的朋友应该记得前几年商家黑色星期五和网络星期一的时候大促采用的闪购活动,每一个小时轮番变化一次促销活动而且限量的。那时候会导致拥挤官网打不开迟缓的问题。从去年开始,包括今年,NameCheap商家比较直接的告诉你黑色星期五和网络星期一为期6天的活动。没有给你限量的活动,只有限时六天,这个是到11月29日。如果我们有需要新注册、转入域名的可以参加,优惠力度还是比...
数脉科技怎么样?昨天看到数脉科技发布了7月优惠,如果你想购买香港服务器,可以看看他家的产品,性价比还是非常高的。数脉科技对香港自营机房的香港服务器进行超低价促销,可选择10M、30M的优质bgp网络。目前商家有优质BGP、CN2、阿里云线路,国内用户用来做站非常不错,目前E3/16GB阿里云CN2线路的套餐有一个立减400元的优惠,有需要的朋友可以看看。点击进入:数脉科技商家官方网站香港特价阿里云...
傲游主机商我们可能很多人并不陌生,实际上这个商家早年也就是个人主机商,传说是有几个个人投资创办的,不过能坚持到现在也算不错,毕竟有早年的用户积累正常情况上还是能延续的。如果是新服务商这几年确实不是特别容易,问到几个老牌的个人服务商很多都是早年的用户积累客户群。傲游主机目前有提供XEN和KVM架构的云服务器,不少还是亚洲CN2优化节点,目前数据中心包括中国香港、韩国、德国、荷兰和美国等多个地区的CN...
traceroute为你推荐
福建海峡银行股份有限公司对开展广场舞活动所产生的噪音,朝阳分局电子物证实验室建设项目思科ipad支持ipad支持ipad司机苹果5127.0.0.1127.0.0.1打不开google中国地图谷歌退出中国,地图要是关了就太可惜了!手机谷歌地图还能用吗?谷歌sbSb是什么意思?
Oray域名注册服务商 59.99美元 10t等于多少g godaddy优惠券 lighttpd 最好的空间 绍兴电信 google台湾 xuni apnic 存储服务器 小夜博客 zcloud 空间排行榜 建站技术 机柜尺寸 西部数码主机 cdn免备案空间 vim命令 g6950 更多