WIXLIB

SonicOS Command Line Interface GuidePROTECTION AT THE SPEED OF BUSINESS

IntroductionThis document contains a categorized complete listing of Command Line Interface (CLI) commands forSonicOS Standard and Enhanced firmware for the Pro 4060, Pro 2040 and TZ 170 devices. Eachcommand is described and, where appropriate, an example of usage is included.Note: Commands using port spec x0, 1x, etc. only take IDs for existing ports on the device. For example, theTZ170 uses x0-x2, the Pro 2040 x0-x3, and the Pro 4060 x0-x5.This User’s Guide contains the following sections: Input Data Format SpecificationText ConventionsEditing and Completion FeaturesCommand HierarchyConfiguration SecurityManagement Methods for Each ApplianceInitiating a Management SessionCommand Set StatusInput Data Format SpecificationThe table below describes the data formats acceptable for most commands. H represents one or morehexadecimal digit (0-9 and A-F). D represents one or more decimal digit.Input Data FormatsDataData FormatMAC AddressHH:HH:HH:HH:HH:HHMAC AddressHHHH.HHHH.HHHHIP AddressD.D.D.DIP Address0xHHHHHHHHInteger ValuesDInteger Values0xHInteger RangeD-DText ConventionsBold text indicates a command executed by interacting with the user interface.Courier bold text indicates commands and text entered using the CLI.Italic text indicates the first occurrence of a new term, as well as a book title, and also emphasized text.In this command summary, items presented in italics represent user-specified information.Items within angle brackets (“ ”) are required information.Items within square brackets (“[ ]”) are optional information.Items separated by a “pipe” (“ ”) are options. You can select any of them.Page 1

Note: Though a command string may be displayed on multiple lines in this guide, it must be entered on asingle line with no carriage returns except at the end of the complete command.Editing and Completion FeaturesYou can use individual keys and control-key combinations to assist you with the CLI. The table belowdescribes the key and control-key combination functions.Key Reference TableKey(s)FunctionTabCompletes the current word?Displays possible command completionsCTRL AMoves cursor to the beginning of the command lineCTRL BMovers cursor to the previous characterCTRL CExits the Quick Start Wizard at any timeCTRL EMoves cursor to the end of the command lineCTRL FMoves cursor to the next characterCTRL KErases characters from the cursor to the end of the lineCTRL NDisplays the next command in the command historyCTRL PDisplays the previous command in the command historyCTRL WErases the previous wordLeft ArrowMoves cursor to the previous characterRight ArrowMoves the cursor to the next characterUp ArrowDisplays the previous command in the command historyDown ArrowDisplays the next command in the command historyPage 2 SonicWALL Command Line Interface Guide

Most configuration commands require completing all fields in the command. For commands with severalpossible completers, the Tab or ? key display all options.myDevice show netstatsystemThe Tab key can also be used to finish a command if the command is uniquely identified by user input.myDevice show al [TAB]displaysmyDevice show alertsAdditionally, commands can be abbreviated as long as the partial commands are unique. The followingtext:myDevice sho int infis an acceptable abbreviation formyDevice show interface infoPage 3

Command HierarchyThe CLI configuration manager allows you to control hardware and firmware of the appliance through adiscreet mode and submode system. The commands for the appliance fit into the logical hierarchy shownbelow.To configure items in a submode, activate the submode by entering a command in the mode above it.For example, to set the default LAN interface speed or duplex, you must first enter configure, theninterface x0 lan. To return to the higher Configuration mode, simply enter end or finished.Configuration SecuritySonicWALL Internet Security appliances allow easy, flexible configuration without compromising thesecurity of their configuration or your network.PasswordsThe SonicWALL CLI currently uses the administrator’s password to obtain access. SonicWALL devicesare shipped with a default password of password. Setting passwords is important in order to access theSonicWALL and configure it over a network.Factory Reset to DefaultsIf you are unable to connect to your device over the network, you can use the command restore to resetthe device to factory defaults during a serial configuration session.Page 4 SonicWALL Command Line Interface Guide

Management Methods for the SonicWALL Internet Security ApplianceYou can configure the SonicWALL appliance using one of two methods: Using a serial connection and the configuration manager-An IP address assignment is not necessary for appliance management.-A device must be managed while physically connected via a serial cable. Web browser-based User Interface-In IP address must have been assigned to the appliance for management or use the default of192.168.168.168.Initiating a Management Session using the CLISerial Management and IP Address AssignmentFollow the steps below to initiate a management session via a serial connection and set an IP address forthe device.Note: The default terminal settings on the SonicWALL and modules is 80 columns by 25 lines. To ensure thebest display and reduce the chance of graphic anomalies, use the same settings with the serial terminalsoftware. The device terminal settings can be changed, if necessary. Use the standard ANSI setting onthe serial terminal software.1. Attach the included null modem cable to the appliance port marked CONSOLE. Attach the other endof the null modem cable to a serial port on the configuring computer.2. Launch any terminal emulation application that communicates with the serial port connected to theappliance. Use these settings: 3.115,200 baud (9600 for TZ170)8 data bitsno parity1 stop bitno flow controlPress Return. Initial information is displayed followed by a DEVICE NAME prompt.Logging in to the SonicOS CLIWhen the connection is established, log in to the security appliance:1. At the User: prompt enter the Admin’s username. Only the admin user will be able to login from theCLI. The default Admin username is admin. The default can be changed.2. At the Password: prompt, enter the Admin’s password. If an invalid or mismatched username orpassword is entered, the CLI prompt will return to User:, and a “CLI administrator login denied due tobad credentials” error message will be logged. There is no lockout facility on the CLI.Page 5

