Command-line interface

The command-line interface (CLI) provides a limited set of commands to control and receive responses from the Network Security appliance.

Global commands

Table 1. Global commands
Global command Description
back Return to the previous command mode.
exit Log off from the appliance.
help <command> Display the information for using the specified command.
reboot Reboot the appliance.
shutdown End system operation and turn off the power.
top Return to the top level.

Mode commands

Table 2. Installer mode commands.
Note: The installer mode is only available when the appliance is booted from a USB flash drive.
Installer mode command Description
restore Restore a firmware image.
wipe Erase (wipe) the data from the appliance hard disk drive.
Table 3. Top mode commands
Top mode command Description
analysis mode Work with packet analysis features.
certificates Work with certificates.
cleanup Clean up temporary files.
firmware Work with firmware images.
fixpacks Work with fix packs.
license Work with licenses.
logs Work with log files.
management Work with management settings.
opensig Work with profiling information for OpenSignatures.
protection Work with protection interfaces.
services Work with certain system services.
snapshots Work with policy snapshot files.
ssh Work with SSH keys.
stats Work with appliance statistics.
support Work with support information files.
sysinfo show Work with system information.
tools Work with network diagnostic tools.
updates Work with firmware and security updates.
Table 4. Analysis mode commands
Analysis mode command Description
debug level Temporarily set the debug level. Additional logging is added for each increase in the debug level. Specify one of the following debug levels: 1, 2, or 3.
The alpsd status value is the sum of the values assigned to the following statuses:
  • ALPSD READY = 1
  • DCA READY = 2
  • PAM BYPASSED = 4
Alpsd status is not the debug level that is specified using the debug command.

This setting is reverted upon next packet processing service restart.

Note: Alpsd must be running to set the debug level. If alpsd is not running the following message is displayed:
MesaCmdSend failed No such file or directory
MesaCmdSend failed: alpsd
Failed to override Packet Processing debug level.
Tip: Consider using the debug command instead of the advanced tuning parameter to change the debug level because the debug command does not cause alpsd to restart.
dpi[on|off] Temporarily enable or disable Deep Packet Inspection (DPI). (DPI is also known as PAM.)
filter [<event-type>] Temporarily filter out the specified debug events from debug logs. Multiple parameters are separated by commas.
Examples:
  • filter CFG,DRV,...

This setting is reverted upon next packet processing service restart.

Tip: Consider using the filter command instead of the advanced tuning parameter to filter out debug log because the filter command does not cause alpsd to restart.
Table 5. Certificates mode commands
Certificates mode command Description
regen_cert Regenerate device-signing CA.
Note: The keyboard command Ctrl+C does not interrupt the regen_cert command in Certificates mode.
show_active Display the active CA certificate in PEM encoded format.
Table 6. Cleanup mode commands
Cleanup mode command Description
all Clear all temporary files.
dump Clear dump files.
log Clear event logs.
update Clear update packages.
Table 7. Firmware mode commands
Firmware mode command Description
backup Back up firmware on the primary partition to the inactive partition.
get_comment [<index>] View the comment that is associated with a firmware image.
get_info [<index>] View the version information that is associated with a firmware image.
list List information about installed firmware images. Firmware information includes the active firmware image, a description of the firmware, the date the firmware was installed, and optional backup information.
set_comment [<index> [<comment> ...] ] Replace the comment that is associated with a firmware image.
swap_active Swap the active firmware image. The appliance restarts the system by using the inactive firmware image.
Table 8. Fixpacks mode commands
Fixpacks mode command Description
install Install available fix packs from the inserted USB flash drive.
list List available fix packs on the inserted USB flash drive.
rollback Uninstall most recently installed fix pack.
view_history Display installation history for all fix packs.
Table 9. License mode commands
License mode command Description
install Install a license file from inserted USB flash drive.
list List the available license files on the inserted USB flash drive.
show Display current active license information.
Table 10. Logs mode commands
Logs mode command Description
logs grep[-i][ <log-file-name> ][ <search string> ]
Tip: Use -i to ignore case.
Grep a specific string in a log file.

The following log files are available:

  • system
  • webserver
  • updates
  • analysis
less[ <log-file-name> ] View and search a log file.

The following log files are available:

  • system
  • webserver
  • updates
  • analysis
tail[ -n <NUM_LINES> ] [ -F ] [ <log-file-name> ] Tail a log file.

Data is appended to output as the file grows when -F is specified. When -n <NUM_LINES> is not specified, the default value for NUM_LINES is 10.

