Transcription
SonicWALL Global Management SystemCommand Line Interface GuideStandard EditionVersion 2.3
Copyright Information 2002 SonicWALL, Inc. All rights reserved.Under the copyright laws, this manual or the software described within, may not be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. Thesame proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original.Under the law, copying includes translating into another language or format.SonicWALL is a registered trademark of SonicWALL, Inc.Other product and company names mentioned herein may be trademarks and/or registered trademarks of theirrespective companies.Specifications and descriptions subject to change without notice.Part Number: 232-000186-00 Rev D
Software License Agreement forSonicWALL Global Management SystemTo review the SonicWALL Global Management System Software License Agreement, see the SonicWALL Global Management System Introduction Guide.
CONTENTSChapter 1 Introduction15Chapter 2 Using the Command Line Interface17Accessing the CLICLI CommandsLogging InLogging OutExecuting a Command without Logging InAdding SonicWALL Appliances or Ravlin DevicesAdding and Removing Activation CodesUsing the Configure CommandPreparing a Configuration FileChapter 3 Configuration ParametersAccess/Generalnbt dmzEnablenbt ntRadius userRadius passwdRadius retriesRadius timeoutRad prm IPRad prm portRad prm secretRad sec IPRad sec 3636363838383839393940404041414142425
Rad sec secretAccess/Rulesprefs svcNameserviceNameInRuleserviceInternalNameprefs ruleActionprefs ruleSrcEnetprefs ruleSrcBeginprefs ruleSrcEndprefs ruleDstEnetprefs ruleDstBeginprefs ruleDstEndprefs ruleTimeConstraintprefs ruleTimeBeginprefs ruleTimeEndprefs ruleTimeoutprefs ruleEnabledprefs ruleAllowFragsprefs ruleBwMgmtEnabledprefs ruleBwMgmtGuaranteedprefs ruleBwMgmtMaximumprefs ruleBwMgmtPriorityAccess/Servicesprefs svcPortNumserviceInternalNameprefs svcIPTypeprefs svcNameprefs svcActionMaskprefs svcPortEndknown svcNameAccess/SNMPsnmp Enablesnmp Mib2SysNamesnmp Mib2SysContactsnmp Mib2SysLocationsnmp GetCommunitysnmp TrapCommunitysnmp HostIP0snmp HostIP1snmp HostIP2snmp HostIP3Access/UsersuserInactivityusers loginNameusers erRadiusSelect6SonicWALL Global Management System Command Line Interface 960606061
userNoAuthDNSuserRadiusCheckLocalAdvanced/DMZ Addressesprefs dmzBeginprefs eprefs intraBeginprefs intraEndAdvanced/One-to-One NATnat oneToOneOnnat 121privnat 121pubnat 121lenAdvanced/Proxy s route dstNetprefs route dstMaskprefs route dstGwprefs route RiskAlertavReduceTrafficAnti-Virus/EMail 81818282837
achmentStripextension addDHCP/DHCP over hcprStaticIpdhcprSpoofisRemoteGwDHCP/Setupprefs dhstaticipprefs dhstatichwdhcp gatewayprefs dhdynstartprefs dhdynendprefs dhdynbootpdhcp dns0dhcp dns1dhcp dns2dhcp wins0dhcp wins1dhcp leasedhcp domainnamedhcp propagateSettingsToLanenableDHCPenablePassDHCPdhcp dmz tpIdleTimeL2tpGlobalServerIpPPPoE Timeout nicWALL Global Management System Command Line Interface 8999999100
nat manyToOneOndhClient ayPPPOEUserNamePPPOEPswdnat mTo1PubAddripGatewaywanSubnetMaskdhClient leaseDurationdhClient timezonentp useNtpntp useDstntp utcLogsuseInternationaladdCustomNTPServerntp updateIntervalHigh lectionDelayTimeLog/Log SettingsfirewallNamelogPrefs alertMask 2logPrefs alertMask 5logPrefs alertMask 1logPrefs logMask 7logPrefs logMask 8logPrefs logMask 9logPrefs logMask 11logPrefs logMask 0logPrefs logMask 1logPrefs logMask 2logPrefs logMask 3logPrefs logMask 4logPrefs logMask 14logPrefs logMask 5logPrefs logMask 71171189
smtpServerNamelogPrefs logEmailAddrlogPrefs alertEmailAddrlogPrefs logEmailFreqlogPrefs dayOfWeeklogPrefs timeOfDaylogPrefs syslogFreqSecssyslogStatusFreqSecslogPrefs ofileInUse 0dialupProfileInUse medupUserPassdialIpAddrBooldialupIP EnablecallWaitStringispRetriesispRetryDelayWebsite Blocking/Consentprefs Timeout10SonicWALL Global Management System Command Line Interface 35136136136