SonicOS Enhanced Command ListingThe following table displays all commands available for the SonicWALL. Top Level Command DescriptionConfiguration Command DescriptionInterface Configuration Command DescriptionLog Category Command DescriptionZone Command DescriptionCommand DescriptionsCommandDescriptionshow alertsShow alertsshow arpDisplays currently known arp entriesshow content filterShow content filter list statusshow cpuShow cpu and memory informationshow deviceDisplays on the console the contents of the statussection of the Tech Support Report (TSR)show gmsDisplays GMS configurationshow interface details x1 x2 x3 x4 x5 Displays on the console the contents of the networksection of the TSRShow interface status x1 x2 x3 x4 x5 Displays on the console basic interface status forthe SonicWALL, such as active/inactive/disabled,speed setting, duplex setting, IP addressing informationshow log contentDisplay the SonicWALL log contentsshow log settingsDisplay the configuration datashow memoryDisplay the system memory on the applianceshow messagesShow system messagesshow nat policiesDisplay on the console the NAT policy section of theTSRshow netstatDisplays the contents of the netstat table.show networkShows the network summary.show processesDisplay procedure information.show routeDisplays the complete routing table.show security-servicesDisplays the complete status of all security serviceson the SonicWALL, including license status,licenses available, licenses in use, and license expiration dates.show statusShows the current status of the appliance.Page 6 SonicWALL Command Line Interface Guide

CommandDescriptionshow tech-supportDisplays the contents of the TSR.show tsr all av cfl dhcpc dhcprelay dhcps dhcpsstat ethernet ha ip-helper ipsec l2tpclient license log management network objects policies pppoe pptpclient radius snmp status time update users wlb Displays on the console the named TSR sections orall of the TSR.show web-managementDisplay the Web-management status and configuration.Show zone name Displays on the console all rules for the specifiedzone. For example, show zone lan rules displaysall of the rules to and from the LAN zone.show zonesDisplays configured zones on the appliance andinterfaces associated with each zone.Page 7

Top Level CommandsCommandDescriptionclear screenClears the console screen, leaving a singleprompt line.clear logClear log.clsClears the console screen, leaving a singleprompt line.configureEnters the configuration levelexitCauses you to exit the submenu, or if issuedat the global level, returns to the login prompt.export preferencesExport a preferences file using Z-modem.export tstExport TSR using Z-modem.help command Displays the command and description.importImport preferences from the SonicWALl usingZ-modem.logoutLog out from the console.nslookup Domain Name Look up the IP address of the given domainname from the configured domain name servers.ping IP address Domain Name Sends ICMP packets to the destination IPaddress.restartRestart the SonicWALL.restoreRestore the factory default settings on theSonicWALLsynchronize-licensesSynchronizes the SonicWALL licensing information with the mysonicwall.com backend.traceroute IP address DomainName Displays router hops to destination.Page 8 SonicWALL Command Line Interface Guide

Configure Level CommandsCommandDescription[no] arpt IP address MACaddress interface lan wan dmz [perm] [pub]Add and remove arp entries for specified interface.endExit configuration menu.help command Displays command and description.interface x1 x2 x3 x4 x5 [ lan wan dmz ]Assigns a zone to an interface and then entersthe configuration of the interface.gmsEnter GMS configuration menu.GMS Configurationalgorithm des-md5 frd3-sha Sets GMS encryption and authentication algorithm.[no] authentication-key hex key Sets the 32-hex or 40-hex authentication keyto communicate with the GMS server.[no] behind-natEnables GMS behind a NAT device.bound-interface x1 x2 x3 x4 x5 Bind a VPN policy to an interface.[no] enableEnables GMS management on a SonicWALL.encryption-key hex key set the 16-hex/48-hex encryption key to communicate with the GMS server.endExit configuration menu.finishedExit configuration mode to top menu.help command Displays command and description.infoDisplays current GMS configuration state.[no] nat-address IP Address Sets the public NAT IP address that the GMSserver resides behind.[no] over-vpnEnable GMS server locally or over VPN.[no] send-heartbeatSend heart beat status messages only.[no] server IP Address Sets the real IP address of the GMS server.[no] standby-management-saEnable the backup SA for GMS management.syslog-port uvalue (default) Sets the syslog server port of the GMS server.help command Displays the command and descriptionPage 9