The following log files are available:

  • system
  • webserver
  • updates
  • analysis
Table 11. Management mode commands
Management mode command Description
dns Work with the DNS appliance settings.
The following commands are available for dns:
  • set [dns]: Set the appliance DNS.
  • show: Show the appliance DNS.
force_heartbeat Force a heartbeat to go to the SiteProtector™ System.
Note: If the appliance is not managed by the SiteProtector System, the following error message is displayed:
Error: Force heartbeat is unavailable when the appliance is not managed by the SiteProtector System.
hostname Work with the appliance host name.
The following commands are available for hostname:
  • set [hostname]: Set the appliance host name.
  • show: Show the appliance host name.
interfaces Work with management interface settings.
The following commands are available for interfaces:
  • list: List the management interfaces on the appliance.
  • set [interface-name]: Set the network configuration for a management interface.
  • show [interface-name]: Display the configuration of a management network interface.
rescue Unlock the admin account.
set_password Set the appliance password.
snmp Work with SNMP settings.
  • engineid
    • assign: Set the SNMP engine ID in hex string format on appliance.
    • get: Get the SNMP engine ID on appliance.
    • reset: Reset the engire ID to factory default.
Table 12. Opensig mode commands
Opensig mode command Description
show_stats[all|n] Display the profiling stats.
Displays the following OpenSignature rule performance statistics for each open signature:
  • <SID>
  • <Checks>
  • <Matches>
  • <Ticks>
  • <Ticks Per PCRE>
  • <Alerts>
Note: Define the n variable to see statistics for the top n active rules. For example, type show_stats 10 to see the profiling information for the top 10 active open signatures.
Table 13. Protection mode commands
Protection mode command Description
list List the names of the protection interfaces that are available on this appliance.
show [<interface name>] Display the link status (up or down) and the negotiated speed and duplex for the specified interface.

If this command runs with no arguments, the system displays the current link status and the speed and duplex for all protection interfaces.

Table 14. Services mode commands
Services mode command Description
restart List services that can be restarted.
Select one of the following services to restart:
  • Packet Processing
  • Packet Capture
  • Local Management Interface
  • License and Update
  • SiteProtector Communication
Table 15. Session mode commands
Session mode command Description
delete [<ip address>] Delete the active session that is associated with the specified address.
delete_all [<ip address>] Delete all active sessions.
list List the active sessions. Show all users who authenticated to the appliance.
Table 16. Snapshots mode commands
Snapshots mode command Description
apply [<index>] Apply a policy snapshot file to the system.
Note: The keyboard command Ctrl + C does not interrupt the apply command in Snapshots mode.
create [<comment> ...] Create a snapshot of current policy files.
delete [<index>] Delete a policy snapshot file.
download Download a policy snapshot file to a USB flash drive.
get_comment [<index>] View the comment that is associated with a policy snapshot file.
list List the policy snapshot files.
set_comment [<index> [<comment> ...] ] Replace the comment that is associated with a policy snapshot file.
upload Upload a policy snapshot file from a USB flash drive.
Table 17. SSH mode commands
SSH mode command Description
regen_ssh_keys Regenerate SSH keys.
Table 18. Stats mode commands
Stats mode command Description
show [all | cpu | memory | storage | inspect | interface | inbound_ssl | outbound_ssl | login_expr | time_drift | policy_change | reboot_count] Specify which of the following appliance statistics to display:
  1. Show all available status
  2. CPU Usage
  3. Memory Usage
  4. Storage Usage
  5. Packet Processing
    Note: For more information on packet processing statistics, see Packet processing statistics.
  6. Protection Interfaces
    Note: This command displays the number of frames since the last packet processing sensor restart.
  7. Inbound SSL
  8. Outbound SSL
    Note: Values displayed for Inbound and Outbound SSL are since the last packet processing sensor restart or reboot.
  9. Login Expiration
  10. NTP Time Drift
  11. Last Policy Modification Time
  12. Number of reboots
Table 19. Support mode commands
Support mode command Description
create [<comment> ...] Create a support information file.
delete [<index>] Delete a support information file.
download [<index>] Download a support information file to a USB flash drive.
get_comment [<index>] View the comment that is associated with a support information file.
list List the support information files.
set_comment [<index> [<comment> ...] ] Replace the comment that is associated with support information file.
Table 20. Sysinfo mode commands
Sysinfo mode command Description
show [all | serial | nim] Specify which of the following system information to display:
  1. Show all available information
  2. Model and serial number
  3. NIM detail
Table 21. Tools mode commands
Tools mode command Description
capture Work with packet captures.
nslookup [<host>] [<server>] Query internet domain name servers.
ping [-6] [-c <count>] [-s <size>] <host> Send an ICMP ECHO_REQUEST to network hosts.
Note: The count must be 0 - 5535. If the count is 0, then the system sends ICMP ECHO_REQUEST pings until it is interrupted by the user with the keyboard command Ctrl+C. The default count is 0. The size must be 0 - 65535. The default size is 56 bytes.
telnet [-l <user>] <host> [<port>]
Note: User and port are optional.
Communicate with a remote computer that is using the Telnet protocol.
traceroute [-6] <host> [<size>] Trace a packet from a computer to a remote destination, showing how many hops the packet made to reach the destination, and the duration of each hop.
Note: Size must be 38 - 32768. Default size is 38 bytes.
Table 22. Updates mode commands
Updates mode command Description
install[type][usb|server] Install an update from the inserted USB flash drive or update server.
Restriction: Only updates that are available for your appliance model are displayed.
Note: The keyboard command Ctrl+C does not interrupt the install command in Updates mode.
list[type] [usb|server] List available updates on the inserted USB flash drive or on the update server.
Any of the following updates might be available:
  • firmware
  • IPS
Note: The types of updates that are available depend on the model of your appliance.
rollback Undo a security update.
Note: The keyboard command Ctrl+C does not interrupt the rollback command in Updates mode.
show Display version information for the security update that is installed and current.
view_history Display installation and rollback history for all updates.