aupURL1userInactivityWebsite Blocking/Customizationsbi blockCustomsbi trustedOnlyforbiddenURLs addallowedURLs addWebsite Blocking/Generalcf methodtrustedURLs addsbi trustCodesbi webBlockMsgCFLinkMask 0CFLinkMask 1Website Blocking/Filter Listsbi urlBlockMask 0sbi urlBlockMask 1sbi urlBlockMask 2sbi urlBlockMask 3sbi urlBlockMask 4sbi urlBlockMask 5sbi urlBlockMask 6TOD useTODTOD startHourTOD startMinTOD startDayTOD endHourTOD endMinTOD endDaysbi dontBlockOnlyLogfilterListFallbacksbi urlBlockMask 7sbi urlBlockMask 8sbi urlBlockMask 9sbi urlBlockMask 10sbi urlBlockMask 11LRI autoDownloadLRI dayOfWeekLRI timeOfDayWebsite te Blocking/URL Keywordskeyword addsbi 315315415415415615615611
Website Blocking/Web Featuressbi blockActiveXsbi blockJavasbi blockCookiessbi blockHTTPProxyscanForFakeMicrosoftCertsWebsite eCacheSizewseFailedTimeoutwseBlockOnFailVPN/CA SonicWALL Global Management System Command Line Interface 73173174174
AuthipsecRemoteUserAuthipsecDhcpTunnelVPN/Local ecEnablenbt vpnDisableipsec 418518518518613
14SonicWALL Global Management System Command Line Interface Guide
CHAPTER 1IntroductionTo provide flexibility to our customers, the SonicWALL Global Management System (SonicWALL GMS) includesa command-line interface (CLI).The SonicWALL GMS CLI can make it easier to add new SonicWALL appliances or Ravlin devices and modifyexisting ones. However, it requires a strong familiarity with using a command-line interface andSonicWALL GMS. We recommend caution when using this tool.Introduction15
16SonicWALL Global Management System Command Line Interface Guide
CHAPTER 2Using the Command Line InterfaceThis chapter describes how to access the command line interface (CLI) and how to execute CLI commands.Accessing the CLITo access the CLI, follow these steps:1. Open the command-line prompt.2. Change to the following directory:sonicwall directory\cliwhere sonicwall directory is the location where SonicWALL GMS is installed.3. Enter one of the following commands: For Windows NT, enter:sgms For Solaris, enter:./sgms.shThe SGMS prompt appears:sgms 4. Perform any of the commands described in “CLI Commands” on page 18.5. To exit from the SonicWALL GMS CLI, enter the following command:sgms quitUsing the Command Line Interface17
CLI CommandsThis section describes each CLI command.Logging InTo log in to the SonicWALL GMS CLI, use the login command.sgms login username passwordSyntaxusernameAdmin user.passwordPassword of the admin user.DefaultsnoneUsage GuidelinesWhen this command is entered, SonicWALL GMS does the following: Checks whether the command is entered with the correct parameters. If the command is not entered correctly, it returns the correct form of the command.Checks the validity of the username and password.Executes the login command.Creates a new session with a randomly generated session ID.Returns any command output.XML Command OutputSonicWALL GMS receives and returns all command input and output in XML format. The following is the actualXML output of this command: ?xml version "1.0" SgmsApiResult returnCode error.getCode() /returnCode ; returnString Just a test string /returnString "; /sgmsApiResult ExampleIn the following example, the user admin logs in using the password “password.”sgms login admin password18SonicWALL Global Management System Command Line Interface Guide
Logging OutTo log out from the SonicWALL GMS CLI, use the logout command.sgms logoutSyntaxThis command has no arguments.DefaultsnoneUsage GuidelinesWhen this command is entered, SonicWALL GMS does the following: Executes the logout command.Closes the session.Returns to the SGMS prompt from which you can login again.XML Command OutputSonicWALL GMS receives and returns all command input and output in XML format. The following is the actualXML output of this command: ?xml version "1.0" SgmsApiResult returnCode error.getCode() /returnCode ; returnString Just a test string /returnString "; /sgmsApiResult ExampleIn the following example, the SGMS user logs out:sgms logoutUsing the Command Line Interface19
Executing a Command without Logging InTo execute a command without logging in to the SonicWALL GMS CLI, use the login command.sgms login -L “username password” -C “command parameter”SyntaxusernameAdmin user.passwordPassword of the admin user.commandThe command.parameterAny command parameters.DefaultsnoneUsage GuidelinesWhen this command is entered, SonicWALL GMS does the following: Checks whether the command is entered with the correct parameters. If the command is not entered correctly, it returns the correct form of the command.Checks the validity of the username and password.Executes the login command.Creates a new session with a randomly generated session ID.Executes the command.Closes the session and exits.XML Command OutputSonicWALL GMS receives and returns all command input and output in XML format. The following is the actualXML output of this command: ?xml version "1.0" SgmsApiResult returnCode error.getCode() /returnCode ; returnString Just a test string /returnString "; /sgmsApiResult ExampleIn the following example, the user admin logs in using the password “password” and runs an addunit command.sgms login -L admin password -C addunit new sonicwall.xml20SonicWALL Global Management System Command Line Interface Guide
Adding SonicWALL Appliances or Ravlin DevicesTo add one or more SonicWALL appliances or Ravlin devices to SonicWALL GMS using the CLI, use theaddunit command.sgms addunit xml fileSyntaxxml fileXML file that contains SonicWALL appliance or Ravlin device information.DefaultsnoneUsage GuidelinesThe XML file should contain the following: ?xml version "1.0" ? sgmscommand command addUnit /command FirewallList FirewallInfo SonicwallName sonicwall name /sonicwallName SonicwallPassword password /sonicwallPassword IpAddress ip address /ipAddress SerialNumber serial number /serialNumber SAencryptionKey encrypt key /SAencryptionKey SAAuthKey auth key /SAAuthKey AntivirusPassword av password /antivirusPassword SchedulerIPAddress scheduler ip /schedulerIPAddress StandbySchedulerIP standby ip /standbySchedulerIP UseVPN use vpn /useVPN supportRavlin ravlin bit /supportRavlin snmpRead read string /snmpRead snmpWrite write string /snmpWrite httpsMgmt https bit /httpsMgmt managedOnLanIP managedon lanip /managedOnLanIP StandbyManagedAtWan standbymanaged atwan /standbyManagedAtWan CustomInfo Customfield01 field 01 /Customfield01 Customfield02 field 02 /Customfield02 . Customfield10 field 10 /Customfield10 /CustomInfo userList user user 01 /user user user 02 /user . /userList /FirewallInfo FirewallInfo (SonicWALL Configuration Information) /FirewallInfo FirewallInfo (SonicWALL Configuration Information) /FirewallInfo /FirewallList /sgmscommand Using the Command Line Interface21
sonicwall nameRequired. Descriptive name for the SonicWALL appliance or Ravlin device.passwordRequired. Password used to access the SonicWALL appliance or Ravlin device.ip addressIf the WAN IP address of the SonicWALL appliance is static, enter the IPaddress. If the WAN IP address of the SonicWALL appliance changes dynamically, leave this field blank. For a Ravlin device, leave this field blank.serial numberRequired. Serial number of the SonicWALL appliance or Ravlin device.encrypt keyRequired. Enter a 16-character encryption key. The key must be exactly 16 characters long and comprised of hexadecimal characters. Valid hexadecimal characters are “0” to “9”, and “a” to “f” (i.e., 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f).For example, a valid key would be 1234567890abcdef.This key must match the encryption key of the SonicWALL appliance or Ravlindevice.auth keyRequired. Enter a 32-character authentication key. The key must be exactly 32characters long and comprised of hexadecimal characters. For example, a validkey would be 1234567890abcdef1234567890abcdef.This key must match the authentication key of the SonicWALL appliance orRavlin device.av passwordIf the SonicWALL appliance uses the Anti-Virus feature, enter the Anti-Viruspassword. Otherwise, leave the field blank. This field is not applicable to Ravlindevices.scheduler ipRequired. Enter the IP address of the SonicWALL GMS server that will managethe SonicWALL appliance or Ravlin device: If SonicWALL GMS is configured in a two-tier distributed environment, youcan select any Agent. However, the IP address must match the IP address thatyou specified when configuring the SonicWALL appliance forSonicWALL GMS management. If SonicWALL GMS is in a single server environment, enter the IP address ofthe SonicWALL GMS server.standby ipEnter the IP address of the standby SonicWALL GMS server. The standbySonicWALL GMS server will automatically manage the SonicWALL appliancein the event of a primary failure. Any Agent can be configured as the standby.If SonicWALL GMS is in a single server environment, leave this field blank.This field is not applicable to Ravlin devices.22use vpnSpecifies whether SonicWALL GMS will need a VPN tunnel to reach the SonicWALL appliance or Ravlin device (default: yes). If yes, enter use vpn. If no,leave it blank.ravlin bitSpecifies whether this is a Ravlin device (default: no). If yes, enter 1. If no, enter0. If this entry does not appear in the file, SonicWALL GMS assumes it isSonicWALL appliance.read stringSpecifies the SNMP read string for Ravlin devices.write stringSpecifies the SNMP write string for Ravlin devices.https bitSpecifies whether this device uses HTTPS instead of a VPN tunnel (default: no).If yes, enter 1. If no, enter 0.managedon lanipSpecifies the device will be managed from the LAN interface. If you will useHTTPS, this setting must be enabled.standbymanaged atwanSpecifies whether the SonicWALL appliance or Ravlin device will establish aVPN tunnel to the standby scheduler (default: yes). If yes,standbymanaged atwan. If no, leave it blank.field 01.field 10Specifies the values of each custom field.user 01.Specifies the usernames of non-administrator SonicWALL GMS users that haveaccess to this SonicWALL appliance through the SonicWALL GMS UI.SonicWALL Global Management System Command Line Interface Guide
XML Command OutputSonicWALL GMS receives and returns all command input and output in XML format. The following is the actualXML output of this command: ?xml version "1.0" SgmsApiResult returnCode error.getCode() /returnCode ; returnString Just a test string /returnString "; /sgmsApiResult ExampleIn the following example, two new SonicWALL appliances are added to SonicWALL GMS:sgms addunit new sonicwall.xmlThe following is the content of new sonicwall.xml. ?xml version "1.0" ? sgmscommand command addUnit /command FirewallList FirewallInfo sonicwallName ABC14 /sonicwallName sonicwallPassword abc /sonicwallPassword ipAddress /ipAddress serialNumber 00F12211F114 /serialNumber SAencryptionKey 1234567812345678 /SAencryptionKey SAuthKey 12345678123456781234567812345678 /SAuthKey antivirusPassword avpass /antivirusPassword schedulerIPAddress 192.168.168.168 /schedulerIPAddress useVPN 1 /useVPN standbyManagedAtWan 1 /standbyManagedAtWan standbySchedulerIP 192.168.168.23 /standbySchedulerIP supportRavlin 1 /supportRavlin snmpRead abcdef12 /snmpRead snmpWrite abcdef12 /snmpWrite httpsMgmt 0 /httpsMgmt manageOnLanIP 0 /manageOnLanIP CustomInfo Company SonicWAll /Company Country China /Country State California /State Department Engineering /Department /CustomInfo userList user billb /user user dana /user user mgg /user user prasad /user /userList /FirewallInfo FirewallInfo sonicwallName XYZ26 /sonicwallName sonicwallPassword abc /sonicwallPassword ipAddress /ipAddress se
To provide flexibility to our customers, the SonicWALL Global Management System (SonicWALL GMS) includes a command-line interface (CLI). The SonicWALL GMS CLI can make it easier to add new SonicWALL appliances or Ravlin devices and modify existing ones. However, it requires a strong familiari
